js-confuser 1.7.2 → 1.7.3

package/dist/transforms/lock/integrity.js

@@ -35,7 +35,7 @@ function cyrb53(str) {
 }
 
 // In template form to be inserted into code
-const HashTemplate = (0, _template.default)(`
+const HashTemplate = new _template.default(`
 function {name}(str, seed) {
   var h1 = 0xdeadbeef ^ seed;
   var h2 = 0x41c6ce57 ^ seed;
@@ -50,7 +50,7 @@ function {name}(str, seed) {
 };`);
 
 // Math.imul polyfill for ES5
-const ImulTemplate = (0, _template.default)(`
+const ImulTemplate = new _template.default(`
 var {name} = Math.imul || function(opA, opB){
   opB |= 0; // ensure that opB is an integer. opA will automatically be coerced.
   // floating points give us 53 bits of precision to work with plus 1 sign bit
@@ -66,7 +66,7 @@ var {name} = Math.imul || function(opA, opB){
 };`);
 
 // Simple function that returns .toString() value with spaces replaced out
-const StringTemplate = (0, _template.default)(`
+const StringTemplate = new _template.default(`
   function {name}(x){
     return x.toString().replace(/ |\\n|;|,|\\{|\\}|\\(|\\)|\\.|\\[|\\]/g, "");
   }
@@ -114,7 +114,7 @@ class Integrity extends _transform.default {
         var imulVariableDeclaration = ImulTemplate.single({
           name: imulName
         });
-        imulVariableDeclaration.$dispatcherSkip = true;
+        imulVariableDeclaration.$multiTransformSkip = true;
         this.imulFn = imulVariableDeclaration._hiddenId = (0, _gen.Identifier)(imulName);
         hashingUtils.push(imulVariableDeclaration);
         var hashName = this.getPlaceholder();
@@ -124,17 +124,17 @@ class Integrity extends _transform.default {
         });
         this.hashFn = hashFunctionDeclaration._hiddenId = (0, _gen.Identifier)(hashName);
         hashingUtils.push(hashFunctionDeclaration);
-        hashFunctionDeclaration.$dispatcherSkip = true;
+        hashFunctionDeclaration.$multiTransformSkip = true;
         var stringName = this.getPlaceholder();
         var stringFunctionDeclaration = StringTemplate.single({
           name: stringName
         });
         this.stringFn = stringFunctionDeclaration._hiddenId = (0, _gen.Identifier)(stringName);
         hashingUtils.push(stringFunctionDeclaration);
-        stringFunctionDeclaration.$dispatcherSkip = true;
+        stringFunctionDeclaration.$multiTransformSkip = true;
         var functionExpression = (0, _gen.FunctionExpression)([], (0, _insert.clone)(object.body));
         object.body = [(0, _gen.ExpressionStatement)((0, _gen.CallExpression)(functionExpression, []))];
-        object.$dispatcherSkip = true;
+        object.$multiTransformSkip = true;
         object._hiddenHashingUtils = hashingUtils;
         var ok = this.transform(functionExpression, [object.body[0], object.body, object]);
         if (ok) {
@@ -166,7 +166,7 @@ class Integrity extends _transform.default {
           params: object.params || [],
           body: object.body || (0, _gen.BlockStatement)([]),
           expression: false,
-          $dispatcherSkip: true
+          $multiTransformSkip: true
         };
         var toString = (0, _compiler.compileJsSync)(functionDeclaration, this.options);
         if (!toString) {
@@ -175,7 +175,7 @@ class Integrity extends _transform.default {
         var minified = toString.replace(/ |\n|;|,|\{|\}|\(|\)|\.|\[|\]/g, "");
         var hash = cyrb53(minified, this.seed);
         this.log((object.id ? object.id.name : "function") + " -> " + hash, minified);
-        var ifStatement = (0, _gen.IfStatement)((0, _gen.BinaryExpression)("==", (0, _gen.Identifier)(hashName), (0, _gen.Literal)(hash)), [(0, _template.default)(`return {functionName}.apply(this, arguments)`).single({
+        var ifStatement = (0, _gen.IfStatement)((0, _gen.BinaryExpression)("==", (0, _gen.Identifier)(hashName), (0, _gen.Literal)(hash)), [new _template.default(`return {functionName}.apply(this, arguments)`).single({
           functionName: functionName
         })]);
         if (object.__hiddenCountermeasures && object.__hiddenCountermeasures.length) {

