js-confuser-vm 0.0.1 → 0.0.3

package/dist/runtimeObf.js

@@ -0,0 +1,56 @@
+import { generate } from "@babel/generator";
+import { parse } from "@babel/parser";
+import traverseImport from "@babel/traverse";
+import { ok } from "assert";
+import { shuffle } from "./random.js";
+import { minify } from "./minify.js";
+const traverse = traverseImport.default || traverseImport;
+export async function obfuscateRuntime(runtime, options) {
+  let ast;
+  try {
+    ast = parse(runtime, {
+      sourceType: "unambiguous"
+    });
+  } catch (error) {
+    throw new Error("VM-Runtime final parsing failed", {
+      cause: error
+    });
+  }
+
+  // shuffle order of opcode handlers
+
+  if (options.shuffleOpcodes) {
+    let switchStatement = null;
+    traverse(ast, {
+      SwitchStatement(path) {
+        if (path.node.leadingComments?.some(comment => comment.value.includes("@SWITCH"))) {
+          switchStatement = path.node;
+          path.stop();
+        }
+      }
+    });
+    ok(switchStatement, "Could not find opcode handlers switch statement");
+
+    // simply shuffle the order of the cases
+
+    switchStatement.cases = shuffle(switchStatement.cases);
+  }
+  let generated;
+  try {
+    generated = generate(ast).code;
+  } catch (error) {
+    throw new Error("VM-Runtime final generation failed", {
+      cause: error
+    });
+  }
+  if (options.minify) {
+    try {
+      generated = await minify(generated);
+    } catch (error) {
+      throw new Error("VM-Runtime final minification failed", {
+        cause: error
+      });
+    }
+  }
+  return generated;
+}

package/dist/transforms/controlFlowFlattening.js

@@ -0,0 +1,22 @@
+/**
+ * Breaks functions into DAGs (Directed Acyclic Graphs)
+ *
+ * - 1. Break bytecode into chunks
+ * - 2. Shuffle chunks but remember their original position
+ * - 3. Create an effectively Switch statement inside a While loop, each case is a chunk, and the while loops exits on the last transition.
+ *
+ * The Switch statement:
+ *
+ * - 1. The state variable controls which case will run next
+ * - 2. At the end of each case, the state variable is updated to the next block of code.
+ * - 3. The while loop continues until the the state variable is the end state.
+ */
+export async function controlFlowFlattening(bytecode) {
+  // break bytecode into basic blocks
+  // 1. read bytecode and track the current label from the IR-instruction "defineLabel"
+  // 2. track any potential jumps inside this block using the IR-instruction operand "label"
+  // at this stage in the passing process, may still use these IR-instruction labels for jumps, meaning no effort is required to maintain absolute PCs
+  // create a bare CFF implementation of a simple switch dispatch loop effectively
+  // This CFF implementation should only apply to "easy jumps" such as conditional jump (if-statement)
+  // the complex and specific jumps for for..in shouldn't get flattened
+}

package/dist/transforms/resolveContants.js

@@ -0,0 +1,33 @@
+import { SOURCE_NODE_SYM } from "../compiler.js";
+
+// Resolve all {type:"constant", value} operands to integer indices into the
+// constants pool.  Returns both the resolved bytecode and the constants array
+// so the Serializer can use it for comment generation and output.
+export function resolveConstants(bc) {
+  const constants = [];
+  const constantsMap = new Map();
+  function intern(value) {
+    let idx = constantsMap.get(value);
+    if (typeof idx !== "number") {
+      idx = constants.length;
+      constantsMap.set(value, idx);
+      constants.push(value);
+    }
+    return idx;
+  }
+  const resolved = [];
+  for (const instr of bc) {
+    const [op, operand] = instr;
+    if (operand !== undefined && operand !== null && typeof operand === "object" && operand.type === "constant") {
+      const newInstr = [op, intern(operand.value)];
+      newInstr[SOURCE_NODE_SYM] = instr[SOURCE_NODE_SYM];
+      resolved.push(newInstr);
+    } else {
+      resolved.push(instr);
+    }
+  }
+  return {
+    bytecode: resolved,
+    constants
+  };
+}

