js-confuser 1.7.1 → 1.7.3

package/src/options.ts

@@ -146,7 +146,7 @@ export interface ObfuscateOptions {
    *
    * ⚠️ Significantly impacts performance, use sparingly!
    *
-   * [Control-flow Flattening](https://docs.jscrambler.com/code-integrity/documentation/transformations/control-flow-flattening) hinders program comprehension by creating convoluted switch statements. (`true/false/0-1`)
+   * Control-flow Flattening hinders program comprehension by creating convoluted switch statements. (`true/false/0-1`)
    *
    * Use a number to control the percentage from 0 to 1.
    *
@@ -187,7 +187,7 @@ export interface ObfuscateOptions {
   /**
    * ### `stringConcealing`
    *
-   * [String Concealing](https://docs.jscrambler.com/code-integrity/documentation/transformations/string-concealing) involves encoding strings to conceal plain-text values. (`true/false/0-1`)
+   * String Concealing involves encoding strings to conceal plain-text values. (`true/false/0-1`)
    *
    * `"console"` -> `decrypt('<~@rH7+Dert~>')`
    *
@@ -200,7 +200,7 @@ export interface ObfuscateOptions {
   /**
    * ### `stringEncoding`
    *
-   * [String Encoding](https://docs.jscrambler.com/code-integrity/documentation/transformations/string-encoding) transforms a string into an encoded representation. (`true/false/0-1`)
+   * String Encoding transforms a string into an encoded representation. (`true/false/0-1`)
    *
    * `"console"` -> `'\x63\x6f\x6e\x73\x6f\x6c\x65'`
    *
@@ -215,7 +215,7 @@ export interface ObfuscateOptions {
   /**
    * ### `stringSplitting`
    *
-   * [String Splitting](https://docs.jscrambler.com/code-integrity/documentation/transformations/string-splitting) splits your strings into multiple expressions. (`true/false/0-1`)
+   * String Splitting splits your strings into multiple expressions. (`true/false/0-1`)
    *
    * `"console"` -> `String.fromCharCode(99) + 'ons' + 'ole'`
    *
@@ -230,7 +230,7 @@ export interface ObfuscateOptions {
   /**
    * ### `duplicateLiteralsRemoval`
    *
-   * [Duplicate Literals Removal](https://docs.jscrambler.com/code-integrity/documentation/transformations/duplicate-literals-removal) replaces duplicate literals with a single variable name. (`true/false`)
+   * Duplicate Literals Removal replaces duplicate literals with a single variable name. (`true/false`)
    *
    * - Potency Medium
    * - Resilience Low
@@ -406,6 +406,22 @@ export interface ObfuscateOptions {
      */
     context?: string[];
 
+    /**
+     * ### `lock.tamperProtection`
+     *
+     * Tamper Protection safeguards the runtime behavior from being altered by JavaScript pitfalls. (`true/false`)
+     *
+     * **⚠️ Tamper Protection requires eval and ran in a non-strict mode environment!**
+     *
+     * - **This can break your code.**
+     * - **Due to the security concerns of arbitrary code execution, you must enable this yourself.**
+     *
+     * [Learn more here](https://github.com/MichaelXF/js-confuser/blob/master/TamperProtection.md).
+     *
+     * [See all settings here](https://github.com/MichaelXF/js-confuser/blob/master/README.md#options)
+     */
+    tamperProtection?: boolean | ((varName: string) => boolean);
+
     /**
      * ### `lock.startDate`
      *
@@ -585,6 +601,15 @@ export interface ObfuscateOptions {
    * [See all settings here](https://github.com/MichaelXF/js-confuser/blob/master/README.md#options)
    */
   debugComments?: boolean;
+
+  /**
+   * ### `preserveFunctionLength`
+   *
+   * Modified functions will retain the correct `function.length` property. Enabled by default. (`true/false`)
+   *
+   * [See all settings here](https://github.com/MichaelXF/js-confuser/blob/master/README.md#options)
+   */
+  preserveFunctionLength?: boolean;
 }
 
 const validProperties = new Set([
@@ -619,6 +644,21 @@ const validProperties = new Set([
   "verbose",
   "globalVariables",
   "debugComments",
+  "preserveFunctionLength",
+]);
+
+const validLockProperties = new Set([
+  "selfDefending",
+  "antiDebug",
+  "context",
+  "tamperProtection",
+  "startDate",
+  "endDate",
+  "domainLock",
+  "osLock",
+  "browserLock",
+  "integrity",
+  "countermeasures",
 ]);
 
