js-confuser 1.5.7 → 1.5.8

package/CHANGELOG.md

@@ -1,3 +1,17 @@
+# `1.5.8`
+Several fixes
+
+- Fixed [#46](https://github.com/MichaelXF/js-confuser/issues/46)
+- - Updated the validation on `lock` options
+
+- Fixed [#68](https://github.com/MichaelXF/js-confuser/issues/68)
+- - Name Recycling fixed to not break certain function declarations
+
+- Fixed [#69](https://github.com/MichaelXF/js-confuser/issues/69), [#70](https://github.com/MichaelXF/js-confuser/issues/70) and [#71](https://github.com/MichaelXF/js-confuser/issues/71)
+- - Import statements to be properly handled
+
+- Slight improvements to String Concealing
+
 # `1.5.7`
 Countermeasures function fixes
 

package/dist/options.js

@@ -40,24 +40,24 @@ function validateOptions(options) {
 
   if (options.lock) {
     // Validate browser-lock option
-    if (typeof options.lock.browserLock !== "undefined") {
+    if (options.lock.browserLock && typeof options.lock.browserLock !== "undefined") {
       (0, _assert.ok)(Array.isArray(options.lock.browserLock), "browserLock must be an array");
       (0, _assert.ok)(!options.lock.browserLock.find(browserName => !validBrowsers.has(browserName)), 'Invalid browser name. Allowed: "firefox", "chrome", "iexplorer", "edge", "safari", "opera"');
     } // Validate os-lock option
 
 
-    if (typeof options.lock.osLock !== "undefined") {
+    if (options.lock.osLock && typeof options.lock.osLock !== "undefined") {
       (0, _assert.ok)(Array.isArray(options.lock.osLock), "osLock must be an array");
       (0, _assert.ok)(!options.lock.osLock.find(osName => !validOses.has(osName)), 'Invalid OS name. Allowed: "windows", "linux", "osx", "ios", "android"');
     } // Validate domain-lock option
 
 
-    if (typeof options.lock.domainLock !== "undefined") {
+    if (options.lock.domainLock && typeof options.lock.domainLock !== "undefined") {
       (0, _assert.ok)(Array.isArray(options.lock.domainLock), "domainLock must be an array");
     } // Validate context option
 
 
-    if (typeof options.lock.context !== "undefined") {
+    if (options.lock.context && typeof options.lock.context !== "undefined") {
       (0, _assert.ok)(Array.isArray(options.lock.context), "context must be an array");
     } // Validate start-date option
 

package/dist/transforms/controlFlowFlattening/controlFlowFlattening.js

@@ -31,6 +31,8 @@ var _expressionObfuscation = _interopRequireDefault(require("./expressionObfusca
 
 var _switchCaseObfuscation = _interopRequireDefault(require("./switchCaseObfuscation"));
 
+var _stringConcealing = require("../string/stringConcealing");
+
 function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
 
 function _defineProperty(obj, key, value) { if (key in obj) { Object.defineProperty(obj, key, { value: value, enumerable: true, configurable: true, writable: true }); } else { obj[key] = value; } return obj; }
@@ -181,6 +183,14 @@ class ControlFlowFlattening extends _transform.default {
       illegalFnNames.forEach(illegal => {
         fnNames.delete(illegal);
       });
+      var importDeclarations = [];
+
+      for (var stmt of body) {
+        if (stmt.type === "ImportDeclaration") {
+          importDeclarations.push(stmt);
+        }
+      }
+
       var fraction = 0.9;
 
       if (body.length > 20) {
@@ -237,7 +247,7 @@ class ControlFlowFlattening extends _transform.default {
             body: [...currentBody]
           });
           (0, _traverse.walk)(currentBody, [], (o, p) => {
-            if (o.type == "Literal" && typeof o.value == "string" && !o.regex && Math.random() / (Object.keys(stringBank).length / 2 + 1) > 0.5) {
+            if (o.type == "Literal" && typeof o.value == "string" && !(0, _stringConcealing.isModuleSource)(o, p) && !o.regex && Math.random() / (Object.keys(stringBank).length / 2 + 1) > 0.5) {
               needsStringBankVar = true;
 
               if (!stringBankByLabels[currentLabel]) {
@@ -260,7 +270,7 @@ class ControlFlowFlattening extends _transform.default {
         };
 
         body.forEach((stmt, i) => {
-          if (functionDeclarations.has(stmt)) {
+          if (functionDeclarations.has(stmt) || stmt.type === "ImportDeclaration") {
             return;
           }
 
@@ -708,6 +718,10 @@ class ControlFlowFlattening extends _transform.default {
       var discriminant = (0, _template.default)("".concat(stateVars.join("+"))).single().expression;
       body.length = 0;
 
