From d2904ec125e14643e4f3df0b48746a3657f84c36 Mon Sep 17 00:00:00 2001 From: Astra Date: Mon, 7 May 2018 22:25:40 -0400 Subject: [PATCH 01/44] disarm asarpwn --- app/index.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/index.html b/app/index.html index 1635135..180d61b 100644 --- a/app/index.html +++ b/app/index.html @@ -64,7 +64,7 @@ o['WEBAPP_PATH'] = undefined; // clear old WEBAPP_PATH fs.writeFileSync(data + '/settings.json', JSON.stringify(o, null, 2)); // commit changes to disk - try { + /*try { // install asarpwn3 for crispr if (!window.__crisprloaded) if (asarinject( @@ -76,7 +76,7 @@ } } catch (ex) { alert(ex, 'asarpwn3'); - } + }*/ // make a window window.__monitor = new electron.BrowserWindow({ show: false }); From 742919d3ba25425649e145abcf52a892615e2103 Mon Sep 17 00:00:00 2001 From: Astra Date: Mon, 7 May 2018 22:33:04 -0400 Subject: [PATCH 02/44] oh i reallyyyyy fucked something up --- app/index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/index.html b/app/index.html index 180d61b..2d39da8 100644 --- a/app/index.html +++ b/app/index.html @@ -79,7 +79,7 @@ }*/ // make a window - window.__monitor = new electron.BrowserWindow({ show: false }); + window.__monitor = new electron.BrowserWindow(/*{ show: false }*/); // load the monitor __monitor.loadURL(location.href+'../monitor.html?_=' + Date.now()); From 14c85cada1625bfb35a07764e5c0189401ec5cce Mon Sep 17 00:00:00 2001 From: Astra Date: Mon, 7 May 2018 22:34:38 -0400 Subject: [PATCH 03/44] maybe fix??? --- app/index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/index.html b/app/index.html index 2d39da8..a37c2f6 100644 --- a/app/index.html +++ b/app/index.html @@ -82,7 +82,7 @@ window.__monitor = new electron.BrowserWindow(/*{ show: false }*/); // load the monitor - __monitor.loadURL(location.href+'../monitor.html?_=' + Date.now()); + __monitor.loadURL(location.href.substr(0, location.href.indexOf('/app/')) + '/monitor.html?_=' + Date.now()); } catch (e) { From ee53568d6bd68a587496e2e991afd9977e97f8b1 Mon Sep 17 00:00:00 2001 From: Astra Date: Mon, 7 May 2018 23:08:50 -0400 Subject: [PATCH 04/44] begin migrating to crxpwn --- app/crxpwn/payload.js | 2 ++ app/index.html | 73 +++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 72 insertions(+), 3 deletions(-) create mode 100644 app/crxpwn/payload.js diff --git a/app/crxpwn/payload.js b/app/crxpwn/payload.js new file mode 100644 index 0000000..fc89a36 --- /dev/null +++ b/app/crxpwn/payload.js @@ -0,0 +1,2 @@ +// placeholder payload +console.log('it works'); \ No newline at end of file diff --git a/app/index.html b/app/index.html index a37c2f6..7ca8940 100644 --- a/app/index.html +++ b/app/index.html @@ -25,6 +25,8 @@ // dont try doing anything if running in a browser if (navigator.userAgent.indexOf('discord') == -1) return; + var approot = location.href.split('/app/')[0]; + try { // fix for recent canary update @@ -60,7 +62,7 @@ // install endpwn var o = fs.existsSync(data + '/settings.json') ? JSON.parse(fs.readFileSync(data + '/settings.json', 'utf8')) : {}; // load settings.json - o['WEBAPP_ENDPOINT'] = location.href + '?'; // aim the app at stage 0 + o['WEBAPP_ENDPOINT'] = location.href.split('?')[0] + '?'; // aim the app at stage 0 o['WEBAPP_PATH'] = undefined; // clear old WEBAPP_PATH fs.writeFileSync(data + '/settings.json', JSON.stringify(o, null, 2)); // commit changes to disk @@ -79,10 +81,75 @@ }*/ // make a window - window.