js-confuser 1.5.6 → 1.5.7

package/CHANGELOG.md

@@ -1,3 +1,17 @@
+# `1.5.7`
+Countermeasures function fixes
+
+This update focuses on fixing Countermeasures bugs
+
+The `countermeasures` is custom callback function to invoke when a lock is triggered.
+
+- Fixed [#66](https://github.com/MichaelXF/js-confuser/issues/66)
+- - RGF to properly handle the countermeasures function
+
+- Added additional code to prevent an infinite loop from occurring
+
+- Slight improvements to RGF
+
 # `1.5.6`
 Website changed and RGF fixes
 

package/dist/transforms/lock/integrity.js

@@ -148,7 +148,7 @@ class Integrity extends _transform.default {
     }
 
     return () => {
-      object.__hiddenCountermeasures = this.lock.getCounterMeasuresCode();
+      object.__hiddenCountermeasures = this.lock.getCounterMeasuresCode(object, parents);
 
       object.$eval = () => {
         var functionName = this.generateIdentifier();
@@ -178,7 +178,11 @@ class Integrity extends _transform.default {
           ifStatement.alternate = (0, _gen.BlockStatement)(object.__hiddenCountermeasures);
         }
 
-        object.body = (0, _gen.BlockStatement)([functionDeclaration, (0, _gen.VariableDeclaration)((0, _gen.VariableDeclarator)(hashName, (0, _gen.CallExpression)((0, _insert.clone)(this.hashFn), [(0, _gen.CallExpression)((0, _insert.clone)(this.stringFn), [(0, _gen.Identifier)(functionName)]), (0, _gen.Literal)(this.seed)]))), ifStatement]);
+        object.body = (0, _gen.BlockStatement)([functionDeclaration, (0, _gen.VariableDeclaration)((0, _gen.VariableDeclarator)(hashName, (0, _gen.CallExpression)((0, _insert.clone)(this.hashFn), [(0, _gen.CallExpression)((0, _insert.clone)(this.stringFn), [(0, _gen.Identifier)(functionName)]), (0, _gen.Literal)(this.seed)]))), ifStatement]); // Make sure the countermeasures activation variable is present
+
+        if (this.lock.counterMeasuresActivated) {
+          object.body.body.unshift((0, _gen.VariableDeclaration)((0, _gen.VariableDeclarator)(this.lock.counterMeasuresActivated)));
+        }
 
         if (object.type == "ArrowFunctionExpression") {
           object.type = "FunctionExpression";

package/dist/transforms/lock/lock.js

@@ -43,6 +43,10 @@ function _defineProperty(obj, key, value) { if (key in obj) { Object.definePrope
  * Applies browser & date locks.
  */
 class Lock extends _transform.default {
+  /**
+   * This is a boolean variable injected into the source code determining wether the countermeasures function has been called.
+   * This is used to prevent infinite loops from happening
+   */
   constructor(o) {
     super(o, _order.ObfuscateOrder.Lock); // Removed feature
     // if (this.options.lock.startDate && this.options.lock.endDate) {
@@ -55,6 +59,8 @@ class Lock extends _transform.default {
 
     _defineProperty(this, "iosDetectFn", void 0);
 
+    _defineProperty(this, "counterMeasuresActivated", void 0);
+
     _defineProperty(this, "made", void 0);
 
     if (this.options.lock.integrity) {
@@ -70,34 +76,29 @@ class Lock extends _transform.default {
 
   apply(tree) {
     if (typeof this.options.lock.countermeasures === "string" && (0, _compare.isValidIdentifier)(this.options.lock.countermeasures)) {
-      var defined = new Set();
       (0, _traverse.default)(tree, (object, parents) => {
-        if (object.type == "Identifier") {
+        if (object.type == "Identifier" && object.name === this.options.lock.countermeasures) {
           var info = (0, _identifiers.getIdentifierInfo)(object, parents);
 
           if (info.spec.isDefined) {
-            defined.add(object.name);
-
-            if (object.name === this.options.lock.countermeasures) {
-              if (this.counterMeasuresNode) {
-                throw new Error("Countermeasures function was already defined, it must have a unique name from the rest of your code");
-              } else {
-                var definingContext = (0, _insert.getVarContext)(parents[0], parents.slice(1));
-
-                if (definingContext != tree) {
-                  throw new Error("Countermeasures function must be defined at the global level");
-                }
+            if (this.counterMeasuresNode) {
+              throw new Error("Countermeasures function was already defined, it must have a unique name from the rest of your code");
+            } else {
+              var definingContext = (0, _insert.getVarContext)(parents[0], parents.slice(1));
 