+      for (var importDeclaration of importDeclarations) {
+        body.push(importDeclaration);
+      }
+
       if (functionDeclarations.size) {
         functionDeclarations.forEach(x => {
           if (!x.id || illegalFnNames.has(x.id.name)) {

package/dist/transforms/identifier/nameRecycling.js

@@ -87,7 +87,6 @@ class NameRecycling extends _transform.default {
                 return;
               }
 
-              lastReferenceMap.set(o.name, i);
               var comparingContext = info.spec.isDefined ? (0, _insert.getDefiningContext)(o, p) : (0, _insert.getReferencingContexts)(o, p).find(x => (0, _insert.isVarContext)(x));
 
               if (comparingContext !== context) {
@@ -101,7 +100,12 @@ class NameRecycling extends _transform.default {
                 }
 
                 if (info.spec.isDefined) {
-                  if (defined.has(o.name) || (0, _traverse.getBlock)(o, p) !== object) {
+                  // Function Declarations can be used before they're defined, if so, don't change this
+                  if (info.isFunctionDeclaration && lastReferenceMap.has(o.name)) {
+                    illegal.add(o.name);
+                  }
+
+                  if (defined.has(o.name) || (0, _traverse.getBlock)(o, p) !== object || info.isImportSpecifier) {
                     illegal.add(o.name);
                   }
 
@@ -111,6 +115,8 @@ class NameRecycling extends _transform.default {
                   referencedHere.add(o.name);
                 }
               }
+
+              lastReferenceMap.set(o.name, i);
             };
           }
         }); // console.log(i, definedHere);

package/dist/transforms/identifier/renameVariables.js

@@ -165,6 +165,15 @@ class RenameVariables extends _transform.default {
         if (newName && typeof newName === "string") {
           if (o.$renamed) {
             return;
+          } // Strange behavior where the `local` and `imported` objects are the same
+
+
+          if (info.isImportSpecifier) {
+            var importSpecifierIndex = p.findIndex(x => x.type === "ImportSpecifier");
+
+            if (importSpecifierIndex != -1 && p[importSpecifierIndex].imported === (p[importSpecifierIndex - 1] || o) && p[importSpecifierIndex].imported && p[importSpecifierIndex].imported.type === "Identifier") {
+              p[importSpecifierIndex].imported = (0, _insert.clone)(p[importSpecifierIndex - 1] || o);
+            }
           } // console.log(o.name, "->", newName);
 
 

package/dist/transforms/lock/antiDebug.js

@@ -43,7 +43,7 @@ class AntiDebug extends _transform.default {
     var startTimeName = this.getPlaceholder();
     var endTimeName = this.getPlaceholder();
     var isDevName = this.getPlaceholder();
-    var functionDeclaration = (0, _gen.FunctionDeclaration)(fnName, [], [...(0, _template.default)("\n      var ".concat(startTimeName, " = new Date();\n      debugger;\n      var ").concat(endTimeName, " = new Date();\n      var ").concat(isDevName, " = ").concat(endTimeName, "-").concat(startTimeName, " > 1000;\n      ")).compile(), (0, _gen.IfStatement)((0, _gen.Identifier)(isDevName), this.options.lock.countermeasures ? this.lock.getCounterMeasuresCode() : [(0, _gen.WhileStatement)((0, _gen.Identifier)(isDevName), [(0, _gen.ExpressionStatement)((0, _gen.AssignmentExpression)("=", (0, _gen.Identifier)(startTimeName), (0, _gen.Identifier)(endTimeName)))])], null)]);
+    var functionDeclaration = (0, _gen.FunctionDeclaration)(fnName, [], [...(0, _template.default)("\n      var ".concat(startTimeName, " = new Date();\n      debugger;\n      var ").concat(endTimeName, " = new Date();\n      var ").concat(isDevName, " = ").concat(endTimeName, "-").concat(startTimeName, " > 1000;\n      ")).compile(), (0, _gen.IfStatement)((0, _gen.Identifier)(isDevName), this.options.lock.countermeasures ? this.lock.getCounterMeasuresCode(tree.body, [tree]) : [(0, _gen.WhileStatement)((0, _gen.Identifier)(isDevName), [(0, _gen.ExpressionStatement)((0, _gen.AssignmentExpression)("=", (0, _gen.Identifier)(startTimeName), (0, _gen.Identifier)(endTimeName)))])], null)]);
     tree.body.unshift(...DevToolsDetection.compile({
       functionName: fnName
     }));

package/dist/transforms/string/stringConcealing.js

@@ -70,17 +70,20 @@ class StringConcealing extends _transform.default {
 
     _defineProperty(this, "encoding", Object.create(null));
 
+    _defineProperty(this, "gen", void 0);
+
     _defineProperty(this, "hasAllEncodings", void 0);
 
     this.set = new Set();
     this.index = Object.create(null);
     this.arrayExpression = (0, _gen.ArrayExpression)([]);
-    this.hasAllEncodings = false; // Pad array with useless strings
+    this.hasAllEncodings = false;
+    this.gen = this.getGenerator(); // Pad array with useless strings
 
