obscura-js 0.1.0

package/README.md

@@ -0,0 +1,156 @@
+# obscura-js
+
+A JavaScript code protection library inspired by the obfuscation and anti-debugging techniques used in Google reCAPTCHA.
+
+[![npm version](https://img.shields.io/npm/v/obscura-js)](https://www.npmjs.com/package/obscura-js)
+[![license](https://img.shields.io/npm/l/obscura-js)](LICENSE)
+[![node](https://img.shields.io/node/v/obscura-js)](package.json)
+
+## Features
+
+| Category    | Pass                    | Description                                                         |
+| ----------- | ----------------------- | ------------------------------------------------------------------- |
+| Obfuscation | `sequenceExpression`    | Flatten `if` blocks into comma-sequence expressions                 |
+| Obfuscation | `mba`                   | Expand arithmetic into Mixed Boolean Arithmetic (MBA) expressions   |
+| Obfuscation | `functionTable`         | Move function declarations into an indirect table, call by index    |
+| Obfuscation | `stringPool`            | Encrypt all string literals into an LCG-XOR pool                    |
+| Obfuscation | `controlFlowFlattening` | Transform function bodies into flat state machines                  |
+| Obfuscation | `deadCode`              | Inject unreachable code blocks                                      |
+| Anti-debug  | `nativeBinding`         | Pre-bind native methods to defend against prototype pollution       |
+| Anti-debug  | `integrityTag`          | Attach Symbol-based integrity tags to detect object cloning/replace |
+
+## Getting Started
+
+```bash
+npm install
+npm run build
+npm test
+```
+
+## Installation
+
+```bash
+npm install obscura-js
+```
+
+## Quick Start
+
+### API
+
+```typescript
+import { protect } from "obscura-js";
+import { readFileSync } from "fs";
+
+const source = readFileSync("app.js", "utf-8");
+
+const { code, appliedPasses } = protect(source);
+// All 8 passes are enabled by default
+
+console.log(appliedPasses);
+// ['sequenceExpression', 'mba', 'functionTable', 'stringPool',
+//  'controlFlowFlattening', 'deadCode', 'nativeBinding', 'integrityTag']
+```
+
+### CLI
+
+```bash
+# Protect a file (output: app.obscura.js)
+npx obscura-js protect app.js
+
+# Specify output path
+npx obscura-js protect app.js -o app.protected.js
+
+# Minify output
+npx obscura-js protect app.js --minify
+```
+
+## API Reference
+
+### `protect(source, options?)`
+
+| Parameter | Type          | Description                       |
+| --------- | ------------- | --------------------------------- |
+| `source`  | `string`      | JavaScript source code to protect |
+| `options` | `HazeOptions` | Optional configuration            |
+
+Returns `ProtectResult`:
+
+```typescript
+interface ProtectResult {
+  code: string; // Protected source code
+  appliedPasses: string[]; // Names of passes that were applied
+}
+```
+
+### `HazeOptions`
+
+```typescript
+interface HazeOptions {
+  obfuscation?: {
+    sequenceExpression?: { probability?: number } | false;
+    mba?: { rounds?: number } | false;
+    functionTable?: { minFunctions?: number } | false;
+    stringPool?: { seed?: number } | false;
+    controlFlowFlattening?: {} | false;
+    deadCode?: { targetLines?: number } | false;
+  };
+  antiDebug?: {
+    nativeBinding?: { methods?: string[] } | false;
+    integrityTag?: { tagDescription?: string } | false;
+  };
+  minify?: boolean; // Default: false
+}
+```
+
+Disable a specific pass by passing `false`:
+
+```typescript
+protect(source, {
+  obfuscation: { deadCode: false, mba: false },
+});
+```
+
+Custom options example:
+
+```typescript
+protect(source, {
+  obfuscation: {
+    mba: { rounds: 2 },
+    stringPool: { seed: 1234 },
+    deadCode: { targetLines: 100 },
+  },
+  antiDebug: {
+    nativeBinding: { methods: ["Math.floor", "Object.defineProperty"] },
+    integrityTag: { tagDescription: "myapp" },
+  },
+  minify: true,
+});
+```
+
+## CLI Reference
+
+```bash
+obscura-js protect <input> [options]
+```
+
+| Option                | Description                                          |
+| --------------------- | ---------------------------------------------------- |
+| `-o, --output <file>` | Output file path (default: `<input>.obscura.js`)     |
+| `--no-seq`            | Disable `sequenceExpression` pass                    |
+| `--no-mba`            | Disable `mba` pass                                   |
+| `--no-ft`             | Disable `functionTable` pass                         |
+| `--no-sp`             | Disable `stringPool` pass                            |
+| `--no-cff`            | Disable `controlFlowFlattening` pass                 |
+| `--no-dead`           | Disable `deadCode` pass                              |
+| `--no-native`         | Disable `nativeBinding` pass                         |
+| `--no-tag`            | Disable `integrityTag` pass                          |
+| `--sp-seed <number>`  | XOR seed for the string pool cipher                  |
+| `--minify`            | Compact output (remove whitespace, shorten literals) |
+
+## Requirements
+
+- Node.js ≥ 18
+
+## License
+
+MIT

