Merge pull request #38 from MichaelXF/dev

1.5.1 (Fix #37)

Author: MichaelXF

CHANGELOG.md

@@ -1,3 +1,11 @@
+# `1.5.1`
+Object Extraction Fix
+
+- Fixed [#37](https://github.com/MichaelXF/js-confuser/issues/37)
+- - Object Extraction was applying to objects with get/set methods, fixed in this version.
+
+- Slight improvement to `Flatten`
+
 # `1.5.0`
 Hexadecimal Numbers
 

README.md

@@ -2,6 +2,8 @@
 
 JS-Confuser is a JavaScript obfuscation tool to make your programs _impossible_ to read. [Try the web version](https://jsconfuser.com).
 
+  [![NPM](https://img.shields.io/badge/NPM-%23000000.svg?style=for-the-badge&logo=npm&logoColor=white)](https://npmjs.com/package/js-confuser) [![GitHub](https://img.shields.io/badge/github-%23121011.svg?style=for-the-badge&logo=github&logoColor=white)](https://github.com/MichaelXF/js-confuser) [![Netlify](https://img.shields.io/badge/netlify-%23000000.svg?style=for-the-badge&logo=netlify&logoColor=#00C7B7)](https://jsconfuser.com)
+
 ## Key features
 
 - Variable renaming

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "js-confuser",
-  "version": "1.5.0",
+  "version": "1.5.1",
   "description": "JavaScript Obfuscation Tool.",
   "main": "dist/index.js",
   "types": "index.d.ts",

package.json

@@ -19,6 +19,7 @@ import { getIdentifierInfo } from "../../util/identifiers";
 import { isValidIdentifier } from "../../util/compare";
 import { ComputeProbabilityMap } from "../../probability";
 import { ok } from "assert";
+import { isStringLiteral } from "../../util/guard";
 
 /**
  * Extracts keys out of an object if possible.
@@ -87,17 +88,22 @@ export default class ObjectExtraction extends Transform {
               }
 
               // check for computed properties
+              // Change String literals to non-computed
               object.properties.forEach((prop) => {
-                if (prop.computed && prop.key.type == "Literal") {
+                if (prop.computed && isStringLiteral(prop.key)) {
                   prop.computed = false;
                 }
               });
 
-              var computed = object.properties.find((x) => x.computed);
-              if (computed) {
+              var nonInitOrComputed = object.properties.find(
+                (x) => x.kind !== "init" || x.computed
+              );
+
+              if (nonInitOrComputed) {
                 this.log(
-                  name + " has computed property: " + computed.key.name ||
-                    computed.key.value
+                  name +
+                    " has non-init/computed property: " +
+                    nonInitOrComputed.key.name || nonInitOrComputed.key.value
                 );
                 illegal.add(name);
                 return;

src/transforms/extraction/objectExtraction.ts

@@ -16,6 +16,14 @@ import {
   Node,
   BlockStatement,
   ArrayPattern,
+  FunctionExpression,
+  ObjectExpression,
+  Property,
+  SpreadElement,
+  Literal,
+  IfStatement,
+  ThrowStatement,
+  NewExpression,
 } from "../util/gen";
 import { getIdentifierInfo } from "../util/identifiers";
 import {
@@ -25,6 +33,7 @@ import {
   prepend,
   clone,
 } from "../util/insert";
+import { shuffle } from "../util/random";
 import Transform from "./transform";
 
 /**
@@ -41,10 +50,17 @@ import Transform from "./transform";
 export default class Flatten extends Transform {
   definedNames: Map<Node, Set<string>>;
 
+  flatMapName: string;
+  flatNode: Node;
+  gen: any;
+
   constructor(o) {
     super(o, ObfuscateOrder.Flatten);
 
     this.definedNames = new Map();
+    this.flatMapName = null;
+    this.flatNode = null;
+    this.gen = this.getGenerator();
   }
 
   apply(tree) {
@@ -200,11 +216,10 @@ export default class Flatten extends Transform {
 
       var output = Array.from(modified);
 
-      var newName =
-        "flatten" +
-        this.getPlaceholder() +
-        "_" +
-        ((object.id && object.id.name) || "fn");
+      var newName = this.gen.generate();
+      var valName = this.getPlaceholder();
+      var resultName = this.getPlaceholder();
+      var propName = this.gen.generate();
 
       getBlockBody(object.body).push(ReturnStatement());
       walk(object.body, [object, ...parents], (o, p) => {
@@ -222,51 +237,100 @@ export default class Flatten extends Transform {
             }
 
             o.argument = ArrayExpression(elements);
+
+            o.argument = AssignmentExpression(
+              "=",
+              MemberExpression(
+                Identifier(resultName),
+                Identifier(propName),
+                false
+              ),
+              o.argument
+            );
           }
         };
       });
 
       var newBody = getBlockBody(object.body);
 
-      if (input.length) {
-        newBody.unshift(
+      newBody.unshift(
+        VariableDeclaration(
+          VariableDeclarator(
+            ArrayPattern([
+              ArrayPattern(input.map(Identifier)),
+              ArrayPattern(clone(object.params)),
+              Identifier(resultName),
+            ]),
+
+            Identifier(valName)
+          )
+        )
+      );
+
+      if (!this.flatMapName) {
+        this.flatMapName = this.getPlaceholder();
+        prepend(
+          parents[parents.length - 1],
           VariableDeclaration(
             VariableDeclarator(
-              ArrayPattern(input.map(Identifier)),
-              ThisExpression()
+              this.flatMapName,
+              (this.flatNode = ObjectExpression([]))
             )
           )
         );
       }
 