-    var dead = (0, _random.getRandomInteger)(4, 10);
+    var dead = (0, _random.getRandomInteger)(5, 15);
 
     for (var i = 0; i < dead; i++) {
-      var str = (0, _random.getRandomString)((0, _random.getRandomInteger)(4, 20));
+      var str = (0, _random.getRandomString)((0, _random.getRandomInteger)(5, 40));
       var fn = this.transform((0, _gen.Literal)(str), []);
 
       if (fn) {
@@ -104,7 +107,7 @@ class StringConcealing extends _transform.default {
       (0, _insert.append)(tree, (0, _template.default)("\n            \n            function ".concat(getterFn, "(x, y, z, a = ").concat(decodeFn, ", b = ").concat(cacheName, "){\n              if ( z ) {\n                return y[").concat(cacheName, "[z]] = ").concat(getterFn, "(x, y);\n              } else if ( y ) {\n                [b, y] = [a(b), x || z]\n              }\n            \n              return y ? x[b[y]] : ").concat(cacheName, "[x] || (z=(b[x], a), ").concat(cacheName, "[x] = z(").concat(this.arrayName, "[x]))\n            }\n  \n            ")).single());
     });
     var flowIntegrity = this.getPlaceholder();
-    (0, _insert.prepend)(tree, (0, _gen.VariableDeclaration)([(0, _gen.VariableDeclarator)(cacheName, (0, _gen.ArrayExpression)([])), (0, _gen.VariableDeclarator)(flowIntegrity, (0, _gen.Literal)(0)), (0, _gen.VariableDeclarator)(this.arrayName, (0, _gen.CallExpression)((0, _gen.FunctionExpression)([], [(0, _gen.VariableDeclaration)((0, _gen.VariableDeclarator)("a", this.arrayExpression)), (0, _template.default)("return (".concat(flowIntegrity, " ? a.pop() : ").concat(flowIntegrity, "++, a)")).single()]), []))]));
+    (0, _insert.prepend)(tree, (0, _gen.VariableDeclaration)([(0, _gen.VariableDeclarator)(cacheName, (0, _gen.ArrayExpression)([])), (0, _gen.VariableDeclarator)(flowIntegrity, (0, _gen.Literal)(0)), (0, _gen.VariableDeclarator)(this.arrayName, (0, _gen.CallExpression)((0, _gen.FunctionExpression)([], [(0, _gen.VariableDeclaration)((0, _gen.VariableDeclarator)("a", this.arrayExpression)), (0, _template.default)("return (".concat(flowIntegrity, " ? a[\"pop\"]() : ").concat(flowIntegrity, "++, a)")).single()]), []))]));
   }
 
   match(object, parents) {
@@ -117,7 +120,7 @@ class StringConcealing extends _transform.default {
   transform(object, parents) {
     return () => {
       // Empty strings are discarded
-      if (!object.value || this.ignore.has(object.value)) {
+      if (!object.value || this.ignore.has(object.value) || object.value.length == 0) {
         return;
       }
 
@@ -143,53 +146,87 @@ class StringConcealing extends _transform.default {
 
       if (encoder.decode(encoded) != object.value) {
         this.ignore.add(object.value);
-        this.warn(object.value.slice(0, 100));
+        this.warn(type, object.value.slice(0, 100));
         return;
-      } // Fix 1. weird undefined error
+      }
+
+      var index = -1;
 
+      if (!this.set.has(object.value)) {
+        this.arrayExpression.elements.push((0, _gen.Literal)(encoded));
+        index = this.arrayExpression.elements.length - 1;
+        this.index[object.value] = [index, fnName];
+        this.set.add(object.value);
+      } else {
+        [index, fnName] = this.index[object.value];
+        (0, _assert.ok)(typeof index === "number");
+      }
 
-      if (object.value && object.value.length > 0) {
-        var index = -1;
+      (0, _assert.ok)(index != -1, "index == -1");
+      var callExpr = (0, _gen.CallExpression)((0, _gen.Identifier)(fnName), [(0, _gen.Literal)(index)]); // use `.apply` to fool automated de-obfuscators
 
-        if (!this.set.has(object.value)) {
-          this.arrayExpression.elements.push((0, _gen.Literal)(encoded));
-          index = this.arrayExpression.elements.length - 1;
-          this.index[object.value] = [index, fnName];
-          this.set.add(object.value);
-        } else {
-          [index, fnName] = this.index[object.value];
-          (0, _assert.ok)(typeof index === "number");
-        }
+      if (Math.random() > 0.5) {
+        callExpr = (0, _gen.CallExpression)((0, _gen.MemberExpression)((0, _gen.Identifier)(fnName), (0, _gen.Identifier)("apply"), false), [(0, _gen.ThisExpression)(), (0, _gen.ArrayExpression)([(0, _gen.Literal)(index)])]);
+      } // use `.call`
+      else if (Math.random() > 0.5) {
+        callExpr = (0, _gen.CallExpression)((0, _gen.MemberExpression)((0, _gen.Identifier)(fnName), (0, _gen.Identifier)("call"), false), [(0, _gen.ThisExpression)(), (0, _gen.Literal)(index)]);
+      }
 