 const validOses = new Set(["windows", "linux", "osx", "ios", "android"]);
@@ -654,6 +694,7 @@ export function validateOptions(options: ObfuscateOptions) {
     options.target,
     "Missing options.target option (required, must one the following: 'browser' or 'node')"
   );
+
   ok(
     ["browser", "node"].includes(options.target),
     `'${options.target}' is not a valid target mode`
@@ -675,6 +716,13 @@ export function validateOptions(options: ObfuscateOptions) {
   }
 
   if (options.lock) {
+    ok(typeof options.lock === "object", "options.lock must be an object");
+    Object.keys(options.lock).forEach((key) => {
+      if (!validLockProperties.has(key)) {
+        throw new TypeError("Invalid lock option: '" + key + "'");
+      }
+    });
+
     // Validate browser-lock option
     if (
       options.lock.browserLock &&
@@ -764,13 +812,18 @@ export async function correctOptions(
   if (!options.hasOwnProperty("renameGlobals")) {
     options.renameGlobals = true; // RenameGlobals is on by default
   }
+  if (!options.hasOwnProperty("preserveFunctionLength")) {
+    options.preserveFunctionLength = true; // preserveFunctionLength is on by default
+  }
 
   if (options.globalVariables && !(options.globalVariables instanceof Set)) {
     options.globalVariables = new Set(Object.keys(options.globalVariables));
   }
 
-  if (options.lock && options.lock.selfDefending) {
-    options.compact = true; // self defending forcibly enables this
+  if (options.lock) {
+    if (options.lock.selfDefending) {
+      options.compact = true; // self defending forcibly enables this
+    }
   }
 
   // options.globalVariables outlines generic globals that should be present in the execution context

package/src/order.ts

@@ -46,11 +46,11 @@ export enum ObfuscateOrder {
 
   Minify = 28,
 
+  AntiTooling = 29,
+
   RenameVariables = 30,
 
   ES5 = 31,
 
-  AntiTooling = 34,
-
   Finalizer = 35,
 }

package/src/templates/bufferToString.ts

@@ -1,19 +1,89 @@
+import {
+  placeholderVariablePrefix,
+  predictableFunctionTag,
+} from "../constants";
+import Transform from "../transforms/transform";
+import { Node } from "../util/gen";
 import Template from "./template";
 
-export const BufferToStringTemplate = Template(`
-  function __getGlobal(){
+export const createGetGlobalTemplate = (
+  transform: Transform,
+  object: Node,
+  parents: Node[]
+) => {
+  var options = transform.options;
+  if (options.lock?.tamperProtection) {
+    return new Template(`
+      function {getGlobalFnName}(){
+        var localVar = false;
+        eval(${transform.jsConfuserVar("localVar")} + " = true")
+        if (!localVar) {
+          {countermeasures}
+        }
+    
+        const root = eval("this");
+        return root;
+      }
+    `).setDefaultVariables({
+      countermeasures: transform.lockTransform.getCounterMeasuresCode(
+        object,
+        parents
+      ),
+    });
+  }
+
+  return GetGlobalTemplate;
+};
+
+const GetGlobalTemplate = new Template(`
+  function ${placeholderVariablePrefix}CFG__getGlobalThis${predictableFunctionTag}(){
+    return globalThis
+  }
+
+  function ${placeholderVariablePrefix}CFG__getGlobal${predictableFunctionTag}(){
+    return global
+  }
+
+  function ${placeholderVariablePrefix}CFG__getWindow${predictableFunctionTag}(){
+    return window
+  }
+
+  function ${placeholderVariablePrefix}CFG__getThisFunction${predictableFunctionTag}(){
+    return new Function("return this")()
+  }
+
+  function {getGlobalFnName}(array = [
+    ${placeholderVariablePrefix}CFG__getGlobalThis${predictableFunctionTag},
+    ${placeholderVariablePrefix}CFG__getGlobal${predictableFunctionTag},
+    ${placeholderVariablePrefix}CFG__getWindow${predictableFunctionTag},
+    ${placeholderVariablePrefix}CFG__getThisFunction${predictableFunctionTag}
+  ]){
+    var bestMatch
+    var itemsToSearch = []
     try {
-      return global||window|| ( new Function("return this") )();
-    } catch ( e ) {
+      bestMatch = Object
+      itemsToSearch["push"](("")["__proto__"]["constructor"]["name"])
+    } catch(e) {
+
+    }
+    A: for(var i = 0; i < array["length"]; i++) {
       try {
-        return this;
-      } catch ( e ) {
-        return {};
-      }
+        bestMatch = array[i]()
+        for(var j = 0; j < itemsToSearch["length"]; j++) {
+          if(typeof bestMatch[itemsToSearch[j]] === "undefined") continue A;
+        }
+        return bestMatch
+      } catch(e) {}
     }
+
+		return bestMatch || this;
   }
+`);
 
