jsarmor 1.0.0

package/cli/index.js

@@ -0,0 +1,177 @@
+#!/usr/bin/env node
+
+import fs from "fs";
+import path from "path";
+import chalk from "chalk";
+import gradient from "gradient-string";
+import cliProgress from "cli-progress";
+import generate from "@babel/generator";
+
+import { parseCode } from "../core/parser.js";
+import { renameVariables } from "../core/renamer.js";
+import { encodeStrings } from "../core/stringArray.js";
+import { flattenControlFlow } from "../core/controlflow.js";
+import { unicodeEscape } from "../core/unicode.js";
+import { generateJunk } from "../core/junkcode.js";
+
+import { injectDeadCode, generateDeadRuntime } from "../core/deadcode.js";
+
+import { injectAntiDebug } from "../core/antidebug.js";
+import { antiBeautify } from "../core/beautifyGuard.js";
+import { selfDefend } from "../core/selfdefend.js";
+
+const neon = gradient(["#00ffff","#ff00ff","#00ff9f"]);
+
+try{
+
+const args = process.argv.slice(2);
+
+const command = args[0];
+const file = args[1];
+
+let outputName = "obf.js";
+
+const outIndex = args.indexOf("-o");
+
+if(outIndex !== -1 && args[outIndex+1]){
+outputName = args[outIndex+1];
+}
+
+if(!command || command === "help"){
+
+console.log(neon(`
+JSArmor - JavaScript Obfuscator
+
+Usage:
+
+jsarmor gen input.js
+jsarmor gen input.js -o output.js
+
+`));
+
+process.exit(0);
+
+}
+
+if(command !== "gen"){
+
+console.log(chalk.red("Unknown command"));
+console.log("Use: jsarmor gen input.js");
+
+process.exit(1);
+
+}
+
+if(!file){
+
+console.log(chalk.red("Please provide input file"));
+console.log("Usage: jsarmor gen input.js");
+
+process.exit(1);
+
+}
+
+if(!fs.existsSync(file)){
+console.log(chalk.red(`File not found: ${file}`));
+process.exit(1);
+}
+
+let code = fs.readFileSync(file,"utf8");
+
+let shebang = "";
+
+if(code.startsWith("#!")){
+const end = code.indexOf("\n");
+shebang = code.slice(0,end);
+code = code.slice(end);
+}
+
+console.log(
+neon(`┌──────────────────────────────┐
+│     NodeJS Obfuscator v3     │
+└──────────────────────────────┘`)
+);
+
+const bar = new cliProgress.SingleBar({
+format:"progress [{bar}] {percentage}% | {value}/{total}",
+barCompleteChar:"█",
+barIncompleteChar:"░"
+});
+
+bar.start(6,0);
+
+const ast = parseCode(code);
+bar.increment();
+
+renameVariables(ast);
+bar.increment();
+
+const pool = encodeStrings(ast);
+bar.increment();
+
+/* dead code transform */
+injectDeadCode(ast);
+bar.increment();
+
+flattenControlFlow(ast);
+bar.increment();
+
+unicodeEscape(ast);
+bar.increment();
+
+bar.stop();
+
+const output = generate.default(ast,{
+jsescOption:{
+minimal:true
+}
+}).code;
+
+const runtimeJunk = generateDeadRuntime();
+
+const final =
+(shebang ? shebang + "\n" : "") +
+injectAntiDebug() +
+antiBeautify() +
+selfDefend() +
+`var _STRINGS=${JSON.stringify(pool)};\n` +
+runtimeJunk +
+generateJunk() +
+output;
+
+const distDir = path.join(process.cwd(),"dist");
+
+if(!fs.existsSync(distDir)){
+fs.mkdirSync(distDir,{recursive:true});
+}
+
+const outFile = path.join(distDir,"obf.js");
+
+fs.writeFileSync(outFile,final);
+
+console.log();
+console.log(chalk.green("✔ Parsing AST"));
+console.log(chalk.green("✔ Variables renamed"));
+console.log(chalk.green("✔ Strings encoded"));
+console.log(chalk.green("✔ Dead code injected"));
+console.log(chalk.green("✔ Control flow flattened"));
+console.log(chalk.green("✔ Unicode escape applied"));
+console.log();
+console.log(chalk.bold.green("✔ Obfuscation Complete"));
+console.log(chalk.cyan(`Output: ${outFile}`));
+
+const originalSize = code.length;
+const newSize = final.length;
+
+console.log(
+chalk.yellow(
+`Size: ${(originalSize/1024).toFixed(2)} KB → ${(newSize/1024).toFixed(2)} KB`
+)
+);
+
+}catch(err){
+
+console.log(chalk.red("Obfuscation failed"));
+console.error(err);
+
+}

