@dacely/toildefender 0.1.6 → 0.1.8

package/README.md

@@ -158,7 +158,7 @@ function licenseGate(input) {
         : { ok: false, total: total - 5 };
 }
 
-globalThis.__result = licenseGate("Veilmark");
+globalThis.__result = licenseGate("ToilDefender");
 ```
 
 The demo artifact is generated with every major protection enabled and

package/esutils.js

@@ -11,7 +11,7 @@ module.exports = function (logger) {
         assert.ok(estest.isNode(node));
         
         traverser.visitChildrenEx(node, (child, key) => {
-            Object.defineProperty(child, "veilmark$parent", {
+            Object.defineProperty(child, "toildefender$parent", {
                 value: node,
                 configurable: true
             });
@@ -23,7 +23,7 @@ module.exports = function (logger) {
         assert.ok(estest.isNode(node));
         
         traverser.visitChildrenEx(node, (child, key) => {
-            Object.defineProperty(child, "veilmark$parent", {
+            Object.defineProperty(child, "toildefender$parent", {
                 value: node,
                 configurable: true
             });
@@ -50,14 +50,14 @@ module.exports = function (logger) {
         if (scope.block.body && (scope.block.body.type == "Program" || scope.block.body.type == "BlockStatement")) {
             scope.block.body.body.splice(idx, 0, node);
             
-            Object.defineProperty(node, "veilmark$parent", {
+            Object.defineProperty(node, "toildefender$parent", {
                 value: scope.block.body,
                 configurable: true
             });
         } else if (scope.block.type == "Program" || scope.block.type == "BlockStatement") {
             scope.block.body.splice(idx, 0, node);
             
-            Object.defineProperty(node, "veilmark$parent", {
+            Object.defineProperty(node, "toildefender$parent", {
                 value: scope.block,
                 configurable: true
             });
@@ -74,12 +74,16 @@ module.exports = function (logger) {
         assert.equal(estest.isExpression(child), estest.isExpression(replacement), `Replacee ${child.type} is not of the same type as replacement ${replacement.type}`);
         
         var _this = this;
-        root = this.getParent(child) || root;
+        var parent = this.getParent(child);
+        if (parent && parent.type == "Property" && parent.shorthand === true && parent.value == child) {
+            parent.shorthand = false;
+        }
+        root = parent || root;
         traverser.traverseEx(root, [], function (node, stack) {
             if (node == child) {
                 this.abort();
-                Object.defineProperty(replacement, "veilmark$parent", {
-                    value: child.veilmark$parent,
+                Object.defineProperty(replacement, "toildefender$parent", {
+                    value: child.toildefender$parent,
                     configurable: true
                 });
                 _this.setParents(replacement);
@@ -93,7 +97,7 @@ module.exports = function (logger) {
     this.getParent = function (node) {
         assert.ok(estest.isNode(node));
         
-        var parent = node.veilmark$parent;
+        var parent = node.toildefender$parent;
         var legit = false;
         if (parent) {
             traverser.visitChildren(parent, child => {

package/obfuscator.js

@@ -76,6 +76,14 @@ var defaultOptions = {
         },
         virtualize: "marked"
     },
+    controlFlow: {
+        ratio: 1,
+        seed: "toildefender-control-flow"
+    },
+    scope: {
+        ratio: 1,
+        seed: "toildefender-scope"
+    },
     protections: {
         virtualMachine: {
             bigintBytecode: true,
@@ -111,6 +119,25 @@ var featureDeps = {
     compress: [ "mangle" ]
 };
 
+function isNumericVmInternalNode(node) {
+    return node && node.toildefender$numericVmInternal === true;
+}
+
+function takeNumericVmInternalStatements(ast) {
+    if (!ast || ast.type != "Program") {
+        return [];
+    }
+    var retained = [];
+    ast.body = ast.body.filter(statement => {
+        if (isNumericVmInternalNode(statement)) {
+            retained.push(statement);
+            return false;
+        }
+        return true;
+    });
+    return retained;
+}
+
 var featureDescs = {