-  var __globalObject = __getGlobal() || {};
+export const BufferToStringTemplate = new Template(`
+  {GetGlobalTemplate}
+
+  var __globalObject = {getGlobalFnName}() || {};
   var __TextDecoder = __globalObject["TextDecoder"];
   var __Uint8Array = __globalObject["Uint8Array"];
   var __Buffer = __globalObject["Buffer"];
@@ -63,6 +133,4 @@ export const BufferToStringTemplate = Template(`
       return utf8ArrayToStr(buffer);
     }
   }
-
-  
 `);

package/src/templates/core.ts

@@ -0,0 +1,29 @@
+import Template from "./template";
+
+export const IndexOfTemplate = new Template(`
+function indexOf(str, substr) {
+  const len = str.length;
+  const sublen = substr.length;
+  let count = 0;
+
+  if (sublen > len) {
+    return -1;
+  }
+
+  for (let i = 0; i <= len - sublen; i++) {
+    for (let j = 0; j < sublen; j++) {
+      if (str[i + j] === substr[j]) {
+        count++;
+        if (count === sublen) {
+          return i;
+        }
+      } else {
+        count = 0;
+        break;
+      }
+    }
+  }
+
+  return -1;
+}
+`);

package/src/templates/crash.ts

@@ -1,13 +1,14 @@
 import Template from "./template";
 
-export const CrashTemplate1 = Template(`
-var {var} = "a";
-while(1){
-    {var} = {var} += "a";
+export const CrashTemplate1 = new Template(`
+var {var} = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!#$%&()*+,./:;<=>?@[]^_\`{|}~"';
+while(true){
+    {var} = {var};
+    if(!{var}) break;
 }
 `);
 
-export const CrashTemplate2 = Template(`
+export const CrashTemplate2 = new Template(`
 while(true) {
     var {var} = 99;
     for({var} = 99; {var} == {var}; {var} *= {var}) {
@@ -20,36 +21,3 @@ while(true) {
         {var}--
     }
  };`);
-
-export const CrashTemplate3 = Template(`
-try {
-    function {$2}(y, x){
-        return x;
-      }
-      
-      var {$1} = {$2}(this, function () {
-        var {$3} = function () {
-            var regExp = {$3}
-                .constructor('return /" + this + "/')()
-                .constructor('^([^ ]+( +[^ ]+)+)+[^ ]}');
-            
-            return !regExp.call({$1});
-        };
-        
-        return {$3}();
-      });
-      
-      {$1}();
-} catch ( {$1}e ) {
-    while({$1}e ? {$1}e : !{$1}e){
-        var {$1}b;
-        var {$1}c = 0;
-        ({$1}e ? !{$1}e : {$1}e) ? (function({$1}e){
-            {$1}c = {$1}e ? 0 : !{$1}e ? 1 : 0;
-        })({$1}e) : {$1}b = 1;
-
-        if({$1}b&&{$1}c){break;}
-        if({$1}b){continue;}
-    }
-}
-`);

package/src/templates/es5.ts

@@ -5,7 +5,7 @@ import Template from "./template";
  *
  * Source: https://vanillajstoolkit.com/polyfills/
  */
-export const ES5Template = Template(`
+export const ES5Template = new Template(`
 if (!Array.prototype.forEach) {
   Array.prototype.forEach = function forEach (callback, thisArg) {
     if (typeof callback !== 'function') {