package/dist/transforms/lock/lock.js

@@ -17,6 +17,7 @@ var _antiDebug = _interopRequireDefault(require("./antiDebug"));
 var _identifiers = require("../../util/identifiers");
 var _compare = require("../../util/compare");
 var _assert = require("assert");
+var _core = require("../../templates/core");
 function _getRequireWildcardCache(e) { if ("function" != typeof WeakMap) return null; var r = new WeakMap(), t = new WeakMap(); return (_getRequireWildcardCache = function (e) { return e ? t : r; })(e); }
 function _interopRequireWildcard(e, r) { if (!r && e && e.__esModule) return e; if (null === e || "object" != typeof e && "function" != typeof e) return { default: e }; var t = _getRequireWildcardCache(r); if (t && t.has(e)) return t.get(e); var n = { __proto__: null }, a = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var u in e) if ("default" !== u && {}.hasOwnProperty.call(e, u)) { var i = a ? Object.getOwnPropertyDescriptor(e, u) : null; i && (i.get || i.set) ? Object.defineProperty(n, u, i) : n[u] = e[u]; } return n.default = e, t && t.set(e, n), n; }
 function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e }; }
@@ -27,6 +28,27 @@ function _toPrimitive(t, r) { if ("object" != typeof t || !t) return t; var e =
  * Applies browser & date locks.
  */
 class Lock extends _transform.default {
+  shouldTransformNativeFunction(nameAndPropertyPath) {
+    if (!this.options.lock.tamperProtection) {
+      return false;
+    }
+    if (typeof this.options.lock.tamperProtection === "function") {
+      return this.options.lock.tamperProtection(nameAndPropertyPath.join("."));
+    }
+    if (this.options.target === "browser" && nameAndPropertyPath.length === 1 && nameAndPropertyPath[0] === "fetch") {
+      return true;
+    }
+
+    // TODO: Allow user to customize this behavior
+    var globalObject = typeof window !== "undefined" ? window : global;
+    var fn = globalObject;
+    for (var item of nameAndPropertyPath) {
+      fn = fn[item];
+      if (typeof fn === "undefined") return false;
+    }
+    var hasNativeCode = typeof fn === "function" && ("" + fn).includes("[native code]");
+    return hasNativeCode;
+  }
   constructor(o) {
     super(o, _order.ObfuscateOrder.Lock);
 
@@ -42,6 +64,10 @@ class Lock extends _transform.default {
      * This is used to prevent infinite loops from happening
      */
     _defineProperty(this, "counterMeasuresActivated", void 0);
+    /**
+     * The name of the native function that is used to check runtime calls for tampering
+     */
+    _defineProperty(this, "nativeFunctionName", void 0);
     _defineProperty(this, "made", void 0);
     if (this.options.lock.integrity) {
       this.before.push(new _integrity.default(o, this));
@@ -80,6 +106,73 @@ class Lock extends _transform.default {
       }
     }
     super.apply(tree);
+    if (this.options.lock.tamperProtection) {
+      this.nativeFunctionName = this.getPlaceholder() + "_lockNative";
+
+      // Ensure program is not in strict mode
+      // Tamper Protection forces non-strict mode
+
+      var strictModeCheck = new _template.default(`
+        (function(){
+          function isStrictMode(){
+            try {
+              var arr = []
+              delete arr["length"]
+            } catch(e) {
+              return true;
+            }
+            return false;
+          }
+
+          if(isStrictMode()) {
+            {countermeasures}
+            ${this.nativeFunctionName} = undefined;
+          }
+        })()
+        `).single({
+        countermeasures: this.getCounterMeasuresCode(tree, [])
+      });
+
+      // $multiTransformSkip is used to prevent scoping between transformations
+      strictModeCheck.$multiTransformSkip = true;
+      (0, _insert.prepend)(tree, strictModeCheck);
+      var nativeFunctionCheck = new _template.default(`
+        function ${this.nativeFunctionName}() {
+          {IndexOfTemplate}
+        
+          function checkFunction(fn){
+            if (indexOf("" + fn, '{ [native code] }') === -1
+            ||
+            typeof Object.getOwnPropertyDescriptor(fn, "toString") !== "undefined"
+            ) {
+              {countermeasures}
+              return undefined
+            }
+
+            return fn;
+          }
+
+          var args = arguments
+          if(args.length === 1) {
+            return checkFunction(args[0]);
+          } else if (args.length === 2) {
+            var object = args[0];
+            var property = args[1];
+
+            var fn = object[property];
+            fn = checkFunction(fn);
+
+            return fn.bind(object);
+          }
+        }`).single({
+        IndexOfTemplate: _core.IndexOfTemplate,
+        countermeasures: this.getCounterMeasuresCode(tree, [])
+      });
+
+      // $multiTransformSkip is used to prevent scoping between transformations
+      nativeFunctionCheck.$multiTransformSkip = true;
+      (0, _insert.prepend)(tree, nativeFunctionCheck);
+    }
   }
   getCounterMeasuresCode(object, parents) {
     var opt = this.options.lock.countermeasures;
@@ -95,21 +188,14 @@ class Lock extends _transform.default {
       }
 
