js-confuser 1.7.2 → 2.0.0-alpha.0

package/src/transforms/string/stringEncoding.ts

@@ -1,8 +1,8 @@
-import Transform from "../transform";
-import { choice } from "../../util/random";
-import { isDirective, isModuleSource } from "../../util/compare";
-import { ComputeProbabilityMap } from "../../probability";
-import { Identifier } from "../../util/gen";
+import { PluginInstance, PluginObject } from "../plugin";
+import * as t from "@babel/types";
+import { choice } from "../../utils/random-utils";
+import { computeProbabilityMap } from "../../probability";
+import { GEN_NODE, NodeSymbol } from "../../constants";
 
 function pad(x: string, len: number): string {
   while (x.length < len) {
@@ -46,50 +46,31 @@ function toUnicodeRepresentation(str: string) {
   return escapedString;
 }
 
-/**
- * [String Encoding](https://docs.jscrambler.com/code-integrity/documentation/transformations/string-encoding) transforms a string into an encoded representation.
- *
- * - Potency Low
- * - Resilience Low
- * - Cost Low
- */
-export default class StringEncoding extends Transform {
-  constructor(o) {
-    super(o);
-  }
-
-  match(object, parents) {
-    return (
-      object.type == "Literal" &&
-      typeof object.value === "string" &&
-      object.value.length > 0 &&
-      !isModuleSource(object, parents) &&
-      !isDirective(object, parents)
-    );
-  }
+export default (me: PluginInstance): PluginObject => {
+  return {
+    visitor: {
+      StringLiteral: {
+        exit(path) {
+          const { value } = path.node;
 
-  transform(object, parents) {
-    // Allow percentages
-    if (
-      !ComputeProbabilityMap(
-        this.options.stringEncoding,
-        (x) => x,
-        object.value
-      )
-    )
-      return;
+          // Allow percentages
+          if (!computeProbabilityMap(me.options.stringEncoding, value)) return;
 
-    var type = choice(["hexadecimal", "unicode"]);
+          var type = choice(["hexadecimal", "unicode"]);
 
-    var escapedString = (
-      type == "hexadecimal" ? toHexRepresentation : toUnicodeRepresentation
-    )(object.value);
+          var escapedString = (
+            type == "hexadecimal"
+              ? toHexRepresentation
+              : toUnicodeRepresentation
+          )(value);
 
-    return () => {
-      if (object.type !== "Literal") return;
+          var id = t.identifier(`"${escapedString}"`);
 
-      // ESCodeGen tries to escape backslashes, here is a work-around
-      this.replace(object, Identifier(`'${escapedString}'`));
-    };
-  }
-}
+          (id as NodeSymbol)[GEN_NODE] = true;
+          path.replaceWith(id);
+          path.skip();
+        },
+      },
+    },
+  };
+};

package/src/transforms/string/stringSplitting.ts

@@ -1,86 +1,72 @@
-import Transform from "../transform";
-import { Node, Literal, BinaryExpression } from "../../util/gen";
-import { clone } from "../../util/insert";
-import { getRandomInteger, shuffle, splitIntoChunks } from "../../util/random";
-import { ObfuscateOrder } from "../../order";
-import { isDirective, isModuleSource } from "../../util/compare";
+import { PluginArg, PluginInstance, PluginObject } from "../plugin";
+import { getRandomInteger, splitIntoChunks } from "../../utils/random-utils";
+import { computeProbabilityMap } from "../../probability";
+import { binaryExpression, stringLiteral } from "@babel/types";
 import { ok } from "assert";
-import { ComputeProbabilityMap } from "../../probability";
+import { Order } from "../../order";
+import { ensureComputedExpression } from "../../utils/ast-utils";
 
-export default class StringSplitting extends Transform {
-  joinPrototype: string;
-  strings: { [value: string]: string };
+export default ({ Plugin }: PluginArg): PluginObject => {
+  const me = Plugin(Order.StringSplitting, {
+    changeData: {
+      strings: 0,
+    },
+  });
 