-                var chain = [object, parents];
+              if (definingContext != tree) {
+                throw new Error("Countermeasures function must be defined at the global level");
+              }
 
-                if (info.isFunctionDeclaration) {
-                  chain = [parents[0], parents.slice(1)];
-                } else if (info.isVariableDeclaration) {
-                  chain = [parents[1], parents.slice(2)];
-                }
+              var chain = [object, parents];
 
-                this.counterMeasuresNode = chain;
+              if (info.isFunctionDeclaration) {
+                chain = [parents[0], parents.slice(1)];
+              } else if (info.isVariableDeclaration) {
+                chain = [parents[1], parents.slice(2)];
               }
+
+              this.counterMeasuresNode = chain;
             }
           }
         }
@@ -111,7 +112,7 @@ class Lock extends _transform.default {
     super.apply(tree);
   }
 
-  getCounterMeasuresCode() {
+  getCounterMeasuresCode(object, parents) {
     var opt = this.options.lock.countermeasures;
 
     if (opt === false) {
@@ -120,8 +121,13 @@ class Lock extends _transform.default {
 
 
     if (typeof opt === "string") {
-      // Since Lock occurs before variable renaming, we are using the pre-obfuscated function name
-      return [(0, _gen.ExpressionStatement)((0, _gen.CallExpression)((0, _template.default)(opt).single().expression, []))];
+      if (!this.counterMeasuresActivated) {
+        this.counterMeasuresActivated = this.getPlaceholder();
+        (0, _insert.prepend)(parents[parents.length - 1] || object, (0, _gen.VariableDeclaration)((0, _gen.VariableDeclarator)(this.counterMeasuresActivated)));
+      } // Since Lock occurs before variable renaming, we are using the pre-obfuscated function name
+
+
+      return [(0, _gen.ExpressionStatement)((0, _gen.LogicalExpression)("||", (0, _gen.Identifier)(this.counterMeasuresActivated), (0, _gen.SequenceExpression)([(0, _gen.AssignmentExpression)("=", (0, _gen.Identifier)(this.counterMeasuresActivated), (0, _gen.Literal)(true)), (0, _gen.CallExpression)((0, _template.default)(opt).single().expression, [])])))];
     }
 
     var type = (0, _random.choice)(["crash", "exit"]);
@@ -239,7 +245,7 @@ class Lock extends _transform.default {
           // A very simple mechanism inspired from https://github.com/javascript-obfuscator/javascript-obfuscator/blob/master/src/custom-code-helpers/self-defending/templates/SelfDefendingNoEvalTemplate.ts
           // regExp checks for a newline, formatters add these
           var callExpression = (0, _template.default)("\n            (\n              function(){\n                // Breaks JSNice.org, beautifier.io\n                var namedFunction = function(){\n                  const test = function(){\n                    const regExp=new RegExp('\\n');\n                    return regExp['test'](namedFunction)\n                  };\n                  return test()\n                }\n\n                return namedFunction();\n              }\n            )()\n            ").single().expression;
-          nodes.push((0, _gen.IfStatement)(callExpression, this.getCounterMeasuresCode() || [], null));
+          nodes.push((0, _gen.IfStatement)(callExpression, this.getCounterMeasuresCode(object, parents) || [], null));
           break;
 
         case "nativeFunction":
@@ -270,23 +276,24 @@ class Lock extends _transform.default {
               test = (0, _template.default)("".concat(fn, ".toString().split(\"{ [native code] }\").length <= 1")).single().expression;
             }
 
