Merge pull request #133 from MichaelXF/dev

1.7.2

CHANGELOG.md

@@ -1,3 +1,41 @@
+# `1.7.2`
+Updates
+
+- `Anti Tooling` & `Expression Obfuscation` improvements
+- - No longer expanded by [webcrack](https://github.com/j4k0xb/webcrack), [synchrony](https://github.com/relative/synchrony) & [REstringer](https://github.com/PerimeterX/restringer)
+
+- `String Concealing` improvements
+- - Randomizes the charset for each obfuscation
+- - Place multiple decryption functions throughout the code
+- - These changes aim to defeat [JSConfuser-String-Decryptor](https://github.com/0v41n/JSConfuser-String-Decryptor) and any other RegEx-based decoders
+
+- `Moved Declarations` improvements
+- - Now moves some variables as unused parameters on certain functions
+
+- `RGF` improvements
+- - More likely to transform functions containing functions
+
+- Fixed [#96](https://github.com/MichaelXF/js-confuser/issues/96)
+- - Removed hardcoded limits on `String Concealing`, `String Compression`, and `Duplicate Literals Removal`
+
+- Fixed [#106](https://github.com/MichaelXF/js-confuser/issues/106)
+- - Final fix with const variables for `Object Extraction`
+
+- Fixed [#131](https://github.com/MichaelXF/js-confuser/issues/131)
+- - __dirname is no longer changed by `Global Concealing`
+
+**New Option**
+
+### `preserveFunctionLength`
+- Modified functions will retain the correct `function.length` property. (`true/false`)
+Enabled by default.
+
+Minor improvements
+- Preserve `function.length`
+- Preserve Strict Mode behaviors
+- Preserve indirect vs. direct [`eval`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval) use
+
+
 # `1.7.1`
 Updates
 

README.md

@@ -131,6 +131,8 @@ Converts output to ES5-compatible code. (`true/false`)
 
 Does not cover all cases such as Promises or Generator functions. Use [Babel](https://babel.dev/).
 
+[Learn more here.](https://github.com/MichaelXF/js-confuser/blob/master/docs/ES5.md)
+
 ### `renameVariables`
 
 Determines if variables should be renamed. (`true/false`)
@@ -185,29 +187,6 @@ qFaI6S();
 
 Renames top-level variables, turn this off for web-related scripts. Enabled by default. (`true/false`)
 
-```js
-// Output (Same input from above)
-var twoSum = function (Oc4nmjB, Fk3nptX) {
-  var on_KnCm = {};
-  var lqAauc = Oc4nmjB["length"];
-  for (var mALijp8 = 0; mALijp8 < lqAauc; mALijp8++) {
-    if (Oc4nmjB[mALijp8] in on_KnCm) {
-      return [on_KnCm[Oc4nmjB[mALijp8]], mALijp8];
-    }
-    on_KnCm[Fk3nptX - Oc4nmjB[mALijp8]] = mALijp8;
-  }
-  return [-1, -1];
-};
-var test = function () {
-  var y5ySeZ = [2, 7, 11, 15];
-  var gHYMOm = 9;
-  var aAdj3v = [0, 1];
-  var GnLVHX = twoSum(y5ySeZ, gHYMOm);
-  !(ok(GnLVHX[0] === aAdj3v[0]), ok(GnLVHX[1] === aAdj3v[1]));
-};
-test();
-```
-
 ### `identifierGenerator`
 
 Determines how variables are renamed.
@@ -392,8 +371,11 @@ yAt1T_y(-93)["log"]("Hello World");
 ```
 
 ### `stringCompression`
+
 String Compression uses LZW's compression algorithm to compress strings. (`true/false/0-1`)
 
+Use a number to control the percentage of strings.
+
 `"console"` -> `inflate('replaĕ!ğğuģģ<~@')`
 
 ### `stringConcealing`
@@ -666,9 +648,8 @@ function getAreaOfCircle(radius) {
 }
 
 // Output
-function getAreaOfCircle(yLu5YB1) {
-  var eUf7Wle, XVYH4D;
-  var F8QuPL = Math["PI"];
+function getAreaOfCircle(yLu5YB1, eUf7Wle, XVYH4D, F8QuPL) {
+  F8QuPL = Math["PI"];
   typeof ((eUf7Wle = Math["pow"](yLu5YB1, 2)), (XVYH4D = F8QuPL * eUf7Wle));
   return XVYH4D;
 }
@@ -835,7 +816,11 @@ These features are experimental or a security concern.
   // experimental
   identifierGenerator: function(){
     return "myvar_" + (counter++);
-  }
+  },
+
+  // Modified functions will retain the correct `function.length` property.
+  // Enabled by default.
+  preserveFunctionLength: false
 }
 ```
 

package.json

@@ -22,8 +22,8 @@
   "author": "MichaelXF",
   "license": "MIT",
   "dependencies": {
-    "acorn": "^8.10.0",
-    "escodegen": "^2.0.0"
+    "acorn": "^8.12.1",
+    "escodegen": "^2.1.0"
   },
   "devDependencies": {
     "@babel/cli": "^7.17.6",

src/constants.ts

@@ -82,3 +82,15 @@ export const reservedIdentifiers = new Set([
 
 export const noRenameVariablePrefix = "__NO_JS_CONFUSER_RENAME__";
 export const placeholderVariablePrefix = "__p_";
+
+/**
+ * Tells the obfuscator this function is predictable:
+ * -  Never called with extraneous parameters
+ */
+export const predictableFunctionTag = "__JS_PREDICT__";
+
+/**
+ * Tells the obfuscator this function is critical for the Obfuscated code.
+ * -  Example: string decryption function
+ */
+export const criticalFunctionTag = "__JS_CRITICAL__";