     dead_code: {
         en: "Insert dead code"
@@ -365,7 +392,7 @@ exports.do = function (options) {
     }
 
     function hasMangleUnsupportedSyntax(root) {
-        return containsNodeType(root, [ "Super" ]);
+        return false;
     }
 
     function dispatcherForMethod(method) {
@@ -380,6 +407,35 @@ exports.do = function (options) {
         }
         return "main";
     }
+
+    function normalizeRatio(value) {
+        var ratio = Number(value);
+        if (!Number.isFinite(ratio)) {
+            return 1;
+        }
+        if (ratio < 0) {
+            return 0;
+        }
+        if (ratio > 1) {
+            return 1;
+        }
+        return ratio;
+    }
+
+    function hashString32(value) {
+        var h = 0x811c9dc5;
+        for (var i = 0; i < value.length; i += 1) {
+            h ^= value.charCodeAt(i);
+            h = Math.imul(h, 0x01000193) >>> 0;
+        }
+        return h >>> 0;
+    }
+
+    function methodControlFlowScore(method, index) {
+        var name = method && method.id && method.id.name || "";
+        var seed = options.controlFlow && options.controlFlow.seed || "";
+        return hashString32(`${seed}:${index}:${name}`) / 0x100000000;
+    }
     
     options = _.merge({}, defaultOptions, options); // first argument gets mutated
     if (options.protections.virtualMachine.enabled) {
@@ -407,11 +463,19 @@ exports.do = function (options) {
     } else {
         options.features = options.forceFeatures;
     }
+    var controlFlowRatio = normalizeRatio(options.controlFlow && options.controlFlow.ratio);
+    var controlFlowActive = options.features.control_flow && controlFlowRatio > 0;
+    var scopeRatio = normalizeRatio(options.scope && options.scope.ratio);
     
     var parseOptions = {};
     var scopeOptions = {
         optimistic: true // required or things in the global scope just get lost
     };
+    var lexicalScopeOptions = {
+        ecmaVersion: 6,
+        optimistic: true,
+        sourceType: "script"
+    };
     
     var logger = new Logger(options.logAdapter);
     var customBindAdded = false;
@@ -504,13 +568,17 @@ exports.do = function (options) {
             var variables = new prVariables(logger);
             variables.removeFunctionExpressionIds(ast);
             variables.functionDeclarationToExpression(ast, escope.analyze(ast, scopeOptions));
-            variables.obfuscateIdentifiers(ast, escope.analyze(ast, scopeOptions));
+            variables.obfuscateIdentifiers(ast, escope.analyze(ast, lexicalScopeOptions));
             variables.redefineParameters(ast, escope.analyze(ast, scopeOptions));
         });
         
         // Move identifiers into scope objects
         doTask("create_scope_objects", true, () => {
-            scopes.createScopeObjects(ast, escope.analyze(ast, scopeOptions));
+            scopes.createScopeObjects(ast, escope.analyze(ast, lexicalScopeOptions), {
+                ratio: scopeRatio,
+                seed: options.scope && options.scope.seed || "toildefender-scope",
+                forceProgram: controlFlowActive
+            });
         });
         
         // Calculate entry points for all methods
@@ -526,7 +594,7 @@ exports.do = function (options) {
         // Extract function declarations and expressions
         var fns;
         doTask("extract_methods", true, () => {
-            var scopeManager = escope.analyze(ast, scopeOptions);
+            var scopeManager = escope.analyze(ast, lexicalScopeOptions);
             fns = methods.extractMethods(ast);
             fns = fns.map(method => {
                 var refers = methods.methodRefersToArguments(method, scopeManager);
@@ -538,15 +606,25 @@ exports.do = function (options) {
                     methodEntryPoints[method.id.name].dispatcher = dispatcherForMethod(method);
                 }
             });
-            if (options.features.control_flow) {
-                methods.replaceFunctionCalls(ast, methodEntryPoints);
+            var selectedMethodEntryPoints = {};
+            fns.forEach((method, index) => {
+                if (!method || !method.id || !methodEntryPoints[method.id.name]) {
+                    return;
+                }
+                if (controlFlowRatio >= 1 || methodControlFlowScore(method, index) < controlFlowRatio) {
