js-confuser 1.6.0 → 1.7.0

package/src/transforms/rgf.ts

@@ -3,36 +3,23 @@ import { reservedIdentifiers } from "../constants";
 import Obfuscator from "../obfuscator";
 import { ObfuscateOrder } from "../order";
 import { ComputeProbabilityMap } from "../probability";
-import Template from "../templates/template";
-import traverse, { walk } from "../traverse";
+import { walk } from "../traverse";
 import {
   ArrayExpression,
-  AssignmentExpression,
+  BlockStatement,
   CallExpression,
-  ConditionalExpression,
-  ExpressionStatement,
-  FunctionExpression,
   Identifier,
   Literal,
-  Location,
   MemberExpression,
   NewExpression,
   Node,
   ReturnStatement,
-  SpreadElement,
+  ThisExpression,
   VariableDeclaration,
   VariableDeclarator,
 } from "../util/gen";
-import { getDefiningIdentifier, getIdentifierInfo } from "../util/identifiers";
-import {
-  getVarContext,
-  isVarContext,
-  isFunction,
-  prepend,
-  getDefiningContext,
-  clone,
-} from "../util/insert";
-import { getRandomString } from "../util/random";
+import { getIdentifierInfo } from "../util/identifiers";
+import { prepend, getDefiningContext } from "../util/insert";
 import Transform from "./transform";
 
 /**
@@ -43,436 +30,259 @@ import Transform from "./transform";
  * Rigorous checks are in place to only include pure functions.
  *
  * `flatten` can attempt to make function reference-less. Recommended to have flatten enabled with RGF.
- *
- * | Mode | Description |
- * | --- | --- |
- * | `"all"` | Applies to all scopes |
- * | `true` | Applies to the top level only |
- * | `false` | Feature disabled |
  */
 export default class RGF extends Transform {
+  // Array of all the `new Function` calls
+  arrayExpressionElements: Node[];
+  // The name of the array holding all the `new Function` expressions
+  arrayExpressionName: string;
+
   constructor(o) {
     super(o, ObfuscateOrder.RGF);
+
+    this.arrayExpressionName = this.getPlaceholder() + "_rgf";
+    this.arrayExpressionElements = [];
+  }
+
+  apply(tree: Node): void {
+    super.apply(tree);
+
+    // Only add the array if there were converted functions
+    if (this.arrayExpressionElements.length > 0) {
+      prepend(
+        tree,
+        VariableDeclaration(
+          VariableDeclarator(
+            Identifier(this.arrayExpressionName),
+            ArrayExpression(this.arrayExpressionElements)
+          )
+        )
+      );
+    }
   }
 
   match(object, parents) {
-    return isVarContext(object) && object.type !== "ArrowFunctionExpression";
+    return (
+      (object.type === "FunctionDeclaration" ||
+        object.type === "FunctionExpression") && // Does not apply to Arrow functions
+      !object.async && // Does not apply to async/generator functions
+      !object.generator
+    );
   }
 
-  transform(contextObject, contextParents) {
-    return () => {
-      var isGlobal = contextObject.type == "Program";
+  transform(object: Node, parents: Node[]) {
+    // Discard getter/setter methods
+    if (parents[0].type === "Property" && parents[0].value === object) {
+      if (
+        parents[0].method ||
+        parents[0].kind === "get" ||
+        parents[0].kind === "set"
+      ) {
+        return;
+      }
+    }
+
+    // Discard class methods
+    if (parents[0].type === "MethodDefinition" && parents[0].value === object) {
+      return;
+    }
+
+    // Avoid applying to the countermeasures function
+    if (typeof this.options.lock?.countermeasures === "string") {
+      // function countermeasures(){...}
+      if (
+        object.type === "FunctionDeclaration" &&
+        object.id.type === "Identifier" &&
+        object.id.name === this.options.lock.countermeasures
+      ) {
+        return;
+      }
 
