search

MichaelXF / js-confuser

JS-Confuser is a JavaScript obfuscation tool to make your programs *impossible* to read.
https://js-confuser.com
MIT License
239 stars 35 forks source link

Default property assignment using passed in variable fails #154

Open anywhichway opened 1 day ago

anywhichway commented 1 day ago

Describe the bug:

Default property assignment using passed in variable fails. The property must be assigned using a property name and a value.

Config and Small code sample

Config:

const partners = {joe:{id:1}};

Code:

const contacts = Object.keys(partners).reduce((contacts,name) => {
            const {id} = partners[name];
            // do NOT use contacts.push({id,name});
            // the code breaks with the obfuscator
            contacts.push({id,name:name});
            return contacts;
        },[]);

Expected behavior

[{id:1,name:"joe"}]

Actual behavior

[{id:1}]

Additional context

None

MichaelXF commented 1 day ago

Hi, can you share the options and version you're using? I am unable to reproduce on 1.7.3 or 2.0.0-alpha.3

anywhichway commented 1 day ago

1.7.3, similar thing happening in multiple places in my code

JSConfuser.obfuscate(code, { target: 'browser', calculator: false, compact: true, hexadecimalNumbers: true, controlFlowFlattening: 0.05, deadCode: 0.01, dispatcher: 0.1, duplicateLiteralsRemoval: true, identifierGenerator: "randomized", minify: true, movedDeclarations: true, objectExtraction: true, opaquePredicates: 0.1, renameVariables: true, renameGlobals: false, stringConcealing: true, globalConcealing: false, /lock: { integrity: true, selfDefending: true, tamperProtection: true, //antiDebug: true, //countermeasures: true }/ });

On Mon, Nov 18, 2024 at 10:37 AM Michael Brasington < @.***> wrote:

Hi, can you share the options and version you're using? I am unable to reproduce on 1.7.3 https://www.npmjs.com/package/js-confuser/v/1.7.3 or 2.0.0-alpha.3 https://www.npmjs.com/package/js-confuser/v/2.0.0-alpha.3

— Reply to this email directly, view it on GitHub https://github.com/MichaelXF/js-confuser/issues/154#issuecomment-2483828470, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABF2USYPAR2K5YG7MKOU7A32BIXWTAVCNFSM6AAAAABR7HRKFGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIOBTHAZDQNBXGA . You are receiving this because you authored the thread.Message ID: @.***>

anywhichway commented 1 day ago

Hi Michael, I found another issue. It seems that the table mapping for obfuscated strings or variables may not be working quite properly. Note the commented out test below.

Since I can't give you a simple example, I do not have any major expectations about a fix or anything. I do know the code works when not obfuscated. Just be on the look-out for other issues that seem to indicate there might be a string or variable table issue.

Close the issue as non-reproducible if you wish.

const user = session.user, partners = user.partners, users = session.users, invitations = user.invitations||{}, dimensions = user.dimensions||[], ids = new Set(), contacts = Object.keys(partners).reduce((contacts,name) => { const {id,email,color,notify,hide,error,status,shareEmotions} = partners[name]; ids.add(id); contacts.push({id,name:name,email,color,notify,hide,error,status,shareEmotions}); return contacts; },[]); Object.keys(invitations).forEach(id => { // if(!ids.has(id)) { // does not work with obfuscation if(!contacts.some(contact => contact.id===id)) { const {inviterEmail,message,status,shareEmotions} = invitations[id]; contacts.push({id,shareEmotions,email:inviterEmail,name:inviterEmail,message,hide:true,color:"#000000",notify:{},status}); } })

On Mon, Nov 18, 2024 at 2:50 PM Simon Blackwell @.***> wrote:

1.7.3, similar thing happening in multiple places in my code

JSConfuser.obfuscate(code, { target: 'browser', calculator: false, compact: true, hexadecimalNumbers: true, controlFlowFlattening: 0.05, deadCode: 0.01, dispatcher: 0.1, duplicateLiteralsRemoval: true, identifierGenerator: "randomized", minify: true, movedDeclarations: true, objectExtraction: true, opaquePredicates: 0.1, renameVariables: true, renameGlobals: false, stringConcealing: true, globalConcealing: false, /lock: { integrity: true, selfDefending: true, tamperProtection: true, //antiDebug: true, //countermeasures: true }/ });

On Mon, Nov 18, 2024 at 10:37 AM Michael Brasington < @.***> wrote:

Hi, can you share the options and version you're using? I am unable to reproduce on 1.7.3 https://www.npmjs.com/package/js-confuser/v/1.7.3 or 2.0.0-alpha.3 https://www.npmjs.com/package/js-confuser/v/2.0.0-alpha.3

— Reply to this email directly, view it on GitHub https://github.com/MichaelXF/js-confuser/issues/154#issuecomment-2483828470, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABF2USYPAR2K5YG7MKOU7A32BIXWTAVCNFSM6AAAAABR7HRKFGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIOBTHAZDQNBXGA . You are receiving this because you authored the thread.Message ID: @.***>

anywhichway commented 1 day ago

All problems disappeared with this setting: renameVariables: false,

On Mon, Nov 18, 2024 at 4:11 PM Simon Blackwell @.***> wrote:

Hi Michael, I found another issue. It seems that the table mapping for obfuscated strings or variables may not be working quite properly. Note the commented out test below.

Since I can't give you a simple example, I do not have any major expectations about a fix or anything. I do know the code works when not obfuscated. Just be on the look-out for other issues that seem to indicate there might be a string or variable table issue.

Close the issue as non-reproducible if you wish.

const user = session.user, partners = user.partners, users = session.users, invitations = user.invitations||{}, dimensions = user.dimensions||[], ids = new Set(), contacts = Object.keys(partners).reduce((contacts,name) => { const {id,email,color,notify,hide,error,status,shareEmotions} = partners[name]; ids.add(id); contacts.push({id,name:name,email,color,notify,hide,error,status,shareEmotions}); return contacts; },[]); Object.keys(invitations).forEach(id => { // if(!ids.has(id)) { // does not work with obfuscation if(!contacts.some(contact => contact.id===id)) { const {inviterEmail,message,status,shareEmotions} = invitations[id]; contacts.push({id,shareEmotions,email:inviterEmail,name:inviterEmail,message,hide:true,color:"#000000",notify:{},status}); } })

On Mon, Nov 18, 2024 at 2:50 PM Simon Blackwell < @.***> wrote:

1.7.3, similar thing happening in multiple places in my code

JSConfuser.obfuscate(code, { target: 'browser', calculator: false, compact: true, hexadecimalNumbers: true, controlFlowFlattening: 0.05, deadCode: 0.01, dispatcher: 0.1, duplicateLiteralsRemoval: true, identifierGenerator: "randomized", minify: true, movedDeclarations: true, objectExtraction: true, opaquePredicates: 0.1, renameVariables: true, renameGlobals: false, stringConcealing: true, globalConcealing: false, /lock: { integrity: true, selfDefending: true, tamperProtection: true, //antiDebug: true, //countermeasures: true }/ });

On Mon, Nov 18, 2024 at 10:37 AM Michael Brasington < @.***> wrote:

Hi, can you share the options and version you're using? I am unable to reproduce on 1.7.3 https://www.npmjs.com/package/js-confuser/v/1.7.3 or 2.0.0-alpha.3 https://www.npmjs.com/package/js-confuser/v/2.0.0-alpha.3

— Reply to this email directly, view it on GitHub https://github.com/MichaelXF/js-confuser/issues/154#issuecomment-2483828470, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABF2USYPAR2K5YG7MKOU7A32BIXWTAVCNFSM6AAAAABR7HRKFGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIOBTHAZDQNBXGA . You are receiving this because you authored the thread.Message ID: @.***>