package/core/antidebug.js

@@ -0,0 +1,15 @@
+export function injectAntiDebug(){
+
+return `
+
+(function(){
+setInterval(function(){
+try{
+(function(){debugger})()
+}catch(e){}
+},2000)
+})();
+
+`;
+
+}

package/core/beautifyGuard.js

@@ -0,0 +1,21 @@
+export function antiBeautify(){
+
+return `
+
+(function(){
+
+const start=Date.now()
+
+debugger
+
+const end=Date.now()
+
+if(end-start>100){
+while(true){}
+}
+
+})();
+
+`;
+
+}

package/core/controlflow.js

@@ -0,0 +1,150 @@
+import traverseModule from "@babel/traverse";
+import * as t from "@babel/types";
+
+const traverse = traverseModule.default;
+
+export function flattenControlFlow(ast){
+
+traverse(ast,{
+
+Function(path){
+
+  // skip async / generator
+  if(path.node.async || path.node.generator){
+    return;
+  }
+
+  const body = path.node.body.body;
+
+  if(!Array.isArray(body)) return;
+
+  if(body.length < 4) return;
+
+  const hoisted = [];
+
+  body.forEach(stmt=>{
+
+    if(t.isVariableDeclaration(stmt)){
+
+      stmt.declarations.forEach(dec=>{
+        hoisted.push(
+          t.variableDeclarator(
+            dec.id,
+            null
+          )
+        );
+      });
+
+    }
+
+  });
+
+  const cases = [];
+
+  body.forEach((stmt,i)=>{
+
+    const statements = [];
+
+    if(t.isVariableDeclaration(stmt)){
+
+      stmt.declarations.forEach(dec=>{
+
+        if(dec.init){
+
+          statements.push(
+            t.expressionStatement(
+              t.assignmentExpression(
+                "=",
+                dec.id,
+                dec.init
+              )
+            )
+          );
+
+        }
+
+      });
+
+    }else{
+
+      statements.push(stmt);
+
+    }
+
+    // next state
+    statements.push(
+      t.expressionStatement(
+        t.updateExpression(
+          "++",
+          t.identifier("_s")
+        )
+      )
+    );
+
+    statements.push(t.breakStatement());
+
+    cases.push(
+      t.switchCase(
+        t.numericLiteral(i),
+        statements
+      )
+    );
+
+  });
+
+  const whileLoop = t.whileStatement(
+    t.booleanLiteral(true),
+    t.blockStatement([
+
+      t.switchStatement(
+        t.identifier("_s"),
+        cases
+      ),
+
+      t.ifStatement(
+        t.binaryExpression(
+          ">=",
+          t.identifier("_s"),
+          t.numericLiteral(body.length)
+        ),
+        t.breakStatement()
+      )
+
+    ])
+  );
+
+  const newBody = [];
+
+  // state variable
+  newBody.push(
+    t.variableDeclaration(
+      "let",
+      [
+        t.variableDeclarator(
+          t.identifier("_s"),
+          t.numericLiteral(0)
+        )
+      ]
+    )
+  );
+
+  // hoisted vars
+  if(hoisted.length){
+
+    newBody.push(
+      t.variableDeclaration(
+        "let",
+        hoisted
+      )
+    );
+
+  }
+
+  newBody.push(whileLoop);
+
+  path.node.body.body = newBody;
+
+}
+});
+
+}

package/core/deadcode.js

@@ -0,0 +1,91 @@
+import traverse from "@babel/traverse";
+import * as t from "@babel/types";
+import { randomInt } from "../utils/random.js";
+
+const patterns = [
+
+"var _a=Math.random();if(_a>2){console.log(_a)}",
+"var _b=0;for(var i=0;i<10;i++){_b+=i}",
+"try{JSON.parse('x')}catch(e){}",
+"var _c=[1,2,3];_c.reverse().join(',')",
+"var _d=Date.now();_d+=Math.random()",
+"var _e='abc'.split('').reverse().join('')",
+"Boolean(Math.random())",
+"Math.floor(Math.random()*999)",
+"var _f={a:1,b:2};Object.keys(_f)",
+"var _g=0;while(_g<1){_g++}"
+
+];
+
+for(let i=0;i<90;i++){
+
+patterns.push(`
+var _junk${i}=Math.random()*${randomInt(1,999)};
+if(_junk${i}>99999){
+console.log(_junk${i})
+}
+`);
+
+}
+
+function randomPattern(){
+
+return patterns[Math.floor(Math.random()*patterns.length)];
+
+}
+
+export function injectDeadCode(ast){
+
+traverse.default(ast,{
+
+BlockStatement(path){
+
+if(Math.random()>0.4) return;
+
+const fake = t.ifStatement(
+
+t.binaryExpression(
+">",
+t.numericLiteral(randomInt(0,100)),
+t.numericLiteral(1000)
+),
+
+t.blockStatement([
+
+t.expressionStatement(
+t.callExpression(
+t.memberExpression(
+t.identifier("console"),
+t.identifier("log")
+),
+[
+t.stringLiteral("dead_"+randomInt(1000,9999))
+]
+)
+)
+
+])
+
+);
+
+path.node.body.unshift(fake);
+
+}
+
+});
+
+}
+
+export function generateDeadRuntime(){
+
+let out="";
+
+for(let i=0;i<30;i++){
+
+out+=randomPattern()+"\n";
+
+}
+
+return out;
+
+}