-      var value = ComputeProbabilityMap(this.options.rgf, (x) => x, isGlobal);
-      if (value !== "all" && !isGlobal) {
+      // var countermeasures = function(){...}
+      if (
+        parents[0].type === "VariableDeclarator" &&
+        parents[0].init === object &&
+        parents[0].id.type === "Identifier" &&
+        parents[0].id.name === this.options.lock.countermeasures
+      ) {
         return;
       }
+    }
+
+    // Check user option
+    if (!ComputeProbabilityMap(this.options.rgf, (x) => x, object?.id?.name))
+      return;
+
+    // Discard functions that use 'eval' function
+    if (object.$requiresEval) return;
+
+    // Check for 'this', 'arguments' (not allowed!)
+    var isIllegal = false;
+    walk(object, parents, (o, p) => {
+      if (
+        o.type === "ThisExpression" ||
+        o.type === "Super" ||
+        (o.type === "Identifier" && o.name === "arguments")
+      ) {
+        isIllegal = true;
+        return "EXIT";
+      }
+    });
 
-      var collect: {
-        location: Location;
-        references: Set<string>;
-        name?: string;
-      }[] = [];
-      var queue: Location[] = [];
-      var names = new Map<string, number>();
-      var referenceSignatures: { [name: string]: string } = {};
+    if (isIllegal) return;
 
-      var definingNodes = new Map<string, Node>();
+    return () => {
+      // Make sure function is 'reference-less'
+      var definedMap = new Map<Node, Set<string>>();
+      var isReferenceLess = true;
+      var identifierPreventingTransformation: string;
 
-      walk(contextObject, contextParents, (object, parents) => {
+      walk(object, parents, (o, p) => {
         if (
-          object !== contextObject &&
-          isFunction(object) &&
-          !object.$requiresEval &&
-          !object.async &&
-          !object.generator &&
-          getVarContext(parents[0], parents.slice(1)) === contextObject
+          o.type === "Identifier" &&
+          !reservedIdentifiers.has(o.name) &&
+          !this.options.globalVariables.has(o.name)
         ) {
-          // Discard getter/setter methods
-          if (parents[0].type === "Property" && parents[0].value === object) {
-            if (
-              parents[0].method ||
-              parents[0].kind === "get" ||
-              parents[0].kind === "set"
-            ) {
-              return;
-            }
-          }
-
-          // Discard class methods
-          if (
-            parents[0].type === "MethodDefinition" &&
-            parents[0].value === object
-          ) {
+          var info = getIdentifierInfo(o, p);
+          if (!info.spec.isReferenced) {
             return;
           }
 
-          // Avoid applying to the countermeasures function
-          if (typeof this.options.lock?.countermeasures === "string") {
-            // function countermeasures(){...}
-            if (
-              object.type === "FunctionDeclaration" &&
-              object.id.type === "Identifier" &&
-              object.id.name === this.options.lock.countermeasures
-            ) {
-              return;
-            }
+          if (info.spec.isDefined) {
+            // Add to defined map
+            var definingContext = getDefiningContext(o, p);
 
-            // var countermeasures = function(){...}
-            if (
-              parents[0].type === "VariableDeclarator" &&
-              parents[0].init === object &&
-              parents[0].id.type === "Identifier" &&
-              parents[0].id.name === this.options.lock.countermeasures
-            ) {
-              return;
+            if (!definedMap.has(definingContext)) {
+              definedMap.set(definingContext, new Set([o.name]));
+            } else {
+              definedMap.get(definingContext).add(o.name);
             }
-          }
-
-          var defined = new Set<string>(),
-            referenced = new Set<string>();
-
-          var isBound = false;
-
-          /**
-           * The fnTraverses serves two important purposes
-           *
-           * - Identify all the variables referenced and defined here
-           * - Identify is the 'this' keyword is used anywhere
-           *
-           * @param o
-           * @param p
-           * @returns
-           */
-          const fnTraverser = (o, p) => {
-            if (
-              o.type == "Identifier" &&
-              !reservedIdentifiers.has(o.name) &&
-              !this.options.globalVariables.has(o.name)
-            ) {
-              var info = getIdentifierInfo(o, p);
-              if (!info.spec.isReferenced) {
-                return;
-              }
-              if (info.spec.isDefined && getDefiningContext(o, p) === object) {
-                defined.add(o.name);
-              } else {
-                referenced.add(o.name);
+          } else {
+            // This approach is dirty and does not account for hoisted FunctionDeclarations
+            var isDefinedAbove = false;
+            for (var pNode of p) {
+              if (definedMap.has(pNode)) {
+                if (definedMap.get(pNode).has(o.name)) {
+                  isDefinedAbove = true;
+                  break;
+                }
               }
             }
 
