npm - js-confuser - Versions diffs - 1.6.0 → 1.7.0 - Mend

js-confuser 1.6.0 → 1.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (59) hide show

package/CHANGELOG.md +23 -0
package/README.md +215 -170
package/dist/constants.js +6 -2
package/dist/obfuscator.js +0 -6
package/dist/options.js +4 -4
package/dist/presets.js +6 -7
package/dist/templates/crash.js +2 -2
package/dist/templates/functionLength.js +16 -0
package/dist/transforms/dispatcher.js +4 -1
package/dist/transforms/extraction/duplicateLiteralsRemoval.js +89 -58
package/dist/transforms/flatten.js +224 -147
package/dist/transforms/identifier/movedDeclarations.js +38 -85
package/dist/transforms/identifier/renameVariables.js +94 -41
package/dist/transforms/lock/lock.js +0 -37
package/dist/transforms/minify.js +2 -2
package/dist/transforms/rgf.js +139 -246
package/dist/transforms/stack.js +42 -1
package/dist/transforms/transform.js +1 -1
package/dist/util/gen.js +2 -1
package/dist/util/identifiers.js +37 -3
package/dist/util/insert.js +24 -3
package/docs/ControlFlowFlattening.md +595 -0
package/{Countermeasures.md → docs/Countermeasures.md} +1 -15
package/{Integrity.md → docs/Integrity.md} +2 -2
package/docs/RGF.md +419 -0
package/package.json +1 -1
package/src/constants.ts +3 -0
package/src/obfuscator.ts +0 -4
package/src/options.ts +9 -86
package/src/presets.ts +6 -7
package/src/templates/crash.ts +10 -10
package/src/templates/functionLength.ts +14 -0
package/src/transforms/dispatcher.ts +5 -1
package/src/transforms/extraction/duplicateLiteralsRemoval.ts +130 -129
package/src/transforms/flatten.ts +357 -290
package/src/transforms/identifier/movedDeclarations.ts +50 -96
package/src/transforms/identifier/renameVariables.ts +120 -56
package/src/transforms/lock/lock.ts +1 -42
package/src/transforms/minify.ts +11 -2
package/src/transforms/rgf.ts +214 -404
package/src/transforms/stack.ts +62 -0
package/src/transforms/transform.ts +6 -2
package/src/util/gen.ts +7 -2
package/src/util/identifiers.ts +43 -2
package/src/util/insert.ts +26 -2
package/test/code/ES6.src.js +24 -0
package/test/transforms/flatten.test.ts +352 -88
package/test/transforms/identifier/movedDeclarations.test.ts +37 -9
package/test/transforms/identifier/renameVariables.test.ts +37 -0
package/test/transforms/lock/lock.test.ts +1 -48
package/test/transforms/minify.test.ts +19 -0
package/test/transforms/rgf.test.ts +262 -353
package/test/transforms/stack.test.ts +52 -0
package/test/util/identifiers.test.ts +113 -1
package/test/util/insert.test.ts +57 -3
package/src/transforms/eval.ts +0 -89
package/src/transforms/identifier/nameRecycling.ts +0 -280
package/test/transforms/eval.test.ts +0 -131
package/test/transforms/identifier/nameRecycling.test.ts +0 -205

package/dist/presets.js CHANGED Viewed

@@ -22,7 +22,7 @@ exports.default = void 0;
  * 10. Minified output
  *
  * ## **`Disabled features`**
- * - `eval` Use at your own risk!
+ * - `rgf` Use at your own risk!
  *
  * ### Potential Issues
  * 1. *String Encoding* can corrupt files. Disable `stringEncoding` manually if this happens.
@@ -57,7 +57,6 @@ const highPreset = {
   stringEncoding: true,
   stringSplitting: 0.75,
   // Use at own risk
-  eval: false,
   rgf: false
 };
 /**
@@ -71,9 +70,9 @@ const mediumPreset = {
   calculator: true,
   compact: true,
   hexadecimalNumbers: true,
-  controlFlowFlattening: 0.5,
+  controlFlowFlattening: 0.25,
   deadCode: 0.025,
-  dispatcher: 0.75,
+  dispatcher: 0.5,
   duplicateLiteralsRemoval: 0.5,
   globalConcealing: true,
   identifierGenerator: "randomized",
@@ -99,10 +98,10 @@ const lowPreset = {
   calculator: true,
   compact: true,
   hexadecimalNumbers: true,
-  controlFlowFlattening: 0.25,
+  controlFlowFlattening: 0.1,
   deadCode: 0.01,
-  dispatcher: 0.5,
-  duplicateLiteralsRemoval: true,
+  dispatcher: 0.25,
+  duplicateLiteralsRemoval: 0.5,
   identifierGenerator: "randomized",
   minify: true,
   movedDeclarations: true,

