Improvements of `stringArrayEncoding`: `base64` and `rc4`

CHANGELOG.md

@@ -1,5 +1,9 @@
 Change Log
 
+v1.3.0
+---
+* Improvements of `stringArrayEncoding`: `base64` and `rc4`
+
 v1.2.2
 ---
 * Fixed performance regression of `Initializing` stage after `1.2.0`

package.json

@@ -1,6 +1,6 @@
 {
   "name": "javascript-obfuscator",
-  "version": "1.2.2",
+  "version": "1.3.0",
   "description": "JavaScript obfuscator",
   "keywords": [
     "obfuscator",

src/custom-code-helpers/string-array/StringArrayCallsWrapperCodeHelper.ts

@@ -10,13 +10,11 @@ import { IEscapeSequenceEncoder } from '../../interfaces/utils/IEscapeSequenceEn
 import { IOptions } from '../../interfaces/options/IOptions';
 import { IRandomGenerator } from '../../interfaces/utils/IRandomGenerator';
 
-import { ObfuscationTarget } from '../../enums/ObfuscationTarget';
 import { StringArrayEncoding } from '../../enums/StringArrayEncoding';
 
 import { initializable } from '../../decorators/Initializable';
 
 import { AtobTemplate } from './templates/string-array-calls-wrapper/AtobTemplate';
-import { GlobalVariableNoEvalTemplate } from '../common/templates/GlobalVariableNoEvalTemplate';
 import { Rc4Template } from './templates/string-array-calls-wrapper/Rc4Template';
 import { SelfDefendingTemplate } from './templates/string-array-calls-wrapper/SelfDefendingTemplate';
 import { StringArrayBase64DecodeTemplate } from './templates/string-array-calls-wrapper/StringArrayBase64DecodeTemplate';
@@ -28,6 +26,12 @@ import { NodeUtils } from '../../node/NodeUtils';
 
 @injectable()
 export class StringArrayCallsWrapperCodeHelper extends AbstractCustomCodeHelper {
+    /**
+     * @type {string}
+     */
+    @initializable()
+    private atobFunctionName!: string;
+
     /**
      * @type {string}
      */
@@ -76,13 +80,16 @@ export class StringArrayCallsWrapperCodeHelper extends AbstractCustomCodeHelper
     /**
      * @param {string} stringArrayName
      * @param {string} stringArrayCallsWrapperName
+     * @param {string} atobFunctionName
      */
     public initialize (
         stringArrayName: string,
-        stringArrayCallsWrapperName: string
+        stringArrayCallsWrapperName: string,
+        atobFunctionName: string
     ): void {
         this.stringArrayName = stringArrayName;
         this.stringArrayCallsWrapperName = stringArrayCallsWrapperName;
+        this.atobFunctionName = atobFunctionName;
     }
 
     /**
@@ -117,10 +124,12 @@ export class StringArrayCallsWrapperCodeHelper extends AbstractCustomCodeHelper
      * @returns {string}
      */
     private getDecodeStringArrayTemplate (): string {
-        const globalVariableTemplate: string = this.options.target !== ObfuscationTarget.BrowserNoEval
-            ? this.getGlobalVariableTemplate()
-            : GlobalVariableNoEvalTemplate();
-        const atobPolyfill: string = this.customCodeHelperFormatter.formatTemplate(AtobTemplate(), { globalVariableTemplate });
+        const atobPolyfill: string = this.customCodeHelperFormatter.formatTemplate(AtobTemplate(), {
+            atobFunctionName: this.atobFunctionName
+        });
+        const rc4Polyfill: string = this.customCodeHelperFormatter.formatTemplate(Rc4Template(), {
+            atobFunctionName: this.atobFunctionName
+        });
 
         let decodeStringArrayTemplate: string = '';
         let selfDefendingCode: string = '';
@@ -144,8 +153,8 @@ export class StringArrayCallsWrapperCodeHelper extends AbstractCustomCodeHelper
                     StringArrayRC4DecodeTemplate(this.randomGenerator),
                     {
                         atobPolyfill,
+                        rc4Polyfill,
                         selfDefendingCode,
-                        rc4Polyfill: Rc4Template(),
                         stringArrayCallsWrapperName: this.stringArrayCallsWrapperName
                     }
                 );
@@ -157,6 +166,7 @@ export class StringArrayCallsWrapperCodeHelper extends AbstractCustomCodeHelper
                     StringArrayBase64DecodeTemplate(this.randomGenerator),
                     {
                         atobPolyfill,
+                        atobFunctionName: this.atobFunctionName,
                         selfDefendingCode,
                         stringArrayCallsWrapperName: this.stringArrayCallsWrapperName
                     }

src/custom-code-helpers/string-array/group/StringArrayCodeHelperGroup.ts

@@ -118,9 +118,10 @@ export class StringArrayCodeHelperGroup extends AbstractCustomCodeHelperGroup {
         const stringArrayName: string = this.stringArrayStorage.getStorageName();
         const stringArrayCallsWrapperName: string = this.stringArrayStorage.getStorageCallsWrapperName();
         const stringArrayRotationAmount: number = this.stringArrayStorage.getRotationAmount();
+        const atobFunctionName: string = this.randomGenerator.getRandomString(6);
 