package/dist/transforms/resolveLabels.js

@@ -0,0 +1,59 @@
+// --- Label IR ---
+// During compilation, jump targets are symbolic labels instead of hard-coded
+// PC numbers.  Two IR "pseudo operands" carry the label information:
+//
+//   defineLabel operand  : [null, {type:"defineLabel", label:"FN_ENTRY_1"}]
+//     Marks a position in the bytecode array.
+//     resolveLabels() strips these out entirely.
+//
+//   label ref operand      : [OP.JUMP, {type:"label", label:"FN_ENTRY_1"}]
+//     Used as the operand of any jump instruction. resolveLabels() replaces
+//     it with the integer PC that the corresponding defineLabel resolves to.
+
+// Resolve symbolic labels to absolute PC indices within a bytecode array.
+// defineLabel pseudo-instructions are stripped; label-ref operands become ints.
+// Mutates `bc` in place so callers holding a reference see the resolved result.
+export function resolveLabels(bc, compiler) {
+  // Pass 1 – walk the array and record each label's real PC, counting only
+  // real instructions (defineLabel pseudo-ops don't occupy a PC slot).
+  const labelToPc = new Map();
+  let realPc = 0;
+  for (const instr of bc) {
+    const op = instr[0];
+    const operand = instr[1];
+    if (op === null && operand !== null && typeof operand === "object" && operand.type === "defineLabel") {
+      labelToPc.set(operand.label, realPc);
+    } else {
+      realPc++;
+    }
+  }
+
+  // Pass 2 – build the resolved instruction list.
+  const resolved = [];
+  for (const instr of bc) {
+    const op = instr[0];
+    const operand = instr[1];
+
+    // Strip defineLabel pseudo-ops.
+    if (op === null && typeof operand === "object" && operand?.type === "defineLabel") {
+      continue;
+    }
+
+    // Replace label-ref operands with integer PCs.
+    if (operand !== undefined && operand !== null && typeof operand === "object" && operand.type === "label") {
+      const pc = labelToPc.get(operand.label);
+      if (pc === undefined) throw new Error(`Undefined label: ${operand.label}`);
+      resolved.push([op, pc + (operand.offset ?? 0)]);
+    } else {
+      resolved.push(instr);
+    }
+  }
+
+  // Patch each function descriptor's startPc now that labels are resolved.
+  for (const desc of compiler.fnDescriptors) {
+    desc.startPc = labelToPc.get(desc.startLabel);
+  }
+  return {
+    bytecode: resolved
+  };
+}

