simple-javascript-obf 0.1.1

package/src/plugins/controlFlowFlatten.js

@@ -0,0 +1,203 @@
+function hasUnsupported(node) {
+  let unsupported = false;
+  const stack = [node];
+  while (stack.length) {
+    const current = stack.pop();
+    if (!current || unsupported) {
+      continue;
+    }
+    switch (current.type) {
+      case "TryStatement":
+      case "WithStatement":
+      case "LabeledStatement":
+      case "YieldExpression":
+      case "AwaitExpression":
+        unsupported = true;
+        break;
+      default:
+        break;
+    }
+    for (const key of Object.keys(current)) {
+      const value = current[key];
+      if (Array.isArray(value)) {
+        for (const child of value) {
+          if (child && typeof child.type === "string") {
+            stack.push(child);
+          }
+        }
+      } else if (value && typeof value.type === "string") {
+        stack.push(value);
+      }
+    }
+  }
+  return unsupported;
+}
+
+function buildFlattenedBody(t, ctx, statements) {
+  const stateId = t.identifier(ctx.nameGen.next());
+  const lookupId = t.identifier(ctx.nameGen.next());
+  const seedId = t.identifier(ctx.nameGen.next());
+  const count = statements.length;
+  const order = Array.from({ length: count }, (_, i) => i);
+  ctx.rng.shuffle(order);
+  const seed = ctx.rng.int(0, count - 1);
+
+  const gcd = (a, b) => {
+    let x = a;
+    let y = b;
+    while (y !== 0) {
+      const temp = x % y;
+      x = y;
+      y = temp;
+    }
+    return x;
+  };
+  const multiplierCandidates = [7, 5, 11, 13, 17, 19];
+  let multiplier = 7;
+  for (const candidate of multiplierCandidates) {
+    if (gcd(count, candidate) === 1) {
+      multiplier = candidate;
+      break;
+    }
+  }
+  if (gcd(count, multiplier) !== 1) {
+    multiplier = 1;
+  }
+
+  const encodeState = (index) => (index * multiplier + seed) % count;
+  const lookupValues = new Array(count);
+  for (let i = 0; i < count; i += 1) {
+    lookupValues[encodeState(i)] = i;
+  }
+
+  const buildStateExpr = (indexLiteral) =>
+    t.binaryExpression(
+      "%",
+      t.binaryExpression(
+        "+",
+        t.binaryExpression("*", indexLiteral, t.numericLiteral(multiplier)),
+        seedId
+      ),
+      t.numericLiteral(count)
+    );
+
+  const cases = order.map((index) => {
+    const stmt = statements[index];
+    const caseBody = [];
+    caseBody.push(stmt);
+    if (stmt.type !== "ReturnStatement" && stmt.type !== "ThrowStatement") {
+      const nextValue = index + 1 < count ? index + 1 : -1;
+      caseBody.push(
+        t.expressionStatement(
+          t.assignmentExpression(
+            "=",
+            stateId,
+            nextValue === -1
+              ? t.numericLiteral(-1)
+              : buildStateExpr(t.numericLiteral(nextValue))
+          )
+        )
+      );
+    }
+    caseBody.push(t.breakStatement());
+    return t.switchCase(
+      t.numericLiteral(index),
+      [t.blockStatement(caseBody)]
+    );
+  });
+
+  cases.push(
+    t.switchCase(null, [
+      t.blockStatement([
+        t.expressionStatement(
+          t.assignmentExpression("=", stateId, t.numericLiteral(-1))
+        ),
+        t.breakStatement(),
+      ]),
+    ])
+  );
+
+  const whileStmt = t.whileStatement(
+    t.binaryExpression("!==", stateId, t.numericLiteral(-1)),
+    t.blockStatement([
+      t.switchStatement(
+        t.memberExpression(lookupId, stateId, true),
+        cases
+      ),
+    ])
+  );
+
+  return [
+    t.variableDeclaration("const", [
+      t.variableDeclarator(seedId, t.numericLiteral(seed)),
+    ]),
+    t.variableDeclaration("const", [
+      t.variableDeclarator(
+        lookupId,
+        t.arrayExpression(
+          lookupValues.map((value) => t.numericLiteral(value))
+        )
+      ),
+    ]),
+    t.variableDeclaration("let", [
+      t.variableDeclarator(stateId, buildStateExpr(t.numericLiteral(0))),
+    ]),
+    whileStmt,
+  ];
+}
+
+function flattenFunctionBody(path, ctx) {
+  const bodyPath = path.get("body");
+  if (!bodyPath.isBlockStatement()) {
+    return;
+  }
+  const statements = bodyPath.node.body;
+  if (!statements || statements.length < ctx.options.cffOptions.minStatements) {
+    return;
+  }
+  for (const stmt of statements) {
+    if (stmt.type === "VariableDeclaration" && stmt.kind !== "var") {
+      return;
+    }
+    if (stmt.type === "ClassDeclaration") {
+      return;
+    }
+    if (stmt.type === "FunctionDeclaration") {
+      return;
+    }
+  }
+  if (hasUnsupported(bodyPath.node)) {
+    return;
+  }
+
+  const directives = [];
+  const rest = [];
+  for (const stmt of statements) {
+    if (stmt.type === "ExpressionStatement" && stmt.directive) {
+      directives.push(stmt);
+    } else {
+      rest.push(stmt);
+    }
+  }
+
+  if (rest.length < ctx.options.cffOptions.minStatements) {
+    return;
+  }
+
+  const flattened = buildFlattenedBody(ctx.t, ctx, rest);
+  bodyPath.node.body = [...directives, ...flattened];
+}
+
+function controlFlowFlatten(ast, ctx) {
+  const { traverse } = ctx;
+  traverse(ast, {
+    Function(path) {
+      if (path.node.generator) {
+        return;
+      }
+      flattenFunctionBody(path, ctx);
+    },
+  });
+}
+
+module.exports = controlFlowFlatten;

