refactor: improve decoder detection and rename designDecoderName to decoderNames

- Rename `designDecoderName` option to `decoderNames` for clarity
- Rename `design-decoder.ts` to `collect-decoders.ts` with function rename
- Add wrapped string array function pattern detection in find-decoder-by-array
- Extract `processReferences` helper function to reduce code duplication
- Add detailed JSDoc comments to find-decoder-by-call-count explaining detection logic
- Move inlineObjectProps transform earlier in the deobfuscation pipeline
- Remove unused webcrack deobfuscate call and mergeObjectAssignments transform

Author: kuizuo

example/lamz/index.ts

@@ -16,7 +16,7 @@ const __dirname = dirname(__filename)
   const { code, save } = await deob(rawCode, {
     decoderLocationMethod: 'evalCode',
     setupCode,
-    designDecoderName: '_0x1663',
+    decoderNames: '_0x1663',
   })
   save(__dirname)
 })()

example/pdd/index.ts

@@ -16,7 +16,7 @@ const __dirname = dirname(__filename)
   const options: Options = {
     decoderLocationMethod: 'evalCode',
     setupCode,
-    designDecoderName: 'qt',
+    decoderNames: 'qt',
   }
 
   await fs.writeFile(`${__dirname}/pretty.js`, codePrettier(parseCode(rawCode)))

packages/deob/src/index.ts

@@ -7,8 +7,7 @@ import type { Options } from './options'
 import { join, normalize } from 'node:path'
 import { codeFrameColumns } from '@babel/code-frame'
 import { parse } from '@babel/parser'
-import { applyTransform, applyTransformAsync, applyTransforms, codePrettier, enableLogger, generate, deobLogger as logger } from './ast-utils'
-import deobfuscate from './deobfuscate'
+import { applyTransform, applyTransforms, codePrettier, enableLogger, generate, deobLogger as logger } from './ast-utils'
 import controlFlowObject from './deobfuscate/control-flow-object'
 import controlFlowSwitch from './deobfuscate/control-flow-switch'
 import deadCode from './deobfuscate/dead-code'
@@ -23,8 +22,8 @@ import varFunctions from './deobfuscate/var-functions'
 
 import { evalCode } from './deobfuscate/vm'
 import { defaultOptions, mergeOptions } from './options'
+import { collectDecoders } from './transforms/collect-decoders'
 import { decodeStrings } from './transforms/decode-strings'
-import { designDecoder } from './transforms/design-decoder'
 import { findDecoderByArray } from './transforms/find-decoder-by-array'
 import { findDecoderByCallCount } from './transforms/find-decoder-by-call-count'
 import mangle from './transforms/mangle'
@@ -113,8 +112,6 @@ export async function deob(rawCode: string, options: Options = {}): Promise<Deob
         { name: 'prepare' },
       )
     },
-    // webcrack 反混淆
-    () => applyTransformAsync(ast, deobfuscate, opts.sandbox),
     // 定位解密器
     async () => {
       let stringArray: StringArray | undefined
@@ -127,17 +124,17 @@ export async function deob(rawCode: string, options: Options = {}): Promise<Deob
 
         stringArray = s as any
         rotators = r
-        decoders = designDecoder(ast, ds.map(d => d.name))
+        decoders = collectDecoders(ast, ds.map(d => d.name))
         setupCode = scode
       }
       else if (opts.decoderLocationMethod === 'callCount') {
         const { decoders: ds, setupCode: scode } = findDecoderByCallCount(ast, opts.decoderCallCount)
-        decoders = designDecoder(ast, ds.map(d => d.name))
+        decoders = collectDecoders(ast, ds.map(d => d.name))
         setupCode = scode
       }
       else if (opts.decoderLocationMethod === 'evalCode') {
         await evalCode(opts.sandbox!, opts.setupCode!)
-        decoders = designDecoder(ast, opts.designDecoderName!)
+        decoders = collectDecoders(ast, opts.decoderNames!)
       }
 
       logger(`${stringArray ? `字符串数组: ${stringArray?.name} (共 ${stringArray?.length} 项) 被引用 ${stringArray?.references.length} 处` : '没找到字符串数组'} | ${decoders.length ? `解密器函数: ${decoders.map(d => d.name)}` : '没找到解密器函数'}`)
@@ -152,6 +149,9 @@ export async function deob(rawCode: string, options: Options = {}): Promise<Deob
         )
       }
 
+      // 对象引用替换
+      applyTransform(ast, inlineObjectProps)
+
       // 执行解密器
       const map = await decodeStrings(opts.sandbox!, decoders as Decoder[])
 
@@ -169,16 +169,12 @@ export async function deob(rawCode: string, options: Options = {}): Promise<Deob
 
       return { changes: (map as any)?.size ?? decoders.length }
     },
-    // 对象引用替换
-    () => applyTransform(ast, inlineObjectProps),
     // 控制流平坦化
     () => applyTransforms(
       ast,
       [mergeStrings, deadCode, controlFlowObject, controlFlowSwitch],
       { noScope: true },
     ),
-    // 合并对象
-    () => applyTransform(ast, mergeObjectAssignments),
     // unminify
     () => applyTransforms(ast, [transpile, unminify]),
     // 变量命名优化

packages/deob/src/options.ts

@@ -10,7 +10,7 @@ export interface Options {
   /** 执行代码函数 */
   setupCode?: string
   /** 指明解密函数 */
-  designDecoderName?: string | string[]
+  decoderNames?: string | string[]
 
   /** 是否标记关键信息 */
   isMarkEnable?: boolean
@@ -30,7 +30,7 @@ export const defaultOptions: Required<Options> = {
   decoderLocationMethod: 'stringArray',
   decoderCallCount: 150,
   setupCode: '',
-  designDecoderName: '',
+  decoderNames: '',
 
   isMarkEnable: true,
   keywords: ['debugger'],

packages/deob/src/transforms/collect-decoders.ts

@@ -0,0 +1,22 @@
+import type * as t from '@babel/types'
+import traverse from '@babel/traverse'
+import { Decoder } from '../deobfuscate/decoder'
+
+export function collectDecoders(ast: t.Node, decoderNames: string | string[]): Decoder[] {
+  const names = Array.isArray(decoderNames) ? decoderNames : [decoderNames]
+
+  const foundDecoders: Decoder[] = []
+
+  traverse(ast, {
+    FunctionDeclaration(path) {
+      const { id } = path.node
+      const fnName = id?.name
+
+      if (fnName && names.includes(fnName)) {
+        foundDecoders.push(new Decoder(fnName, fnName, path))
+      }
+    },
+  })
+
+  return foundDecoders
+}