package/dist/templates/crash.js CHANGED Viewed

@@ -9,9 +9,9 @@ var _template = _interopRequireDefault(require("./template"));
 function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
-const CrashTemplate1 = (0, _template.default)("\nvar {var} = \"a\";\nwhile(1){\n    {var} = {var} += \"a\";    //add as much as the browser can handle\n}\n");
+const CrashTemplate1 = (0, _template.default)("\nvar {var} = \"a\";\nwhile(1){\n    {var} = {var} += \"a\";\n}\n");
 exports.CrashTemplate1 = CrashTemplate1;
 const CrashTemplate2 = (0, _template.default)("\nwhile(true) {\n    var {var} = 99;\n    for({var} = 99; {var} == {var}; {var} *= {var}) {\n        !{var} && console.log({var});\n        if ({var} <= 10){\n            break;\n        }\n    };\n    if({var} === 100) {\n        {var}--\n    }\n };");
 exports.CrashTemplate2 = CrashTemplate2;
-const CrashTemplate3 = (0, _template.default)("\ntry {\n    function {$2}(y, x){\n        return x;\n      }\n      \n      var {$1} = {$2}(this, function () {\n        var {$3} = function () {\n            var regExp = {$3}\n                .constructor('return /\" + this + \"/')()\n                .constructor('^([^ ]+( +[^ ]+)+)+[^ ]}');\n            \n            return !regExp.call({$1});\n        };\n        \n        return {$3}();\n      });\n      \n      {$1}();\n} catch ( e ) {\n    while(e ? e : !e){\n        var b;\n        var c = 0;\n        (e ? !e : e) ? (function(e){\n            c = e ? 0 : !e ? 1 : 0;\n        })(e) : b = 1;\n\n        if(b&&c){break;}\n        if(b){continue;}\n    }\n}\n");
+const CrashTemplate3 = (0, _template.default)("\ntry {\n    function {$2}(y, x){\n        return x;\n      }\n      \n      var {$1} = {$2}(this, function () {\n        var {$3} = function () {\n            var regExp = {$3}\n                .constructor('return /\" + this + \"/')()\n                .constructor('^([^ ]+( +[^ ]+)+)+[^ ]}');\n            \n            return !regExp.call({$1});\n        };\n        \n        return {$3}();\n      });\n      \n      {$1}();\n} catch ( {$1}e ) {\n    while({$1}e ? {$1}e : !{$1}e){\n        var {$1}b;\n        var {$1}c = 0;\n        ({$1}e ? !{$1}e : {$1}e) ? (function({$1}e){\n            {$1}c = {$1}e ? 0 : !{$1}e ? 1 : 0;\n        })({$1}e) : {$1}b = 1;\n\n        if({$1}b&&{$1}c){break;}\n        if({$1}b){continue;}\n    }\n}\n");
 exports.CrashTemplate3 = CrashTemplate3;

package/dist/templates/functionLength.js ADDED Viewed

@@ -0,0 +1,16 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.FunctionLengthTemplate = void 0;
+var _template = _interopRequireDefault(require("./template"));
+function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
+/**
+ * Helper function to set `function.length` property.
+ */
+const FunctionLengthTemplate = (0, _template.default)("\nfunction {name}(functionObject, functionLength){\n  Object[\"defineProperty\"](functionObject, \"length\", {\n    \"value\": functionLength,\n    \"configurable\": true\n  });\n  return functionObject;\n}\n");
+exports.FunctionLengthTemplate = FunctionLengthTemplate;

