js-confuser 1.7.0 → 1.7.2

package/docs/ES5.md

@@ -0,0 +1,197 @@
+## `ES5`
+
+The ES5 option converts most ES6+ features into ES5 compatible code.
+
+Option name: `es5`
+
+Option values: `true/false`
+
+Note: Does not cover all cases such as Promises or Generator functions. Use [Babel](https://babel.dev/).
+
+The ES5 option is intended to undo any ES6 feature the obfuscator adds to your code. If you input ES5 code, and enable the `es5` option, you can be guaranteed to have ES5 compatible output.
+
+## Example
+
+```js
+// Input
+function print(...messages){
+  console.log(...messages); // The spread operator (...) 
+                            // was introduced in ES6!
+}
+
+print("Hello", "World"); // "Hello World"
+
+// Output
+var __p_2580918143;
+function print() {
+    var __p_7607361496;
+    var messages, __p_2591841272 = (__p_7607361496 = Array.prototype.slice.call(arguments), messages = __p_7607361496.slice(0));
+    (__p_2580918143 = console).log.apply(__p_2580918143, [].concat(Array.prototype.slice.call(messages)));
+}
+print('Hello', 'World'); // "Hello World"
+```
+
+## Polyfill Array Methods
+
+When the ES5 option is enabled, array method polyfills will be injected to the top of your script.
+
+```js
+if (!Array.prototype.forEach) {
+    Array.prototype.forEach = function forEach(callback, thisArg) {
+        if (typeof callback !== 'function') {
+            throw new TypeError(callback + ' is not a function');
+        }
+        var array = this;
+        thisArg = thisArg || this;
+        for (var i = 0, l = array.length; i !== l; ++i) {
+            callback.call(thisArg, array[i], i, array);
+        }
+    };
+}
+```
+
+## Destructuring
+
+The ES5 option supports transpiling the destructuring patterns.
+
+```js
+// Input
+var {userName, email} = { userName: "John", email: "email@exampe.com" };
+
+// Output
+var __p_7467473759;
+var userName, email, __p_4755992742 = (__p_7467473759 = {
+        userName: 'John',
+        email: 'email@exampe.com'
+    }, userName = __p_7467473759.userName, email = __p_7467473759.email);
+```
+
+## Spread Operator
+
+The ES5 option supports transpiling the spread operator.
+
+```js
+// Input
+array.push(...objects);
+
+// Output
+var __p_6344935930;
+(__p_6344935930 = array).push.apply(__p_6344935930, [].concat(Array.prototype.slice.call(objects)));
+```
+
+## Template String
+
+The ES5 option supports transpiling template strings.
+
+```js
+// Input
+var myString = `Hello ${userName}`;
+
+// Output
+var myString = 'Hello ' + (userName + '');
+```
+
+## Object getters/setters
+
+The ES5 option supports transpiling getter and setter methods.
+
+```js
+// Input
+var _name;
+var myObject = {
+  get name(){
+    return _name;
+  },
+  set name(newName){
+    _name = newName;
+  }
+};
+
+// Output
+function __p_6886881506(base, computedProps, getters, setters) {
+    for (var i = 0; i < computedProps.length; i++) {
+        base[computedProps[i][0]] = computedProps[i][1];
+    }
+    var keys = Object.create(null);
+    Object.keys(getters).forEach(function (key) {
+        return keys[key] = 1;
+    });
+    Object.keys(setters).forEach(function (key) {
+        return keys[key] = 1;
+    });
+    Object.keys(keys).forEach(function (key) {
+        Object.defineProperty(base, key, {
+            set: setters[key],
+            get: getters[key],
+            configurable: true
+        });
+    });
+    return base;
+}
+var _name;
+var myObject = __p_6886881506({}, [], {
+    'name': function () {
+        return _name;
+    }
+}, {
+    'name': function (newName) {
+        _name = newName;
+    }
+});
+```
+
+## Arrow Functions
+
+The ES5 option converts arrow functions into regular functions.
+
+```js
+// Input
+var print = message => console.log(message);
+
+// Output
+var print = function (message) {
+    return console.log(message);
+};
+```
+
+## Const/Let
+
+The ES5 option converts `const` and `let` to a regular `var` keyword.
+
+```js
+// Input
+let myVar1 = true;
+const myVar2 = "String";
+
+// Output
+var myVar1 = true;
+var myVar2 = 'String';
+```
+
+## Classes
+
+The ES5 option partially supports transpiling classes.
+
+## Reserved Identifiers
+
+The ES5 option will change any illegal uses of reserved identifiers.
+
+```js
+// Input
+var myObject = {true: 1};
+myObject.for = true;
+
+// Output
+var myObject = {"true": 1};
+myObject["for"] = true;
+```
+
+## Features not supported
+
+- Promises
+- Async / Await
+- Generator functions
+- Nullish coalescing
+- Optional chaining
+
+Use [Babel](https://babel.dev/) to transpile these features. JS-Confuser will only support features the obfuscator may potentially add to your code.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "js-confuser",
-  "version": "1.7.0",
+  "version": "1.7.2",
   "description": "JavaScript Obfuscation Tool.",
   "main": "dist/index.js",
   "types": "index.d.ts",
@@ -22,8 +22,8 @@
   "author": "MichaelXF",
   "license": "MIT",
   "dependencies": {
-    "acorn": "^8.8.2",
-    "escodegen": "^2.0.0"
+    "acorn": "^8.12.1",
+    "escodegen": "^2.1.0"
   },
   "devDependencies": {
     "@babel/cli": "^7.17.6",

