Fixes

• Fixed #167

• Fixed #180

• Fixed #190

• The option preserveFunctionLength is now disabled by default

• Improved Control Flow Flattening

• • Fixed implicit return bug causing incorrect return values
• • The switch-case transitions now are computed by other state variables
• • No longer lifted by nullableVoidPtr's deobfuscator - a complete CFF-in-CFF and JS-Confuser solver

// Input code:
console.log(1)

// 2.0.0
case 245:
    console["log"](1);
    ((c += -311), (d += 251), (e += 346));
    break;

// 2.0.1
case 245:
    console["log"](1);
    ((c += e - -174), (d += e - -114), (e += c - 329));
    break;

• Added page for "Best Practices" on JS-Confuser.com. Link here

2.0 Rewrite 🎉

Complete rewrite of JS-Confuser using Babel! 🎉

⚠️ Breaking changes

Note

Check out the Migration guide on how to properly update from 1.X to 2.0. The obfuscation upgrades in 2.0 are worth the small refactoring.

• Revamped API Interface

• • JSConfuser.obfuscate() resolves to an object

Property	Type	Description
code	string	The obfuscated code.

• Renamed Stack to Variable Masking

• Added configurable limits to options:

const options = {
  target: "node",

  rgf: {
    value: 0.5, // = 50% of eligible functions
    limit: 10 // Maximum of 10 changes for performance reasons
  },

  // Original format is still valid (No limit applied)
  rgf: 0.5
}

2.0 Changes

• Added Custom String Encoding and Custom Lock Code options

• Added Rename Labels Learn more here

• Added Pack Learn more here

• RGF no longers uses new Function instead uses eval

• Improved code transforms!

• Improved Control Flow Flattening

• • Obfuscates the Call Graph
• • Now supports lexical bindings (let, const, class)
• • with () { } statement obfuscation

• Improved Minify

• • Removes unused variables and functions

• Improved Moved Declaration ability to move variables as unused function parameters

• Improved String transforms

• • Template literals are now obfuscated (First converted into equivalent String Literal)
• • Regular expressions are now obfuscated (First converted into equivalent RegExp() constructor calls)
• • String Compression now uses LZ-string compression (lz-string)

• New Comment Syntax

• • /* @js-confuser-var */ "name" for improved variable mappings, such as eval() calls

// Input
var name = "Internet User";
eval( "console.log(" + /* @js-confuser-var */ "name" + ")" );

// Output
var zC3PLKu = "Internet User";
eval("console.log(" + "zC3PLKu" + ")");

Note: The function __JS_CONFUSER_VAR__ is still supported.

JS-Confuser.com Revamp

A new UI for JS-Confuser.com, featuring an advanced playground and documentation pages.

The previous version will remain available at old--confuser.netlify.com.

Removed features

• Removed ES5 option - Use Babel Instead

• Removed Browser Lock and OS Lock - Use Custom Locks instead

• Removed Shuffle's Hash option

• Removed Indent option

Tamper Protection

Tamper Protection

Tamper Protection safeguards the runtime behavior from being altered by JavaScript pitfalls.

Learn more here.

---

• Rename Variables improvements:

• A new exposed function, __JS_CONFUSER_VAR__, can be used to access renamed variables. Learn more here.

// Input
var name = "John Doe";
eval("console.log(" + __JS_CONFUSER_VAR__(name) + ")");

// Output
var CA1HU0 = 'John Doe';
eval('console.log(' + 'CA1HU0' + ')');

• Improved the Zero Width identifier generator (Thanks @doctor8296!)

• Pad the String Concealing array with more fake strings

• Improved String Compression

• New Web UI sneak peak: https://new--confuser.netlify.app/

Updates

• Anti Tooling & Expression Obfuscation improvements

• • No longer expanded by webcrack, synchrony & REstringer

• String Concealing improvements

• • Randomizes the charset for each obfuscation
• • Place multiple decryption functions throughout the code
• • These changes aim to defeat JSConfuser-String-Decryptor and any other RegEx-based decoders

• Moved Declarations improvements

• • Now moves some variables as unused parameters on certain functions

• RGF improvements

• • More likely to transform functions containing functions

• Fixed #96

• • Removed hardcoded limits on String Concealing, String Compression, and Duplicate Literals Removal

• Fixed #106

• • Final fix with const variables for Object Extraction

• Fixed #131

• • __dirname is no longer changed by Global Concealing

New Option

preserveFunctionLength

• Modified functions will retain the correct function.length property. (true/false)
  Enabled by default.

Minor improvements

• Preserve function.length
• Preserve Strict Mode behaviors
• Preserve indirect vs. direct eval use

Updates

• Fixed #107

• • RGF and Integrity clash issue fixed

• Fixed #106

• • Object Extraction to properly handle const objects

• Fixed #105

• • Duplicate Literals Removal updated to not cause this error

• Fixed #103

• • Dispatcher will no longer apply to these types of functions to prevent this error

• Added documentation page for ES5

• Rollup Plugin created: https://github.com/ayecue/rollup-js-confuser (Thanks @ayecue!)

Updates

• Fixed #89

• • Flatten to not break functions with invalid identifier names

• Fixed #88

• • Stack to not break functions with syncing arguments

• Fixed #91

• • Minify to preserve function.length property

• Fixed #95

• • Rename Variables optimized to obfuscate much faster

• Added documentation pages for RGF and Control Flow Flattening

• Removed eval option in favor of rgf option.

• • Removed the "all" option from rgf.

• Removed nameRecycling option

Website Redesign + Updates

The website is now redesigned and live at js-confuser.com!

• Check out the source code for the website here: https://github.com/MichaelXF/js-confuser-website

New feature

selfDefending

Prevents the use of code beautifiers or formatters against your code.

Identical to Obfuscator.io's Self Defending

Improvements

• Fixed #56

• • Calculator improved to apply to more operators

• ES5 to handle destructuring member expressions

• Improved Control Flow Flattening techniques

• • Outlining expressions
• • Control object to store numbers and strings

• Updated the String concealing encoding algorithm

• Optimizations / Small fixes

Big update

This updates comes with many bug fixes:

• Fixed #72
• • ES5 to handle Class Fields

Note: The ES5 option is not meant to replace Babel. It is only intended to undo ES6 features the obfuscator may have added to your code.

• Fixed #74

• • Anti Tooling to not break Symbols

• Fixed #75

• • Minify to properly handle Object constructors

• Fixed #76

• • Minify to not cause syntax errors when objects used ^, `, [, ] as property keys

• Fixed #77

• • Dispatcher to not break code that uses generic names like toString and hasOwnProperty

• Fixed #78

• • Object Extraction to not error on objects with spread elements

• Fixed #79

• • JsConfuser now supports BigInt literals

• Fixed #80

• • Rename Variables to not break code that had var and let variables in the same scope

• Fixed #81

• • Control Flow Flattening to not break typeof expressions

• Fixed #82

• • String Concealing to not break class constructors

Several fixes

• Fixed #46

• • Updated the validation on lock options

• Fixed #68

• • Name Recycling fixed to not break certain function declarations

• Fixed #69, #70 and #71

• • Import statements to be properly handled

• Slight improvements to String Concealing

Countermeasures function fixes

This update focuses on fixing Countermeasures bugs

The countermeasures is custom callback function to invoke when a lock is triggered.

• Fixed #66

• • RGF to properly handle the countermeasures function

• Added additional code to prevent an infinite loop from occurring

• Slight improvements to RGF