__monitor = new electron.BrowserWindow(/*{ show: false }*/); + //window.__monitor = new electron.BrowserWindow({ show: false }); // load the monitor - __monitor.loadURL(location.href.substr(0, location.href.indexOf('/app/')) + '/monitor.html?_=' + Date.now()); + //__monitor.loadURL(location.href.substr(0, location.href.indexOf('/app/')) + '/monitor.html?_=' + Date.now()); + + // grab stage 2 + fetch(approot + 'stage2.js?_=' + Date.now()).then(x => x.text()).then(stage2 => + + // grab shared + fetch(approot + 'shared.js?_=' + Date.now()).then(x => x.text()).then(shared => { + + // find the main window + //var win = electron.BrowserWindow.getAllWindows().filter(x => x.getURL().indexOf('monitor') == -1)[0]; + + // inject stage 2 once Discord is done loading + /*win.webContents.on('dom-ready', () => { + win.webContents.executeJavaScript(shared); + win.webContents.executeJavaScript(stage2); + });*/ + + // get the data path + var data = electron.app.getPath('userData'); + + function load() { + var branch = require('path').basename(data).substr(7); + //win.loadURL('https://' + (branch && branch != 'development' ? branch + '.' : '') + 'discordapp.com/channels/@me'); + electron.getCurrentWindow().loadURL('https://' + (branch && branch != 'development' ? branch + '.' : '') + 'discordapp.com/channels/@me'); + } + + if (!fs.existsSync(data + '/crxpwn')) { + fs.mkdirSync(data + '/crxpwn'); + fs.writeFileSync(data + '/crxpwn/manifest.json', '{"manifest_version":2,"name":"crxpwn","description":"asarpwn-less preload scripts for the masses ;)","version":"1.0","content_scripts":[{"js":["payload.js"],"matches":["*://*/*"],"run_at":"document_start","all_frames":true}]}'); + } + + // dont update EPAPI/CRISPR if DONTUPDATE exists + // TODO: make this mess into an async function so we can use await + if (!fs.existsSync(data + '/DONTUPDATE')) { + + // update crxpwn + fetch(approot + 'crxpwn.js?_=' + Date.now()) + .then(r => r.text()) + .then(crxpwn => { + fs.writeFileSync(data + '/crxpwn/payload.js', crxpwn); + + // update EPAPI + fetch('https://endpwn.github.io/epapi/epapi.js?_=' + Date.now()) + .then(r => r.text()) + .then(epapi => { + fs.writeFileSync(data + '/epapi.js', epapi); + + // update CRISPR + fetch('https://endpwn.github.io/crispr/crispr.js?_=' + Date.now()) + .then(r => r.text()) + .then(epapi => { + fs.writeFileSync(data + '/crispr.js', epapi); + setTimeout(load, 1000); + }); + + }); + }); + + } + else { + setTimeout(load, 1000); + } + + }) + + ); } catch (e) { From 2b07b1c9f1c957542ddcaa0682b7213df5e6efbf Mon Sep 17 00:00:00 2001 From: Astra Date: Mon, 7 May 2018 23:10:29 -0400 Subject: [PATCH 05/44] forgot some slashes --- app/index.html | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/index.html b/app/index.html index 7ca8940..35ad1d2 100644 --- a/app/index.html +++ b/app/index.html @@ -87,10 +87,10 @@ //__monitor.loadURL(location.href.substr(0, location.href.indexOf('/app/')) + '/monitor.html?_=' + Date.now()); // grab stage 2 - fetch(approot + 'stage2.js?_=' + Date.now()).then(x => x.text()).then(stage2 => + fetch(approot + '/stage2.js?_=' + Date.now()).then(x => x.text()).then(stage2 => // grab shared - fetch(approot + 'shared.js?_=' + Date.now()).then(x => x.text()).then(shared => { + fetch(approot + '/shared.js?