package/dist/transforms/selfModifying.js

@@ -0,0 +1,107 @@
+export function selfModifying(bc, compiler) {
+  // Walk the bytecode looking for "defineLabel" pseudo-ops, which start basic
+  // blocks. For each block we collect the body (instructions between the label
+  // and the next label/jump terminator), move it to the end of the bytecode
+  // under a fresh "patch_LXX" label, and replace it in-place with:
+  //
+  //   defineLabel ("originalLabel")         ← kept as-is (pseudo-op)
+  //   LOAD_INT  { label: patch_LXX, offset: N }   ← push slice-end PC
+  //   LOAD_INT  { label: patch_LXX }               ← push slice-start PC
+  //   PATCH     { label: originalLabel, offset: 3 } ← destPc = L+3
+  //   LOAD_INT 0  × N                              ← N placeholder instructions
+  //
+  // PATCH pops (start, end) from the stack and copies bytecode[start..end) to
+  // bytecode[destPc..]. Since destPc = L+3 = first placeholder, the body is
+  // written exactly over the placeholder region on the first call.  Subsequent
+  // calls are idempotent (same bytes written again).  Execution falls through
+  // from PATCH into the freshly-patched body at L+3, then continues naturally
+  // to whatever terminator (JUMP/RETURN) follows at L+3+N.
+
+  const {
+    OP,
+    JUMP_OPS
+  } = compiler;
+  const result = [];
+  const appended = [];
+  let patchCount = 0;
+  let i = 0;
+  while (i < bc.length) {
+    const instr = bc[i];
+    const [op, operand] = instr;
+
+    // Detect a defineLabel pseudo-op — start of a new basic block.
+    if (op === null && operand !== null && typeof operand === "object" && operand.type === "defineLabel") {
+      const originalLabel = operand.label;
+      result.push(instr); // keep the defineLabel marker
+      i++;
+
+      // Collect body: everything after the label until the next terminator.
+      let j = i;
+      while (j < bc.length) {
+        const [nextOp, nextOperand] = bc[j];
+
+        // Another defineLabel = boundary of the next block.
+        if (nextOp === null && typeof nextOperand === "object" && nextOperand?.type === "defineLabel") {
+          break;
+        }
+
+        // Jump instructions, RETURN, and DATA (function header words) all
+        // terminate the body without being included in it.
+        if (nextOp !== null && (JUMP_OPS.has(nextOp) || nextOp === OP.RETURN || nextOp === OP.DATA)) {
+          break;
+        }
+        j++;
+      }
+      const body = bc.slice(i, j);
+      const N = body.length;
+      if (N === 0) {
+        // Nothing to transform — label is immediately followed by a terminator.
+        continue;
+      }
+      const patchLabel = `patch_${originalLabel}_${patchCount++}`;
+
+      // ── Stub (3 real instructions) ──────────────────────────────────────
+      // LOAD_INT pushes the end-index of the body slice (patchLabel_pc + N).
+      // LOAD_INT pushes the start-index (patchLabel_pc).
+      // Stack before PATCH: [end (bottom), start (top)].
+      // PATCH: slice(pop()=start, pop()=end) copies the body to destPc = L+3.
+      result.push([OP.LOAD_INT, {
+        type: "label",
+        label: patchLabel,
+        offset: N
+      }]);
+      result.push([OP.LOAD_INT, {
+        type: "label",
+        label: patchLabel
+      }]);
+      result.push([OP.PATCH, {
+        type: "label",
+        label: originalLabel,
+        offset: 3
+      }]);
+
+      // ── Placeholders (N instructions) ───────────────────────────────────
+      // These are overwritten by PATCH on the first execution.  They never
+      // execute as LOAD_INT 0 in a correct run.
+      for (let p = 0; p < N; p++) {
+        result.push([OP.LOAD_INT, 0]);
+      }
+
+      // ── Append real body at end ─────────────────────────────────────────
+      appended.push([null, {
+        type: "defineLabel",
+        label: patchLabel
+      }]);
+      for (const bodyInstr of body) {
+        appended.push(bodyInstr);
+      }
+      i = j; // skip over the original body in the input array
+      continue;
+    }
+    result.push(instr);
+    i++;
+  }
+  return {
+    bytecode: [...result, ...appended]
+  };
+}

package/dist/types.js

@@ -0,0 +1,13 @@
+// Bytecode supports both real instructions and IR pseudo-instructions
+// Real instruction: [OP.ADD, 5]
+// IR instruction: [null, { type: "defineLabel", label: "FN_ENTRY_1" }]
+
+// IR instructions are used to hold symbolic information during compilation
+// All "null" instructions are dropped before assembly time
+
+export function constantOperand(value) {
+  return {
+    type: "constant",
+    value: value
+  };
+}

package/dist/utilts.js

@@ -0,0 +1,3 @@
+export function escapeRegex(s) {
+  return s.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}

package/index.ts

@@ -1,17 +1,22 @@
-import { virtualize } from "./src/index.js";
+import JsConfuserVM from "./src/index.ts";
 import { readFileSync, writeFileSync } from "fs";
 
-// Compile and write the output to a file
-const sourceCode = readFileSync("input.js", "utf-8");
-const { code: output } = virtualize(sourceCode);
+async function main() {
+  // Compile and write the output to a file
+  const sourceCode = readFileSync("input.js", "utf-8");
+  const { code: output } = await JsConfuserVM.obfuscate(sourceCode, {
+    selfModifying: true,
+  });
 
-writeFileSync("output.js", output, "utf-8");
-console.log(output);
+  writeFileSync("output.js", output, "utf-8");
 