+                    selectedMethodEntryPoints[method.id.name] = methodEntryPoints[method.id.name];
+                }
+            });
+
+            if (controlFlowActive) {
+                methods.replaceFunctionCalls(ast, selectedMethodEntryPoints);
                 fns.forEach(method => {
-                    methods.replaceFunctionCalls(method.body, methodEntryPoints);
+                    methods.replaceFunctionCalls(method.body, selectedMethodEntryPoints);
                 });
             }
         });
         
-        doTask("control_flow", options.features.control_flow, () => {
+        doTask("control_flow", controlFlowActive, () => {
             // Apply control flow flattening and merge methods
             var flattener = new prFlattener(logger, rng);
             var entry = rng.get(), exit = rng.get();
@@ -566,8 +644,15 @@ exports.do = function (options) {
                 }
             };
             var syncFns = [];
+            var retainedFns = [];
+            var retainedInternalFns = takeNumericVmInternalStatements(ast);
 
-            fns.forEach(method => {
+            fns.forEach((method, index) => {
+                var selected = controlFlowRatio >= 1 || methodControlFlowScore(method, index) < controlFlowRatio;
+                if (!selected) {
+                    retainedFns.push(method);
+                    return;
+                }
                 var dispatcher = dispatcherForMethod(method);
                 if (dispatcher == "main") {
                     syncFns.push(method);
@@ -623,19 +708,23 @@ exports.do = function (options) {
             if (asyncPrograms.length > 0) {
                 ast = {
                     type: "Program",
-                    body: Array.prototype.concat.apply([], asyncPrograms.map(program => program.body)).concat(syncAst.body)
+                    body: retainedInternalFns.concat(retainedFns).concat(Array.prototype.concat.apply([], asyncPrograms.map(program => program.body)).concat(syncAst.body))
                 };
             } else {
-                ast = syncAst;
+                ast = {
+                    type: "Program",
+                    body: retainedInternalFns.concat(retainedFns).concat(syncAst.body)
+                };
             }
         })
         .otherwise(() => {
+            var retainedInternalFns = takeNumericVmInternalStatements(ast);
             if (ast.type == "Program") {
                 ast.type = "BlockStatement";
             }
             ast = {
                 type: "Program",
-                body: fns.concat([ ast ])
+                body: retainedInternalFns.concat(fns).concat([ ast ])
             };
         });
     });

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@dacely/toildefender",
-    "version": "0.1.6",
+    "version": "0.1.8",
     "description": "Modern JavaScript code protection, bytecode virtualization, and obfuscation for the Toil tech stack.",
     "author": "Dacely",
     "contributors": [
@@ -63,13 +63,13 @@
     "dependencies": {
         "@babel/parser": "^8.0.0",
         "escodegen": "^2.1.0",
-        "escope": "3.6.0",
+        "escope": "^4.0.0",
         "esprima": "^4.0.1",
         "esshorten": "1.1.1",
-        "estraverse": "4.2.0",
-        "expr-eval": "1.0.0",
-        "lodash": "4.13.1",
-        "minimist": "1.2.0"
+        "estraverse": "^5.3.0",
+        "expr-eval-fork": "^3.0.3",
+        "lodash": "^4.18.1",
+        "minimist": "^1.2.8"
     },
     "engines": {
         "node": ">=24.11.0",

package/processors/deadCode.js

@@ -13,6 +13,33 @@ function isClassMethodBody(stack) {
     return stack.some(frame => frame.node.type == "MethodDefinition" || frame.node.type == "ClassBody");
 }
 
+function containsLexicalDeclaration(node) {
+    if (
+        node.type == "ClassDeclaration" ||
+        node.type == "FunctionDeclaration" ||
+        (node.type == "VariableDeclaration" && node.kind != "var")
+    ) {
+        return true;
+    }
+
+    var found = false;
+    traverser.traverseEx(node, [], function (child) {
+        if (child != node && estest.isFunction(child)) {
+            return child;
+        }
+        if (
+            child.type == "ClassDeclaration" ||
+            child.type == "FunctionDeclaration" ||