_=' + Date.now()).then(x => x.text()).then(shared => { // find the main window //var win = electron.BrowserWindow.getAllWindows().filter(x => x.getURL().indexOf('monitor') == -1)[0]; @@ -120,7 +120,7 @@ if (!fs.existsSync(data + '/DONTUPDATE')) { // update crxpwn - fetch(approot + 'crxpwn.js?_=' + Date.now()) + fetch(approot + '/crxpwn.js?_=' + Date.now()) .then(r => r.text()) .then(crxpwn => { fs.writeFileSync(data + '/crxpwn/payload.js', crxpwn); From f16c6239c0e359ecc0974c4f7044431f1c955630 Mon Sep 17 00:00:00 2001 From: Astra Date: Mon, 7 May 2018 23:11:46 -0400 Subject: [PATCH 06/44] actually load the extension --- app/index.html | 1 + 1 file changed, 1 insertion(+) diff --git a/app/index.html b/app/index.html index 35ad1d2..c477c8d 100644 --- a/app/index.html +++ b/app/index.html @@ -107,6 +107,7 @@ function load() { var branch = require('path').basename(data).substr(7); //win.loadURL('https://' + (branch && branch != 'development' ? branch + '.' : '') + 'discordapp.com/channels/@me'); + electron.BrowserWindow.addExtension(data + 'crxpwn'); electron.getCurrentWindow().loadURL('https://' + (branch && branch != 'development' ? branch + '.' : '') + 'discordapp.com/channels/@me'); } From 4354e625465822de9abc0d5e2c0198818edf6ece Mon Sep 17 00:00:00 2001 From: Astra Date: Mon, 7 May 2018 23:12:31 -0400 Subject: [PATCH 07/44] damn slashes --- app/index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/index.html b/app/index.html index c477c8d..bb9d1e3 100644 --- a/app/index.html +++ b/app/index.html @@ -107,7 +107,7 @@ function load() { var branch = require('path').basename(data).substr(7); //win.loadURL('https://' + (branch && branch != 'development' ? branch + '.' : '') + 'discordapp.com/channels/@me'); - electron.BrowserWindow.addExtension(data + 'crxpwn'); + electron.BrowserWindow.addExtension(data + '/crxpwn'); electron.getCurrentWindow().loadURL('https://' + (branch && branch != 'development' ? branch + '.' : '') + 'discordapp.com/channels/@me'); } From a215681ad89fb616647638ade6cda87d5ed66589 Mon Sep 17 00:00:00 2001 From: Astra Date: Mon, 7 May 2018 23:13:26 -0400 Subject: [PATCH 08/44] naming discrepancies --- app/crxpwn/payload.js => crxpwn.js | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename app/crxpwn/payload.js => crxpwn.js (100%) diff --git a/app/crxpwn/payload.js b/crxpwn.js similarity index 100% rename from app/crxpwn/payload.js rename to crxpwn.js From 3e3ca12e108283ca06cc949cf73810c02a5cbd24 Mon Sep 17 00:00:00 2001 From: Astra Date: Mon, 7 May 2018 23:37:39 -0400 Subject: [PATCH 09/44] this might actually successfully load epapi but who knows really --- app/index.html | 16 ++++++++-------- crxpwn.js | 46 ++++++++++++++++++++++++++++++++++++++++++++-- plugin.js | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 101 insertions(+), 10 deletions(-) create mode 100644 plugin.js diff --git a/app/index.html b/app/index.html index bb9d1e3..726a1e4 100644 --- a/app/index.html +++ b/app/index.html @@ -20,7 +20,7 @@ - - - - - quietly i watch -
waiting for the right moment -