-        (0, _assert.ok)(index != -1, "index == -1");
-        var callExpr = (0, _gen.CallExpression)((0, _gen.Identifier)(fnName), [(0, _gen.Literal)(index)]); // use `.apply` to fool automated de-obfuscators
+      var referenceType = "call";
 
-        if (Math.random() > 0.5) {
-          callExpr = (0, _gen.CallExpression)((0, _gen.MemberExpression)((0, _gen.Identifier)(fnName), (0, _gen.Identifier)("apply"), false), [(0, _gen.ThisExpression)(), (0, _gen.ArrayExpression)([(0, _gen.Literal)(index)])]);
-        } // use `.call`
-        else if (Math.random() > 0.5) {
-          callExpr = (0, _gen.CallExpression)((0, _gen.MemberExpression)((0, _gen.Identifier)(fnName), (0, _gen.Identifier)("call"), false), [(0, _gen.ThisExpression)(), (0, _gen.Literal)(index)]);
-        }
+      if (parents.length && Math.random() < 0.5 / this.variablesMade) {
+        referenceType = "constantReference";
+      }
 
-        var constantReference = parents.length && Math.random() > 0.5 / this.variablesMade;
+      var newExpr = callExpr;
 
-        if (constantReference) {
-          // Define the string earlier, reference the name here
-          var name = this.getPlaceholder();
-          var place = (0, _random.choice)(parents.filter(node => (0, _traverse.isBlock)(node)));
+      if (referenceType === "constantReference") {
+        // Define the string earlier, reference the name here
+        this.variablesMade++;
+        var constantReferenceType = (0, _random.choice)(["variable", "array", "object"]);
+        var place = (0, _random.choice)(parents.filter(node => (0, _traverse.isBlock)(node)));
 
-          if (!place) {
-            this.error(Error("No lexical block to insert code"));
-          }
+        if (!place) {
+          this.error(new Error("No lexical block to insert code"));
+        }
 
-          place.body.unshift((0, _gen.VariableDeclaration)((0, _gen.VariableDeclarator)(name, callExpr)));
-          this.replaceIdentifierOrLiteral(object, (0, _gen.Identifier)(name), parents);
-          this.variablesMade++;
-        } else {
-          // Direct call to the getter function
-          this.replaceIdentifierOrLiteral(object, callExpr, parents);
+        switch (constantReferenceType) {
+          case "variable":
+            var name = this.getPlaceholder();
+            (0, _insert.prepend)(place, (0, _gen.VariableDeclaration)((0, _gen.VariableDeclarator)(name, callExpr)));
+            newExpr = (0, _gen.Identifier)(name);
+            break;
+
+          case "array":
+            if (!place.$stringConcealingArray) {
+              place.$stringConcealingArray = (0, _gen.ArrayExpression)([]);
+              place.$stringConcealingArrayName = this.getPlaceholder();
+              (0, _insert.prepend)(place, (0, _gen.VariableDeclaration)((0, _gen.VariableDeclarator)(place.$stringConcealingArrayName, place.$stringConcealingArray)));
+            }
+
+            var arrayIndex = place.$stringConcealingArray.elements.length;
+            place.$stringConcealingArray.elements.push(callExpr);
+            var memberExpression = (0, _gen.MemberExpression)((0, _gen.Identifier)(place.$stringConcealingArrayName), (0, _gen.Literal)(arrayIndex), true);
+            newExpr = memberExpression;
+            break;
+
+          case "object":
+            if (!place.$stringConcealingObject) {
+              place.$stringConcealingObject = (0, _gen.ObjectExpression)([]);
+              place.$stringConcealingObjectName = this.getPlaceholder();
+              (0, _insert.prepend)(place, (0, _gen.VariableDeclaration)((0, _gen.VariableDeclarator)(place.$stringConcealingObjectName, place.$stringConcealingObject)));
+            }
+
+            var propName = this.gen.generate();
+            var property = (0, _gen.Property)((0, _gen.Literal)(propName), callExpr, true);
+            place.$stringConcealingObject.properties.push(property);
+            var memberExpression = (0, _gen.MemberExpression)((0, _gen.Identifier)(place.$stringConcealingObjectName), (0, _gen.Literal)(propName), true);
+            newExpr = memberExpression;
+            break;
         }
       }
+
+      this.replaceIdentifierOrLiteral(object, newExpr, parents);
     };
   }
 