         stringArrayCodeHelper.initialize(this.stringArrayStorage, stringArrayName);
-        stringArrayCallsWrapperCodeHelper.initialize(stringArrayName, stringArrayCallsWrapperName);
+        stringArrayCallsWrapperCodeHelper.initialize(stringArrayName, stringArrayCallsWrapperName, atobFunctionName);
         stringArrayRotateFunctionCodeHelper.initialize(stringArrayName, stringArrayRotationAmount);
 
         this.customCodeHelpers.set(CustomCodeHelper.StringArray, stringArrayCodeHelper);

src/custom-code-helpers/string-array/templates/string-array-calls-wrapper/AtobTemplate.ts

@@ -6,27 +6,22 @@ import { numbersString } from '../../../../constants/NumbersString';
  * @returns {string}
  */
 export function AtobTemplate (): string {
+    // swapped lowercase and uppercase groups of alphabet to prevent easy decode!!!!
     return `
-        (function () {
-            {globalVariableTemplate}
-            
-            const chars = '${alphabetStringUppercase}${alphabetString}${numbersString}+/=';
+        var {atobFunctionName} = function (input) {
+            const chars = '${alphabetString}${alphabetStringUppercase}${numbersString}+/=';
 
-            that.atob || (
-                that.atob = function(input) {
-                    const str = String(input).replace(/=+$/, '');
-                    let output = '';
-                    for (
-                        let bc = 0, bs, buffer, idx = 0;
-                        buffer = str.charAt(idx++);
-                        ~buffer && (bs = bc % 4 ? bs * 64 + buffer : buffer,
-                            bc++ % 4) ? output += String.fromCharCode(255 & bs >> (-2 * bc & 6)) : 0
-                    ) {
-                        buffer = chars.indexOf(buffer);
-                    }
-                    return output;
-                }
-            );
-        })();
+            const str = String(input).replace(/=+$/, '');
+            let output = '';
+            for (
+                let bc = 0, bs, buffer, idx = 0;
+                buffer = str.charAt(idx++);
+                ~buffer && (bs = bc % 4 ? bs * 64 + buffer : buffer,
+                    bc++ % 4) ? output += String.fromCharCode(255 & bs >> (-2 * bc & 6)) : 0
+            ) {
+                buffer = chars.indexOf(buffer);
+            }
+            return output;
+        };
     `;
 }

src/custom-code-helpers/string-array/templates/string-array-calls-wrapper/Rc4Template.ts

@@ -6,7 +6,7 @@ export function Rc4Template (): string {
         const rc4 = function (str, key) {
             let s = [], j = 0, x, res = '', newStr = '';
            
-            str = atob(str);
+            str = {atobFunctionName}(str);
                 
             for (let k = 0, length = str.length; k < length; k++) {
                 newStr += '%' + ('00' + str.charCodeAt(k).toString(16)).slice(-2);

src/custom-code-helpers/string-array/templates/string-array-calls-wrapper/StringArrayBase64DecodeTemplate.ts

@@ -18,7 +18,7 @@ export function StringArrayBase64DecodeTemplate (
             {atobPolyfill}
             
             {stringArrayCallsWrapperName}.${base64DecodeFunctionIdentifier} = function (str) {
-                const string = atob(str);
+                const string = {atobFunctionName}(str);
                 let newStringChars = [];
                 
                 for (let i = 0, length = string.length; i < length; i++) {

src/utils/CryptUtils.ts

@@ -32,7 +32,8 @@ export class CryptUtils implements ICryptUtils {
      * @returns {string}
      */
     public btoa (string: string): string {
-        const chars: string = `${alphabetStringUppercase}${alphabetString}${numbersString}+/=`;
+        // swapped lowercase and uppercase groups of alphabet to prevent easy decode!!!!
+        const chars: string = `${alphabetString}${alphabetStringUppercase}${numbersString}+/=`;
 
         let output: string = '';
 

test/dev/dev.ts

@@ -7,14 +7,14 @@ import { NO_ADDITIONAL_NODES_PRESET } from '../../src/options/presets/NoCustomNo
 
     let obfuscatedCode: string = JavaScriptObfuscator.obfuscate(
         `
-            class Foo {
-                [(1, Symbol.asyncIterator)]() {}
-            }
+            const foo = 'abc';
+            console.log(foo);
         `,
         {
             ...NO_ADDITIONAL_NODES_PRESET,
-            compact: false,
-            renameProperties: true
+            stringArray: true,
+            stringArrayThreshold: 1,
+            stringArrayEncoding: 'base64',
         }
     ).getObfuscatedCode();
 

test/functional-tests/custom-code-helpers/string-array/templates/string-array-calls-wrapper-node-template/StringArrayCallsWrapperNodeTemplate.spec.ts