-  adders: Node[][];
-  vars: Node[];
+  return {
+    visitor: {
+      StringLiteral: {
+        exit(path) {
+          var object = path.node;
 
-  constructor(o) {
-    super(o, ObfuscateOrder.StringSplitting);
-
-    this.joinPrototype = null;
-    this.strings = Object.create(null);
-
-    this.adders = [];
-    this.vars = [];
-  }
+          var size = Math.round(
+            Math.max(6, object.value.length / getRandomInteger(3, 8))
+          );
+          if (object.value.length <= size) {
+            return;
+          }
 
-  match(object: Node, parents: Node[]) {
-    return (
-      object.type == "Literal" &&
-      typeof object.value === "string" &&
-      object.value.length >= 8 &&
-      !isModuleSource(object, parents) &&
-      !isDirective(object, parents)
-    );
-  }
+          var chunks = splitIntoChunks(object.value, size);
+          if (!chunks || chunks.length <= 1) {
+            return;
+          }
 
-  transform(object: Node, parents: Node[]) {
-    return () => {
-      var size = Math.round(
-        Math.max(6, object.value.length / getRandomInteger(3, 8))
-      );
-      if (object.value.length <= size) {
-        return;
-      }
+          if (
+            !computeProbabilityMap(me.options.stringSplitting, object.value)
+          ) {
+            return;
+          }
 
-      var chunks = splitIntoChunks(object.value, size);
-      if (!chunks || chunks.length <= 1) {
-        return;
-      }
+          var binExpr;
+          var parent;
+          var last = chunks.pop();
+          chunks.forEach((chunk, i) => {
+            if (i == 0) {
+              parent = binExpr = binaryExpression(
+                "+",
+                stringLiteral(chunk),
+                stringLiteral("")
+              );
+            } else {
+              binExpr.left = binaryExpression(
+                "+",
+                { ...binExpr.left },
+                stringLiteral(chunk)
+              );
+              ok(binExpr);
+            }
+          });
 
-      if (
-        !ComputeProbabilityMap(
-          this.options.stringSplitting,
-          (x) => x,
-          object.value
-        )
-      ) {
-        return;
-      }
+          parent.right = stringLiteral(last);
 
-      var binaryExpression;
-      var parent;
-      var last = chunks.pop();
-      chunks.forEach((chunk, i) => {
-        if (i == 0) {
-          parent = binaryExpression = BinaryExpression(
-            "+",
-            Literal(chunk),
-            Literal("")
-          );
-        } else {
-          binaryExpression.left = BinaryExpression(
-            "+",
-            clone(binaryExpression.left),
-            Literal(chunk)
-          );
-          ok(binaryExpression);
-        }
-      });
+          me.changeData.strings++;
 
-      parent.right = Literal(last);
+          ensureComputedExpression(path);
 
-      this.replaceIdentifierOrLiteral(object, parent, parents);
-    };
-  }
-}
+          path.replaceWith(parent);
+          path.skip();
+        },
+      },
+    },
+  };
+};