package/src/constants.ts

@@ -82,3 +82,15 @@ export const reservedIdentifiers = new Set([
 
 export const noRenameVariablePrefix = "__NO_JS_CONFUSER_RENAME__";
 export const placeholderVariablePrefix = "__p_";
+
+/**
+ * Tells the obfuscator this function is predictable:
+ * -  Never called with extraneous parameters
+ */
+export const predictableFunctionTag = "__JS_PREDICT__";
+
+/**
+ * Tells the obfuscator this function is critical for the Obfuscated code.
+ * -  Example: string decryption function
+ */
+export const criticalFunctionTag = "__JS_CRITICAL__";

package/src/options.ts

@@ -585,6 +585,15 @@ export interface ObfuscateOptions {
    * [See all settings here](https://github.com/MichaelXF/js-confuser/blob/master/README.md#options)
    */
   debugComments?: boolean;
+
+  /**
+   * ### `preserveFunctionLength`
+   *
+   * Modified functions will retain the correct `function.length` property. Enabled by default. (`true/false`)
+   *
+   * [See all settings here](https://github.com/MichaelXF/js-confuser/blob/master/README.md#options)
+   */
+  preserveFunctionLength?: boolean;
 }
 
 const validProperties = new Set([
@@ -619,6 +628,7 @@ const validProperties = new Set([
   "verbose",
   "globalVariables",
   "debugComments",
+  "preserveFunctionLength",
 ]);
 
 const validOses = new Set(["windows", "linux", "osx", "ios", "android"]);
@@ -764,6 +774,9 @@ export async function correctOptions(
   if (!options.hasOwnProperty("renameGlobals")) {
     options.renameGlobals = true; // RenameGlobals is on by default
   }
+  if (!options.hasOwnProperty("preserveFunctionLength")) {
+    options.preserveFunctionLength = true; // preserveFunctionLength is on by default
+  }
 
   if (options.globalVariables && !(options.globalVariables instanceof Set)) {
     options.globalVariables = new Set(Object.keys(options.globalVariables));

package/src/order.ts

@@ -46,11 +46,11 @@ export enum ObfuscateOrder {
 
   Minify = 28,
 
+  AntiTooling = 29,
+
   RenameVariables = 30,
 
   ES5 = 31,
 
-  AntiTooling = 34,
-
   Finalizer = 35,
 }

package/src/templates/bufferToString.ts

@@ -1,19 +1,59 @@
+import {
+  placeholderVariablePrefix,
+  predictableFunctionTag,
+} from "../constants";
 import Template from "./template";
 