       // Since Lock occurs before variable renaming, we are using the pre-obfuscated function name
-      return [(0, _gen.ExpressionStatement)((0, _gen.LogicalExpression)("||", (0, _gen.Identifier)(this.counterMeasuresActivated), (0, _gen.SequenceExpression)([(0, _gen.AssignmentExpression)("=", (0, _gen.Identifier)(this.counterMeasuresActivated), (0, _gen.Literal)(true)), (0, _gen.CallExpression)((0, _template.default)(opt).single().expression, [])])))];
-    }
-    var type = (0, _random.choice)(["crash", "exit"]);
-    switch (type) {
-      case "crash":
-        var varName = this.getPlaceholder();
-        return (0, _random.choice)([_crash.CrashTemplate1, _crash.CrashTemplate2, _crash.CrashTemplate3]).compile({
-          var: varName
-        });
-      case "exit":
-        if (this.options.target == "browser") {
-          return (0, _template.default)("document.documentElement.innerHTML = '';").compile();
-        }
-        return (0, _template.default)("process.exit()").compile();
+      return [(0, _gen.ExpressionStatement)((0, _gen.LogicalExpression)("||", (0, _gen.Identifier)(this.counterMeasuresActivated), (0, _gen.SequenceExpression)([(0, _gen.AssignmentExpression)("=", (0, _gen.Identifier)(this.counterMeasuresActivated), (0, _gen.Literal)(true)), (0, _gen.CallExpression)(new _template.default(opt).single().expression, [])])))];
     }
+
+    // Default fallback to infinite loop
+    var varName = this.getPlaceholder();
+    return (0, _random.choice)([_crash.CrashTemplate1, _crash.CrashTemplate2]).compile({
+      var: varName
+    });
   }
 
   /**
@@ -183,7 +269,7 @@ class Lock extends _transform.default {
         case "selfDefending":
           // A very simple mechanism inspired from https://github.com/javascript-obfuscator/javascript-obfuscator/blob/master/src/custom-code-helpers/self-defending/templates/SelfDefendingNoEvalTemplate.ts
           // regExp checks for a newline, formatters add these
-          var callExpression = (0, _template.default)(`
+          var callExpression = new _template.default(`
             (
               function(){
                 // Breaks JSNice.org, beautifier.io
@@ -223,7 +309,7 @@ class Lock extends _transform.default {
           nodes.push((0, _gen.IfStatement)(test, code, null));
           break;
         case "osLock":
-          var navigatorUserAgent = (0, _template.default)(`window.navigator.userAgent.toLowerCase()`).single().expression;
+          var navigatorUserAgent = new _template.default(`window.navigator.userAgent.toLowerCase()`).single().expression;
           (0, _assert.ok)(this.options.lock.osLock);
           var code = this.getCounterMeasuresCode(object, parents) || [];
           this.options.lock.osLock.forEach(osName => {
@@ -238,7 +324,7 @@ class Lock extends _transform.default {
             if (osName == "ios" && this.options.target === "browser") {
               if (!this.iosDetectFn) {
                 this.iosDetectFn = this.getPlaceholder();
-                (0, _insert.prepend)(parents[parents.length - 1] || object, (0, _template.default)(`function ${this.iosDetectFn}() {
+                (0, _insert.prepend)(parents[parents.length - 1] || object, new _template.default(`function ${this.iosDetectFn}() {
                   return [
                     'iPad Simulator',
                     'iPhone Simulator',
@@ -259,7 +345,7 @@ class Lock extends _transform.default {
                 osx: "darwin",
                 ios: "darwin"
               }[osName] || osName;
-              thisTest = (0, _template.default)(`require('os').platform()==="${platformName}"`).single().expression;
+              thisTest = new _template.default(`require('os').platform()==="${platformName}"`).single().expression;
             }
             if (!test) {
               test = thisTest;
@@ -275,12 +361,12 @@ class Lock extends _transform.default {
           nodes.push((0, _gen.IfStatement)(test, code, null));
           break;
         case "browserLock":
-          var navigatorUserAgent = (0, _template.default)(`window.navigator.userAgent.toLowerCase()`).single().expression;
+          var navigatorUserAgent = new _template.default(`window.navigator.userAgent.toLowerCase()`).single().expression;
           (0, _assert.ok)(this.options.lock.browserLock);
           this.options.lock.browserLock.forEach(browserName => {
             var thisTest = (0, _gen.CallExpression)((0, _gen.MemberExpression)(navigatorUserAgent, (0, _gen.Literal)("match"), true), [(0, _gen.Literal)(browserName == "iexplorer" ? "msie" : browserName.toLowerCase())]);
             if (browserName === "safari") {
-              thisTest = (0, _template.default)(`/^((?!chrome|android).)*safari/i.test(navigator.userAgent)`).single().expression;
+              thisTest = new _template.default(`/^((?!chrome|android).)*safari/i.test(navigator.userAgent)`).single().expression;
             }
             if (!test) {
               test = thisTest;