-            if (o.type == "ThisExpression" || o.type == "Super") {
-              isBound = true;
-            }
-          };
-
-          walk(object.params, [object, ...parents], fnTraverser);
-          walk(object.body, [object, ...parents], fnTraverser);
-
-          if (!isBound) {
-            defined.forEach((identifier) => {
-              referenced.delete(identifier);
-            });
-
-            object.params.forEach((param) => {
-              referenced.delete(param.name);
-            });
-
-            collect.push({
-              location: [object, parents],
-              references: referenced,
-              name: object.id?.name,
-            });
-          }
-        }
-      });
-
-      if (!collect.length) {
-        return;
-      }
-
-      var miss = 0;
-      var start = collect.length * 2;
-
-      while (true) {
-        var hit = false;
-
-        collect.forEach(
-          ({ name, references: references1, location: location1 }) => {
-            if (!references1.size && name) {
-              collect.forEach((o) => {
-                if (
-                  o.location[0] !== location1[0] &&
-                  o.references.size &&
-                  o.references.delete(name)
-                ) {
-                  // console.log(collect);
+            if (!isDefinedAbove) {
+              isReferenceLess = false;
+              identifierPreventingTransformation = o.name;
 
-                  hit = true;
-                }
-              });
+              return "EXIT";
             }
           }
-        );
-        if (hit) {
-          miss = 0;
-        } else {
-          miss++;
         }
+      });
 
-        if (miss > start) {
-          break;
+      // This function is not 'reference-less', cannot be RGF'd
+      if (!isReferenceLess) {
+        if (object.id) {
+          this.log(
+            `${object?.id?.name}() cannot be transformed because of ${identifierPreventingTransformation}`
+          );
         }
+        return;
       }
 
-      queue = [];
-      collect.forEach((o) => {
-        if (!o.references.size) {
-          var [object, parents] = o.location;
-
-          queue.push([object, parents]);
-          if (
-            object.type == "FunctionDeclaration" &&
-            typeof object.id.name === "string"
-          ) {
-            var index = names.size;
-
-            names.set(object.id.name, index);
-            referenceSignatures[index] = getRandomString(10);
-
-            definingNodes.set(object.id.name, object.id);
-          }
-        }
+      // Since `new Function` is completely isolated, create an entire new obfuscator and run remaining transformations.
+      // RGF runs early and needs completed code before converting to a string.
+      // (^ the variables haven't been renamed yet)
+      var obfuscator = new Obfuscator({
+        ...this.options,
+        stringEncoding: false,
+        compact: true,
       });
 
-      if (!queue.length) {
-        return;
+      if (obfuscator.options.lock) {
+        delete obfuscator.options.lock.countermeasures;
       }
 