package/dist/transforms/transform.js

@@ -378,7 +378,7 @@ class Transform {
     }
   }
   /**
-   * Verbose logging for warning/importing messages.
+   * Verbose logging for warning/important messages.
    * @param messages
    */
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "js-confuser",
-  "version": "1.5.7",
+  "version": "1.5.8",
   "description": "JavaScript Obfuscation Tool.",
   "main": "dist/index.js",
   "types": "index.d.ts",
@@ -22,7 +22,7 @@
   "author": "MichaelXF",
   "license": "MIT",
   "dependencies": {
-    "acorn": "^8.7.0",
+    "acorn": "^8.8.2",
     "escodegen": "^2.0.0"
   },
   "devDependencies": {

package/src/options.ts

@@ -770,7 +770,10 @@ export function validateOptions(options: ObfuscateOptions) {
 
   if (options.lock) {
     // Validate browser-lock option
-    if (typeof options.lock.browserLock !== "undefined") {
+    if (
+      options.lock.browserLock &&
+      typeof options.lock.browserLock !== "undefined"
+    ) {
       ok(
         Array.isArray(options.lock.browserLock),
         "browserLock must be an array"
@@ -783,7 +786,7 @@ export function validateOptions(options: ObfuscateOptions) {
       );
     }
     // Validate os-lock option
-    if (typeof options.lock.osLock !== "undefined") {
+    if (options.lock.osLock && typeof options.lock.osLock !== "undefined") {
       ok(Array.isArray(options.lock.osLock), "osLock must be an array");
       ok(
         !options.lock.osLock.find((osName) => !validOses.has(osName)),
@@ -791,12 +794,15 @@ export function validateOptions(options: ObfuscateOptions) {
       );
     }
     // Validate domain-lock option
-    if (typeof options.lock.domainLock !== "undefined") {
+    if (
+      options.lock.domainLock &&
+      typeof options.lock.domainLock !== "undefined"
+    ) {
       ok(Array.isArray(options.lock.domainLock), "domainLock must be an array");
     }
 
     // Validate context option
-    if (typeof options.lock.context !== "undefined") {
+    if (options.lock.context && typeof options.lock.context !== "undefined") {
       ok(Array.isArray(options.lock.context), "context must be an array");
     }
 

package/src/transforms/controlFlowFlattening/controlFlowFlattening.ts

@@ -47,6 +47,7 @@ import ChoiceFlowObfuscation from "./choiceFlowObfuscation";
 import ControlFlowObfuscation from "./controlFlowObfuscation";
 import ExpressionObfuscation from "./expressionObfuscation";
 import SwitchCaseObfuscation from "./switchCaseObfuscation";
+import { isModuleSource } from "../string/stringConcealing";
 
 var flattenStructures = new Set([
   "IfStatement",
@@ -226,6 +227,13 @@ export default class ControlFlowFlattening extends Transform {
         fnNames.delete(illegal);
       });
 
+      var importDeclarations = [];
+      for (var stmt of body) {
+        if (stmt.type === "ImportDeclaration") {
+          importDeclarations.push(stmt);
+        }
+      }
+
       var fraction = 0.9;
       if (body.length > 20) {
         fraction /= Math.max(1.2, body.length - 18);
@@ -285,6 +293,7 @@ export default class ControlFlowFlattening extends Transform {
             if (
               o.type == "Literal" &&
               typeof o.value == "string" &&
+              !isModuleSource(o, p) &&
               !o.regex &&
               Math.random() / (Object.keys(stringBank).length / 2 + 1) > 0.5
             ) {
@@ -318,7 +327,10 @@ export default class ControlFlowFlattening extends Transform {
         };
 
         body.forEach((stmt, i) => {
-          if (functionDeclarations.has(stmt)) {
+          if (
+            functionDeclarations.has(stmt) ||
+            stmt.type === "ImportDeclaration"
+          ) {
             return;
           }
 
@@ -1045,6 +1057,9 @@ export default class ControlFlowFlattening extends Transform {
       var discriminant = Template(`${stateVars.join("+")}`).single().expression;
 
       body.length = 0;
+      for (var importDeclaration of importDeclarations) {
+        body.push(importDeclaration);
+      }
 
       if (functionDeclarations.size) {
         functionDeclarations.forEach((x) => {

package/src/transforms/identifier/nameRecycling.ts

@@ -97,8 +97,6 @@ export default class NameRecycling extends Transform {
                 return;
               }
 