package/dist/bin/haze.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=haze.d.ts.map

package/dist/bin/haze.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"haze.d.ts","sourceRoot":"","sources":["../../bin/haze.ts"],"names":[],"mappings":""}

package/dist/bin/haze.js

@@ -0,0 +1,54 @@
+#!/usr/bin/env node
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const fs_1 = require("fs");
+const path_1 = require("path");
+const commander_1 = require("commander");
+const index_1 = require("../src/index");
+const program = new commander_1.Command();
+program
+    .name("obscura-js")
+    .description("JavaScript code protection tool — obfuscation & anti-debugging")
+    .version("0.1.0");
+program
+    .command("protect <input>")
+    .description("Protect a JavaScript file")
+    .option("-o, --output <file>", "Output file (default: <input>.obscura.js)")
+    .option("--no-seq", "Disable sequence expression pass")
+    .option("--no-mba", "Disable mixed boolean arithmetic pass")
+    .option("--no-ft", "Disable indirect function table pass")
+    .option("--no-sp", "Disable encrypted string pool pass")
+    .option("--no-cff", "Disable control flow flattening pass")
+    .option("--no-dead", "Disable dead code injection pass")
+    .option("--no-native", "Disable native method binding pass")
+    .option("--no-tag", "Disable symbol integrity tag pass")
+    .option("--sp-seed <number>", "Seed for the string pool XOR cipher", parseInt)
+    .option("--minify", "Minify output (compact whitespace, shorten literals)")
+    .action((input, opts) => {
+    const inputPath = (0, path_1.resolve)(process.cwd(), input);
+    const source = (0, fs_1.readFileSync)(inputPath, "utf-8");
+    const options = {
+        obfuscation: {
+            sequenceExpression: opts["seq"] === false ? false : {},
+            mba: opts["mba"] === false ? false : {},
+            functionTable: opts["ft"] === false ? false : {},
+            stringPool: opts["sp"] === false ? false : { seed: opts["spSeed"] },
+            controlFlowFlattening: opts["cff"] === false ? false : {},
+            deadCode: opts["dead"] === false ? false : {},
+        },
+        antiDebug: {
+            nativeBinding: opts["native"] === false ? false : {},
+            integrityTag: opts["tag"] === false ? false : {},
+        },
+        minify: opts["minify"] === true,
+    };
+    const { code, appliedPasses } = (0, index_1.protect)(source, options);
+    const outputPath = opts["output"]
+        ? (0, path_1.resolve)(process.cwd(), opts["output"])
+        : inputPath.replace(/\.js$/, "") + ".obscura.js";
+    (0, fs_1.writeFileSync)(outputPath, code, "utf-8");
+    console.log(`✔ Protected: ${outputPath}`);
+    console.log(`  Passes applied: ${appliedPasses.join(", ")}`);
+});
+program.parse(process.argv);
+//# sourceMappingURL=haze.js.map

