stencyption/src/cli.js

Military-grade JavaScript encryption with AES-256-GCM, polymorphic obfuscation, and anti-debugging protection. Each file gets unique encryption keys embedded in heavily obfuscated code.

#!/usr/bin/env node

const fs = require('fs');
const path = require('path');
const readline = require('readline');
const { Encryptor } = require('./encryptor.js');

function showHelp() {
  console.log(`
╔═══════════════════════════════════════════════════════════╗
║            STENCYPTION - Hardened Code Encryptor          ║
║       Military-Grade JavaScript Protection System         ║
╚═══════════════════════════════════════════════════════════╝

Usage:
  stencyption encrypt <file1> [file2] [file3] ... [options]
  stencyption help

Commands:
  encrypt <files...>       Encrypt one or more JavaScript files
    -p <password>          Password for encryption (prompted if not provided)
    -o <output-dir>        Specify output directory (optional)

Examples:
  stencyption encrypt app.js
  stencyption encrypt file1.js file2.js file3.js
  stencyption encrypt src/*.js -o encrypted/
  stencyption encrypt app.js -p MySecurePassword123
  
Features:
  ✓ Multi-file batch encryption
  ✓ Password-based encryption (PBKDF2 1M iterations)
  ✓ Triple-layer AES-256-GCM encryption
  ✓ Dual-pass obfuscation (2 complete cycles)
  ✓ Polymorphic code generation (unique per file)
  ✓ Data chunking (arrays split & hidden)
  ✓ Password char-code encoding
  ✓ RC4 + Base64 string encryption
  ✓ Control flow flattening (100%)
  ✓ Dead code injection (multi-level)
  ✓ No decryption possible (one-way encryption)
  
Security Notes:
  ⚠️  IMPORTANT: Choose a strong password (min 8 characters)
  ⚠️  Store your password securely - it's required to run encrypted files
  ⚠️  There is NO decryption functionality - encrypted code cannot be reversed
  ⚠️  Each file gets unique encryption even with same password
  ⚠️  Multi-layer obfuscation makes reverse engineering extremely difficult
  `);
}

async function promptPassword(message) {
  const rl = readline.createInterface({
    input: process.stdin,
    output: process.stdout
  });

  return new Promise((resolve) => {
    rl.question(message, (password) => {
      rl.close();
      resolve(password);
    });
  });
}

async function encryptFiles(files, password, outputDir) {
  if (!password) {
    password = await promptPassword('Enter encryption password (min 8 characters): ');
    
    if (!password || password.length < 8) {
      console.error('\n❌ Error: Password must be at least 8 characters long\n');
      process.exit(1);
    }

    const confirmPassword = await promptPassword('Confirm password: ');
    
    if (password !== confirmPassword) {
      console.error('\n❌ Error: Passwords do not match\n');
      process.exit(1);
    }
  } else if (password.length < 8) {
    console.error('\n❌ Error: Password must be at least 8 characters long\n');
    process.exit(1);
  }

  let successCount = 0;
  let failCount = 0;

  console.log(`\n🔒 Starting hardened encryption of ${files.length} file(s)...\n`);
  console.log(`⚡ Using triple-layer AES-256-GCM with 1M PBKDF2 iterations\n`);

  for (const inputPath of files) {
    try {
      if (!fs.existsSync(inputPath)) {
        console.error(`❌ File not found: ${inputPath}`);
        failCount++;
        continue;
      }

      if (!inputPath.endsWith('.js')) {
        console.error(`⚠️  Skipping non-JS file: ${inputPath}`);
        continue;
      }

      console.log(`🔒 Encrypting: ${inputPath}`);
      
      const sourceCode = fs.readFileSync(inputPath, 'utf8');
      const encrypted = Encryptor.encrypt(sourceCode, password);
      
      let output;
      if (outputDir) {
        if (!fs.existsSync(outputDir)) {
          fs.mkdirSync(outputDir, { recursive: true });
        }
        const filename = path.basename(inputPath).replace(/\.js$/, '.encrypted.js');
        output = path.join(outputDir, filename);
      } else {
        output = inputPath.replace(/\.js$/, '.encrypted.js');
      }
      
      fs.writeFileSync(output, encrypted, 'utf8');
      
      const originalSize = sourceCode.length;
      const encryptedSize = encrypted.length;
      const ratio = ((encryptedSize / originalSize) * 100).toFixed(1);
      
      console.log(`   ✅ Success → ${output}`);
      console.log(`   📊 ${originalSize} bytes → ${encryptedSize} bytes (${ratio}% of original)`);
      console.log(`   🛡️  Protected with polymorphic anti-reverse engineering\n`);
      
      successCount++;
    } catch (error) {
      console.error(`   ❌ Failed: ${error.message}\n`);
      failCount++;
    }
  }

  console.log(`━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━`);
  console.log(`📊 Encryption Summary:`);
  console.log(`   ✅ Successful: ${successCount}`);
  if (failCount > 0) {
    console.log(`   ❌ Failed: ${failCount}`);
  }
  console.log(`\n🔐 Security Features Applied:`);
  console.log(`   • Triple-layer AES-256-GCM encryption`);
  console.log(`   • 1,000,000 PBKDF2 iterations per layer (3M total)`);
  console.log(`   • Unique salts and IVs per encryption`);
  console.log(`   • Dual-pass obfuscation (2 complete obfuscation cycles)`);
  console.log(`   • Polymorphic code generation (unique per file)`);
  console.log(`   • Data chunking & spread operators (hides arrays)`);
  console.log(`   • Password char-code splitting`);
  console.log(`   • RC4 + Base64 string encryption`);
  console.log(`   • Control flow flattening (100%)`);
  console.log(`   • Dead code injection (50% + 90% passes)`);
  console.log(`\n⚠️  CRITICAL: Remember your password!`);
  console.log(`   • Encrypted files require the password to run`);
  console.log(`   • There is NO decryption functionality`);
  console.log(`   • Lost passwords = permanently encrypted code\n`);
}

const args = process.argv.slice(2);

if (args.length === 0 || args[0] === 'help' || args[0] === '--help' || args[0] === '-h') {
  showHelp();
  process.exit(0);
}

const command = args[0];

if (command === 'encrypt') {
  const files = [];
  let outputDir = null;
  let password = null;
  
  for (let i = 1; i < args.length; i++) {
    if (args[i] === '-o' && args[i + 1]) {
      outputDir = args[i + 1];
      i++;
    } else if (args[i] === '-p' && args[i + 1]) {
      password = args[i + 1];
      i++;
    } else if (!args[i].startsWith('-')) {
      files.push(args[i]);
    }
  }
  
  if (files.length === 0) {
    console.error('\n❌ Error: No input files specified');
    showHelp();
    process.exit(1);
  }
  
  encryptFiles(files, password, outputDir).catch(error => {
    console.error(`\n❌ Encryption failed: ${error.message}\n`);
    process.exit(1);
  });
  
} else {
  console.error(`\n❌ Unknown command: ${command}`);
  console.log(`\nℹ️  Note: Decryption has been removed for security.`);
  console.log(`   Encrypted files are designed to be one-way protected.`);
  console.log(`   Use 'stencyption encrypt' to protect your code.\n`);
  showHelp();
  process.exit(1);
}