package/src/templates/functionLength.ts

@@ -3,12 +3,30 @@ import Template from "./template";
 /**
  * Helper function to set `function.length` property.
  */
-export const FunctionLengthTemplate = Template(`
+export const FunctionLengthTemplate = new Template(
+  `
 function {name}(functionObject, functionLength){
-  Object["defineProperty"](functionObject, "length", {
+  {ObjectDefineProperty}(functionObject, "length", {
     "value": functionLength,
     "configurable": true
   });
   return functionObject;
 }
-`);
+`,
+  `
+function {name}(functionObject, functionLength){
+  return {ObjectDefineProperty}(functionObject, "length", {
+    "value": functionLength,
+    "configurable": true
+  });
+}
+`,
+  `
+function {name}(functionObject, functionLength){
+  return {ObjectDefineProperty}["call"](null, functionObject, "length", {
+    "value": functionLength,
+    "configurable": true
+  });
+}
+`
+);

package/src/templates/globals.ts

@@ -0,0 +1,3 @@
+import Template from "./template";
+
+export const ObjectDefineProperty = new Template(`Object["defineProperty"]`);

package/src/templates/template.ts

@@ -1,71 +1,230 @@
 import { Node } from "../util/gen";
 import { parseSnippet, parseSync } from "../parser";
+import { ok } from "assert";
+import { choice } from "../util/random";
+import { placeholderVariablePrefix } from "../constants";
+import traverse from "../traverse";
+
+export interface TemplateVariables {
+  [varName: string]:
+    | string
+    | (() => Node | Node[] | Template)
+    | Node
+    | Node[]
+    | Template;
+}
 
-export interface ITemplate {
-  fill(variables?: { [name: string]: string | number }): string;
-
-  compile(variables?: { [name: string]: string | number }): Node[];
-
-  single(variables?: { [name: string]: string | number }): Node;
+/**
+ * Templates provides an easy way to parse code snippets into AST subtrees.
+ *
+ * These AST subtrees can added to the obfuscated code, tailored with variable names.
+ *
+ * 1. Basic string interpolation
+ *
+ * ```js
+ * var Base64Template = new Template(`
+ * function {name}(str){
+ *   return btoa(str)
+ * }
+ * `);
+ *
+ * var functionDeclaration = Base64Template.single({ name: "atob" });
+ * ```
+ *
+ * 2. AST subtree insertion
+ *
+ * ```js
+ * var Base64Template = new Template(`
+ * function {name}(str){
+ *   {getWindow}
+ *
+ *   return {getWindowName}btoa(str)
+ * }`)
+ *
+ * var functionDeclaration = Base64Template.single({
+ *  name: "atob",
+ *  getWindowName: "newWindow",
+ *  getWindow: () => {
+ *    return acorn.parse("var newWindow = {}").body[0];
+ *  }
+ * });
+ * ```
+ *
+ * Here, the `getWindow` variable is a function that returns an AST subtree. This must be a `Node[]` array or Template.
+ * Optionally, the function can be replaced with just the `Node[]` array or Template if it's already computed.
+ *
+ * 3. Template subtree insertion
+ *
+ * ```js
+ * var NewWindowTemplate = new Template(`
+ *   var newWindow = {};
+ * `);
+ *
+ * var Base64Template = new Template(`
+ * function {name}(str){
+ *   {NewWindowTemplate}
+ *
+ *   return newWindow.btoa(str)
+ * }`)
+ *
+ * var functionDeclaration = Base64Template.single({
+ *  name: "atob",
+ *  NewWindowTemplate: NewWindowTemplate
+ * });
+ * ```
+ */
+export default class Template {
+  templates: string[];
+  defaultVariables: TemplateVariables;
+  requiredVariables: Set<string>;
+
+  constructor(...templates: string[]) {
+    this.templates = templates;
+    this.defaultVariables = Object.create(null);
+    this.requiredVariables = new Set<string>();
+
+    this.findRequiredVariables();
+  }
 
-  source: string;
-}
+  setDefaultVariables(defaultVariables: TemplateVariables): this {
+    this.defaultVariables = defaultVariables;
+    return this;
+  }
 