-              lastReferenceMap.set(o.name, i);
-
               var comparingContext = info.spec.isDefined
                 ? getDefiningContext(o, p)
                 : getReferencingContexts(o, p).find((x) => isVarContext(x));
@@ -114,7 +112,18 @@ export default class NameRecycling extends Transform {
                 }
 
                 if (info.spec.isDefined) {
-                  if (defined.has(o.name) || getBlock(o, p) !== object) {
+                  // Function Declarations can be used before they're defined, if so, don't change this
+                  if (
+                    info.isFunctionDeclaration &&
+                    lastReferenceMap.has(o.name)
+                  ) {
+                    illegal.add(o.name);
+                  }
+                  if (
+                    defined.has(o.name) ||
+                    getBlock(o, p) !== object ||
+                    info.isImportSpecifier
+                  ) {
                     illegal.add(o.name);
                   }
                   defined.add(o.name);
@@ -123,6 +132,8 @@ export default class NameRecycling extends Transform {
                   referencedHere.add(o.name);
                 }
               }
+
+              lastReferenceMap.set(o.name, i);
             };
           }
         });

package/src/transforms/identifier/renameVariables.ts

@@ -10,6 +10,7 @@ import {
   isContext,
   isLexContext,
   getDefiningContext,
+  clone,
 } from "../../util/insert";
 import { isValidIdentifier } from "../../util/compare";
 import Transform from "../transform";
@@ -185,6 +186,24 @@ export default class RenameVariables extends Transform {
             return;
           }
 
+          // Strange behavior where the `local` and `imported` objects are the same
+          if (info.isImportSpecifier) {
+            var importSpecifierIndex = p.findIndex(
+              (x) => x.type === "ImportSpecifier"
+            );
+            if (
+              importSpecifierIndex != -1 &&
+              p[importSpecifierIndex].imported ===
+                (p[importSpecifierIndex - 1] || o) &&
+              p[importSpecifierIndex].imported &&
+              p[importSpecifierIndex].imported.type === "Identifier"
+            ) {
+              p[importSpecifierIndex].imported = clone(
+                p[importSpecifierIndex - 1] || o
+              );
+            }
+          }
+
           // console.log(o.name, "->", newName);
           o.name = newName;
           o.$renamed = true;

package/src/transforms/lock/antiDebug.ts

@@ -62,7 +62,7 @@ export default class AntiDebug extends Transform {
         IfStatement(
           Identifier(isDevName),
           this.options.lock.countermeasures
-            ? this.lock.getCounterMeasuresCode()
+            ? this.lock.getCounterMeasuresCode(tree.body, [tree])
             : [
                 WhileStatement(Identifier(isDevName), [
                   ExpressionStatement(

package/src/transforms/string/stringConcealing.ts

@@ -6,22 +6,18 @@ import { isDirective } from "../../util/compare";
 import {
   ArrayExpression,
   CallExpression,
-  ConditionalExpression,
-  FunctionDeclaration,
   FunctionExpression,
   Identifier,
-  IfStatement,
   Literal,
   MemberExpression,
   Node,
-  ReturnStatement,
-  SequenceExpression,
+  ObjectExpression,
+  Property,
   ThisExpression,
-  UpdateExpression,
   VariableDeclaration,
   VariableDeclarator,
 } from "../../util/gen";
-import { append, isLexContext, isVarContext, prepend } from "../../util/insert";
+import { append, prepend } from "../../util/insert";
 import { choice, getRandomInteger, getRandomString } from "../../util/random";
 import Transform from "../transform";
 import Encoding from "./encoding";
@@ -65,6 +61,7 @@ export default class StringConcealing extends Transform {
   ignore = new Set<string>();
   variablesMade = 1;
   encoding: { [type: string]: string } = Object.create(null);
+  gen: ReturnType<Transform["getGenerator"]>;
 
   hasAllEncodings: boolean;
 
@@ -75,11 +72,12 @@ export default class StringConcealing extends Transform {
     this.index = Object.create(null);
     this.arrayExpression = ArrayExpression([]);
     this.hasAllEncodings = false;
+    this.gen = this.getGenerator();
 
     // Pad array with useless strings
-    var dead = getRandomInteger(4, 10);
+    var dead = getRandomInteger(5, 15);
     for (var i = 0; i < dead; i++) {
-      var str = getRandomString(getRandomInteger(4, 20));
+      var str = getRandomString(getRandomInteger(5, 40));
       var fn = this.transform(Literal(str), []);
       if (fn) {
         fn();
@@ -134,7 +132,7 @@ export default class StringConcealing extends Transform {
                   VariableDeclarator("a", this.arrayExpression)
                 ),
                 Template(
-                  `return (${flowIntegrity} ? a.pop() : ${flowIntegrity}++, a)`
+                  `return (${flowIntegrity} ? a["pop"]() : ${flowIntegrity}++, a)`
                 ).single(),
               ]
             ),
@@ -159,7 +157,11 @@ export default class StringConcealing extends Transform {
   transform(object: Node, parents: Node[]) {
     return () => {
       // Empty strings are discarded
-      if (!object.value || this.ignore.has(object.value)) {
+      if (
+        !object.value ||
+        this.ignore.has(object.value) ||
+        object.value.length == 0
+      ) {
         return;
       }
 
@@ -188,69 +190,131 @@ export default class StringConcealing extends Transform {
       var encoded = encoder.encode(object.value);
       if (encoder.decode(encoded) != object.value) {
         this.ignore.add(object.value);
-        this.warn(object.value.slice(0, 100));
+        this.warn(type, object.value.slice(0, 100));
         return;
       }
 