+            (child.type == "VariableDeclaration" && child.kind != "var")
+        ) {
+            found = true;
+            this.abort();
+        }
+        return child;
+    });
+    return found;
+}
+
 module.exports = class DeadCode {
 
     constructor (logger) {
@@ -41,6 +68,11 @@ module.exports = class DeadCode {
 
                     var varValue = _.sample(KEYWORDS);
 
+                    var selected = node.body.slice(pos, pos + len);
+                    if (selected.some(containsLexicalDeclaration)) {
+                        continue;
+                    }
+
                     var spliced = node.body.splice(pos, len);
                     node.body.splice(pos, 0,
                         {

package/processors/flattener.js

@@ -173,7 +173,7 @@ module.exports = class Flattener {
                             expression: {
                                 type: "AssignmentExpression",
                                 operator: "=",
-                                left: { type: "Identifier", name: "veilmark$tobethrown" },
+                                left: { type: "Identifier", name: "toildefender$tobethrown" },
                                 right: { type: "Literal", value: null }
                             }
                         },
@@ -229,7 +229,7 @@ module.exports = class Flattener {
                             declarations: [
                                 {
                                     type: "VariableDeclarator",
-                                    id: { type: "Identifier", name: "veilmark$tobethrown" },
+                                    id: { type: "Identifier", name: "toildefender$tobethrown" },
                                     init: null
                                 }
                             ]
@@ -742,7 +742,7 @@ module.exports = class Flattener {
                             expression: {
                                 type: "AssignmentExpression",
                                 operator: "=",
-                                left: node.handler.veilmark$exception,
+                                left: node.handler.toildefender$exception,
                                 right: { type: "Identifier", name: "e" }
                             }
                         },
@@ -777,16 +777,81 @@ module.exports = class Flattener {
      * @returns {Node}
      */
     unifyPrefixStatements (ast) {
+        var scopeObjects = new Map();
         var maximumScopeIndex = 0;
+
+        function scopeNameFromReference(node) {
+            if (
+                node &&
+                node.type == "MemberExpression" &&
+                node.object &&
+                node.object.type == "Identifier" &&
+                _.startsWith(node.object.name, "$$scope") &&
+                node.property &&
+                node.property.type == "Literal" &&
+                typeof node.property.value == "number"
+            ) {
+                return node.object.name;
+            }
+            return null;
+        }
+
+        function ensureScopeObject(name) {
+            if (!scopeObjects.has(name)) {
+                scopeObjects.set(name, {
+                    max: -1,
+                    offset: 0
+                });
+            }
+            return scopeObjects.get(name);
+        }
+
+        traverser.traverse(ast, [], (node, stack) => {
+            if (node.toildefender$scopeObject) {
+                var declaration = node.declarations && node.declarations[0];
+                if (declaration && declaration.id && declaration.id.type == "Identifier") {
+                    ensureScopeObject(declaration.id.name);
+                }
+            } else if (node.toildefender$scopeObjectReference) {
+                var name = scopeNameFromReference(node);
+                if (name) {
+                    var info = ensureScopeObject(name);
+                    info.max = Math.max(info.max, node.property.value);
+                }
+            }
+            return node;
+        });
+
+        if (scopeObjects.size > 1) {
+            return ast;
+        }
+
+        var nextScopeOffset = 0;
+        scopeObjects.forEach(info => {
+            info.offset = nextScopeOffset;
+            nextScopeOffset += info.max + 1;