package/src/transforms/variableMasking.ts

@@ -0,0 +1,257 @@
+import { Binding, NodePath } from "@babel/traverse";
+import { PluginArg, PluginObject } from "./plugin";
+import * as t from "@babel/types";
+import Template from "../templates/template";
+import { computeProbabilityMap } from "../probability";
+import { Order } from "../order";
+import {
+  NodeSymbol,
+  PREDICTABLE,
+  reservedIdentifiers,
+  UNSAFE,
+  variableFunctionName,
+} from "../constants";
+import {
+  ensureComputedExpression,
+  getFunctionName,
+  isDefiningIdentifier,
+  isStrictMode,
+  isVariableIdentifier,
+  prepend,
+  replaceDefiningIdentifierToMemberExpression,
+} from "../utils/ast-utils";
+import {
+  computeFunctionLength,
+  isVariableFunctionIdentifier,
+} from "../utils/function-utils";
+import { ok } from "assert";
+import { NameGen } from "../utils/NameGen";
+import { choice, getRandomInteger } from "../utils/random-utils";
+import { createLiteral } from "../utils/node";
+
+export default ({ Plugin }: PluginArg): PluginObject => {
+  const me = Plugin(Order.VariableMasking, {
+    changeData: {
+      functions: 0,
+    },
+  });
+
+  const transformFunction = (fnPath: NodePath<t.Function>) => {
+    // Do not apply to getter/setter methods
+    if (fnPath.isObjectMethod() && fnPath.node.kind !== "method") {
+      return;
+    }
+
+    // Do not apply to class getters/setters
+    if (fnPath.isClassMethod() && fnPath.node.kind !== "method") {
+      return;
+    }
+
+    // Do not apply to async or generator functions
+    if (fnPath.node.generator || fnPath.node.async) {
+      return;
+    }
+
+    // Do not apply to functions with rest parameters or destructuring
+    if (fnPath.node.params.some((param) => !t.isIdentifier(param))) {
+      return;
+    }
+
+    // Do not apply to 'use strict' functions
+    if (isStrictMode(fnPath)) return;
+
+    // Do not apply to functions marked unsafe
+    if ((fnPath.node as NodeSymbol)[UNSAFE]) return;
+
+    const functionName = getFunctionName(fnPath);
+
+    if (!computeProbabilityMap(me.options.variableMasking, functionName)) {
+      return;
+    }
+
+    const stackName = me.getPlaceholder() + "_varMask";
+    const stackMap = new Map<Binding, number | string>();
+    const propertyGen = new NameGen("mangled");
+    const stackKeys = new Set<string>();
+    let needsStack = false;
+
+    const illegalBindings = new Set<Binding>();
+
+    function checkBinding(binding: Binding) {
+      // Custom illegal check
+      // Variable Declarations with more than one declarator are not supported
+      // They can be inserted from the user's code even though Preparation phase should prevent it
+      // String Compression library includes such code
+      // TODO: Support multiple declarators
+      var variableDeclaration = binding.path.find((p) =>
+        p.isVariableDeclaration()
+      ) as NodePath<t.VariableDeclaration>;
+      if (
+        variableDeclaration &&
+        variableDeclaration.node.declarations.length > 1
+      ) {
+        return false;
+      }
+
+      function checkForUnsafe(valuePath: NodePath) {
+        var hasUnsafeNode = false;
+
+        valuePath.traverse({
+          ThisExpression(path) {
+            hasUnsafeNode = true;
+            path.stop();
+          },
+          Function(path) {
+            if ((path.node as NodeSymbol)[UNSAFE]) {
+              hasUnsafeNode = true;
+              path.stop();
+            }
+          },
+        });
+
+        return hasUnsafeNode;
+      }
+
+      // Check function value for 'this'
+      // Adding function expression to the stack (member expression)
+      // would break the 'this' context
+      if (binding.path.isVariableDeclarator()) {
+        let init = binding.path.get("init");
+        if (init.node) {
+          if (checkForUnsafe(init)) return false;
+        }
+      }
+
+      // x = function(){ return this }