package/dist/bin/haze.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"haze.js","sourceRoot":"","sources":["../../bin/haze.ts"],"names":[],"mappings":";;;AACA,2BAAiD;AACjD,+BAA+B;AAC/B,yCAAoC;AACpC,wCAAuC;AAGvC,MAAM,OAAO,GAAG,IAAI,mBAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,YAAY,CAAC;KAClB,WAAW,CAAC,gEAAgE,CAAC;KAC7E,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,OAAO;KACJ,OAAO,CAAC,iBAAiB,CAAC;KAC1B,WAAW,CAAC,2BAA2B,CAAC;KACxC,MAAM,CAAC,qBAAqB,EAAE,2CAA2C,CAAC;KAC1E,MAAM,CAAC,UAAU,EAAE,kCAAkC,CAAC;KACtD,MAAM,CAAC,UAAU,EAAE,uCAAuC,CAAC;KAC3D,MAAM,CAAC,SAAS,EAAE,sCAAsC,CAAC;KACzD,MAAM,CAAC,SAAS,EAAE,oCAAoC,CAAC;KACvD,MAAM,CAAC,UAAU,EAAE,sCAAsC,CAAC;KAC1D,MAAM,CAAC,WAAW,EAAE,kCAAkC,CAAC;KACvD,MAAM,CAAC,aAAa,EAAE,oCAAoC,CAAC;KAC3D,MAAM,CAAC,UAAU,EAAE,mCAAmC,CAAC;KACvD,MAAM,CAAC,oBAAoB,EAAE,qCAAqC,EAAE,QAAQ,CAAC;KAC7E,MAAM,CAAC,UAAU,EAAE,sDAAsD,CAAC;KAC1E,MAAM,CAAC,CAAC,KAAa,EAAE,IAA6B,EAAE,EAAE;IACvD,MAAM,SAAS,GAAG,IAAA,cAAO,EAAC,OAAO,CAAC,GAAG,EAAE,EAAE,KAAK,CAAC,CAAC;IAChD,MAAM,MAAM,GAAG,IAAA,iBAAY,EAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAEhD,MAAM,OAAO,GAAgB;QAC3B,WAAW,EAAE;YACX,kBAAkB,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;YACtD,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;YACvC,aAAa,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;YAChD,UAAU,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAuB,EAAE;YACzF,qBAAqB,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;YACzD,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;SAC9C;QACD,SAAS,EAAE;YACT,aAAa,EAAE,IAAI,CAAC,QAAQ,CAAC,KAAK,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;YACpD,YAAY,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;SACjD;QACD,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,KAAK,IAAI;KAChC,CAAC;IAEF,MAAM,EAAE,IAAI,EAAE,aAAa,EAAE,GAAG,IAAA,eAAO,EAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAEzD,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC/B,CAAC,CAAC,IAAA,cAAO,EAAC,OAAO,CAAC,GAAG,EAAE,EAAE,IAAI,CAAC,QAAQ,CAAW,CAAC;QAClD,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,GAAG,aAAa,CAAC;IAEnD,IAAA,kBAAa,EAAC,UAAU,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;IACzC,OAAO,CAAC,GAAG,CAAC,gBAAgB,UAAU,EAAE,CAAC,CAAC;IAC1C,OAAO,CAAC,GAAG,CAAC,qBAAqB,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AAC/D,CAAC,CAAC,CAAC;AAEL,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC"}

package/dist/src/antiDebug/index.d.ts

@@ -0,0 +1,11 @@
+import type * as t from "@babel/types";
+import type { AntiDebugOptions } from "../types";
+import { applyIntegrityTag } from "./integrityTag";
+import { applyNativeBinding } from "./nativeBinding";
+export { applyIntegrityTag, applyNativeBinding };
+/**
+ * Run all enabled anti-debugging/tampering passes in order.
+ * Each pass is opt-in: pass `false` to skip it.
+ */
+export declare function applyAntiDebug(ast: t.File, options: AntiDebugOptions | undefined, appliedPasses: string[]): void;
+//# sourceMappingURL=index.d.ts.map

package/dist/src/antiDebug/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/antiDebug/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,KAAK,CAAC,MAAM,cAAc,CAAC;AACvC,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AACjD,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACnD,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAErD,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,CAAC;AAEjD;;;GAGG;AACH,wBAAgB,cAAc,CAC5B,GAAG,EAAE,CAAC,CAAC,IAAI,EACX,OAAO,EAAE,gBAAgB,YAAK,EAC9B,aAAa,EAAE,MAAM,EAAE,GACtB,IAAI,CASN"}

