js-confuser-vm 0.0.5 → 0.0.6

package/dist/transforms/runtime/specializedOpcodes.js

@@ -19,20 +19,28 @@ function extractCaseBody(switchCase) {
 // Because specialized opcodes are only created for instructions that have
 // *exactly one* numeric operand, every `_operand()` call inside the original
 // handler is replaced by the constant value that was baked into the opcode.
-function inlineFixedOperand(bodyStmts, resolvedValue) {
+function inlineFixedOperands(bodyStmts, resolvedValues) {
   // Wrap the statements in a temporary BlockStatement so traverse has a root.
   // The replacement mutates the original statement objects in place.
+  var replaced = 0;
   traverse(t.blockStatement(bodyStmts), {
     noScope: true,
     CallExpression(path) {
       const callee = path.node.callee;
-      if (t.isMemberExpression(callee) && t.isThisExpression(callee.object) && t.isIdentifier(callee.property, {
-        name: "_operand"
-      }) && path.node.arguments.length === 0) {
-        path.replaceWith(t.numericLiteral(resolvedValue));
+      const isMethodCall = methodName => {
+        return t.isMemberExpression(callee) && t.isThisExpression(callee.object) && t.isIdentifier(callee.property, {
+          name: methodName
+        }) && path.node.arguments.length === 0;
+      };
+      if (isMethodCall("_operand")) {
+        path.replaceWith(t.numericLiteral(resolvedValues[replaced++]));
+      }
+      if (isMethodCall("_constant")) {
+        path.node.arguments = [t.numericLiteral(resolvedValues[replaced++]), t.numericLiteral(resolvedValues[replaced++])];
       }
     }
   });
+  ok(replaced === resolvedValues.length, `Expected to replace ${resolvedValues.length} operands, but replaced ${replaced}`);
 }
 
 // Append a generated switch case for every entry in compiler.SPECIALIZED_OPS.
@@ -67,7 +75,7 @@ export function applySpecializedOpcodes(ast, bytecode, compiler) {
     const specialOpCode = Number(specialOpStr);
     const {
       originalOp,
-      operand
+      operands
     } = info;
     const newName = compiler.OP_NAME[specialOpCode];
     const originalName = compiler.OP_NAME[originalOp];
@@ -77,18 +85,15 @@ export function applySpecializedOpcodes(ast, bytecode, compiler) {
 
     // Clone the original handler body
     const bodyStmts = extractCaseBody(originalCase).map(s => t.cloneNode(s, true));
-    const placedOperand = info.resolvedOperand || {
-      resolvedValue: 1337
-    };
-    ok(placedOperand !== undefined, `Could not find operand for original opcode ${newName}`);
-    const resolvedValue = placedOperand?.resolvedValue ?? placedOperand;
-    if (typeof resolvedValue !== "number") {
-      console.error(resolvedValue);
-    }
-    ok(typeof resolvedValue === "number", "Expected a numeric operand value");
+    const placedOperands = info.resolvedOperands;
+    ok(placedOperands, `Could not find operand for original opcode ${newName}`);
+    const resolvedValues = placedOperands.map(placedOperand => {
+      return placedOperand?.resolvedValue ?? placedOperand;
+    });
+    ok(!resolvedValues.find(v => typeof v !== "number"), "Expected a numeric operand value");
 
     // Replace this._operand() with the baked-in constant
-    inlineFixedOperand(bodyStmts, resolvedValue);
+    inlineFixedOperands(bodyStmts, resolvedValues);
 
     // Add a leading comment so the generated source stays readable
     if (bodyStmts.length > 0) {

package/dist/utils/op-utils.js

@@ -0,0 +1,29 @@
+import { getRandomInt } from "./random-utils.js";
+export const U16_MAX = 0xffff; // bytecode operands are u16
+
+/** Returns the next free opcode slot, or -1 when the space is exhausted. */
+export function nextFreeSlot(usedOpcodes) {
+  if (usedOpcodes.size > U16_MAX) return -1;
+  let attempts = 0;
+  while (attempts++ < 512) {
+    const candidate = getRandomInt(0, U16_MAX);
+    if (!usedOpcodes.has(candidate)) {
+      usedOpcodes.add(candidate);
+      return candidate;
+    }
+  }
+  // Fallback: linear scan from a random start
+  const start = getRandomInt(0, U16_MAX);
+  for (let i = 0; i <= U16_MAX; i++) {
+    const v = start + i & U16_MAX;
+    if (!usedOpcodes.has(v)) {
+      usedOpcodes.add(v);
+      return v;
+    }
+  }
+  return -1;
+}
+export function getInstructionSize(instr) {
+  const size = instr.filter(op => op?.placeholder !== true).length;
+  return size;
+}