package/dist/transforms/minify.js

@@ -185,7 +185,7 @@ class Minify extends _transform.default {
         if (canTransform) {
           if (!this.arrowFunctionName) {
             this.arrowFunctionName = this.getPlaceholder();
-            (0, _insert.append)(parents[parents.length - 1] || object, (0, _template.default)(`
+            (0, _insert.append)(parents[parents.length - 1] || object, new _template.default(`
             function ${this.arrowFunctionName}(arrowFn, functionLength = 0){
               var functionObject = function(){ return arrowFn(...arguments) };
 

package/dist/transforms/opaquePredicates.js

@@ -48,7 +48,7 @@ class OpaquePredicates extends _transform.default {
     this.made = 0;
   }
   match(object, parents) {
-    return (isTestExpression(object, parents) || object.type == "SwitchCase") && !parents.find(x => x.$dispatcherSkip || x.type == "AwaitExpression");
+    return (isTestExpression(object, parents) || object.type == "SwitchCase") && !parents.find(x => x.$multiTransformSkip || x.type == "AwaitExpression");
   }
   transform(object, parents) {
     return () => {
@@ -74,7 +74,7 @@ class OpaquePredicates extends _transform.default {
             var arrayProp = this.gen.generate();
             this.predicate.properties.push((0, _gen.Property)((0, _gen.Identifier)(arrayProp), (0, _gen.ArrayExpression)([])));
             var paramName = this.getPlaceholder();
-            this.predicate.properties.push((0, _gen.Property)((0, _gen.Identifier)(prop), (0, _gen.FunctionExpression)([(0, _gen.AssignmentPattern)((0, _gen.Identifier)(paramName), (0, _gen.Literal)("length"))], (0, _template.default)(`
+            this.predicate.properties.push((0, _gen.Property)((0, _gen.Identifier)(prop), (0, _gen.FunctionExpression)([(0, _gen.AssignmentPattern)((0, _gen.Identifier)(paramName), (0, _gen.Literal)("length"))], new _template.default(`
                   if ( !${this.predicateName}.${arrayProp}[0] ) {
                     ${this.predicateName}.${arrayProp}.push(${(0, _random.getRandomInteger)(-100, 100)});
                   }

package/dist/transforms/preparation.js

@@ -11,6 +11,7 @@ var _insert = require("../util/insert");
 var _identifiers = require("../util/identifiers");
 var _compare = require("../util/compare");
 var _traverse = require("../traverse");
+var _constants = require("../constants");
 function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e }; }
 /**
  * Preparation arranges the user's code into an AST the obfuscator can easily transform.
@@ -45,6 +46,17 @@ class Preparation extends _transform.default {
       return this.transformExplicitIdentifiers(object, parents);
     }
 
+    // __JS_CONFUSER_VAR__ - Remove when Rename Variables is disabled
+    if (object.type === "CallExpression" && object.callee.type === "Identifier" && object.callee.name === _constants.variableFunctionName) {
+      if (object.arguments[0].type === "Identifier") {
+        if (!this.obfuscator.transforms["RenameVariables"]) {
+          return () => {
+            this.replace(object, (0, _gen.Literal)(object.arguments[0].name));
+          };
+        }
+      }
+    }
+
     // ExplicitDeclarations
     if (object.type === "VariableDeclaration") {
       return this.transformExplicitDeclarations(object, parents);

package/dist/transforms/rgf.js

@@ -11,6 +11,7 @@ var _order = require("../order");
 var _probability = require("../probability");
 var _functionLength = require("../templates/functionLength");
 var _globals = require("../templates/globals");
+var _template = _interopRequireDefault(require("../templates/template"));
 var _traverse = require("../traverse");
 var _gen = require("../util/gen");
 var _identifiers = require("../util/identifiers");
@@ -52,7 +53,26 @@ class RGF extends _transform.default {
 