package/dist/src/antiDebug/index.js

@@ -0,0 +1,23 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.applyNativeBinding = exports.applyIntegrityTag = void 0;
+exports.applyAntiDebug = applyAntiDebug;
+const integrityTag_1 = require("./integrityTag");
+Object.defineProperty(exports, "applyIntegrityTag", { enumerable: true, get: function () { return integrityTag_1.applyIntegrityTag; } });
+const nativeBinding_1 = require("./nativeBinding");
+Object.defineProperty(exports, "applyNativeBinding", { enumerable: true, get: function () { return nativeBinding_1.applyNativeBinding; } });
+/**
+ * Run all enabled anti-debugging/tampering passes in order.
+ * Each pass is opt-in: pass `false` to skip it.
+ */
+function applyAntiDebug(ast, options = {}, appliedPasses) {
+    if (options.nativeBinding !== false) {
+        (0, nativeBinding_1.applyNativeBinding)(ast, options.nativeBinding ?? {});
+        appliedPasses.push("nativeBinding");
+    }
+    if (options.integrityTag !== false) {
+        (0, integrityTag_1.applyIntegrityTag)(ast, options.integrityTag ?? {});
+        appliedPasses.push("integrityTag");
+    }
+}
+//# sourceMappingURL=index.js.map

package/dist/src/antiDebug/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/antiDebug/index.ts"],"names":[],"mappings":";;;AAWA,wCAaC;AAtBD,iDAAmD;AAG1C,kGAHA,gCAAiB,OAGA;AAF1B,mDAAqD;AAEzB,mGAFnB,kCAAkB,OAEmB;AAE9C;;;GAGG;AACH,SAAgB,cAAc,CAC5B,GAAW,EACX,UAA4B,EAAE,EAC9B,aAAuB;IAEvB,IAAI,OAAO,CAAC,aAAa,KAAK,KAAK,EAAE,CAAC;QACpC,IAAA,kCAAkB,EAAC,GAAG,EAAE,OAAO,CAAC,aAAa,IAAI,EAAE,CAAC,CAAC;QACrD,aAAa,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IACtC,CAAC;IACD,IAAI,OAAO,CAAC,YAAY,KAAK,KAAK,EAAE,CAAC;QACnC,IAAA,gCAAiB,EAAC,GAAG,EAAE,OAAO,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC;QACnD,aAAa,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IACrC,CAAC;AACH,CAAC"}

package/dist/src/antiDebug/integrityTag.d.ts

@@ -0,0 +1,21 @@
+import * as t from "@babel/types";
+import type { IntegrityTagOptions } from "../types";
+/**
+ * Pass: Symbol-based Integrity Tag
+ *
+ * Attaches a `Symbol(<description>)` integrity check value to every
+ * array/object literal in the AST.  At runtime, code can verify the
+ * symbol is present to detect tampering (cloning, serialisation, etc.).
+ *
+ * The runtime helper `__haze_tag` is prepended to the output:
+ *
+ *   const __haze_sym = Symbol('jas');
+ *   function __haze_tag(v, checksum) {
+ *     Object.defineProperty(v, __haze_sym, { value: checksum, enumerable: false });
+ *     return v;
+ *   }
+ *
+ * Arrays are replaced by:  __haze_tag([...], <checksum>)
+ */
+export declare function applyIntegrityTag(ast: t.File, options?: IntegrityTagOptions): void;
+//# sourceMappingURL=integrityTag.d.ts.map

package/dist/src/antiDebug/integrityTag.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"integrityTag.d.ts","sourceRoot":"","sources":["../../../src/antiDebug/integrityTag.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,CAAC,MAAM,cAAc,CAAC;AAClC,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAC;AAEpD;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,EAAE,OAAO,GAAE,mBAAwB,GAAG,IAAI,CA2DtF"}