package/dist/utils/random-utils.js

@@ -0,0 +1,27 @@
+import { ok } from "assert";
+export function getPlaceholder() {
+  return Math.random().toString(36).substring(2, 15);
+}
+export function choice(elements) {
+  ok(elements.length > 0, "choice() called on empty sequence");
+  return elements[Math.floor(Math.random() * elements.length)];
+}
+export function getRandom() {
+  return Math.random();
+}
+export function getRandomInt(min, max) {
+  ok(min <= max, "min must be <= max");
+  return Math.floor(Math.random() * (max - min + 1)) + min;
+}
+
+/**
+ * Shuffles an array in-place using the Fisher-Yates algorithm.
+ * @param array - The array to shuffle (mutated)
+ */
+export function shuffle(array) {
+  for (let i = array.length - 1; i > 0; i--) {
+    const j = Math.floor(Math.random() * (i + 1));
+    [array[i], array[j]] = [array[j], array[i]];
+  }
+  return array;
+}

package/index.ts

@@ -9,14 +9,16 @@ async function main() {
 
   const { code: output } = await JsConfuserVM.obfuscate(sourceCode, {
     target: "browser", // or "node"
-    // randomizeOpcodes: true, // randomize the opcode numbers?
-    // shuffleOpcodes: true, // shuffle order of opcode handlers in the runtime?
-    // encodeBytecode: true, // encode bytecode? when off, comments for instructions are added
-    // selfModifying: true, // do self-modifying bytecode for function bodies?
-    // macroOpcodes: true, // create combined opcodes for repeated instruction sequences?
-    // specializedOpcodes: true, // create specialized opcodes for commonly used opcode+operand pairs?
-    // timingChecks: true, // add timing checks to detect debuggers?
-    // minify: true, // pass final output through Google Closure Compiler? (
+    randomizeOpcodes: true, // randomize the opcode numbers?
+    shuffleOpcodes: true, // shuffle order of opcode handlers in the runtime?
+    encodeBytecode: true, // encode bytecode? when off, comments for instructions are added
+    selfModifying: true, // do self-modifying bytecode for function bodies?
+    macroOpcodes: true, // create combined opcodes for repeated instruction sequences?
+    specializedOpcodes: true, // create specialized opcodes for commonly used opcode+operand pairs?
+    aliasedOpcodes: true, // create duplicate opcodes for commonly used opcodes?
+    timingChecks: true, // add timing checks to detect debuggers?
+    minify: true, // pass final output through Google Closure Compiler? (Renames VM class properties)
+    concealConstants: true,
   });
 
   writeFileSync("output.original.js", orginalOutput, "utf-8");

package/jest.config.js

@@ -10,6 +10,14 @@ const OPTIONS_MATRIX = [
     displayName: "specializedOpcodes",
     VM_OPTIONS: { specializedOpcodes: true },
   },
+  {
+    displayName: "aliasedOpcodes",
+    VM_OPTIONS: { aliasedOpcodes: true },
+  },
+  {
+    displayName: "concealConstants",
+    VM_OPTIONS: { concealConstants: true },
+  },
   {
     displayName: "all",
     VM_OPTIONS: {
@@ -20,6 +28,8 @@ const OPTIONS_MATRIX = [
       timingChecks: true,
       macroOpcodes: true,
       specializedOpcodes: true,
+      aliasedOpcodes: true,
+      concealConstants: true,
     },
   },
 ];

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "js-confuser-vm",
-  "version": "0.0.5",
+  "version": "0.0.6",
   "main": "dist/index.js",
   "scripts": {
     "build": "babel src --out-dir dist --extensions \".ts,.js\"",

package/src/build-runtime.ts

@@ -7,6 +7,7 @@ import { applyShuffleOpcodes } from "./transforms/runtime/shuffleOpcodes.ts";
 import { applyMinify } from "./transforms/runtime/minify.ts";
 import { Compiler } from "./compiler.ts";
 import { applySpecializedOpcodes } from "./transforms/runtime/specializedOpcodes.ts";
+import { applyAliasedOpcodes } from "./transforms/runtime/aliasedOpcodes.ts";
 import type * as b from "./types.ts";
 
 export async function obfuscateRuntime(
@@ -22,7 +23,7 @@ export async function obfuscateRuntime(
     throw new Error("VM-Runtime final parsing failed", { cause: error });
   }
 
-  // Macro opcode cases must be applied BEFORE shuffleOpcodes
+  // Specialized opcode cases must be applied BEFORE shuffleOpcodes
   if (options.specializedOpcodes) {
     applySpecializedOpcodes(ast, bytecode, compiler);
   }
@@ -32,6 +33,11 @@ export async function obfuscateRuntime(
     applyMacroOpcodes(ast, compiler);
   }
 
+  // Aliased opcode cases must be applied BEFORE shuffleOpcodes
+  if (options.aliasedOpcodes) {
+    applyAliasedOpcodes(ast, compiler);
+  }
+
   // Shuffle opcode handle order
   if (options.shuffleOpcodes) {
     applyShuffleOpcodes(ast);