-            nodes.push((0, _gen.IfStatement)(test, this.getCounterMeasuresCode() || [], null));
+            nodes.push((0, _gen.IfStatement)(test, this.getCounterMeasuresCode(object, parents) || [], null));
           }
 
           break;
 
         case "startDate":
           test = (0, _gen.BinaryExpression)("<", dateNow, (0, _gen.Literal)(this.getTime(this.options.lock.startDate)));
-          nodes.push((0, _gen.IfStatement)(test, this.getCounterMeasuresCode() || [], null));
+          nodes.push((0, _gen.IfStatement)(test, this.getCounterMeasuresCode(object, parents) || [], null));
           break;
 
         case "endDate":
           test = (0, _gen.BinaryExpression)(">", dateNow, (0, _gen.Literal)(this.getTime(this.options.lock.endDate)));
-          nodes.push((0, _gen.IfStatement)(test, this.getCounterMeasuresCode() || [], null));
+          nodes.push((0, _gen.IfStatement)(test, this.getCounterMeasuresCode(object, parents) || [], null));
           break;
 
         case "context":
-          var prop = (0, _random.choice)(this.options.lock.context); // Todo: Alternative to `this`
+          var prop = (0, _random.choice)(this.options.lock.context);
+          var code = this.getCounterMeasuresCode(object, parents) || []; // Todo: Alternative to `this`
 
           if (!this.globalVar) {
             offset = 1;
@@ -295,12 +302,13 @@ class Lock extends _transform.default {
           }
 
           test = (0, _gen.UnaryExpression)("!", (0, _gen.MemberExpression)((0, _gen.Identifier)(this.globalVar), (0, _gen.Literal)(prop), true));
-          nodes.push((0, _gen.IfStatement)(test, this.getCounterMeasuresCode() || [], null));
+          nodes.push((0, _gen.IfStatement)(test, code, null));
           break;
 
         case "osLock":
           var navigatorUserAgent = (0, _template.default)("window.navigator.userAgent.toLowerCase()").single().expression;
           (0, _assert.ok)(this.options.lock.osLock);
+          var code = this.getCounterMeasuresCode(object, parents) || [];
           this.options.lock.osLock.forEach(osName => {
             var agentMatcher = {
               windows: "Win",
@@ -338,7 +346,7 @@ class Lock extends _transform.default {
           });
           test = (0, _gen.UnaryExpression)("!", { ...test
           });
-          nodes.push((0, _gen.IfStatement)(test, this.getCounterMeasuresCode() || [], null));
+          nodes.push((0, _gen.IfStatement)(test, code, null));
           break;
 
         case "browserLock":
@@ -360,7 +368,7 @@ class Lock extends _transform.default {
           });
           test = (0, _gen.UnaryExpression)("!", { ...test
           });
-          nodes.push((0, _gen.IfStatement)(test, this.getCounterMeasuresCode() || [], null));
+          nodes.push((0, _gen.IfStatement)(test, this.getCounterMeasuresCode(object, parents) || [], null));
           break;
 
         case "domainLock":
@@ -392,7 +400,7 @@ class Lock extends _transform.default {
               test = (0, _gen.LogicalExpression)("||", (0, _gen.BinaryExpression)("==", (0, _gen.UnaryExpression)("typeof", (0, _gen.Identifier)("location")), (0, _gen.Literal)("undefined")), test);
             }
 
-            nodes.push((0, _gen.IfStatement)(test, this.getCounterMeasuresCode() || [], null));
+            nodes.push((0, _gen.IfStatement)(test, this.getCounterMeasuresCode(object, parents) || [], null));
           }
 
           break;

package/dist/transforms/preparation/preparation.js

@@ -17,8 +17,6 @@ var _identifiers = require("../../util/identifiers");
 
 var _label = _interopRequireDefault(require("../label"));
 
-var _antiDestructuring = _interopRequireDefault(require("../es5/antiDestructuring"));
-
 var _compare = require("../../util/compare");
 
 function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
@@ -179,11 +177,6 @@ class Preparation extends _transform.default {
     this.before.push(new _label.default(o));
     this.before.push(new ExplicitIdentifiers(o));
     this.before.push(new ExplicitDeclarations(o));
-
-    if (this.options.es5) {
-      this.before.push(new _antiDestructuring.default(o));
-    } // this.before.push(new NameConflicts(o));
-
   }
 