@@ -12,7 +12,6 @@ import { IObfuscatedCode } from '../../../../../../src/interfaces/source-code/IO
 import { IRandomGenerator } from '../../../../../../src/interfaces/utils/IRandomGenerator';
 
 import { AtobTemplate } from '../../../../../../src/custom-code-helpers/string-array/templates/string-array-calls-wrapper/AtobTemplate';
-import { GlobalVariableTemplate1 } from '../../../../../../src/custom-code-helpers/common/templates/GlobalVariableTemplate1';
 import { Rc4Template } from '../../../../../../src/custom-code-helpers/string-array/templates/string-array-calls-wrapper/Rc4Template';
 import { StringArrayBase64DecodeTemplate } from '../../../../../../src/custom-code-helpers/string-array/templates/string-array-calls-wrapper/StringArrayBase64DecodeTemplate';
 import { StringArrayCallsWrapperTemplate } from '../../../../../../src/custom-code-helpers/string-array/templates/string-array-calls-wrapper/StringArrayCallsWrapperTemplate';
@@ -27,6 +26,7 @@ import { readFileAsString } from '../../../../../helpers/readFileAsString';
 describe('StringArrayCallsWrapperTemplate', () => {
     const stringArrayName: string = 'stringArrayName';
     const stringArrayCallsWrapperName: string = 'stringArrayCallsWrapperName';
+    const atobFunctionName: string = 'atob';
 
     let cryptUtils: ICryptUtils,
         randomGenerator: IRandomGenerator;
@@ -47,12 +47,13 @@ describe('StringArrayCallsWrapperTemplate', () => {
 
         before(() => {
             const atobPolyfill = format(AtobTemplate(), {
-                globalVariableTemplate: GlobalVariableTemplate1()
+                atobFunctionName
             });
             const atobDecodeTemplate: string = format(
                 StringArrayBase64DecodeTemplate(randomGenerator),
                 {
                     atobPolyfill,
+                    atobFunctionName,
                     selfDefendingCode: '',
                     stringArrayCallsWrapperName
                 }
@@ -86,13 +87,16 @@ describe('StringArrayCallsWrapperTemplate', () => {
 
         before(() => {
             const atobPolyfill = format(AtobTemplate(), {
-                globalVariableTemplate: GlobalVariableTemplate1()
+                atobFunctionName
+            });
+            const rc4Polyfill = format(Rc4Template(), {
+                atobFunctionName
             });
             const rc4decodeCodeHelperTemplate: string = format(
                 StringArrayRC4DecodeTemplate(randomGenerator),
                 {
                     atobPolyfill,
-                    rc4Polyfill: Rc4Template(),
+                    rc4Polyfill,
                     selfDefendingCode: '',
                     stringArrayCallsWrapperName
                 }

test/functional-tests/node-transformers/obfuscating-transformers/literal-transformer/LiteralTransformer.spec.ts

@@ -7,6 +7,7 @@ import { NO_ADDITIONAL_NODES_PRESET } from '../../../../../src/options/presets/N
 
 import { readFileAsString } from '../../../../helpers/readFileAsString';
 import { getRegExpMatch } from '../../../../helpers/getRegExpMatch';
+import { swapLettersCase } from '../../../../helpers/swapLettersCase';
 
 import { JavaScriptObfuscator } from '../../../../../src/JavaScriptObfuscatorFacade';
 
@@ -186,7 +187,7 @@ describe('LiteralTransformer', () => {
         });
 
         describe('Variant #8: base64 encoding', () => {
-            const stringArrayRegExp: RegExp = /^var _0x([a-f0-9]){4} *= *\['dGVzdA=='\];/;
+            const stringArrayRegExp: RegExp = new RegExp(`^var _0x([a-f0-9]){4} *= *\\['${swapLettersCase('dGVzdA==')}'];`);
             const stringArrayCallRegExp: RegExp = /var test *= *_0x([a-f0-9]){4}\('0x0'\);/;
 
             let obfuscatedCode: string;

test/helpers/swapLettersCase.ts

@@ -0,0 +1,14 @@
+/**
+ * @param {string} value
+ * @returns {string}
+ */
+export function swapLettersCase (value: string): string {
+    return value
+        .split('')
+        .map((letter: string) =>
+            letter === letter.toUpperCase()
+                ? letter.toLowerCase()
+                : letter.toUpperCase()
+        )
+        .join('');
+}

test/unit-tests/utils/CryptUtils.spec.ts

@@ -9,6 +9,8 @@ import { IInversifyContainerFacade } from '../../../src/interfaces/container/IIn
 
 import { InversifyContainerFacade } from '../../../src/container/InversifyContainerFacade';
 
+import { swapLettersCase } from '../../helpers/swapLettersCase';
+
 describe('CryptUtils', () => {
     let cryptUtils: ICryptUtils;
 
@@ -20,7 +22,7 @@ describe('CryptUtils', () => {
     });
 
     describe('btoa', () => {
-        const expectedString: string = 'c3RyaW5n';
+        const expectedString: string = swapLettersCase('c3RyaW5n');
 
         let string: string;