-      // An array containing all the function declarations
-      var referenceArray = "_" + getRandomString(10);
-
-      walk(contextObject, contextParents, (o, p) => {
-        if (o.type == "Identifier" && !reservedIdentifiers.has(o.name)) {
-          var index = names.get(o.name);
-          if (typeof index === "number") {
-            var info = getIdentifierInfo(o, p);
-            if (info.spec.isReferenced && !info.spec.isDefined) {
-              var location = getDefiningIdentifier(o, p);
-              if (location) {
-                var pointingTo = location[0];
-                var shouldBe = definingNodes.get(o.name);
-
-                // console.log(pointingTo, shouldBe);
-
-                if (pointingTo == shouldBe) {
-                  this.log(o.name, "->", `${referenceArray}[${index}]`);
-
-                  var memberExpression = MemberExpression(
-                    Identifier(referenceArray),
-                    Literal(index),
-                    true
-                  );
-
-                  // Allow re-assignment to the RGF function
-                  if (
-                    p[0] &&
-                    p[0].type === "AssignmentExpression" &&
-                    p[0].left === o
-                  ) {
-                    // fn = ...
-
-                    this.replace(o, memberExpression);
-                  } else {
-                    // fn()
-                    // fn
-
-                    // In most cases the identifier is being used like this (call expression, or referenced to be called later)
-                    // Replace it with a simple wrapper function that will pass on the reference array
-
-                    var conditionalExpression = ConditionalExpression(
-                      Template(
-                        `typeof ${referenceArray}[${index}] === "function" && ${referenceArray}[${index}]["${
-                          referenceSignatures[index] || "_"
-                        }"]`
-                      ).single().expression,
-                      FunctionExpression(
-                        [],
-                        [
-                          ReturnStatement(
-                            // clone() is required!
-                            CallExpression(clone(memberExpression), [
-                              Identifier(referenceArray),
-                              SpreadElement(Identifier("arguments")),
-                            ])
-                          ),
-                        ]
-                      ),
-                      clone(memberExpression)
-                    );
-
-                    this.replace(o, conditionalExpression);
-                  }
-                }
-              }
-            }
-          }
-        }
+      var transforms = obfuscator.array.filter(
+        (x) => x.priority > this.priority
+      );
+
+      var embeddedFunctionName = this.getPlaceholder();
+
+      var embeddedFunction = {
+        type: "FunctionDeclaration",
+        id: Identifier(embeddedFunctionName),
+        body: BlockStatement([...object.body.body]),
+        params: object.params,
+        async: false,
+        generator: false,
+      };
+
+      var tree = {
+        type: "Program",
+        body: [
+          embeddedFunction,
+          ReturnStatement(
+            CallExpression(
+              MemberExpression(
+                Identifier(embeddedFunctionName),
+                Literal("apply"),
+                true
+              ),
+              [ThisExpression(), Identifier("arguments")]
+            )
+          ),
+        ],
+      };
+
+      transforms.forEach((transform) => {
+        transform.apply(tree);
       });
 
-      var arrayExpression = ArrayExpression([]);
-      var variableDeclaration = VariableDeclaration([
-        VariableDeclarator(Identifier(referenceArray), arrayExpression),
-      ]);
-
-      prepend(contextObject, variableDeclaration);
-
-      queue.forEach(([object, parents]) => {
-        var name = object?.id?.name;
-        var signature = referenceSignatures[names.get(name)];
-
-        var embeddedName = name || this.getPlaceholder();
-
-        // Since `new Function` is completely isolated, create an entire new obfuscator and run remaining transformations.
-        // RGF runs early and needs completed code before converting to a string.
-        // (^ the variables haven't been renamed yet)
-        var obfuscator = new Obfuscator({
-          ...this.options,
-          rgf: false,
-          globalVariables: new Set([
-            ...this.options.globalVariables,
-            referenceArray,
-          ]),
-          lock: {
-            integrity: false,
-          },
-          eval: false,
-          stringEncoding: false,
-        });
-        var transforms = obfuscator.array.filter(
-          (x) => x.priority > this.priority
-        );
-
-        var embeddedFunction = {
-          ...object,
-          type: "FunctionDeclaration",
-          id: Identifier(embeddedName),
-        };
-
-        var tree = {
-          type: "Program",
-          body: [
-            embeddedFunction,
-            ReturnStatement(
-              CallExpression(
-                MemberExpression(
-                  Identifier(embeddedName),
-                  Literal("call"),
-                  true
-                ),
-                [
-                  Identifier("undefined"),
-                  SpreadElement(
-                    Template(
-                      `Array.prototype.slice.call(arguments, 1)`
-                    ).single().expression
-                  ),
-                ]
-              )
-            ),
-          ],
-        };
-
-        (tree as any).__hiddenDeclarations = VariableDeclaration(
-          VariableDeclarator(referenceArray)
-        );
-        (tree as any).__hiddenDeclarations.hidden = true;
-        (tree as any).__hiddenDeclarations.declarations[0].id.hidden = true;
-
-        transforms.forEach((transform) => {
-          transform.apply(tree);
-        });
-
-        // Find eval callbacks
-        traverse(tree, (o, p) => {
-          if (o.$eval) {
-            return () => {
-              o.$eval(o, p);
-            };
-          }
-        });
+      var toString = compileJsSync(tree, obfuscator.options);
 