-      // Fix 1. weird undefined error
-      if (object.value && object.value.length > 0) {
-        var index = -1;
-        if (!this.set.has(object.value)) {
-          this.arrayExpression.elements.push(Literal(encoded));
-          index = this.arrayExpression.elements.length - 1;
-          this.index[object.value] = [index, fnName];
+      var index = -1;
+      if (!this.set.has(object.value)) {
+        this.arrayExpression.elements.push(Literal(encoded));
+        index = this.arrayExpression.elements.length - 1;
+        this.index[object.value] = [index, fnName];
 
-          this.set.add(object.value);
-        } else {
-          [index, fnName] = this.index[object.value];
-          ok(typeof index === "number");
-        }
+        this.set.add(object.value);
+      } else {
+        [index, fnName] = this.index[object.value];
+        ok(typeof index === "number");
+      }
 
-        ok(index != -1, "index == -1");
+      ok(index != -1, "index == -1");
 
-        var callExpr = CallExpression(Identifier(fnName), [Literal(index)]);
+      var callExpr = CallExpression(Identifier(fnName), [Literal(index)]);
 
-        // use `.apply` to fool automated de-obfuscators
-        if (Math.random() > 0.5) {
-          callExpr = CallExpression(
-            MemberExpression(Identifier(fnName), Identifier("apply"), false),
-            [ThisExpression(), ArrayExpression([Literal(index)])]
-          );
-        }
+      // use `.apply` to fool automated de-obfuscators
+      if (Math.random() > 0.5) {
+        callExpr = CallExpression(
+          MemberExpression(Identifier(fnName), Identifier("apply"), false),
+          [ThisExpression(), ArrayExpression([Literal(index)])]
+        );
+      }
+
+      // use `.call`
+      else if (Math.random() > 0.5) {
+        callExpr = CallExpression(
+          MemberExpression(Identifier(fnName), Identifier("call"), false),
+          [ThisExpression(), Literal(index)]
+        );
+      }
+
+      var referenceType = "call";
+      if (parents.length && Math.random() < 0.5 / this.variablesMade) {
+        referenceType = "constantReference";
+      }
+
+      var newExpr: Node = callExpr;
+
+      if (referenceType === "constantReference") {
+        // Define the string earlier, reference the name here
+        this.variablesMade++;
 
-        // use `.call`
-        else if (Math.random() > 0.5) {
-          callExpr = CallExpression(
-            MemberExpression(Identifier(fnName), Identifier("call"), false),
-            [ThisExpression(), Literal(index)]
-          );
+        var constantReferenceType = choice(["variable", "array", "object"]);
+
+        var place = choice(parents.filter((node) => isBlock(node)));
+        if (!place) {
+          this.error(new Error("No lexical block to insert code"));
         }
 
-        var constantReference =
-          parents.length && Math.random() > 0.5 / this.variablesMade;
+        switch (constantReferenceType) {
+          case "variable":
+            var name = this.getPlaceholder();
+
+            prepend(
+              place,
+              VariableDeclaration(VariableDeclarator(name, callExpr))
+            );
+
+            newExpr = Identifier(name);
+            break;
+          case "array":
+            if (!place.$stringConcealingArray) {
+              place.$stringConcealingArray = ArrayExpression([]);
+              place.$stringConcealingArrayName = this.getPlaceholder();
 
-        if (constantReference) {
-          // Define the string earlier, reference the name here
+              prepend(
+                place,
+                VariableDeclaration(
+                  VariableDeclarator(
+                    place.$stringConcealingArrayName,
+                    place.$stringConcealingArray
+                  )
+                )
+              );
+            }
 
-          var name = this.getPlaceholder();
+            var arrayIndex = place.$stringConcealingArray.elements.length;
 
-          var place = choice(parents.filter((node) => isBlock(node)));
-          if (!place) {
-            this.error(Error("No lexical block to insert code"));
-          }
+            place.$stringConcealingArray.elements.push(callExpr);
 
-          place.body.unshift(
-            VariableDeclaration(VariableDeclarator(name, callExpr))
-          );
+            var memberExpression = MemberExpression(
+              Identifier(place.$stringConcealingArrayName),
+              Literal(arrayIndex),
+              true
+            );
 
-          this.replaceIdentifierOrLiteral(object, Identifier(name), parents);
+            newExpr = memberExpression;
+            break;
+          case "object":
+            if (!place.$stringConcealingObject) {
+              place.$stringConcealingObject = ObjectExpression([]);
+              place.$stringConcealingObjectName = this.getPlaceholder();
 