-export const BufferToStringTemplate = Template(`
-  function __getGlobal(){
+export const GetGlobalTemplate = Template(`
+  function ${placeholderVariablePrefix}CFG__getGlobalThis${predictableFunctionTag}(){
+    return globalThis
+  }
+
+  function ${placeholderVariablePrefix}CFG__getGlobal${predictableFunctionTag}(){
+    return global
+  }
+
+  function ${placeholderVariablePrefix}CFG__getWindow${predictableFunctionTag}(){
+    return window
+  }
+
+  function ${placeholderVariablePrefix}CFG__getThisFunction${predictableFunctionTag}(){
+    return new Function("return this")()
+  }
+
+  function {getGlobalFnName}(array = [
+    ${placeholderVariablePrefix}CFG__getGlobalThis${predictableFunctionTag},
+    ${placeholderVariablePrefix}CFG__getGlobal${predictableFunctionTag},
+    ${placeholderVariablePrefix}CFG__getWindow${predictableFunctionTag},
+    ${placeholderVariablePrefix}CFG__getThisFunction${predictableFunctionTag}
+  ]){
+    var bestMatch
+    var itemsToSearch = []
     try {
-      return global||window|| ( new Function("return this") )();
-    } catch ( e ) {
+      bestMatch = Object
+      itemsToSearch["push"](("")["__proto__"]["constructor"]["name"])
+    } catch(e) {
+
+    }
+    A: for(var i = 0; i < array["length"]; i++) {
       try {
-        return this;
-      } catch ( e ) {
-        return {};
-      }
+        bestMatch = array[i]()
+        for(var j = 0; j < itemsToSearch["length"]; j++) {
+          if(typeof bestMatch[itemsToSearch[j]] === "undefined") continue A;
+        }
+        return bestMatch
+      } catch(e) {}
     }
+
+		return bestMatch || this;
   }
+`);
 
-  var __globalObject = __getGlobal() || {};
+export const BufferToStringTemplate = Template(`
+
+  ${GetGlobalTemplate.source}
+
+  var __globalObject = {getGlobalFnName}() || {};
   var __TextDecoder = __globalObject["TextDecoder"];
   var __Uint8Array = __globalObject["Uint8Array"];
   var __Buffer = __globalObject["Buffer"];
@@ -63,6 +103,4 @@ export const BufferToStringTemplate = Template(`
       return utf8ArrayToStr(buffer);
     }
   }
-
-  
 `);

package/src/templates/functionLength.ts

@@ -3,12 +3,30 @@ import Template from "./template";
 /**
  * Helper function to set `function.length` property.
  */
-export const FunctionLengthTemplate = Template(`
+export const FunctionLengthTemplate = Template(
+  `
 function {name}(functionObject, functionLength){
-  Object["defineProperty"](functionObject, "length", {
+  {ObjectDefineProperty}(functionObject, "length", {
     "value": functionLength,
     "configurable": true
   });
   return functionObject;
 }
-`);
+`,
+  `
+function {name}(functionObject, functionLength){
+  return {ObjectDefineProperty}(functionObject, "length", {
+    "value": functionLength,
+    "configurable": true
+  });
+}
+`,
+  `
+function {name}(functionObject, functionLength){
+  return {ObjectDefineProperty}["call"](null, functionObject, "length", {
+    "value": functionLength,
+    "configurable": true
+  });
+}
+`
+);

package/src/templates/globals.ts

@@ -0,0 +1,3 @@
+import Template from "./template";
+
+export const ObjectDefineProperty = Template(`Object["defineProperty"]`);