package/dist/src/antiDebug/integrityTag.js

@@ -0,0 +1,100 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.applyIntegrityTag = applyIntegrityTag;
+const traverse_1 = __importDefault(require("@babel/traverse"));
+const t = __importStar(require("@babel/types"));
+/**
+ * Pass: Symbol-based Integrity Tag
+ *
+ * Attaches a `Symbol(<description>)` integrity check value to every
+ * array/object literal in the AST.  At runtime, code can verify the
+ * symbol is present to detect tampering (cloning, serialisation, etc.).
+ *
+ * The runtime helper `__haze_tag` is prepended to the output:
+ *
+ *   const __haze_sym = Symbol('jas');
+ *   function __haze_tag(v, checksum) {
+ *     Object.defineProperty(v, __haze_sym, { value: checksum, enumerable: false });
+ *     return v;
+ *   }
+ *
+ * Arrays are replaced by:  __haze_tag([...], <checksum>)
+ */
+function applyIntegrityTag(ast, options = {}) {
+    const description = options.tagDescription ?? "jas";
+    const symVar = "__haze_sym";
+    const tagFn = "__haze_tag";
+    let hasArrays = false;
+    (0, traverse_1.default)(ast, {
+        ArrayExpression(path) {
+            // Skip if already tagged or inside the helper declarations
+            if (t.isCallExpression(path.parent))
+                return;
+            const checksum = path.node.elements.length ^ 0xdeadbeef;
+            path.replaceWith(t.callExpression(t.identifier(tagFn), [
+                t.cloneNode(path.node, true),
+                t.numericLiteral(checksum >>> 0),
+            ]));
+            hasArrays = true;
+        },
+    });
+    if (!hasArrays)
+        return;
+    // const __haze_sym = Symbol('jas');
+    const symDecl = t.variableDeclaration("const", [
+        t.variableDeclarator(t.identifier(symVar), t.callExpression(t.identifier("Symbol"), [t.stringLiteral(description)])),
+    ]);
+    // function __haze_tag(v, checksum) {
+    //   Object.defineProperty(v, __haze_sym, { value: checksum, enumerable: false });
+    //   return v;
+    // }
+    const tagDecl = t.functionDeclaration(t.identifier(tagFn), [t.identifier("v"), t.identifier("checksum")], t.blockStatement([
+        t.expressionStatement(t.callExpression(t.memberExpression(t.identifier("Object"), t.identifier("defineProperty")), [
+            t.identifier("v"),
+            t.identifier(symVar),
+            t.objectExpression([
+                t.objectProperty(t.identifier("value"), t.identifier("checksum")),
+                t.objectProperty(t.identifier("enumerable"), t.booleanLiteral(false)),
+            ]),
+        ])),
+        t.returnStatement(t.identifier("v")),
+    ]));
+    ast.program.body.unshift(tagDecl, symDecl);
+}
+//# sourceMappingURL=integrityTag.js.map

package/dist/src/antiDebug/integrityTag.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"integrityTag.js","sourceRoot":"","sources":["../../../src/antiDebug/integrityTag.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAqBA,8CA2DC;AAhFD,+DAAuC;AACvC,gDAAkC;AAGlC;;;;;;;;;;;;;;;;GAgBG;AACH,SAAgB,iBAAiB,CAAC,GAAW,EAAE,UAA+B,EAAE;IAC9E,MAAM,WAAW,GAAG,OAAO,CAAC,cAAc,IAAI,KAAK,CAAC;IACpD,MAAM,MAAM,GAAG,YAAY,CAAC;IAC5B,MAAM,KAAK,GAAG,YAAY,CAAC;IAE3B,IAAI,SAAS,GAAG,KAAK,CAAC;IAEtB,IAAA,kBAAQ,EAAC,GAAG,EAAE;QACZ,eAAe,CAAC,IAAI;YAClB,2DAA2D;YAC3D,IAAI,CAAC,CAAC,gBAAgB,CAAC,IAAI,CAAC,MAAM,CAAC;gBAAE,OAAO;YAE5C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,GAAG,UAAU,CAAC;YACxD,IAAI,CAAC,WAAW,CACd,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE;gBACpC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC;gBAC5B,CAAC,CAAC,cAAc,CAAC,QAAQ,KAAK,CAAC,CAAC;aACjC,CAAC,CACH,CAAC;YACF,SAAS,GAAG,IAAI,CAAC;QACnB,CAAC;KACF,CAAC,CAAC;IAEH,IAAI,CAAC,SAAS;QAAE,OAAO;IAEvB,oCAAoC;IACpC,MAAM,OAAO,GAAG,CAAC,CAAC,mBAAmB,CAAC,OAAO,EAAE;QAC7C,CAAC,CAAC,kBAAkB,CAClB,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,EACpB,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC,CAAC,CACzE;KACF,CAAC,CAAC;IAEH,qCAAqC;IACrC,kFAAkF;IAClF,cAAc;IACd,IAAI;IACJ,MAAM,OAAO,GAAG,CAAC,CAAC,mBAAmB,CACnC,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,EACnB,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,EAC7C,CAAC,CAAC,cAAc,CAAC;QACf,CAAC,CAAC,mBAAmB,CACnB,CAAC,CAAC,cAAc,CACd,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC,EAC1E;YACE,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC;YACjB,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC;YACpB,CAAC,CAAC,gBAAgB,CAAC;gBACjB,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;gBACjE,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;aACtE,CAAC;SACH,CACF,CACF;QACD,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;KACrC,CAAC,CACH,CAAC;IAED,GAAG,CAAC,OAAO,CAAC,IAAsB,CAAC,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;AAChE,CAAC"}