package/dist/transforms/dispatcher.js CHANGED Viewed

@@ -56,9 +56,12 @@ function _defineProperty(obj, key, value) { if (key in obj) { Object.definePrope
  * 3. using `this`
  */
 class Dispatcher extends _transform.default {
+  // Debug mode preserves function names
   constructor(o) {
     super(o, _order.ObfuscateOrder.Dispatcher);
+    _defineProperty(this, "isDebug", false);
     _defineProperty(this, "count", void 0);
     this.count = 0;
@@ -158,7 +161,7 @@ class Dispatcher extends _transform.default {
         var gen = this.getGenerator();
         Object.keys(functionDeclarations).forEach(name => {
-          newFnNames[name] = gen.generate();
+          newFnNames[name] = this.isDebug ? "_dispatcher_" + this.count + "_" + name : gen.generate();
         }); // set containing new name
         var set = new Set(Object.keys(newFnNames)); // Only make a dispatcher function if it caught any functions

package/dist/transforms/extraction/duplicateLiteralsRemoval.js CHANGED Viewed

@@ -23,6 +23,8 @@ var _assert = require("assert");
 var _random = require("../../util/random");
+var _traverse = require("../../traverse");
 function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
 function _defineProperty(obj, key, value) { if (key in obj) { Object.defineProperty(obj, key, { value: value, enumerable: true, configurable: true, writable: true }); } else { obj[key] = value; } return obj; }
@@ -46,12 +48,19 @@ function _defineProperty(obj, key, value) { if (key in obj) { Object.definePrope
  * ```
  */
 class DuplicateLiteralsRemoval extends _transform.default {
+  // The array holding all the duplicate literals
+  // The array expression node to be inserted into the program
+  /**
+   * Literals in the array
+   */
   /**
-   * getter fn name -> accumulative shift
+   * Literals are saved here the first time they are seen.
    */
   /**
-   * lex context -> getter fn name
+   * Block -> { functionName, indexShift }
    */
   constructor(o) {
     super(o, _order.ObfuscateOrder.DuplicateLiteralsRemoval);
@@ -64,23 +73,45 @@ class DuplicateLiteralsRemoval extends _transform.default {
     _defineProperty(this, "first", void 0);
-    _defineProperty(this, "fnShifts", void 0);
-    _defineProperty(this, "fnGetters", void 0);
+    _defineProperty(this, "functions", void 0);
     this.map = new Map();
     this.first = new Map();
-    this.fnShifts = new Map();
-    this.fnGetters = new Map();
+    this.functions = new Map();
   }
   apply(tree) {
     super.apply(tree);
-    if (this.arrayName && this.arrayExpression.elements.length) {
+    if (this.arrayName && this.arrayExpression.elements.length > 0) {
+      // This function simply returns the array
       var getArrayFn = this.getPlaceholder();
-      (0, _insert.append)(tree, (0, _gen.FunctionDeclaration)(getArrayFn, [], [(0, _gen.ReturnStatement)(this.arrayExpression)]));
-      (0, _insert.prepend)(tree, (0, _gen.VariableDeclaration)((0, _gen.VariableDeclarator)(this.arrayName, (0, _gen.CallExpression)((0, _gen.MemberExpression)((0, _gen.Identifier)(getArrayFn), (0, _gen.Identifier)("call"), false), [(0, _gen.ThisExpression)()]))));
+      (0, _insert.append)(tree, (0, _gen.FunctionDeclaration)(getArrayFn, [], [(0, _gen.ReturnStatement)(this.arrayExpression)])); // This variable holds the array
+      (0, _insert.prepend)(tree, (0, _gen.VariableDeclaration)((0, _gen.VariableDeclarator)(this.arrayName, (0, _gen.CallExpression)((0, _gen.MemberExpression)((0, _gen.Identifier)(getArrayFn), (0, _gen.Literal)("call"), true), [(0, _gen.ThisExpression)()])))); // Create all the functions needed
+      for (var blockNode of this.functions.keys()) {
+        var {
+          functionName,
+          indexShift
+        } = this.functions.get(blockNode);
+        var propertyNode = (0, _gen.BinaryExpression)("-", (0, _gen.Identifier)("index_param"), (0, _gen.Literal)(indexShift));
+        var indexRangeInclusive = [0 + indexShift - 1, this.map.size + indexShift]; // The function uses mangling to hide the index being accessed