-          this.variablesMade++;
-        } else {
-          // Direct call to the getter function
-          this.replaceIdentifierOrLiteral(object, callExpr, parents);
+              prepend(
+                place,
+                VariableDeclaration(
+                  VariableDeclarator(
+                    place.$stringConcealingObjectName,
+                    place.$stringConcealingObject
+                  )
+                )
+              );
+            }
+
+            var propName = this.gen.generate();
+            var property = Property(Literal(propName), callExpr, true);
+            place.$stringConcealingObject.properties.push(property);
+
+            var memberExpression = MemberExpression(
+              Identifier(place.$stringConcealingObjectName),
+              Literal(propName),
+              true
+            );
+
+            newExpr = memberExpression;
+            break;
         }
       }
+
+      this.replaceIdentifierOrLiteral(object, newExpr, parents);
     };
   }
 }

package/src/transforms/transform.ts

@@ -407,7 +407,7 @@ export default class Transform {
   }
 
   /**
-   * Verbose logging for warning/importing messages.
+   * Verbose logging for warning/important messages.
    * @param messages
    */
   warn(...messages: any[]) {

package/test/transforms/controlFlowFlattening/controlFlowFlattening.test.ts

@@ -672,3 +672,39 @@ test("Variant #20: Don't apply when functions are redefined", async () => {
   eval(output);
   expect(TEST_ARRAY).toStrictEqual([0, 0, 0]);
 });
+
+// https://github.com/MichaelXF/js-confuser/issues/70
+test("Variant #21: Don't move Import Declarations", async () => {
+  var output = await JsConfuser(
+    `
+    import {createHash} from "crypto";
+    var inputString = "Hash this string";
+    var hashed = createHash("sha256").update(inputString).digest("hex");
+    TEST_OUTPUT = hashed;
+  `,
+    {
+      target: "node",
+      controlFlowFlattening: true,
+    }
+  );
+
+  // Ensure Control Flow FLattening was applied
+  expect(output).toContain("switch");
+
+  // Ensure the import declaration wasn't moved
+  expect(output.startsWith("import")).toStrictEqual(true);
+
+  // Convert to runnable code
+  output = output.replace(
+    `import{createHash}from'crypto';`,
+    "const {createHash}=require('crypto');"
+  );
+
+  var TEST_OUTPUT = "";
+
+  eval(output);
+
+  expect(TEST_OUTPUT).toStrictEqual(
+    "1cac63f39fd68d8c531f27b807610fb3d50f0fc3f186995767fb6316e7200a3e"
+  );
+});

package/test/transforms/identifier/nameRecycling.test.ts

@@ -164,3 +164,42 @@ it("should convert variable declarations in for loop initializers properly", asy
   expect(TEST_VAR_1).toStrictEqual("Hello World");
   expect(TEST_VAR_2).toStrictEqual("Number: 0");
 });
+
+// https://github.com/MichaelXF/js-confuser/issues/68
+it("should work on Function Declarations that are defined later in the code", async () => {
+  var output = await JsConfuser(
+    `
+  var result = MyFunction();
+  TEST_VAR = result;
+  
+  function MyFunction(b) {
+    return "Hello World";
+  }
+  `,
+    { target: "node", nameRecycling: true }
+  );
+
+  var TEST_VAR;
+  eval(output);
+
+  expect(TEST_VAR).toStrictEqual("Hello World");
+});
+
+// https://github.com/MichaelXF/js-confuser/issues/71
+it("should work on Import Declarations", async () => {
+  var output = await JsConfuser(
+    `
+  import crypto from 'node:crypto'
+
+  var x = 1;
+  
+  console.log(x);
+  `,
+    {
+      target: "node",
+      nameRecycling: true,
+    }
+  );
+
+  expect(output).not.toContain("crypto=");
+});

package/test/transforms/identifier/renameVariables.test.ts

@@ -436,3 +436,41 @@ test("Variant #18: Catch parameter and lexical variable clash", async () => {
 
   eval(output);
 });
+
+// https://github.com/MichaelXF/js-confuser/issues/69
+test("Variant #19: Don't break Import Declarations", async () => {
+  var output = await JsConfuser(
+    `
+  import { createHash } from 'node:crypto'
+
+  function sha256(content) {  
+    return createHash('sha256').update(content).digest('hex')
+  }
+
+  TEST_OUTPUT = sha256("Hash this string");
+  `,
+    {
+      target: "node",
+      renameVariables: true,
+    }
+  );
+
+  // Ensure the createHash got renamed
+  expect(output).toContain("createHash as ");
+
+  // Convert to runnable code
+  // This smartly changes the `import` statement to a require call, keeping the new variable name intact
+  var newVarName = output.split("createHash as ")[1].split("}")[0];
+  output = output
+    .split(";")
+    .filter((s) => !s.startsWith("import"))
+    .join(";");
+  output = `var {createHash: ${newVarName}}=require('crypto');` + output;
+
+  var TEST_OUTPUT;
+  eval(output);
+
+  expect(TEST_OUTPUT).toStrictEqual(
+    "1cac63f39fd68d8c531f27b807610fb3d50f0fc3f186995767fb6316e7200a3e"
+  );
+});