package/dist/src/antiDebug/nativeBinding.d.ts

@@ -0,0 +1,15 @@
+import * as t from "@babel/types";
+import type { NativeBindingOptions } from "../types";
+/**
+ * Pass: Native Method Binding
+ *
+ * Pre-binds native browser/Node.js methods to their original receivers and
+ * stores them as constants.  External scripts that monkey-patch prototypes
+ * cannot affect these captured references.
+ *
+ * Example output:
+ *   const __haze_Math_floor = Math.floor.bind(Math);
+ *   const __haze_Math_random = Math.random.bind(Math);
+ */
+export declare function applyNativeBinding(ast: t.File, options?: NativeBindingOptions): void;
+//# sourceMappingURL=nativeBinding.d.ts.map

package/dist/src/antiDebug/nativeBinding.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"nativeBinding.d.ts","sourceRoot":"","sources":["../../../src/antiDebug/nativeBinding.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,cAAc,CAAC;AAClC,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,UAAU,CAAC;AAcrD;;;;;;;;;;GAUG;AACH,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,EAAE,OAAO,GAAE,oBAAyB,GAAG,IAAI,CAsCxF"}

package/dist/src/antiDebug/nativeBinding.js

@@ -0,0 +1,89 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.applyNativeBinding = applyNativeBinding;
+const t = __importStar(require("@babel/types"));
+/** Default set of native methods to pre-bind */
+const DEFAULT_METHODS = [
+    "Math.floor",
+    "Math.random",
+    "Math.ceil",
+    "Math.round",
+    "Object.defineProperty",
+    "Object.keys",
+    "Array.prototype.slice",
+    "Array.prototype.forEach",
+];
+/**
+ * Pass: Native Method Binding
+ *
+ * Pre-binds native browser/Node.js methods to their original receivers and
+ * stores them as constants.  External scripts that monkey-patch prototypes
+ * cannot affect these captured references.
+ *
+ * Example output:
+ *   const __haze_Math_floor = Math.floor.bind(Math);
+ *   const __haze_Math_random = Math.random.bind(Math);
+ */
+function applyNativeBinding(ast, options = {}) {
+    const methods = options.methods ?? DEFAULT_METHODS;
+    const declarations = methods.map((methodPath) => {
+        const parts = methodPath.split(".");
+        // receiver is the object before the last segment (e.g. Math for Math.floor)
+        const receiverPath = parts.slice(0, -1).join(".");
+        const constName = `__haze_${parts.join("_")}`;
+        // Build member expression: Math.floor
+        const memberExpr = parts.reduce((acc, part) => t.memberExpression(acc, t.identifier(part)), t.identifier(parts[0]));
+        // Actually rebuild correctly:
+        let obj = t.identifier(parts[0]);
+        for (let i = 1; i < parts.length; i++) {
+            obj = t.memberExpression(obj, t.identifier(parts[i]));
+        }
+        // receiver expression (e.g. Math, Array.prototype)
+        let receiver = t.identifier(parts[0]);
+        for (let i = 1; i < parts.length - 1; i++) {
+            receiver = t.memberExpression(receiver, t.identifier(parts[i]));
+        }
+        void memberExpr; // suppress unused warning — we use `obj` instead
+        void receiverPath;
+        // <method>.bind(<receiver>)
+        const bindCall = t.callExpression(t.memberExpression(obj, t.identifier("bind")), [receiver]);
+        return t.variableDeclaration("const", [
+            t.variableDeclarator(t.identifier(constName), bindCall),
+        ]);
+    });
+    ast.program.body.unshift(...declarations);
+}
+//# sourceMappingURL=nativeBinding.js.map