-      var newFunctionDeclaration = FunctionDeclaration(
-        newName,
-        clone(object.params),
+      var newFunctionExpression = FunctionExpression(
+        [Identifier(valName)],
         newBody
       );
-      newFunctionDeclaration.async = !!object.async;
-      newFunctionDeclaration.generator = !!object.generator;
 
-      prepend(parents[parents.length - 1], newFunctionDeclaration);
+      newFunctionExpression.async = !!object.async;
+      newFunctionExpression.generator = !!object.generator;
+
+      var property = Property(
+        Identifier(newName),
+        newFunctionExpression,
+        false
+      );
+      property.kind = "set";
+
+      this.flatNode.properties.push(property);
+
+      var identifier = MemberExpression(
+        Identifier(this.flatMapName),
+        Identifier(newName),
+        false
+      );
 
       var newParamNodes = object.params.map(() =>
         Identifier(this.getPlaceholder())
       );
 
       // var result = newFn.call([...refs], ...arguments)
-      var call = VariableDeclaration(
+      var call = VariableDeclaration([
+        VariableDeclarator(resultName, ArrayExpression([])),
         VariableDeclarator(
-          "result",
-          CallExpression(
-            MemberExpression(Identifier(newName), Identifier("call"), false),
-            [ArrayExpression(input.map(Identifier)), ...newParamNodes]
+          "_",
+          AssignmentExpression(
+            "=",
+            identifier,
+            ArrayExpression([
+              ArrayExpression(input.map(Identifier)),
+              ArrayExpression([...newParamNodes]),
+              Identifier(resultName),
+            ])
           )
-        )
-      );
+        ),
+      ]);
 
       // result.pop()
       var pop = CallExpression(
-        MemberExpression(Identifier("result"), Identifier("pop"), false),
+        MemberExpression(
+          MemberExpression(Identifier(resultName), Identifier(propName), false),
+          Identifier("pop"),
+          false
+        ),
         []
       );
 
@@ -277,16 +341,90 @@ export default class Flatten extends Transform {
       //
       // return result.pop()
 
-      object.body = BlockStatement([
-        call,
-        ...[...output].reverse().map((name) => {
+      var newObjectBody: Node[] = [call];
+      var outputReversed = [...output].reverse();
+
+      // DECOY STATEMENTS
+      var decoyKey = this.gen.generate();
+      var decoyNodes = [
+        IfStatement(
+          MemberExpression(
+            Identifier(resultName),
+            Identifier(this.gen.generate()),
+            false
+          ),
+          [
+            ThrowStatement(
+              NewExpression(Identifier("Error"), [
+                Literal(this.getPlaceholder()),
+              ])
+            ),
+          ]
+        ),
+        IfStatement(
+          MemberExpression(
+            Identifier(resultName),
+            Identifier(this.gen.generate()),
+            false
+          ),
+          [ReturnStatement(Identifier(resultName))]
+        ),
+        IfStatement(
+          MemberExpression(
+            Identifier(resultName),
+            Identifier(this.gen.generate()),
+            false
+          ),
+          [ReturnStatement(Identifier(resultName))]
+        ),
+        IfStatement(
+          MemberExpression(Identifier(resultName), Identifier(decoyKey), false),
+          [
+            ReturnStatement(
+              MemberExpression(
+                Identifier(resultName),
+                Identifier(decoyKey),
+                false
+              )
+            ),
+          ]
+        ),
+        IfStatement(
+          MemberExpression(
+            Identifier(resultName),
+            Identifier(this.gen.generate()),
+            false
+          ),
+          [
+            ReturnStatement(
+              MemberExpression(
+                Identifier(resultName),
+                Identifier(this.gen.generate()),
+                false
+              )
+            ),
+          ]
+        ),
+      ];
+
+      shuffle(decoyNodes);
+      decoyNodes.forEach((decoyNode) => {
+        if (Math.random() < 0.5) {
+          newObjectBody.push(decoyNode);
+        }
+      });
+
+      newObjectBody.push(
+        ...outputReversed.map((name) => {
           return ExpressionStatement(
             AssignmentExpression("=", Identifier(name), clone(pop))
           );
         }),
 
-        ReturnStatement(clone(pop)),
-      ]);
+        ReturnStatement(clone(pop))
+      );
+
+      object.body = BlockStatement(newObjectBody);
 
       object.params = newParamNodes;
     };

src/transforms/flatten.ts

@@ -58,7 +58,7 @@ export type EvalCallback = {
  */
 export type Chain = Node[];
 
-export function Literal(value: string | number | boolean) {
+export function Literal(value: string | number | boolean): Node {
   if (typeof value === "undefined") {
     throw new Error("value is undefined");
   }

src/util/gen.ts

@@ -0,0 +1,7 @@
+import { Node } from "./gen";
+
+export function isStringLiteral(node: Node) {
+  return (
+    node.type === "Literal" && typeof node.value === "string" && !node.regex
+  );
+}

src/util/guard.ts

@@ -423,3 +423,26 @@ it("should properly use custom callback to exclude certain names from being chan
 
   eval(output);
 });
+
+it("should not apply to objects with non-init properties (method, set, get)", async () => {
+  var code = `
+    
+    var realValue = 0;
+    var TEST_OBJECT = {
+      set key(newValue){
+        realValue = newValue;
+      },
+      get key(){
+        return realValue;
+      }
+    };
+  `;
+
+  var output = await JsConfuser(code, {
+    target: "node",
+    objectExtraction: true,
+  });
+
+  expect(output).toContain("TEST_OBJECT");
+  expect(output).toContain("set ");
+});