-export default function Template(template: string): ITemplate {
-  var neededVariables = 0;
-  while (template.includes(`{$${neededVariables + 1}}`)) {
-    neededVariables++;
+  private findRequiredVariables() {
+    var matches = this.templates[0].match(/{[$A-z0-9_]+}/g);
+    if (matches !== null) {
+      matches.forEach((variable) => {
+        var name = variable.slice(1, -1);
+
+        // $ variables are for default variables
+        if (name.startsWith("$")) {
+          throw new Error("Default variables are no longer supported.");
+        } else {
+          this.requiredVariables.add(name);
+        }
+      });
+    }
   }
-  var vars = Object.create(null);
-  new Array(neededVariables + 1).fill(0).forEach((x, i) => {
-    vars["\\$" + i] = "temp_" + i;
-  });
-
-  function fill(variables?: { [name: string]: string | number }): string {
-    if (!variables) {
-      variables = Object.create(null);
+
+  /**
+   * Interpolates the template with the given variables.
+   *
+   * Prepares the template string for AST parsing.
+   *
+   * @param variables
+   */
+  private interpolateTemplate(variables: TemplateVariables = {}) {
+    var allVariables = { ...this.defaultVariables, ...variables };
+
+    // Validate all variables were passed in
+    for (var requiredVariable of this.requiredVariables) {
+      if (typeof allVariables[requiredVariable] === "undefined") {
+        throw new Error(
+          this.templates[0] +
+            " missing variable: " +
+            requiredVariable +
+            " from " +
+            JSON.stringify(allVariables)
+        );
+      }
     }
 
-    var cloned = template;
+    var template = choice(this.templates);
+    var output = template;
 
-    var keys = { ...variables, ...vars };
+    Object.keys(allVariables).forEach((name) => {
+      var bracketName = "{" + name.replace("$", "\\$") + "}";
 
-    Object.keys(keys).forEach((name) => {
-      var bracketName = "{" + name + "}";
-      var value = keys[name] + "";
+      var value = allVariables[name] + "";
+      if (typeof allVariables[name] !== "string") {
+        value = name;
+      }
 
       var reg = new RegExp(bracketName, "g");
 
-      cloned = cloned.replace(reg, value);
+      output = output.replace(reg, value);
     });
 
-    return cloned;
+    return { output, template };
   }
 
-  function compile(variables: { [name: string]: string | number }): Node[] {
-    var code = fill(variables);
-    try {
-      var program = parseSnippet(code);
+  /**
+   * Finds the variables in the AST and replaces them with the given values.
+   *
+   * Note: Mutates the AST.
+   * @param ast
+   * @param variables
+   */
+  private interpolateAST(ast: Node, variables: TemplateVariables) {
+    var allVariables = { ...this.defaultVariables, ...variables };
+
+    var astNames = new Set(
+      Object.keys(allVariables).filter((name) => {
+        return typeof allVariables[name] !== "string";
+      })
+    );
+
+    if (astNames.size === 0) return;
+
+    traverse(ast, (o, p) => {
+      if (o.type === "Identifier" && allVariables[o.name]) {
+        return () => {
+          var value = allVariables[o.name];
+          ok(typeof value !== "string");
+
+          var insertNodes = typeof value === "function" ? value() : value;
+          if (insertNodes instanceof Template) {
+            insertNodes = insertNodes.compile(allVariables);
+          }
+
+          if (!Array.isArray(insertNodes)) {
+            // Replace with expression
+
+            Object.assign(o, insertNodes);
+          } else {
+            // Insert multiple statements/declarations
+            var expressionStatement: Node = p[0];
+            var body: Node[] = p[1] as any;
+
+            ok(expressionStatement.type === "ExpressionStatement");
+            ok(Array.isArray(body));
+
+            var index = body.indexOf(expressionStatement);
+
+            body.splice(index, 1, ...insertNodes);
+          }
+        };
+      }
+    });
+  }
+
+  compile(variables: TemplateVariables = {}): Node[] {
+    var { output, template } = this.interpolateTemplate(variables);
 
-      return program.body;
+    var program: Node;
+    try {
+      program = parseSnippet(output);
     } catch (e) {
-      console.error(e);
-      console.error(template);
-      throw new Error("Template failed to parse");
+      throw new Error(output + "\n" + "Template failed to parse: " + e.message);
     }
-  }
 
-  function single(variables?: { [name: string]: string | number }): Node {
-    var nodes = compile(variables);
-    return nodes[0];
+    this.interpolateAST(program, variables);
+
+    return program.body;
   }
 
-  var obj: ITemplate = {
-    fill,
-    compile,
-    single,
-    source: template,
-  };
+  single(variables: TemplateVariables = {}): Node {
+    var nodes = this.compile(variables);
+
+    if (nodes.length !== 1) {
+      nodes = nodes.filter((node) => node.type !== "EmptyStatement");
+      ok(
+        nodes.length === 1,
+        `Expected single node, got ${nodes.map((node) => node.type).join(", ")}`
+      );
+    }
 
-  return obj;
+    return nodes[0];
+  }
 }