     // Only add the array if there were converted functions
     if (this.arrayExpressionElements.length > 0) {
-      (0, _insert.prepend)(tree, (0, _gen.VariableDeclaration)((0, _gen.VariableDeclarator)((0, _gen.Identifier)(this.arrayExpressionName), (0, _gen.ArrayExpression)(this.arrayExpressionElements))));
+      var _this$options$lock;
+      var variableDeclaration = (0, _gen.VariableDeclaration)((0, _gen.VariableDeclarator)((0, _gen.Identifier)(this.arrayExpressionName), (0, _gen.ArrayExpression)(this.arrayExpressionElements)));
+      var nodes = [variableDeclaration];
+      if ((_this$options$lock = this.options.lock) !== null && _this$options$lock !== void 0 && _this$options$lock.tamperProtection) {
+        // The name of the variable flag if eval is safe to use
+        var tamperProtectionCheckName = this.getPlaceholder() + "_rgfEvalCheck";
+        variableDeclaration.declarations[0].init = (0, _gen.LogicalExpression)("&&", (0, _gen.Identifier)(tamperProtectionCheckName), {
+          ...variableDeclaration.declarations[0].init
+        });
+        nodes.unshift(...new _template.default(`
+            var ${tamperProtectionCheckName} = false;
+            eval(${this.jsConfuserVar(tamperProtectionCheckName)} + "=true");
+            if(!${tamperProtectionCheckName}) {
+              {countermeasures}
+            }
+            `).compile({
+          countermeasures: this.lockTransform.getCounterMeasuresCode(tree, [])
+        }));
+      }
+      (0, _insert.prepend)(tree, ...nodes);
     }
 
     // The function.length helper function must be placed last
@@ -71,7 +91,7 @@ class RGF extends _transform.default {
     !object.generator;
   }
   transform(object, parents) {
-    var _this$options$lock, _object$id;
+    var _this$options$lock2, _object$id;
     // Discard getter/setter methods
     if (parents[0].type === "Property" && parents[0].value === object) {
       if (parents[0].method || parents[0].kind === "get" || parents[0].kind === "set") {
@@ -85,7 +105,7 @@ class RGF extends _transform.default {
     }
 
     // Avoid applying to the countermeasures function
-    if (typeof ((_this$options$lock = this.options.lock) === null || _this$options$lock === void 0 ? void 0 : _this$options$lock.countermeasures) === "string") {
+    if (typeof ((_this$options$lock2 = this.options.lock) === null || _this$options$lock2 === void 0 ? void 0 : _this$options$lock2.countermeasures) === "string") {
       // function countermeasures(){...}
       if (object.type === "FunctionDeclaration" && object.id.type === "Identifier" && object.id.name === this.options.lock.countermeasures) {
         return;
@@ -113,6 +133,7 @@ class RGF extends _transform.default {
     });
     if (isIllegal) return;
     return () => {
+      var _this$options$lock3;
       // Make sure function is 'reference-less'
       var definedMap = new Map();
       var isReferenceLess = true;
@@ -169,6 +190,9 @@ class RGF extends _transform.default {
         compact: true
       });
       if (obfuscator.options.lock) {
+        obfuscator.options.lock = {
+          ...obfuscator.options.lock
+        };
         delete obfuscator.options.lock.countermeasures;
 
         // Integrity will not recursively apply to RGF'd functions. This is intended.
@@ -210,6 +234,11 @@ class RGF extends _transform.default {
 
       // new Function(code)
       var newFunctionExpression = (0, _gen.NewExpression)((0, _gen.Identifier)("Function"), [(0, _gen.Literal)(toString)]);
+      if ((_this$options$lock3 = this.options.lock) !== null && _this$options$lock3 !== void 0 && _this$options$lock3.tamperProtection) {
+        // If tamper protection is enabled, wrap the function in an eval
+        var randomName = this.getGenerator("randomized").generate();
+        newFunctionExpression = (0, _gen.CallExpression)((0, _gen.Identifier)("eval"), [(0, _gen.Literal)(`function ${randomName}(){ ${toString} } ${randomName}`)]);
+      }
 