package/dist/src/antiDebug/nativeBinding.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"nativeBinding.js","sourceRoot":"","sources":["../../../src/antiDebug/nativeBinding.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA0BA,gDAsCC;AAhED,gDAAkC;AAGlC,gDAAgD;AAChD,MAAM,eAAe,GAAG;IACtB,YAAY;IACZ,aAAa;IACb,WAAW;IACX,YAAY;IACZ,uBAAuB;IACvB,aAAa;IACb,uBAAuB;IACvB,yBAAyB;CAC1B,CAAC;AAEF;;;;;;;;;;GAUG;AACH,SAAgB,kBAAkB,CAAC,GAAW,EAAE,UAAgC,EAAE;IAChF,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,eAAe,CAAC;IAEnD,MAAM,YAAY,GAA4B,OAAO,CAAC,GAAG,CAAC,CAAC,UAAU,EAAE,EAAE;QACvE,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACpC,4EAA4E;QAC5E,MAAM,YAAY,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAClD,MAAM,SAAS,GAAG,UAAU,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QAE9C,sCAAsC;QACtC,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAC7B,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,gBAAgB,CAAC,GAAG,EAAE,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,EAC1D,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CACvB,CAAC;QACF,8BAA8B;QAC9B,IAAI,GAAG,GAAiB,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,GAAG,GAAG,CAAC,CAAC,gBAAgB,CAAC,GAAG,EAAE,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACxD,CAAC;QAED,mDAAmD;QACnD,IAAI,QAAQ,GAAiB,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACpD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC1C,QAAQ,GAAG,CAAC,CAAC,gBAAgB,CAAC,QAAQ,EAAE,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAClE,CAAC;QAED,KAAK,UAAU,CAAC,CAAC,iDAAiD;QAClE,KAAK,YAAY,CAAC;QAElB,4BAA4B;QAC5B,MAAM,QAAQ,GAAG,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,gBAAgB,CAAC,GAAG,EAAE,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC;QAE7F,OAAO,CAAC,CAAC,mBAAmB,CAAC,OAAO,EAAE;YACpC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,QAAQ,CAAC;SACxD,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEF,GAAG,CAAC,OAAO,CAAC,IAAsB,CAAC,OAAO,CAAC,GAAG,YAAY,CAAC,CAAC;AAC/D,CAAC"}

package/dist/src/index.d.ts

@@ -0,0 +1,12 @@
+import type { HazeOptions, ProtectResult } from "./types";
+export type { HazeOptions, ProtectResult } from "./types";
+export type { ObfuscationOptions, AntiDebugOptions, SequenceExpressionOptions, MbaOptions, FunctionTableOptions, StringPoolOptions, ControlFlowFlatteningOptions, DeadCodeOptions, IntegrityTagOptions, NativeBindingOptions, } from "./types";
+/**
+ * Protect JavaScript source code by running the configured passes.
+ *
+ * @param source  - Original JavaScript source code
+ * @param options - Protection configuration
+ * @returns       ProtectResult containing the protected code and applied pass names
+ */
+export declare function protect(source: string, options?: HazeOptions): ProtectResult;
+//# sourceMappingURL=index.d.ts.map

package/dist/src/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAE1D,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAC1D,YAAY,EACV,kBAAkB,EAClB,gBAAgB,EAChB,yBAAyB,EACzB,UAAU,EACV,oBAAoB,EACpB,iBAAiB,EACjB,4BAA4B,EAC5B,eAAe,EACf,mBAAmB,EACnB,oBAAoB,GACrB,MAAM,SAAS,CAAC;AAEjB;;;;;;GAMG;AACH,wBAAgB,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,GAAE,WAAgB,GAAG,aAAa,CAqBhF"}