package/core/junkcode.js

@@ -0,0 +1,18 @@
+export function generateJunk() {
+
+  const junk = [];
+
+  for (let i = 0; i < 20; i++) {
+
+    junk.push(`
+var _junk${i} = Math.random() * ${i};
+if(_junk${i} > 9999){
+ console.log(_junk${i});
+}
+`);
+
+  }
+
+  return junk.join("\n");
+
+}

package/core/parser.js

@@ -0,0 +1,21 @@
+import { parse } from "@babel/parser";
+
+export function parseCode(code){
+
+return parse(code,{
+sourceType:"unambiguous",
+allowReturnOutsideFunction:true,
+plugins:[
+"jsx",
+"classProperties",
+"classPrivateProperties",
+"classPrivateMethods",
+"dynamicImport",
+"optionalChaining",
+"nullishCoalescingOperator",
+"objectRestSpread",
+"topLevelAwait"
+]
+});
+
+}

package/core/rc4.js

@@ -0,0 +1,42 @@
+export function rc4(key, str){
+
+let s=[]
+let j=0
+let x
+let res=""
+
+for(let i=0;i<256;i++){
+s[i]=i
+}
+
+for(let i=0;i<256;i++){
+
+j=(j+s[i]+key.charCodeAt(i%key.length))%256
+
+x=s[i]
+s[i]=s[j]
+s[j]=x
+
+}
+
+let i=0
+j=0
+
+for(let y=0;y<str.length;y++){
+
+i=(i+1)%256
+j=(j+s[i])%256
+
+x=s[i]
+s[i]=s[j]
+s[j]=x
+
+let k=s[(s[i]+s[j])%256]
+
+res+=String.fromCharCode(str.charCodeAt(y)^k)
+
+}
+
+return res
+
+}

package/core/renamer.js

@@ -0,0 +1,64 @@
+import traverseModule from "@babel/traverse";
+
+const traverse = traverseModule.default;
+
+const reserved = new Set([
+"require",
+"module",
+"exports",
+"__dirname",
+"__filename",
+"console",
+"process",
+"Buffer",
+"setTimeout",
+"setInterval"
+]);
+
+function randomName(){
+const chars="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
+let name="_";
+for(let i=0;i<6;i++){
+name+=chars[Math.floor(Math.random()*chars.length)];
+}
+return name;
+}
+
+export function renameVariables(ast){
+
+traverse(ast,{
+Program(path){
+
+  const bindings = path.scope.bindings;
+
+  for(const key in bindings){
+
+    const binding = bindings[key];
+
+    if(reserved.has(key)) continue;
+
+    // skip imports
+    if(binding.path.isImportSpecifier?.()) continue;
+    if(binding.path.isImportDefaultSpecifier?.()) continue;
+    if(binding.path.isImportNamespaceSpecifier?.()) continue;
+
+    // skip function parameters
+    if(binding.kind === "param") continue;
+
+    // skip destructuring
+    if(binding.path.isObjectPattern?.()) continue;
+    if(binding.path.isArrayPattern?.()) continue;
+
+    // skip globals
+    if(!binding.scope.parent) continue;
+
+    const newName=randomName();
+
+    path.scope.rename(key,newName);
+
+  }
+
+}
+});
+
+}