+        var mangleCount = (0, _random.getRandomInteger)(1, 10);
+        for (var i = 0; i < mangleCount; i++) {
+          var operator = (0, _random.choice)([">", "<"]);
+          var compareValue = (0, _random.choice)(indexRangeInclusive);
+          var test = (0, _gen.BinaryExpression)(operator, (0, _gen.Identifier)("index_param"), (0, _gen.Literal)(compareValue));
+          var alternate = (0, _gen.BinaryExpression)("-", (0, _gen.Identifier)("index_param"), (0, _gen.Literal)((0, _random.getRandomInteger)(-100, 100)));
+          var testValue = operator === ">" && compareValue === indexRangeInclusive[0] || operator === "<" && compareValue === indexRangeInclusive[1];
+          propertyNode = (0, _gen.ConditionalExpression)(test, testValue ? propertyNode : alternate, !testValue ? propertyNode : alternate);
+        }
+        var returnArgument = (0, _gen.MemberExpression)((0, _gen.Identifier)(this.arrayName), propertyNode, true);
+        (0, _insert.prepend)(blockNode, (0, _gen.FunctionDeclaration)(functionName, [(0, _gen.Identifier)("index_param")], [(0, _gen.ReturnStatement)(returnArgument)]));
+      }
     }
   }
@@ -95,43 +126,39 @@ class DuplicateLiteralsRemoval extends _transform.default {
    */
-  toCaller(object, parents, index) {
-    // get all the getters defined here or higher
-    var getterNames = [object, ...parents].map(x => this.fnGetters.get(x)).filter(x => x); // use random getter function
-    var getterName = (0, _random.choice)(getterNames); // get this literals context
+  transformLiteral(object, parents, index) {
+    var blockNode = (0, _random.choice)(parents.filter(x => this.functions.has(x))); // Create initial function if none exist
-    var lexContext = (0, _insert.getLexContext)(object, parents);
-    var hasGetterHere = this.fnGetters.has(lexContext); // create one if none are available (or by random chance if none are here locally)
+    if (this.functions.size === 0) {
+      var root = parents[parents.length - 1];
+      var rootFunctionName = this.getPlaceholder() + "_dLR_0";
+      this.functions.set(root, {
+        functionName: rootFunctionName,
+        indexShift: (0, _random.getRandomInteger)(-100, 100)
+      });
+      blockNode = root;
+    } // If no function here exist, possibly create new chained function
-    var shouldCreateNew = !getterName || !hasGetterHere && Math.random() > 0.9;
-    if (shouldCreateNew) {
-      (0, _assert.ok)(!this.fnGetters.has(lexContext));
-      var lexContextIndex = parents.findIndex(x => x !== lexContext && (0, _insert.isLexContext)(x));
-      var basedOn = lexContextIndex !== -1 ? (0, _random.choice)(parents.slice(lexContextIndex + 1).map(x => this.fnGetters.get(x)).filter(x => x)) : null;
-      var body = [];
-      var thisShift = (0, _random.getRandomInteger)(-250, 250); // the name of the getter
+    var block = (0, _traverse.getBlock)(object, parents);
-      getterName = this.getPlaceholder() + "_dLR_" + this.fnGetters.size;
+    if (!this.functions.has(block) && (0, _random.chance)(50 - this.functions.size)) {
+      var newFunctionName = this.getPlaceholder() + "_dLR_" + this.functions.size;
+      this.functions.set(block, {
+        functionName: newFunctionName,
+        indexShift: (0, _random.getRandomInteger)(-100, 100)
+      });
+      blockNode = block;
+    } // Derive the function to call from the selected blockNode
-      if (basedOn) {
-        var shift = this.fnShifts.get(basedOn);
-        (0, _assert.ok)(typeof shift === "number");
-        body = [(0, _gen.ReturnStatement)((0, _gen.CallExpression)((0, _gen.Identifier)(basedOn), [(0, _gen.BinaryExpression)("+", (0, _gen.Identifier)("index"), (0, _gen.Literal)(thisShift))]))];
-        this.fnShifts.set(getterName, shift + thisShift);
-      } else {
-        // from scratch
-        body = [(0, _gen.ReturnStatement)((0, _gen.MemberExpression)((0, _gen.Identifier)(this.arrayName), (0, _gen.BinaryExpression)("+", (0, _gen.Identifier)("index"), (0, _gen.Literal)(thisShift)), true))];