package/dist/src/index.js

@@ -0,0 +1,35 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.protect = protect;
+const parser_1 = require("@babel/parser");
+const generator_1 = __importDefault(require("@babel/generator"));
+const obfuscation_1 = require("./obfuscation");
+const antiDebug_1 = require("./antiDebug");
+/**
+ * Protect JavaScript source code by running the configured passes.
+ *
+ * @param source  - Original JavaScript source code
+ * @param options - Protection configuration
+ * @returns       ProtectResult containing the protected code and applied pass names
+ */
+function protect(source, options = {}) {
+    if (typeof source !== "string") {
+        throw new TypeError("source must be a string");
+    }
+    const ast = (0, parser_1.parse)(source, {
+        sourceType: "unambiguous",
+        plugins: ["jsx"],
+    });
+    const appliedPasses = [];
+    (0, obfuscation_1.applyObfuscation)(ast, options.obfuscation, appliedPasses);
+    (0, antiDebug_1.applyAntiDebug)(ast, options.antiDebug, appliedPasses);
+    const { code } = (0, generator_1.default)(ast, {
+        minified: options.minify ?? false,
+        compact: options.minify ?? false,
+    });
+    return { code, appliedPasses };
+}
+//# sourceMappingURL=index.js.map

package/dist/src/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;;;AA2BA,0BAqBC;AAhDD,0CAAsC;AACtC,iEAAwC;AACxC,+CAAiD;AACjD,2CAA6C;AAiB7C;;;;;;GAMG;AACH,SAAgB,OAAO,CAAC,MAAc,EAAE,UAAuB,EAAE;IAC/D,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC/B,MAAM,IAAI,SAAS,CAAC,yBAAyB,CAAC,CAAC;IACjD,CAAC;IAED,MAAM,GAAG,GAAG,IAAA,cAAK,EAAC,MAAM,EAAE;QACxB,UAAU,EAAE,aAAa;QACzB,OAAO,EAAE,CAAC,KAAK,CAAC;KACjB,CAAC,CAAC;IAEH,MAAM,aAAa,GAAa,EAAE,CAAC;IAEnC,IAAA,8BAAgB,EAAC,GAAG,EAAE,OAAO,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;IAC1D,IAAA,0BAAc,EAAC,GAAG,EAAE,OAAO,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;IAEtD,MAAM,EAAE,IAAI,EAAE,GAAG,IAAA,mBAAQ,EAAC,GAAG,EAAE;QAC7B,QAAQ,EAAE,OAAO,CAAC,MAAM,IAAI,KAAK;QACjC,OAAO,EAAE,OAAO,CAAC,MAAM,IAAI,KAAK;KACjC,CAAC,CAAC;IAEH,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,CAAC;AACjC,CAAC"}

package/dist/src/obfuscation/cff.d.ts

@@ -0,0 +1,26 @@
+import * as t from "@babel/types";
+import type { ControlFlowFlatteningOptions } from "../types";
+/**
+ * Pass: Control Flow Flattening (CFF)
+ *
+ * Transforms a function body into a flat state machine with a central
+ * dispatcher loop, hiding the original execution order.
+ *
+ * Before:
+ *   function f() { stmt0; stmt1; stmt2; }
+ *
+ * After:
+ *   function f() {
+ *     let __s = 0;
+ *     while (true) {
+ *       switch (__s) {
+ *         case 0: stmt0; __s = 1; break;
+ *         case 1: stmt1; __s = 2; break;
+ *         case 2: stmt2; __s = -1; break;
+ *         default: return;
+ *       }
+ *     }
+ *   }
+ */
+export declare function applyControlFlowFlattening(ast: t.File, options?: ControlFlowFlatteningOptions): void;
+//# sourceMappingURL=cff.d.ts.map

package/dist/src/obfuscation/cff.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cff.d.ts","sourceRoot":"","sources":["../../../src/obfuscation/cff.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,CAAC,MAAM,cAAc,CAAC;AAClC,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,UAAU,CAAC;AAE7D;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAgB,0BAA0B,CACxC,GAAG,EAAE,CAAC,CAAC,IAAI,EACX,OAAO,GAAE,4BAAiC,GACzC,IAAI,CAmFN"}