+        });
         
         ast = traverser.traverse(ast, [], (node, stack) => {
-            if (node.veilmark$reassigningArguments && !node.veilmark$followsSlicingArguments) {
+            if (node.toildefender$reassigningArguments && !node.toildefender$followsSlicingArguments) {
                 node = { type: "EmptyStatement" };
-            } else if (node.veilmark$scopeObject) {
+            } else if (node.toildefender$scopeObject) {
                 node = { type: "EmptyStatement" };
-            } else if (node.veilmark$scopeObjectReference) {
-                maximumScopeIndex = Math.max(maximumScopeIndex, node.property.value);
+            } else if (node.toildefender$scopeObjectReference) {
+                var name = scopeNameFromReference(node);
+                var info = name ? scopeObjects.get(name) : null;
+                if (info) {
+                    node.property.value += info.offset;
+                    maximumScopeIndex = Math.max(maximumScopeIndex, node.property.value);
+                }
+                if (node.object && node.object.type == "Identifier") {
+                    node.object.name = "$$unifiedScope";
+                }
             } else if (node.type == "Identifier" && _.startsWith(node.name, "$$scope")) {
+                var parent = stack[1] && stack[1].node;
+                if (parent && parent.toildefender$scopeObjectReference) {
+                    return node;
+                }
                 node.name = "$$unifiedScope";
             }
             return node;
@@ -819,7 +884,7 @@ module.exports = class Flattener {
                 declarations: [
                     {
                         type: "VariableDeclarator",
-                        id: { type: "Identifier", name: "veilmark$arguments" },
+                        id: { type: "Identifier", name: "toildefender$arguments" },
                         init: { type: "Identifier", name: "arguments" }
                     }
                 ]

package/processors/identifiers.js

@@ -33,6 +33,17 @@ function isBigIntLiteral(node) {
     return node.type == "Literal" && typeof node.value == "bigint";
 }
 
+function canMoveLiteral(node) {
+    if (node.type != "Literal" || isBigIntLiteral(node) || node.regex) {
+        return false;
+    }
+    return typeof node.value == "string";
+}
+
+function isNumericVmInternalFunction(stack) {
+    return stack.some(frame => frame.node && frame.node.toildefender$numericVmInternal === true);
+}
+
 module.exports = class Identifiers {
 
     constructor (logger) {
@@ -65,6 +76,9 @@ module.exports = class Identifiers {
         assert.ok(estest.isNode(ast));
         
         ast = traverser.traverse(ast, [], (node, stack) => {
+            if (isNumericVmInternalFunction(stack)) {
+                return node;
+            }
             if (node.type == "MemberExpression"
                 && !node.computed) {
                 assert(node.property.type == "Identifier");
@@ -79,7 +93,7 @@ module.exports = class Identifiers {
     }
     
     /**
-     * Replace objects with an array via veilmark$toObject.
+     * Replace objects with an array via toildefender$toObject.
      * @param {Node} ast Root node
      * @returns {Node} Root node
      */
@@ -88,6 +102,9 @@ module.exports = class Identifiers {
         options = options || {};
 
         ast = traverser.traverse(ast, [], (node, stack) => {
+            if (isNumericVmInternalFunction(stack)) {
+                return node;
+            }
             if (node.type == "ObjectExpression") {
                 if (options.objectPacking === false) {
                     return node;
@@ -108,7 +125,7 @@ module.exports = class Identifiers {
 
                 return {
                     type: "CallExpression",
-                    callee: { type: "Identifier", name: "veilmark$toObject"  },
+                    callee: { type: "Identifier", name: "toildefender$toObject"  },
                     arguments: [
                         literal(String(utils.hash(schema.join(",")))),
                         {
@@ -198,7 +215,7 @@ module.exports = class Identifiers {
     }
     
     /**
-     * Move all literals into the veilmark$literals array.
+     * Move all literals into the toildefender$literals array.