+      // Cannot be transformed to x = stack[0] as 'this' would change
+      for (var assignment of binding.constantViolations) {
+        if (checkForUnsafe(assignment)) return false;
+      }
+
+      // __JS_CONFUSER_VAR__(identifier) -> __JS_CONFUSER_VAR__(stack.identifier)
+      // This cannot be transformed as it would break the user's code
+      for (var referencePath of binding.referencePaths) {
+        if (isVariableFunctionIdentifier(referencePath)) {
+          return false;
+        }
+      }
+
+      return true;
+    }
+
+    for (const param of fnPath.get("params")) {
+      ok(param.isIdentifier());
+
+      const paramName = param.node.name;
+      const binding = param.scope.getBinding(paramName);
+
+      if (!binding || !checkBinding(binding)) return;
+
+      ok(!stackMap.has(binding));
+      stackKeys.add(stackMap.size.toString());
+      stackMap.set(binding, stackMap.size);
+    }
+
+    fnPath.traverse({
+      Identifier(path) {
+        if (!isVariableIdentifier(path)) return;
+
+        if (reservedIdentifiers.has(path.node.name)) return;
+        if (me.options.globalVariables.has(path.node.name)) return;
+        if (path.node.name === stackName) return;
+        if (path.node.name === variableFunctionName) return;
+
+        const binding = path.scope.getBinding(path.node.name);
+        if (!binding || binding.scope !== fnPath.scope) return;
+        if (illegalBindings.has(binding)) return;
+
+        needsStack = true;
+
+        let index = stackMap.get(binding);
+        if (typeof index === "undefined") {
+          // Only transform var and let bindings
+          // Function declarations could be hoisted and changing them to declarations is breaking
+          if (!["var", "let"].includes(binding.kind)) {
+            illegalBindings.add(binding);
+            return;
+          }
+
+          if (!checkBinding(binding)) {
+            illegalBindings.add(binding);
+            return;
+          }
+
+          do {
+            index = choice([
+              stackMap.size,
+              propertyGen.generate(),
+              getRandomInteger(-250, 250),
+            ]);
+          } while (!index || stackKeys.has(index.toString()));
+
+          stackMap.set(binding, index);
+          stackKeys.add(index.toString());
+        }
+
+        const memberExpression = t.memberExpression(
+          t.identifier(stackName),
+          createLiteral(index),
+          true
+        );
+
+        if (isDefiningIdentifier(path)) {
+          replaceDefiningIdentifierToMemberExpression(path, memberExpression);
+
+          return;
+        }
+
+        ensureComputedExpression(path);
+        path.replaceWith(memberExpression);
+      },
+    });
+
+    if (!needsStack) return;
+
+    const originalParamCount = fnPath.node.params.length;
+    const originalLength = computeFunctionLength(fnPath);
+
+    fnPath.node.params = [t.restElement(t.identifier(stackName))];
+
+    // Discard extraneous parameters
+    // Predictable functions are guaranteed to not have extraneous parameters
+    if (!(fnPath.node as NodeSymbol)[PREDICTABLE]) {
+      prepend(
+        fnPath,
+        new Template(`${stackName}["length"] = {originalParamCount};`).single({
+          originalParamCount: t.numericLiteral(originalParamCount),
+        })
+      );
+    }
+
+    // Function is no longer predictable
+    (fnPath.node as NodeSymbol)[PREDICTABLE] = false;
+
+    fnPath.scope.registerBinding("param", fnPath.get("params")[0], fnPath);
+
+    me.setFunctionLength(fnPath, originalLength);
+
+    me.changeData.functions++;
+  };
+
+  return {
+    visitor: {
+      Function: {
+        exit(path: NodePath<t.Function>) {
+          if (!path.get("body").isBlockStatement()) return;
+
+          transformFunction(path);
+        },
+      },
+      Program: {
+        enter(path) {
+          path.scope.crawl();
+        },
+      },
+    },
+  };
+};