package/src/plugins/deadCode.js

@@ -0,0 +1,82 @@
+function makeOpaquePredicate(t) {
+  const nowCall = t.callExpression(
+    t.memberExpression(t.identifier("Date"), t.identifier("now")),
+    []
+  );
+  return t.binaryExpression(
+    "!==",
+    t.binaryExpression("&", nowCall, t.numericLiteral(1)),
+    t.numericLiteral(2)
+  );
+}
+
+function makeNoiseStatement(t) {
+  return t.expressionStatement(
+    t.callExpression(
+      t.memberExpression(t.identifier("Date"), t.identifier("now")),
+      []
+    )
+  );
+}
+
+function makeJunkStatement(t, name, rng) {
+  const id = t.identifier(name);
+  const seed = rng.int(1, 255);
+  return t.blockStatement([
+    t.variableDeclaration("let", [
+      t.variableDeclarator(id, t.numericLiteral(seed)),
+    ]),
+    makeNoiseStatement(t),
+    t.expressionStatement(
+      t.assignmentExpression(
+        "^=",
+        id,
+        t.numericLiteral(rng.int(1, 255))
+      )
+    ),
+  ]);
+}
+
+function insertIntoBody(body, node, index) {
+  body.splice(index, 0, node);
+}
+
+function deadCode(ast, ctx) {
+  const { traverse, t, rng, options } = ctx;
+  const probability = options.deadCodeOptions.probability;
+
+  traverse(ast, {
+    BlockStatement(path) {
+      const body = path.node.body;
+      if (!body || body.length === 0) {
+        return;
+      }
+      if (!rng.bool(probability)) {
+        return;
+      }
+      if (path.parentPath && path.parentPath.isSwitchCase()) {
+        return;
+      }
+      let directiveCount = 0;
+      while (
+        directiveCount < body.length &&
+        body[directiveCount].type === "ExpressionStatement" &&
+        body[directiveCount].directive
+      ) {
+        directiveCount += 1;
+      }
+      const idx = rng.int(directiveCount, body.length);
+      const junkName = ctx.nameGen.next();
+      const junk = t.ifStatement(
+        makeOpaquePredicate(t),
+        makeJunkStatement(t, junkName, rng)
+      );
+      insertIntoBody(body, junk, idx);
+      if (rng.bool(probability * 0.5)) {
+        insertIntoBody(body, makeNoiseStatement(t), idx);
+      }
+    },
+  });
+}
+
+module.exports = deadCode;