package/src/templates/template.ts

@@ -1,57 +1,103 @@
 import { Node } from "../util/gen";
 import { parseSnippet, parseSync } from "../parser";
+import { ok } from "assert";
+import { choice } from "../util/random";
+import { placeholderVariablePrefix } from "../constants";
 
 export interface ITemplate {
-  fill(variables?: { [name: string]: string | number }): string;
+  fill(variables?: { [name: string]: string | number }): {
+    output: string;
+    template: string;
+  };
 
   compile(variables?: { [name: string]: string | number }): Node[];
 
   single(variables?: { [name: string]: string | number }): Node;
 
+  variables(variables): ITemplate;
+
+  ignoreMissingVariables(): ITemplate;
+
+  templates: string[];
   source: string;
 }
 
-export default function Template(template: string): ITemplate {
-  var neededVariables = 0;
-  while (template.includes(`{$${neededVariables + 1}}`)) {
-    neededVariables++;
+export default function Template(...templates: string[]): ITemplate {
+  ok(templates.length);
+
+  var requiredVariables = new Set<string>();
+  var providedVariables = {};
+  var defaultVariables: { [key: string]: string } = Object.create(null);
+
+  // This may picked up "$mb[pP`x]" from String Encoding function
+  // ignoreMissingVariables() prevents this
+  var matches = templates[0].match(/{[$A-z0-9_]+}/g);
+  if (matches !== null) {
+    matches.forEach((variable) => {
+      var name = variable.slice(1, -1);
+
+      // $ variables are for default variables
+      if (name.startsWith("$")) {
+        defaultVariables[name] =
+          placeholderVariablePrefix +
+          "td_" +
+          Object.keys(defaultVariables).length;
+      } else {
+        requiredVariables.add(name);
+      }
+    });
   }
-  var vars = Object.create(null);
-  new Array(neededVariables + 1).fill(0).forEach((x, i) => {
-    vars["\\$" + i] = "temp_" + i;
-  });
-
-  function fill(variables?: { [name: string]: string | number }): string {
-    if (!variables) {
-      variables = Object.create(null);
-    }
 
-    var cloned = template;
+  function fill(
+    variables: { [name: string]: string | number } = Object.create(null)
+  ) {
+    var userVariables = { ...providedVariables, ...variables };
+
+    // Validate all variables were passed in
+    for (var requiredVariable of requiredVariables) {
+      if (typeof userVariables[requiredVariable] === "undefined") {
+        throw new Error(
+          templates[0] +
+            " missing variable: " +
+            requiredVariable +
+            " from " +
+            JSON.stringify(userVariables)
+        );
+      }
+    }
 
-    var keys = { ...variables, ...vars };
+    var template = choice(templates);
+    var output = template;
+    var allVariables = {
+      ...defaultVariables,
+      ...userVariables,
+    };
 
-    Object.keys(keys).forEach((name) => {
-      var bracketName = "{" + name + "}";
-      var value = keys[name] + "";
+    Object.keys(allVariables).forEach((name) => {
+      var bracketName = "{" + name.replace("$", "\\$") + "}";
+      var value = allVariables[name] + "";
 
       var reg = new RegExp(bracketName, "g");
 
-      cloned = cloned.replace(reg, value);
+      output = output.replace(reg, value);
     });
 
-    return cloned;
+    return { output, template };
   }
 
   function compile(variables: { [name: string]: string | number }): Node[] {
-    var code = fill(variables);
+    var { output, template } = fill(variables);
     try {
-      var program = parseSnippet(code);
+      var program = parseSnippet(output);
 
       return program.body;
     } catch (e) {
       console.error(e);
       console.error(template);
-      throw new Error("Template failed to parse");
+      console.error({ ...providedVariables, ...variables });
+      throw new Error(
+        "Template failed to parse: OUTPUT= " + output + " SOURCE= " + template
+      );
     }
   }
 