-        var toString = compileJsSync(tree, this.options);
+      // new Function(code)
+      var newFunctionExpression = NewExpression(Identifier("Function"), [
+        Literal(toString),
+      ]);
 
-        var newFunction = NewExpression(Identifier("Function"), [
-          Literal(referenceArray),
-          Literal(toString),
+      // The index where this function is placed in the array
+      var newFunctionExpressionIndex = this.arrayExpressionElements.length;
+
+      // Add it to the array
+      this.arrayExpressionElements.push(newFunctionExpression);
+
+      // The member expression to retrieve this function
+      var memberExpression = MemberExpression(
+        Identifier(this.arrayExpressionName),
+        Literal(newFunctionExpressionIndex),
+        true
+      );
+
+      // Replace based on type
+
+      // (1) Function Declaration:
+      // - Replace body with call to new function
+      if (object.type === "FunctionDeclaration") {
+        object.body = BlockStatement([
+          ReturnStatement(
+            CallExpression(
+              MemberExpression(memberExpression, Literal("apply"), true),
+              [ThisExpression(), Identifier("arguments")]
+            )
+          ),
         ]);
 
-        function applySignature(fn) {
-          if (!signature) {
-            return fn;
-          }
-
-          // This code marks the function object with a unique property
-          return CallExpression(
-            FunctionExpression(
-              [],
-              [
-                VariableDeclaration(VariableDeclarator("fn", fn)),
-                ExpressionStatement(
-                  AssignmentExpression(
-                    "=",
-                    MemberExpression(
-                      Identifier("fn"),
-                      Literal(signature),
-                      true
-                    ),
-                    Literal(true)
-                  )
-                ),
-                ReturnStatement(Identifier("fn")),
-              ]
-            ),
-            []
-          );
-        }
-
-        if (object.type === "FunctionDeclaration") {
-          arrayExpression.elements[names.get(name)] =
-            applySignature(newFunction);
-
-          if (Array.isArray(parents[0])) {
-            parents[0].splice(parents[0].indexOf(object), 1);
-          } else {
-            this.error(
-              new Error(
-                "Error deleting function declaration: " +
-                  parents.map((x) => x.type).join(",")
-              )
-            );
-          }
-        } else {
-          // The wrapper function passes the reference array around
-          var wrapperFunction = FunctionExpression(
-            [],
-            [
-              ReturnStatement(
-                CallExpression(
-                  MemberExpression(newFunction, Literal("call"), true),
-                  [
-                    Identifier("undefined"),
-                    Identifier(referenceArray),
-                    SpreadElement(Identifier("arguments")),
-                  ]
-                )
-              ),
-            ]
-          );
+        // The parameters are no longer needed ('arguments' is used to capture them)
+        object.params = [];
+        return;
+      }
 
-          this.replace(object, applySignature(wrapperFunction));
-        }
-      });
+      // (2) Function Expression:
+      // - Replace expression with member expression pointing to new function
+      if (object.type === "FunctionExpression") {
+        this.replace(object, memberExpression);
+        return;
+      }
     };
   }
 }