      * @param {Node} ast Root node
      * @param {ScopeManager} scopeManager Scope manager
      * @returns {Node} Root node
@@ -211,7 +228,10 @@ module.exports = class Identifiers {
         var vars = [];
         
         ast = traverser.traverse(ast, [], (node, stack) => {
-            if (node.type == "Literal" && !isBigIntLiteral(node) && stack.length > 0 && stack[1].node.type != "Property") {
+            if (isNumericVmInternalFunction(stack)) {
+                return node;
+            }
+            if (canMoveLiteral(node) && stack.length > 0 && stack[1].node.type != "Property") {
                 var idx = vars.indexOf(node.value);
                 if (idx == -1) {
                     idx = vars.length;
@@ -220,7 +240,7 @@ module.exports = class Identifiers {
                 
                 return {
                     type: "MemberExpression",
-                    object: { type: "Identifier", name: "veilmark$literals" },
+                    object: { type: "Identifier", name: "toildefender$literals" },
                     property: { type: "Literal", value: idx },
                     computed: true
                 };
@@ -235,7 +255,7 @@ module.exports = class Identifiers {
             declarations: [
                 {
                     type: "VariableDeclarator",
-                    id: { type: "Identifier", name: "veilmark$literals" },
+                    id: { type: "Identifier", name: "toildefender$literals" },
                     init: {
                         type: "ArrayExpression",
                         elements: vars.map(x => ({ type: "Literal", value: x }))

package/processors/literals.js

@@ -147,11 +147,79 @@ function makeStringByteArrayCall(str) {
     
     return {
         type: "CallExpression",
-        callee: { type: "Identifier", name: "veilmark$fromCharCodes" },
+        callee: { type: "Identifier", name: "toildefender$fromCharCodes" },
         arguments: str.split("").map(x => ({ type: "Literal", value: x.charCodeAt() }))
     };
 }
 
+function isUnencodedPropertyKey(stack) {
+    var parentFrame = stack[1];
+    if (!parentFrame || parentFrame.node.type != "Property") {
+        return false;
+    }
+    return parentFrame.key == "key" && parentFrame.node.computed !== true;
+}
+
+function isNumericVmInternalFunction(stack) {
+    return stack.some(frame => frame.node && frame.node.toildefender$numericVmInternal === true);
+}
+
+function makeStringExpression(str) {
+    if (str.length == 0) {
+        return { type: "Literal", value: "" };
+    }
+    return makeStringGenerator(str);
+}
+
+function makeStringCallExpression(expr) {
+    return {
+        type: "CallExpression",
+        callee: { type: "Identifier", name: "String" },
+        arguments: [expr]
+    };
+}
+
+function concatExpressions(left, right) {
+    return {
+        type: "BinaryExpression",
+        operator: "+",
+        left: left,
+        right: right
+    };
+}
+
+function makeTemplateExpression(node) {
+    assert.equal(node.type, "TemplateLiteral");
+
+    var expression;
+    for (var i = 0; i < node.quasis.length; i += 1) {
+        var quasi = node.quasis[i];
+        var cooked = quasi.value && typeof quasi.value.cooked == "string" ? quasi.value.cooked : "";
+        var quasiExpression = makeStringExpression(cooked);
+        expression = expression ? concatExpressions(expression, quasiExpression) : quasiExpression;
+
+        if (i < node.expressions.length) {
+            expression = concatExpressions(expression, makeStringCallExpression(node.expressions[i]));
+        }
+    }
+
+    return expression || { type: "Literal", value: "" };
+}
+
+function makeRegexExpression(node) {
+    assert.equal(node.type, "Literal");
+    assert.ok(node.regex);
+
+    return {
+        type: "NewExpression",
+        callee: { type: "Identifier", name: "RegExp" },
+        arguments: [
+            makeStringExpression(node.regex.pattern || ""),
+            makeStringExpression(node.regex.flags || "")
+        ]
+    };
+}
+
 module.exports = class Literals {
 
     constructor (logger) {
@@ -172,6 +240,9 @@ module.exports = class Literals {
         var stringMap = {};
         
         ast = traverser.traverse(ast, [], (node, stack) => {
+            if (isNumericVmInternalFunction(stack)) {
+                return node;
+            }
             if (node.type == "Literal" && typeof node.value == "string") {
                 var idx = stringMap["_" + node.value];
                 if (!idx) {
@@ -217,10 +288,19 @@ module.exports = class Literals {
         assert.ok(estest.isNode(ast));
         
         ast = traverser.traverse(ast, [], (node, stack) => {
+            if (isNumericVmInternalFunction(stack)) {
+                return node;
+            }
+            if (node.type == "TemplateLiteral") {
+                return makeTemplateExpression(node);
+            }
+            if (node.type == "Literal" && node.regex) {
+                return makeRegexExpression(node);
+            }
             if (node.type == "Literal"
                 && typeof node.value == "string"
                 && stack.length > 1
-                && stack[1].node.type != "Property") {
+                && !isUnencodedPropertyKey(stack)) {
                 return makeStringGenerator(node.value);
             }