@@ -60,11 +106,25 @@ export default function Template(template: string): ITemplate {
     return nodes[0];
   }
 
+  function variables(newVariables) {
+    Object.assign(providedVariables, newVariables);
+    return obj;
+  }
+
+  function ignoreMissingVariables() {
+    defaultVariables = Object.create(null);
+    requiredVariables.clear();
+    return obj;
+  }
+
   var obj: ITemplate = {
     fill,
     compile,
     single,
-    source: template,
+    templates,
+    variables,
+    ignoreMissingVariables,
+    source: templates[0],
   };
 
   return obj;

package/src/transforms/antiTooling.ts

@@ -1,32 +1,51 @@
 import { ObfuscateOrder } from "../order";
+import Template from "../templates/template";
 import { isBlock } from "../traverse";
 import {
+  Node,
   ExpressionStatement,
-  SequenceExpression,
-  UnaryExpression,
+  CallExpression,
+  Identifier,
 } from "../util/gen";
-import { choice } from "../util/random";
+import { prepend } from "../util/insert";
 import Transform from "./transform";
 
 // JsNice.org tries to separate sequence expressions into multiple lines, this stops that.
 export default class AntiTooling extends Transform {
+  fnName: string;
+
   constructor(o) {
     super(o, ObfuscateOrder.AntiTooling);
   }
 
+  apply(tree: Node) {
+    super.apply(tree);
+
+    if (typeof this.fnName === "string") {
+      prepend(
+        tree,
+        Template(`
+      function {fnName}(){
+      }
+      `).single({ fnName: this.fnName })
+      );
+    }
+  }
+
   match(object, parents) {
     return isBlock(object) || object.type == "SwitchCase";
   }
 
   transform(object, parents) {
     return () => {
-      var exprs = [];
-      var deleteExprs = [];
+      var exprs: Node[] = [];
+      var deleteExprs: Node[] = [];
 
-      var body = object.type == "SwitchCase" ? object.consequent : object.body;
+      var body: Node[] =
+        object.type == "SwitchCase" ? object.consequent : object.body;
 
       const end = () => {
-        function flatten(expr) {
+        function flatten(expr: Node) {
           if (expr.type == "ExpressionStatement") {
             flatten(expr.expression);
           } else if (expr.type == "SequenceExpression") {
@@ -41,13 +60,16 @@ export default class AntiTooling extends Transform {
 
         if (flattened.length > 1) {
           flattened[0] = { ...flattened[0] };
+
+          if (!this.fnName) {
+            this.fnName = this.getPlaceholder();
+          }
+
+          // (expr1,expr2,expr3) -> F(expr1, expr2, expr3)
           this.replace(
             exprs[0],
             ExpressionStatement(
-              UnaryExpression(
-                choice(["typeof", "void", "!"]),
-                SequenceExpression(flattened)
-              )
+              CallExpression(Identifier(this.fnName), [...flattened])
             )
           );
 

package/src/transforms/controlFlowFlattening/controlFlowFlattening.ts

@@ -47,9 +47,8 @@ import {
 import { chance, choice, getRandomInteger, shuffle } from "../../util/random";
 import Transform from "../transform";
 import ExpressionObfuscation from "./expressionObfuscation";
-import { isModuleSource } from "../string/stringConcealing";
 import { reservedIdentifiers } from "../../constants";
-import { isDirective } from "../../util/compare";
+import { isDirective, isModuleSource } from "../../util/compare";
 
 const flattenStructures = new Set([
   "IfStatement",
@@ -1571,6 +1570,7 @@ export default class ControlFlowFlattening extends Transform {
               !this.isDebug &&
               o.type === "Identifier" &&
               this.mangleIdentifiers &&
+              !reservedIdentifiers.has(o.name) &&
               chance(50 - this.mangledExpressionsMade / 100) &&
               !p.find((x) => isVarContext(x))
             ) {