   match() {

package/dist/transforms/rgf.js

@@ -75,6 +75,8 @@ class RGF extends _transform.default {
       var definingNodes = new Map();
       (0, _traverse.walk)(contextObject, contextParents, (object, parents) => {
         if (object !== contextObject && (0, _insert.isFunction)(object) && !object.$requiresEval && !object.async && !object.generator && (0, _insert.getVarContext)(parents[0], parents.slice(1)) === contextObject) {
+          var _this$options$lock;
+
           // Discard getter/setter methods
           if (parents[0].type === "Property" && parents[0].value === object) {
             if (parents[0].method || parents[0].kind === "get" || parents[0].kind === "set") {
@@ -85,12 +87,36 @@ class RGF extends _transform.default {
 
           if (parents[0].type === "MethodDefinition" && parents[0].value === object) {
             return;
+          } // Avoid applying to the countermeasures function
+
+
+          if (typeof ((_this$options$lock = this.options.lock) === null || _this$options$lock === void 0 ? void 0 : _this$options$lock.countermeasures) === "string") {
+            // function countermeasures(){...}
+            if (object.type === "FunctionDeclaration" && object.id.type === "Identifier" && object.id.name === this.options.lock.countermeasures) {
+              return;
+            } // var countermeasures = function(){...}
+
+
+            if (parents[0].type === "VariableDeclarator" && parents[0].init === object && parents[0].id.type === "Identifier" && parents[0].id.name === this.options.lock.countermeasures) {
+              return;
+            }
           }
 
           var defined = new Set(),
               referenced = new Set();
           var isBound = false;
-          (0, _traverse.walk)(object.body, [object, ...parents], (o, p) => {
+          /**
+           * The fnTraverses serves two important purposes
+           *
+           * - Identify all the variables referenced and defined here
+           * - Identify is the 'this' keyword is used anywhere
+           *
+           * @param o
+           * @param p
+           * @returns
+           */
+
+          const fnTraverser = (o, p) => {
             if (o.type == "Identifier" && !_constants.reservedIdentifiers.has(o.name) && !this.options.globalVariables.has(o.name)) {
               var info = (0, _identifiers.getIdentifierInfo)(o, p);
 
@@ -98,7 +124,7 @@ class RGF extends _transform.default {
                 return;
               }
 
-              if (info.spec.isDefined) {
+              if (info.spec.isDefined && (0, _insert.getDefiningContext)(o, p) === object) {
                 defined.add(o.name);
               } else {
                 referenced.add(o.name);
@@ -108,7 +134,10 @@ class RGF extends _transform.default {
             if (o.type == "ThisExpression" || o.type == "Super") {
               isBound = true;
             }
-          });
+          };
+
+          (0, _traverse.walk)(object.params, [object, ...parents], fnTraverser);
+          (0, _traverse.walk)(object.body, [object, ...parents], fnTraverser);
 
           if (!isBound) {
             var _object$id;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "js-confuser",
-  "version": "1.5.6",
+  "version": "1.5.7",
   "description": "JavaScript Obfuscation Tool.",
   "main": "dist/index.js",
   "types": "index.d.ts",

package/src/transforms/lock/integrity.ts

@@ -195,7 +195,10 @@ export default class Integrity extends Transform {
     }
 
     return () => {
-      object.__hiddenCountermeasures = this.lock.getCounterMeasuresCode();
+      object.__hiddenCountermeasures = this.lock.getCounterMeasuresCode(
+        object,
+        parents
+      );
 
       object.$eval = () => {
         var functionName = this.generateIdentifier();
@@ -258,6 +261,15 @@ export default class Integrity extends Transform {
           ifStatement,
         ]);
 
+        // Make sure the countermeasures activation variable is present
+        if (this.lock.counterMeasuresActivated) {
+          object.body.body.unshift(
+            VariableDeclaration(
+              VariableDeclarator(this.lock.counterMeasuresActivated)
+            )
+          );
+        }
+
         if (object.type == "ArrowFunctionExpression") {
           object.type = "FunctionExpression";
           object.expression = false;

package/src/transforms/lock/lock.ts

@@ -11,17 +11,12 @@ import {
   Literal,
   UnaryExpression,
   NewExpression,
-  FunctionDeclaration,
-  ReturnStatement,
   VariableDeclaration,
-  ObjectExpression,
-  Property,
-  ArrayExpression,
-  FunctionExpression,
   ThisExpression,
   VariableDeclarator,
   Location,
   LogicalExpression,
+  SequenceExpression,
 } from "../../util/gen";
 import traverse, { getBlock, isBlock } from "../../traverse";
 import { choice, getRandomInteger } from "../../util/random";
@@ -47,6 +42,12 @@ export default class Lock extends Transform {
   counterMeasuresNode: Location;
   iosDetectFn: string;
 