package/core/runtime.js

@@ -0,0 +1,66 @@
+import { rc4 } from "./rc4.js"
+
+export function buildStringRuntime(pool){
+
+const key=Math.random().toString(36).slice(2)
+
+const encrypted=pool.map(s=>{
+
+const enc=rc4(key,s)
+
+return Buffer.from(enc).toString("base64")
+
+})
+
+return `
+
+var _STRINGS=${JSON.stringify(encrypted)};
+
+(function(){
+
+function rc4(k,str){
+
+var s=[],j=0,x,res="";
+
+for(var i=0;i<256;i++)s[i]=i;
+
+for(i=0;i<256;i++){
+
+j=(j+s[i]+k.charCodeAt(i%k.length))%256;
+
+x=s[i];s[i]=s[j];s[j]=x;
+
+}
+
+i=0;j=0;
+
+for(var y=0;y<str.length;y++){
+
+i=(i+1)%256;
+j=(j+s[i])%256;
+
+x=s[i];s[i]=s[j];s[j]=x;
+
+var k2=s[(s[i]+s[j])%256];
+
+res+=String.fromCharCode(str.charCodeAt(y)^k2);
+
+}
+
+return res;
+
+}
+
+for(var i=0;i<_STRINGS.length;i++){
+
+var data=atob(_STRINGS[i])
+
+_STRINGS[i]=rc4("${key}",data)
+
+}
+
+})();
+
+`
+
+}

package/core/selfdefend.js

@@ -0,0 +1,23 @@
+export function selfDefend(){
+
+return `
+
+(function(){
+
+function guard(){
+
+const src=guard.toString()
+
+if(!src.includes("guard")){
+while(true){}
+}
+
+}
+
+setInterval(guard,4000)
+
+})();
+
+`;
+
+}

package/core/stringArray.js

@@ -0,0 +1,80 @@
+import traverseModule from "@babel/traverse";
+import * as t from "@babel/types";
+
+const traverse = traverseModule.default;
+
+export function encodeStrings(ast){
+
+const pool = [];
+const map = new Map();
+
+function getIndex(value){
+
+if(map.has(value)){
+  return map.get(value);
+}
+
+const index = pool.length;
+
+pool.push(value);
+map.set(value,index);
+
+return index;
+
+}
+
+traverse(ast,{
+StringLiteral(path){
+
+  const value = path.node.value;
+
+  /* skip unsafe places */
+
+  if(path.parent.type === "Directive") return;
+
+  if(
+    path.parent.type === "CallExpression" &&
+    path.parent.callee.name === "require"
+  ){
+    return;
+  }
+
+  if(path.parent.type === "ImportDeclaration"){
+    return;
+  }
+
+  if(
+    path.parent.type === "ObjectProperty" &&
+    path.parent.key === path.node
+  ){
+    return;
+  }
+
+  if(
+    path.parent.type === "MemberExpression" &&
+    path.parent.property === path.node
+  ){
+    return;
+  }
+
+  if(path.parent.type === "TemplateLiteral"){
+    return;
+  }
+
+  const index = getIndex(value);
+
+  path.replaceWith(
+    t.memberExpression(
+      t.identifier("_STRINGS"),
+      t.numericLiteral(index),
+      true
+    )
+  );
+
+}
+
+});
+
+return pool;
+
+}

package/core/unicode.js

@@ -0,0 +1,29 @@
+import traverseModule from "@babel/traverse";
+
+const traverse = traverseModule.default;
+
+function toUnicode(str){
+
+  return str
+    .split("")
+    .map(c => "\\u" + c.charCodeAt(0).toString(16).padStart(4,"0"))
+    .join("");
+
+}
+
+export function unicodeEscape(ast){
+
+  traverse(ast,{
+    StringLiteral(path){
+
+      const val = path.node.value;
+
+      path.node.extra = {
+        raw: `"${toUnicode(val)}"`,
+        rawValue: val
+      };
+
+    }
+  });
+
+}

package/package.json

@@ -0,0 +1,41 @@
+{
+  "name": "jsarmor",
+  "version": "1.0.0",
+  "description": "Advanced JavaScript Obfuscator",
+  "type": "module",
+  "main": "cli/index.js",
+
+  "bin": {
+    "jsarmor": "./cli/index.js"
+  },
+
+  "scripts": {
+    "start": "node cli/index.js"
+  },
+
+  "dependencies": {
+    "@babel/parser": "^7.26.0",
+    "@babel/traverse": "^7.26.0",
+    "@babel/types": "^7.26.0",
+    "@babel/generator": "^7.26.0",
+    "chalk": "^5.3.0",
+    "gradient-string": "^2.0.2",
+    "cli-progress": "^3.12.0"
+  },
+
+  "keywords": [
+    "obfuscator",
+    "javascript",
+    "security",
+    "jsarmor"
+  ],
+
+  "files": [
+  "cli",
+  "core",
+  "utils"
+],
+
+  "author": "_kingktn",
+  "license": "MIT"
+}

package/utils/random.js

@@ -0,0 +1,14 @@
+export function randomString(length = 6) {
+  const chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
+  let result = "_0x";
+
+  for (let i = 0; i < length; i++) {
+    result += chars[Math.floor(Math.random() * chars.length)];
+  }
+
+  return result;
+}
+
+export function randomInt(min, max) {
+  return Math.floor(Math.random() * (max - min) + min);
+}