package/src/utils/ControlObject.ts

@@ -0,0 +1,141 @@
+import { NodePath } from "@babel/traverse";
+import * as t from "@babel/types";
+import { PluginInstance } from "../transforms/plugin";
+import { NameGen } from "./NameGen";
+import { prepend } from "./ast-utils";
+import { chance, choice } from "./random-utils";
+
+/**
+ * A Control Object is an object that is used to store properties that are used in multiple places.
+ */
+export default class ControlObject {
+  propertyNames = new Set<string>();
+  nameGen: NameGen;
+  objectName: string | null = null;
+  objectPath: NodePath<t.Declaration> | null = null;
+  objectExpression: t.ObjectExpression | null = null;
+
+  constructor(public me: PluginInstance, public blockPath: NodePath<t.Block>) {
+    this.nameGen = new NameGen(me.options.identifierGenerator, {
+      avoidReserved: true,
+      avoidObjectPrototype: true,
+    });
+  }
+
+  createMemberExpression(propertyName: string): t.MemberExpression {
+    return t.memberExpression(
+      t.identifier(this.objectName),
+      t.stringLiteral(propertyName),
+      true
+    );
+  }
+
+  createPredicate() {
+    this.ensureCreated();
+
+    var propertyName = choice(Array.from(this.propertyNames));
+    if (!propertyName || chance(50)) {
+      propertyName = this.nameGen.generate();
+    }
+
+    return {
+      node: t.binaryExpression(
+        "in",
+        t.stringLiteral(propertyName),
+        t.identifier(this.objectName)
+      ),
+      value: this.propertyNames.has(propertyName),
+    };
+  }
+
+  createTruePredicate() {
+    var { node, value } = this.createPredicate();
+    if (value) {
+      return node;
+    }
+    return t.unaryExpression("!", node);
+  }
+
+  createFalsePredicate() {
+    var { node, value } = this.createPredicate();
+    if (!value) {
+      return node;
+    }
+    return t.unaryExpression("!", node);
+  }
+
+  private ensureCreated(node?: t.Node) {
+    if (!this.objectName) {
+      // Object hasn't been created yet
+      this.objectName = this.me.getPlaceholder() + "_controlObject";
+
+      if (node && t.isFunctionExpression(node) && !node.id) {
+        // Use function declaration as object
+
+        let newNode: t.FunctionDeclaration = node as any;
+        newNode.type = "FunctionDeclaration";
+        newNode.id = t.identifier(this.objectName);
+
+        let newPath = prepend(
+          this.blockPath,
+          newNode
+        )[0] as NodePath<t.FunctionDeclaration>;
+        this.me.skip(newPath);
+
+        this.objectPath = newPath;
+
+        return t.identifier(this.objectName);
+      } else {
+        // Create plain object
+        let newPath = prepend(
+          this.blockPath,
+          t.variableDeclaration("var", [
+            t.variableDeclarator(
+              t.identifier(this.objectName),
+              t.objectExpression([])
+            ),
+          ])
+        )[0] as NodePath<t.VariableDeclaration>;
+        this.me.skip(newPath);
+
+        this.objectPath = newPath;
+
+        var objectExpression = newPath.node.declarations[0]
+          .init as t.ObjectExpression;
+
+        this.objectExpression = objectExpression;
+        this.me.skip(this.objectExpression);
+      }
+    }
+  }
+
+  addProperty(node: t.Expression) {
+    var initialNode = this.ensureCreated(node);
+    if (initialNode) return initialNode;
+
+    const propertyName = this.nameGen.generate();
+    this.propertyNames.add(propertyName);
+
+    // Add an initial property
+    if (this.objectExpression) {
+      this.objectExpression.properties.push(
+        t.objectProperty(t.identifier(propertyName), node)
+      );
+    } else {
+      // Add as assignment expression
+
+      let assignment = t.assignmentExpression(
+        "=",
+        this.createMemberExpression(propertyName),
+        node
+      );
+
+      var newPath = this.objectPath.insertAfter(
+        t.expressionStatement(assignment)
+      )[0];
+      this.me.skip(newPath);
+    }
+
+    return this.createMemberExpression(propertyName);
+  }
+}

package/src/utils/IntGen.ts

@@ -0,0 +1,33 @@
+export class IntGen {
+  private min: number;
+  private max: number;
+  private generatedInts: Set<number>;
+
+  constructor(min: number = -250, max: number = 250) {
+    this.min = min;
+    this.max = max;
+    this.generatedInts = new Set<number>();
+  }
+
+  private getRandomInt(min: number, max: number): number {
+    return Math.floor(Math.random() * (max - min + 1)) + min;
+  }
+
+  generate(): number {
+    let randomInt: number;
+
+    // Keep generating until we find a unique integer
+    do {
+      randomInt = this.getRandomInt(this.min, this.max);
+
+      // Expand the range if most integers in the current range are exhausted
+      if (this.generatedInts.size >= 0.8 * (this.max - this.min)) {
+        this.min -= 100;
+        this.max += 100;
+      }
+    } while (this.generatedInts.has(randomInt));
+
+    this.generatedInts.add(randomInt);
+    return randomInt;
+  }
+}