+  /**
+   * This is a boolean variable injected into the source code determining wether the countermeasures function has been called.
+   * This is used to prevent infinite loops from happening
+   */
+  counterMeasuresActivated: string;
+
   made: number;
 
   constructor(o) {
@@ -73,36 +74,32 @@ export default class Lock extends Transform {
       typeof this.options.lock.countermeasures === "string" &&
       isValidIdentifier(this.options.lock.countermeasures)
     ) {
-      var defined = new Set<string>();
       traverse(tree, (object, parents) => {
-        if (object.type == "Identifier") {
+        if (
+          object.type == "Identifier" &&
+          object.name === this.options.lock.countermeasures
+        ) {
           var info = getIdentifierInfo(object, parents);
           if (info.spec.isDefined) {
-            defined.add(object.name);
-            if (object.name === this.options.lock.countermeasures) {
-              if (this.counterMeasuresNode) {
+            if (this.counterMeasuresNode) {
+              throw new Error(
+                "Countermeasures function was already defined, it must have a unique name from the rest of your code"
+              );
+            } else {
+              var definingContext = getVarContext(parents[0], parents.slice(1));
+              if (definingContext != tree) {
                 throw new Error(
-                  "Countermeasures function was already defined, it must have a unique name from the rest of your code"
-                );
-              } else {
-                var definingContext = getVarContext(
-                  parents[0],
-                  parents.slice(1)
+                  "Countermeasures function must be defined at the global level"
                 );
-                if (definingContext != tree) {
-                  throw new Error(
-                    "Countermeasures function must be defined at the global level"
-                  );
-                }
-                var chain: Location = [object, parents];
-                if (info.isFunctionDeclaration) {
-                  chain = [parents[0], parents.slice(1)];
-                } else if (info.isVariableDeclaration) {
-                  chain = [parents[1], parents.slice(2)];
-                }
-
-                this.counterMeasuresNode = chain;
               }
+              var chain: Location = [object, parents];
+              if (info.isFunctionDeclaration) {
+                chain = [parents[0], parents.slice(1)];
+              } else if (info.isVariableDeclaration) {
+                chain = [parents[1], parents.slice(2)];
+              }
+
+              this.counterMeasuresNode = chain;
             }
           }
         }
@@ -120,7 +117,7 @@ export default class Lock extends Transform {
     super.apply(tree);
   }
 
-  getCounterMeasuresCode(): Node[] {
+  getCounterMeasuresCode(object: Node, parents: Node[]): Node[] {
     var opt = this.options.lock.countermeasures;
 
     if (opt === false) {
@@ -129,10 +126,30 @@ export default class Lock extends Transform {
 
     // Call function
     if (typeof opt === "string") {
+      if (!this.counterMeasuresActivated) {
+        this.counterMeasuresActivated = this.getPlaceholder();
+
+        prepend(
+          parents[parents.length - 1] || object,
+          VariableDeclaration(VariableDeclarator(this.counterMeasuresActivated))
+        );
+      }
+
       // Since Lock occurs before variable renaming, we are using the pre-obfuscated function name
       return [
         ExpressionStatement(
-          CallExpression(Template(opt).single().expression, [])
+          LogicalExpression(
+            "||",
+            Identifier(this.counterMeasuresActivated),
+            SequenceExpression([
+              AssignmentExpression(
+                "=",
+                Identifier(this.counterMeasuresActivated),
+                Literal(true)
+              ),
+              CallExpression(Template(opt).single().expression, []),
+            ])
+          )
         ),
       ];
     }
@@ -288,7 +305,7 @@ export default class Lock extends Transform {
           nodes.push(
             IfStatement(
               callExpression,
-              this.getCounterMeasuresCode() || [],
+              this.getCounterMeasuresCode(object, parents) || [],
               null
             )
           );
@@ -324,7 +341,11 @@ export default class Lock extends Transform {
             }
 
             nodes.push(
-              IfStatement(test, this.getCounterMeasuresCode() || [], null)
+              IfStatement(
+                test,
+                this.getCounterMeasuresCode(object, parents) || [],
+                null
+              )
             );
           }
 