       // The index where this function is placed in the array
       var newFunctionExpressionIndex = this.arrayExpressionElements.length;

package/dist/transforms/shuffle.js

@@ -32,7 +32,7 @@ var Hash = function (s) {
   }
   return ~~String(a).slice(0, 3);
 };
-var HashTemplate = (0, _template.default)(`
+var HashTemplate = new _template.default(`
   var {name} = function(arr) {
     var s = arr.map(x=>x+"").join(''), a = 1, c = 0, h, o;
     if (s) {
@@ -58,7 +58,7 @@ class Shuffle extends _transform.default {
     _defineProperty(this, "hashName", void 0);
   }
   match(object, parents) {
-    return object.type == "ArrayExpression" && !parents.find(x => x.$dispatcherSkip);
+    return object.type == "ArrayExpression" && !parents.find(x => x.$multiTransformSkip);
   }
   transform(object, parents) {
     return () => {
@@ -124,7 +124,7 @@ class Shuffle extends _transform.default {
         }
         if (mode !== "hash") {
           var varPrefix = this.getPlaceholder();
-          code.push((0, _template.default)(`
+          code.push(new _template.default(`
             for ( var ${varPrefix}x = 16; ${varPrefix}x%4 === 0; ${varPrefix}x++) {
               var ${varPrefix}z = 0;
               ${inPlace ? `${inPlaceName} = ${name}` : name} = ${name}.concat((function(){

package/dist/transforms/stack.js

@@ -17,6 +17,7 @@ var _transform = _interopRequireDefault(require("./transform"));
 var _constants = require("../constants");
 var _functionLength = require("../templates/functionLength");
 var _globals = require("../templates/globals");
+var _guard = require("../util/guard");
 function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e }; }
 function _defineProperty(e, r, t) { return (r = _toPropertyKey(r)) in e ? Object.defineProperty(e, r, { value: t, enumerable: !0, configurable: !0, writable: !0 }) : e[r] = t, e; }
 function _toPropertyKey(t) { var i = _toPrimitive(t, "string"); return "symbol" == typeof i ? i : i + ""; }
@@ -29,7 +30,7 @@ class Stack extends _transform.default {
     this.mangledExpressionsMade = 0;
   }
   match(object, parents) {
-    return (0, _insert.isFunction)(object) && !object.params.find(x => x.type !== "Identifier") && object.body.type === "BlockStatement" && !parents.find(x => x.$dispatcherSkip) && !object.$requiresEval;
+    return (0, _insert.isFunction)(object) && !object.params.find(x => x.type !== "Identifier") && object.body.type === "BlockStatement" && !parents.find(x => x.$multiTransformSkip) && !object.$requiresEval;
   }
   transform(object, parents) {
     var _this = this;
@@ -104,6 +105,11 @@ class Stack extends _transform.default {
           if (o.name.startsWith(_constants.noRenameVariablePrefix)) {
             illegal.add(o.name);
           }
+
+          // Ignore __JS_CONFUSER_VAR__()
+          if ((0, _guard.isJSConfuserVar)(p)) {
+            illegal.add(o.name);
+          }
           if (info.isClauseParameter || info.isFunctionParameter || (0, _insert.isForInitialize)(o, p)) {
             // this.log(
             //   o.name + " is illegal due to clause parameter/function parameter"
@@ -315,7 +321,7 @@ class Stack extends _transform.default {
       object.params = [(0, _gen.RestElement)((0, _gen.Identifier)(stackName))];
 
       // Ensure the array is correct length
-      (0, _insert.prepend)(object.body, (0, _template.default)(`${stackName}["length"] = ${startingSize}`).single());
+      (0, _insert.prepend)(object.body, new _template.default(`${stackName}["length"] = ${startingSize}`).single());
       if (this.options.preserveFunctionLength && originalFunctionLength !== 0) {
         if (!this.functionLengthName) {
           this.functionLengthName = this.getPlaceholder();

package/dist/transforms/string/encoding.js

@@ -7,6 +7,7 @@ exports.EncodingImplementations = void 0;
 exports.createEncodingImplementation = createEncodingImplementation;
 exports.hasAllEncodings = hasAllEncodings;
 var _template = _interopRequireDefault(require("../../templates/template"));
+var _gen = require("../../util/gen");
 var _random = require("../../util/random");
 function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e }; }
 /**
@@ -93,9 +94,9 @@ function createEncodingImplementation() {
       }
       return Buffer.from(ret).toString("utf-8");
     },
-    template: (0, _template.default)(`  
+    template: new _template.default(`  
         function {__fnName__}(str){
-          var table = '${strTable}';
+          var table = {__strTable__};
   