-        this.fnShifts.set(getterName, thisShift);
-      }
-      this.fnGetters.set(lexContext, getterName);
-      (0, _insert.prepend)(lexContext, (0, _gen.VariableDeclaration)((0, _gen.VariableDeclarator)(getterName, (0, _gen.CallExpression)((0, _gen.FunctionExpression)([], [(0, _gen.ReturnStatement)((0, _gen.FunctionExpression)([(0, _gen.Identifier)("index")], body))]), []))));
-    }
+    var {
+      functionName,
+      indexShift
+    } = this.functions.get(blockNode); // Call the function given it's indexShift
-    var theShift = this.fnShifts.get(getterName);
-    this.replaceIdentifierOrLiteral(object, (0, _gen.CallExpression)((0, _gen.Identifier)(getterName), [(0, _gen.Literal)(index - theShift)]), parents);
+    var callExpression = (0, _gen.CallExpression)((0, _gen.Identifier)(functionName), [(0, _gen.Literal)(index + indexShift)]);
+    this.replaceIdentifierOrLiteral(object, callExpression, parents);
   }
   transform(object, parents) {
@@ -147,19 +174,19 @@ class DuplicateLiteralsRemoval extends _transform.default {
       } // HARD CODED LIMIT of 10,000 (after 1,000 elements)
-      if (this.map.size > 1000 && !(0, _random.chance)(this.map.size / 100)) return;
+      if (this.map.size > 1000 && (0, _random.chance)(this.map.size / 100)) return;
       if (this.arrayName && parents[0].object && parents[0].object.name == this.arrayName) {
         return;
       }
-      var value;
+      var stringValue;
       if (object.type == "Literal") {
-        value = typeof object.value + ":" + object.value;
+        stringValue = typeof object.value + ":" + object.value;
         if (object.value === null) {
-          value = "null:null";
+          stringValue = "null:null";
         } else {
           // Skip empty strings
           if (typeof object.value === "string" && !object.value) {
@@ -167,38 +194,42 @@ class DuplicateLiteralsRemoval extends _transform.default {
           }
         }
       } else if (object.type == "Identifier") {
-        value = "identifier:" + object.name;
+        stringValue = "identifier:" + object.name;
       } else {
         throw new Error("Unsupported primitive type: " + object.type);
       }
-      (0, _assert.ok)(value);
+      (0, _assert.ok)(stringValue);
-      if (!this.first.has(value) && !this.map.has(value)) {
-        this.first.set(value, [object, parents]);
-      } else {
+      if (this.map.has(stringValue) || this.first.has(stringValue)) {
+        // Create the array if not already made
         if (!this.arrayName) {
           this.arrayName = this.getPlaceholder();
           this.arrayExpression = (0, _gen.ArrayExpression)([]);
-        }
+        } // Delete with first location
-        var firstLocation = this.first.get(value);
+        var firstLocation = this.first.get(stringValue);
         if (firstLocation) {
-          this.first.set(value, null);
           var index = this.map.size;
-          (0, _assert.ok)(!this.map.has(value));
-          this.map.set(value, index);
+          (0, _assert.ok)(!this.map.has(stringValue));
+          this.map.set(stringValue, index);
+          this.first.delete(stringValue);
           var pushing = (0, _insert.clone)(object);
           this.arrayExpression.elements.push(pushing);
           (0, _assert.ok)(this.arrayExpression.elements[index] === pushing);
-          this.toCaller(firstLocation[0], firstLocation[1], index);
+          this.transformLiteral(firstLocation[0], firstLocation[1], index);
         }
-        var index = this.map.get(value);
+        var index = this.map.get(stringValue);
         (0, _assert.ok)(typeof index === "number");
-        this.toCaller(object, parents, index);
-      }
+        this.transformLiteral(object, parents, index);
+        return;
+      } // Save this, maybe a duplicate will be found.
+      this.first.set(stringValue, [object, parents]);
     };
   }