@@ -338,7 +359,11 @@ export default class Lock extends Transform {
           );
 
           nodes.push(
-            IfStatement(test, this.getCounterMeasuresCode() || [], null)
+            IfStatement(
+              test,
+              this.getCounterMeasuresCode(object, parents) || [],
+              null
+            )
           );
 
           break;
@@ -351,7 +376,11 @@ export default class Lock extends Transform {
           );
 
           nodes.push(
-            IfStatement(test, this.getCounterMeasuresCode() || [], null)
+            IfStatement(
+              test,
+              this.getCounterMeasuresCode(object, parents) || [],
+              null
+            )
           );
 
           break;
@@ -359,6 +388,8 @@ export default class Lock extends Transform {
         case "context":
           var prop = choice(this.options.lock.context);
 
+          var code = this.getCounterMeasuresCode(object, parents) || [];
+
           // Todo: Alternative to `this`
           if (!this.globalVar) {
             offset = 1;
@@ -384,9 +415,7 @@ export default class Lock extends Transform {
             "!",
             MemberExpression(Identifier(this.globalVar), Literal(prop), true)
           );
-          nodes.push(
-            IfStatement(test, this.getCounterMeasuresCode() || [], null)
-          );
+          nodes.push(IfStatement(test, code, null));
 
           break;
 
@@ -397,6 +426,8 @@ export default class Lock extends Transform {
 
           ok(this.options.lock.osLock);
 
+          var code = this.getCounterMeasuresCode(object, parents) || [];
+
           this.options.lock.osLock.forEach((osName) => {
             var agentMatcher = {
               windows: "Win",
@@ -449,9 +480,7 @@ export default class Lock extends Transform {
           });
 
           test = UnaryExpression("!", { ...test });
-          nodes.push(
-            IfStatement(test, this.getCounterMeasuresCode() || [], null)
-          );
+          nodes.push(IfStatement(test, code, null));
           break;
 
         case "browserLock":
@@ -488,7 +517,11 @@ export default class Lock extends Transform {
 
           test = UnaryExpression("!", { ...test });
           nodes.push(
-            IfStatement(test, this.getCounterMeasuresCode() || [], null)
+            IfStatement(
+              test,
+              this.getCounterMeasuresCode(object, parents) || [],
+              null
+            )
           );
           break;
 
@@ -540,7 +573,11 @@ export default class Lock extends Transform {
               );
             }
             nodes.push(
-              IfStatement(test, this.getCounterMeasuresCode() || [], null)
+              IfStatement(
+                test,
+                this.getCounterMeasuresCode(object, parents) || [],
+                null
+              )
             );
           }
 

package/src/transforms/preparation/preparation.ts

@@ -3,24 +3,11 @@
  */
 import Transform from "../transform";
 
-import {
-  BlockStatement,
-  Identifier,
-  LabeledStatement,
-  Literal,
-  Location,
-  Node,
-  ReturnStatement,
-} from "../../util/gen";
+import { BlockStatement, Literal, ReturnStatement } from "../../util/gen";
 import { ObfuscateOrder } from "../../order";
-import { getIndexDirect, clone, getFunction } from "../../util/insert";
-import { ok } from "assert";
+import { clone, getFunction } from "../../util/insert";
 import { getIdentifierInfo } from "../../util/identifiers";
-import { walk } from "../../traverse";
 import Label from "../label";
-import NameConflicts from "./nameConflicts";
-import AntiDestructuring from "../es5/antiDestructuring";
-import { OPERATOR_PRECEDENCE } from "../../precedence";
 import { isLoop } from "../../util/compare";
 