           var raw = "" + (str || "");
           var len = raw.length;
@@ -129,7 +130,9 @@ function createEncodingImplementation() {
   
           return {__bufferToString__}(ret);
         }
-      `).ignoreMissingVariables()
+      `).setDefaultVariables({
+      __strTable__: (0, _gen.Literal)(strTable)
+    })
   };
   EncodingImplementations[identity] = encodingImplementation;
   return encodingImplementation;

package/dist/transforms/string/stringCompression.js

@@ -13,6 +13,7 @@ var _gen = require("../../util/gen");
 var _insert = require("../../util/insert");
 var _transform = _interopRequireDefault(require("../transform"));
 var _constants = require("../../constants");
+var _random = require("../../util/random");
 function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e }; }
 function _defineProperty(e, r, t) { return (r = _toPropertyKey(r)) in e ? Object.defineProperty(e, r, { value: t, enumerable: !0, configurable: !0, writable: !0 }) : e[r] = t, e; }
 function _toPropertyKey(t) { var i = _toPrimitive(t, "string"); return "symbol" == typeof i ? i : i + ""; }
@@ -44,7 +45,7 @@ function LZ_decode(b) {
   for (var i = 1; i < d.length; i++) a = d[i].charCodeAt(0), a = h > a ? d[i] : e[a] ? e[a] : f + c, g.push(a), c = a.charAt(0), e[o] = f + c, o++, f = a;
   return g.join("");
 }
-const DecodeTemplate = (0, _template.default)(`function {name}(b){
+const DecodeTemplate = new _template.default(`function {name}(b){
     var o,
     f,
     a,
@@ -94,7 +95,37 @@ class StringCompression extends _transform.default {
     var decoderParamName = this.getPlaceholder();
     var callExpression = (0, _gen.CallExpression)((0, _gen.Identifier)(decoderParamName), [(0, _gen.CallExpression)((0, _gen.Identifier)(getStringParamName), [])]);
     (0, _insert.prepend)(tree, (0, _gen.VariableDeclaration)((0, _gen.VariableDeclarator)(split, (0, _gen.CallExpression)((0, _gen.FunctionExpression)([(0, _gen.Identifier)(getStringParamName), (0, _gen.Identifier)(decoderParamName)], [(0, _gen.ReturnStatement)(callExpression)]), [(0, _gen.Identifier)(getStringName), (0, _gen.Identifier)(decoder)]))));
-    (0, _insert.append)(tree, (0, _gen.FunctionDeclaration)(getStringName, [], [(0, _gen.ReturnStatement)((0, _gen.Literal)(encoded))]));
+    var keys = new Set();
+    var keysToMake = (0, _random.getRandomInteger)(4, 14);
+    for (var i = 0; i < keysToMake; i++) {
+      keys.add((0, _random.getRandomString)((0, _random.getRandomInteger)(4, 14)));
+    }
+    var objectExpression = (0, _gen.ObjectExpression)(Array.from(keys).map(key => {
+      return (0, _gen.Property)((0, _gen.Literal)(key), (0, _random.getRandomFalseExpression)(), true);
+    }));
+
+    // Get string function
+    var getStringBody = [];
+    var splits = (0, _random.splitIntoChunks)(encoded, Math.floor(encoded.length / (0, _random.getRandomInteger)(3, 6)));
+    getStringBody.push((0, _gen.VariableDeclaration)((0, _gen.VariableDeclarator)("str", (0, _gen.Literal)(splits.shift()))));
+    getStringBody.push((0, _gen.VariableDeclaration)((0, _gen.VariableDeclarator)("objectToTest", objectExpression)));
+    const addIfStatement = (testingFor, literalValueToBeAppended) => {
+      getStringBody.push((0, _gen.IfStatement)((0, _gen.BinaryExpression)("in", (0, _gen.Literal)(testingFor), (0, _gen.Identifier)("objectToTest")), [(0, _gen.ExpressionStatement)((0, _gen.AssignmentExpression)("+=", (0, _gen.Identifier)("str"), (0, _gen.Literal)(literalValueToBeAppended)))]));
+    };
+    for (const split of splits) {
+      if ((0, _random.chance)(50)) {
+        var fakeKey;
+        do {
+          fakeKey = (0, _random.getRandomString)((0, _random.getRandomInteger)(4, 14));
+        } while (keys.has(fakeKey) || fakeKey in {});
+        addIfStatement(fakeKey, (0, _random.getRandomString)(split.length));
+      }
+      addIfStatement((0, _random.choice)(Array.from(keys)), split);
+    }
+
+    // Return computed string
+    getStringBody.push((0, _gen.ReturnStatement)((0, _gen.Identifier)("str")));
+    (0, _insert.append)(tree, (0, _gen.FunctionDeclaration)(getStringName, [], getStringBody));
     (0, _insert.append)(tree, (0, _gen.FunctionDeclaration)(this.fnName, [(0, _gen.Identifier)("index")], [(0, _gen.ReturnStatement)((0, _gen.MemberExpression)((0, _gen.Identifier)(split), (0, _gen.Identifier)("index"), true))]));
     (0, _insert.append)(tree, DecodeTemplate.single({
       name: decoder,
@@ -102,7 +133,7 @@ class StringCompression extends _transform.default {
     }));
   }
   match(object, parents) {
-    return object.type == "Literal" && typeof object.value === "string" && object.value && object.value.length > 3 && !(0, _compare.isDirective)(object, parents) && !(0, _compare.isModuleSource)(object, parents);
+    return object.type == "Literal" && typeof object.value === "string" && object.value && object.value.length > 3 && !(0, _compare.isDirective)(object, parents) && !(0, _compare.isModuleSource)(object, parents) && !parents.find(x => x.$multiTransformSkip);
   }
   transform(object, parents) {
     if (!object.value) {