src/options.ts

@@ -585,6 +585,15 @@ export interface ObfuscateOptions {
    * [See all settings here](https://github.com/MichaelXF/js-confuser/blob/master/README.md#options)
    */
   debugComments?: boolean;
+
+  /**
+   * ### `preserveFunctionLength`
+   *
+   * Modified functions will retain the correct `function.length` property. Enabled by default. (`true/false`)
+   *
+   * [See all settings here](https://github.com/MichaelXF/js-confuser/blob/master/README.md#options)
+   */
+  preserveFunctionLength?: boolean;
 }
 
 const validProperties = new Set([
@@ -619,6 +628,7 @@ const validProperties = new Set([
   "verbose",
   "globalVariables",
   "debugComments",
+  "preserveFunctionLength",
 ]);
 
 const validOses = new Set(["windows", "linux", "osx", "ios", "android"]);
@@ -764,6 +774,9 @@ export async function correctOptions(
   if (!options.hasOwnProperty("renameGlobals")) {
     options.renameGlobals = true; // RenameGlobals is on by default
   }
+  if (!options.hasOwnProperty("preserveFunctionLength")) {
+    options.preserveFunctionLength = true; // preserveFunctionLength is on by default
+  }
 
   if (options.globalVariables && !(options.globalVariables instanceof Set)) {
     options.globalVariables = new Set(Object.keys(options.globalVariables));

src/order.ts

@@ -46,11 +46,11 @@ export enum ObfuscateOrder {
 
   Minify = 28,
 
+  AntiTooling = 29,
+
   RenameVariables = 30,
 
   ES5 = 31,
 
-  AntiTooling = 34,
-
   Finalizer = 35,
 }

src/templates/bufferToString.ts

@@ -1,19 +1,59 @@
+import {
+  placeholderVariablePrefix,
+  predictableFunctionTag,
+} from "../constants";
 import Template from "./template";
 
-export const BufferToStringTemplate = Template(`
-  function __getGlobal(){
+export const GetGlobalTemplate = Template(`
+  function ${placeholderVariablePrefix}CFG__getGlobalThis${predictableFunctionTag}(){
+    return globalThis
+  }
+
+  function ${placeholderVariablePrefix}CFG__getGlobal${predictableFunctionTag}(){
+    return global
+  }
+
+  function ${placeholderVariablePrefix}CFG__getWindow${predictableFunctionTag}(){
+    return window
+  }
+
+  function ${placeholderVariablePrefix}CFG__getThisFunction${predictableFunctionTag}(){
+    return new Function("return this")()
+  }
+
+  function {getGlobalFnName}(array = [
+    ${placeholderVariablePrefix}CFG__getGlobalThis${predictableFunctionTag},
+    ${placeholderVariablePrefix}CFG__getGlobal${predictableFunctionTag},
+    ${placeholderVariablePrefix}CFG__getWindow${predictableFunctionTag},
+    ${placeholderVariablePrefix}CFG__getThisFunction${predictableFunctionTag}
+  ]){
+    var bestMatch
+    var itemsToSearch = []
     try {
-      return global||window|| ( new Function("return this") )();
-    } catch ( e ) {
+      bestMatch = Object
+      itemsToSearch["push"](("")["__proto__"]["constructor"]["name"])
+    } catch(e) {
+
+    }
+    A: for(var i = 0; i < array["length"]; i++) {
       try {
-        return this;
-      } catch ( e ) {
-        return {};
-      }
+        bestMatch = array[i]()
+        for(var j = 0; j < itemsToSearch["length"]; j++) {
+          if(typeof bestMatch[itemsToSearch[j]] === "undefined") continue A;
+        }
+        return bestMatch
+      } catch(e) {}
     }
+
+		return bestMatch || this;
   }
+`);
 
-  var __globalObject = __getGlobal() || {};
+export const BufferToStringTemplate = Template(`
+
+  ${GetGlobalTemplate.source}
+
+  var __globalObject = {getGlobalFnName}() || {};
   var __TextDecoder = __globalObject["TextDecoder"];
   var __Uint8Array = __globalObject["Uint8Array"];
   var __Buffer = __globalObject["Buffer"];
@@ -63,6 +103,4 @@ export const BufferToStringTemplate = Template(`
       return utf8ArrayToStr(buffer);
     }
   }
-
-  
 `);

src/templates/functionLength.ts

@@ -3,12 +3,30 @@ import Template from "./template";
 /**
  * Helper function to set `function.length` property.
  */
-export const FunctionLengthTemplate = Template(`
+export const FunctionLengthTemplate = Template(
+  `
 function {name}(functionObject, functionLength){
-  Object["defineProperty"](functionObject, "length", {
+  {ObjectDefineProperty}(functionObject, "length", {
     "value": functionLength,
     "configurable": true
   });
   return functionObject;
 }
-`);
+`,
+  `
+function {name}(functionObject, functionLength){
+  return {ObjectDefineProperty}(functionObject, "length", {
+    "value": functionLength,
+    "configurable": true
+  });
+}
+`,
+  `
+function {name}(functionObject, functionLength){
+  return {ObjectDefineProperty}["call"](null, functionObject, "length", {
+    "value": functionLength,
+    "configurable": true
+  });
+}
+`
+);

src/templates/globals.ts

@@ -0,0 +1,3 @@
+import Template from "./template";
+
+export const ObjectDefineProperty = Template(`Object["defineProperty"]`);