package/src/plugins/encodeMembers.js

@@ -0,0 +1,44 @@
+function makeGlobalAccess(t, name) {
+  return t.memberExpression(t.identifier("globalThis"), t.stringLiteral(name), true);
+}
+
+function isGlobalIdentifier(path, name) {
+  return path.isIdentifier({ name }) && !path.scope.getBinding(name);
+}
+
+function encodeMembers(ast, ctx) {
+  const { traverse, t, options } = ctx;
+  const enabled = options.stringsOptions.encodeConsole !== false;
+  if (!enabled) {
+    return;
+  }
+
+  traverse(ast, {
+    MemberExpression(path) {
+      const { node } = path;
+      const objectPath = path.get("object");
+      if (!isGlobalIdentifier(objectPath, "console")) {
+        return;
+      }
+      node.object = makeGlobalAccess(t, "console");
+      if (!node.computed && t.isIdentifier(node.property)) {
+        node.property = t.stringLiteral(node.property.name);
+        node.computed = true;
+      }
+    },
+    OptionalMemberExpression(path) {
+      const { node } = path;
+      const objectPath = path.get("object");
+      if (!isGlobalIdentifier(objectPath, "console")) {
+        return;
+      }
+      node.object = makeGlobalAccess(t, "console");
+      if (!node.computed && t.isIdentifier(node.property)) {
+        node.property = t.stringLiteral(node.property.name);
+        node.computed = true;
+      }
+    },
+  });
+}
+
+module.exports = encodeMembers;

package/src/plugins/entry.js

@@ -0,0 +1,31 @@
+function rewriteGlobalEntry(ast, ctx) {
+  const { traverse, t, nameGen } = ctx;
+  let replacement = null;
+
+  traverse(ast, {
+    Program(path) {
+      path.traverse({
+        MemberExpression(memberPath) {
+          const { node } = memberPath;
+          if (!t.isIdentifier(node.object, { name: "globalThis" })) {
+            return;
+          }
+          const isDirect =
+            !node.computed && t.isIdentifier(node.property, { name: "__r" });
+          const isComputed =
+            node.computed && t.isStringLiteral(node.property, { value: "__r" });
+          if (!isDirect && !isComputed) {
+            return;
+          }
+          if (!replacement) {
+            replacement = nameGen.next();
+          }
+          node.property = t.stringLiteral(replacement);
+          node.computed = true;
+        },
+      });
+    },
+  });
+}
+
+module.exports = rewriteGlobalEntry;

package/src/plugins/rename.js

@@ -0,0 +1,100 @@
+function collectExportedNames(programPath) {
+  const exported = new Set();
+  for (const node of programPath.node.body) {
+    if (node.type === "ExportNamedDeclaration") {
+      if (node.declaration) {
+        if (node.declaration.id) {
+          exported.add(node.declaration.id.name);
+        }
+        if (node.declaration.declarations) {
+          for (const decl of node.declaration.declarations) {
+            if (decl.id && decl.id.name) {
+              exported.add(decl.id.name);
+            }
+          }
+        }
+      }
+      if (node.specifiers) {
+        for (const spec of node.specifiers) {
+          if (spec.local && spec.local.name) {
+            exported.add(spec.local.name);
+          }
+        }
+      }
+    }
+    if (node.type === "ExportDefaultDeclaration") {
+      if (node.declaration && node.declaration.id) {
+        exported.add(node.declaration.id.name);
+      }
+    }
+  }
+  return exported;
+}
+
+function renameScope(scope, ctx, reserved, usedNames) {
+  const names = Object.keys(scope.bindings);
+  for (const name of names) {
+    if (reserved.has(name)) {
+      continue;
+    }
+    const binding = scope.bindings[name];
+    if (!binding || !binding.identifier) {
+      continue;
+    }
+    if (binding.path.isImportSpecifier() || binding.path.isImportDefaultSpecifier()) {
+      if (reserved.has(binding.identifier.name)) {
+        continue;
+      }
+    }
+    let newName = ctx.nameGen.next();
+    while (
+      scope.hasBinding(newName) ||
+      scope.hasGlobal(newName) ||
+      reserved.has(newName) ||
+      usedNames.has(newName)
+    ) {
+      newName = ctx.nameGen.next();
+    }
+    scope.rename(name, newName);
+    usedNames.add(newName);
+  }
+}
+
+function renameIdentifiers(ast, ctx) {
+  const { traverse, options } = ctx;
+
+  traverse(ast, {
+    Program(path) {
+      const exported = collectExportedNames(path);
+      const reserved = new Set(options.renameOptions.reserved);
+      for (const name of exported) {
+        reserved.add(name);
+      }
+      const usedNames = new Set(reserved);
+      path.traverse({
+        Scopable(scopePath) {
+          if (!scopePath.scope) {
+            return;
+          }
+          for (const name of Object.keys(scopePath.scope.bindings)) {
+            usedNames.add(name);
+          }
+        },
+      });
+
+      path.traverse({
+        Scopable(scopePath) {
+          if (scopePath.isProgram() && !options.renameOptions.renameGlobals) {
+            return;
+          }
+          if (!scopePath.scope) {
+            return;
+          }
+          renameScope(scopePath.scope, ctx, reserved, usedNames);
+        },
+      });
+    },
+  });
+}
+
+module.exports = renameIdentifiers;