 /**
@@ -181,12 +168,6 @@ export default class Preparation extends Transform {
     this.before.push(new Label(o));
     this.before.push(new ExplicitIdentifiers(o));
     this.before.push(new ExplicitDeclarations(o));
-
-    if (this.options.es5) {
-      this.before.push(new AntiDestructuring(o));
-    }
-
-    // this.before.push(new NameConflicts(o));
   }
 
   match() {

package/src/transforms/rgf.ts

@@ -30,6 +30,7 @@ import {
   isVarContext,
   isFunction,
   prepend,
+  getDefiningContext,
 } from "../util/insert";
 import { getRandomString } from "../util/random";
 import Transform from "./transform";
@@ -106,12 +107,44 @@ export default class RGF extends Transform {
             return;
           }
 
+          // Avoid applying to the countermeasures function
+          if (typeof this.options.lock?.countermeasures === "string") {
+            // function countermeasures(){...}
+            if (
+              object.type === "FunctionDeclaration" &&
+              object.id.type === "Identifier" &&
+              object.id.name === this.options.lock.countermeasures
+            ) {
+              return;
+            }
+
+            // var countermeasures = function(){...}
+            if (
+              parents[0].type === "VariableDeclarator" &&
+              parents[0].init === object &&
+              parents[0].id.type === "Identifier" &&
+              parents[0].id.name === this.options.lock.countermeasures
+            ) {
+              return;
+            }
+          }
+
           var defined = new Set<string>(),
             referenced = new Set<string>();
 
           var isBound = false;
 
-          walk(object.body, [object, ...parents], (o, p) => {
+          /**
+           * The fnTraverses serves two important purposes
+           *
+           * - Identify all the variables referenced and defined here
+           * - Identify is the 'this' keyword is used anywhere
+           *
+           * @param o
+           * @param p
+           * @returns
+           */
+          const fnTraverser = (o, p) => {
             if (
               o.type == "Identifier" &&
               !reservedIdentifiers.has(o.name) &&
@@ -121,7 +154,7 @@ export default class RGF extends Transform {
               if (!info.spec.isReferenced) {
                 return;
               }
-              if (info.spec.isDefined) {
+              if (info.spec.isDefined && getDefiningContext(o, p) === object) {
                 defined.add(o.name);
               } else {
                 referenced.add(o.name);
@@ -131,7 +164,10 @@ export default class RGF extends Transform {
             if (o.type == "ThisExpression" || o.type == "Super") {
               isBound = true;
             }
-          });
+          };
+
+          walk(object.params, [object, ...parents], fnTraverser);
+          walk(object.body, [object, ...parents], fnTraverser);
 
           if (!isBound) {
             defined.forEach((identifier) => {

package/test/transforms/lock/countermeasures.test.ts

@@ -80,3 +80,21 @@ test("Variant #4: Should work when countermeasures is variable declaration", asy
     }
   );
 });
+
+// https://github.com/MichaelXF/js-confuser/issues/66
+test("Variant #5: Should work with RGF enabled", async () => {
+  await JsConfuser.obfuscate(
+    `
+  function myCountermeasuresFunction(){
+
+  }
+  `,
+    {
+      target: "node",
+      lock: {
+        countermeasures: "myCountermeasuresFunction",
+      },
+      rgf: true,
+    }
+  );
+});

package/test/transforms/rgf.test.ts

@@ -251,6 +251,43 @@ input(console.log, result)
     eval(output);
     expect(TEST_VALUE).toStrictEqual("undefined");
   });
+
+  it("should not apply to functions that reference their parent scope in the parameters", async () => {
+    var output = await JsConfuser.obfuscate(
+      `
+      var outsideVar = 0;
+      function myFunction(insideVar = outsideVar){
+      }
+      `,
+      {
+        target: "node",
+        rgf: true,
+      }
+    );
+
+    expect(output).not.toContain("new Function");
+  });
+
+  it("should not apply to functions that reference their parent scope in previously defined names", async () => {
+    var output = await JsConfuser.obfuscate(
+      `
+      var outsideVar = 0;
+      function myFunction(){
+        (function (){
+          var outsideVar;
+        })();
+
+        console.log(outsideVar);
+      }
+      `,
+      {
+        target: "node",
+        rgf: true,
+      }
+    );
+
+    expect(output).not.toContain("new Function");
+  });
 });
 
 describe("RGF with the 'all' mode", () => {