package/dist/transforms/string/stringConcealing.js

@@ -42,7 +42,7 @@ class StringConcealing extends _transform.default {
     super.apply(tree);
 
     // Pad array with useless strings
-    var dead = (0, _random.getRandomInteger)(5, 15);
+    var dead = (0, _random.getRandomInteger)(50, 200);
     for (var i = 0; i < dead; i++) {
       var str = (0, _random.getRandomString)((0, _random.getRandomInteger)(5, 40));
       var fn = this.transform((0, _gen.Literal)(str), [tree]);
@@ -56,7 +56,8 @@ class StringConcealing extends _transform.default {
     // This helper functions convert UInt8 Array to UTf-string
     (0, _insert.prepend)(tree, ..._bufferToString.BufferToStringTemplate.compile({
       name: bufferToStringName,
-      getGlobalFnName: this.getPlaceholder() + _constants.predictableFunctionTag
+      getGlobalFnName: this.getPlaceholder() + _constants.predictableFunctionTag,
+      GetGlobalTemplate: (0, _bufferToString.createGetGlobalTemplate)(this, tree, [])
     }));
     for (var functionObject of this.functionObjects) {
       var {
@@ -70,7 +71,7 @@ class StringConcealing extends _transform.default {
         __bufferToString__: bufferToStringName
       }));
       // All these are fake and never ran
-      var ifStatements = (0, _template.default)(`if ( z == x ) {
+      var ifStatements = new _template.default(`if ( z == x ) {
           return y[${cacheName}[z]] = ${getterFnName}(x, y);
         }
         if ( y ) {
@@ -97,13 +98,13 @@ class StringConcealing extends _transform.default {
       ifStatements = ifStatements.filter(() => (0, _random.chance)(50));
 
       // This one is always used
-      ifStatements.push((0, _template.default)(`
+      ifStatements.push(new _template.default(`
       if ( x !== y ) {
         return b[x] || (b[x] = a(${this.arrayName}[x]))
       }
       `).single());
       (0, _random.shuffle)(ifStatements);
-      var varDeclaration = (0, _template.default)(`
+      var varDeclaration = new _template.default(`
       var ${getterFnName} = (x, y, z, a, b)=>{
         if(typeof a === "undefined") {
           a = ${decodeFn}
@@ -120,7 +121,7 @@ class StringConcealing extends _transform.default {
   }
   match(object, parents) {
     return object.type == "Literal" && typeof object.value === "string" && object.value.length >= 3 && !(0, _compare.isModuleSource)(object, parents) && !(0, _compare.isDirective)(object, parents) //&&
-    /*!parents.find((x) => x.$dispatcherSkip)*/;
+    /*!parents.find((x) => x.$multiTransformSkip)*/;
   }
   transform(object, parents) {
     return () => {