-// Eval the code like our test suite does
-var window = { TEST_OUTPUT: null };
-eval(output);
-console.log(window.TEST_OUTPUT);
+  // Eval the code like our test suite does
+  var window = { TEST_OUTPUT: null };
+  eval(output);
+  console.log(window.TEST_OUTPUT);
 
-// Minify using Google Closure Compiler (optional)
-import("./minify.js");
+  // Minify using Google Closure Compiler (optional)
+  // import("./minify.js");
+}
+
+main();

package/jest.config.js

@@ -1,7 +1,28 @@
-export default {
-  extensionsToTreatAsEsm: [".ts"],
-  moduleFileExtensions: ["ts", "js", "json"],
-  transform: {
-    "\\.ts$": "./jest-strip-types.js",
+const OPTIONS_MATRIX = [
+  { displayName: "default", VM_OPTIONS: {} },
+  { displayName: "randomizeOpcodes", VM_OPTIONS: { randomizeOpcodes: true } },
+  { displayName: "shuffleOpcodes", VM_OPTIONS: { shuffleOpcodes: true } },
+  { displayName: "encodeBytecode", VM_OPTIONS: { encodeBytecode: true } },
+  { displayName: "selfModifying", VM_OPTIONS: { selfModifying: true } },
+  { displayName: "timingChecks", VM_OPTIONS: { timingChecks: true } },
+  {
+    displayName: "all",
+    VM_OPTIONS: {
+      randomizeOpcodes: true,
+      shuffleOpcodes: true,
+      encodeBytecode: true,
+      selfModifying: true,
+      timingChecks: true,
+    },
   },
+];
+
+export default {
+  projects: OPTIONS_MATRIX.map(({ displayName, VM_OPTIONS }) => ({
+    displayName,
+    extensionsToTreatAsEsm: [".ts"],
+    moduleFileExtensions: ["ts", "js", "json"],
+    transform: { "\\.ts$": "./jest-strip-types.js" },
+    globals: { VM_OPTIONS },
+  })),
 };

package/package.json

@@ -1,12 +1,14 @@
 {
   "name": "js-confuser-vm",
-  "version": "0.0.1",
-  "main": "src/index.ts",
+  "version": "0.0.3",
+  "main": "dist/index.js",
   "scripts": {
+    "build": "babel src --out-dir dist --extensions '.ts,.js'",
     "index": "NODE_OPTIONS=\"--disable-warning=ExperimentalWarning\" node index.ts",
-    "test": "NODE_OPTIONS=\"--experimental-vm-modules --experimental-strip-types --disable-warning=ExperimentalWarning\" jest --coverage --coverageReporters=html",
+    "test": "NODE_OPTIONS=\"--experimental-vm-modules --experimental-strip-types --disable-warning=ExperimentalWarning\" jest --coverage --coverageReporters=html --selectProjects default",
+    "test-all": "NODE_OPTIONS=\"--experimental-vm-modules --experimental-strip-types --disable-warning=ExperimentalWarning\" jest --coverage --coverageReporters=html",
     "test262": "NODE_OPTIONS=\"--experimental-vm-modules --experimental-strip-types --disable-warning=ExperimentalWarning\" node test262-scripts/run-test262.ts",
-    "prepublishOnly": "npm run test"
+    "prepublishOnly": "npm run build && npm run test"
   },
   "type": "module",
   "keywords": [
@@ -28,14 +30,19 @@
     "@babel/traverse": "^7.29.0",
     "@babel/types": "^7.29.0",
     "google-closure-compiler": "^20260216.0.0",
-    "js-confuser": "^2.0.0",
     "json5": "^2.2.3"
   },
   "devDependencies": {
+    "@babel/cli": "^7.28.6",
+    "@babel/core": "^7.29.0",
+    "@babel/preset-env": "^7.29.0",
+    "@babel/preset-typescript": "^7.28.5",
     "@types/node": "^25.3.0",
+    "babel-plugin-module-resolver": "^5.0.2",
+    "babel-plugin-replace-import-extension": "^1.1.5",
     "jest": "^30.2.0"
   },
   "engines": {
-    "node": ">=24.0.0"
+    "node": ">=18.0.0"
   }
 }