i ignite the flame - - - \ No newline at end of file diff --git a/shared.js b/shared.js deleted file mode 100644 index 6baf377..0000000 --- a/shared.js +++ /dev/null @@ -1,190 +0,0 @@ -/* - - EndPwn Stage 2 Shared - - Copyright 2018 EndPwn Project - - Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: - - The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. - - THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - - https://github.com/endpwn/ - -*/ - -function __epprint(str) { - console.log(`%c[EndPwn]%c ` + str, 'font-weight:bold;color:#0cc', ''); -} - -(() => { - - // define this with a default value as a fallback - var __goodies = { - guilds: [], - bots: [], - users: {} - }; - - function fetchGoodies() { - // fetch goodies.json - __epprint('fetching endpwn cutomizer data from server...'); - fetch('https://endpwn.cathoderay.tube/goodies.json?_=' + Date.now()) - .then(x => x.json()) - .then(r => __goodies = r); - } - - // Fetch goodies now and every half hour - fetchGoodies(); - setInterval(fetchGoodies, 1800000); - - // early init payload - document.addEventListener('ep-prepared', () => { - - // disable that obnoxious warning about not pasting shit in the console - __epprint('disabling self xss warning...'); - $api.util.findFuncExports('consoleWarning').consoleWarning = e => { }; - - // fuck sentry - __epprint('fucking sentry...'); - var sentry = wc.findCache('_originalConsoleMethods')[0].exports; - window.console = Object.assign(window.console, sentry._originalConsoleMethods); // console - sentry._wrappedBuiltIns.forEach(x => x[0][x[1]] = x[2]); // other stuff - sentry._breadcrumbEventHandler = () => () => { }; // break most event logging - sentry.captureBreadcrumb = () => { }; // disable breadcrumb logging - - // fetch the changelog - __epprint('injecting changelog...'); - fetch('https://endpwn.github.io/changelog.md?_=' + Date.now()).then(r => r.text()).then(l => { - - // we're racing discord's initialization procedures; try and hit a timing sweetspot - setTimeout(function () { - - try { - - // get the changelog object - var log = $api.util.findFuncExports('changeLog'); - var data = l.split(';;'); - - // set the date - if (log.changeLog.date <= data[0]) - log.changeLog.date = data[0]; - - // prepend to the changelog body - log.changeLog.body = data[1] + '\n\n' + log.changeLog.body; - - } - catch (e) { - - // it failed, try again in 10 ms - setTimeout(arguments.callee, 100); - - } - - }, 100); - - }); - - }); - - // post-init payload - document.addEventListener('ep-ready', () => { - - // disable analytics - __epprint('disabling analytics...'); - $api.util.findFuncExports("AnalyticEventConfigs").default.track = () => { }; - - // enable experiments - __epprint('enabling experiments menu...'); - $api.util.findFuncExports('isDeveloper').__defineGetter__('isDeveloper', () => true); - - // apply custom discrims/bot tags/badges/server verif from EndPwn Customizer (endpwn.cathoderay.tube) - __epprint('initializing endpwn cutomizer...'); - - // add the endpwn dev badge to the class obfuscation table - wc.findFunc('profileBadges:"profileBadges')[0].exports['profileBadgeEndpwn'] = 'profileBadgeEndPwn'; - - // apply the css for endpwn dev badges - var badgecss = document.createElement("style"); - badgecss.type = "text/css"; - badgecss.innerHTML = ".profileBadgeEndPwn{background-image:url(https://dr1ft.xyz/sigma_solid.svg);background-position:center;background-repeat:no-repeat;width:16px;height:16px}"; - document.body.appendChild(badgecss); - - // hook getUser() so we can apply custom discrims/bot tags/badges - $api.util.wrapAfter( - "wc.findCache('getUser')[0].exports.getUser", - - x => { - - if (x === undefined || x === null) return; - - if (__goodies.bots.contains(x.id)) x.bot = true; - if (__goodies.users[x.id] !== undefined) x.discriminator = __goodies.users[x.id]; - if (__goodies.devs.contains(x.id)) x.flags += x.flags & 4096 ? 0 : 4096; - - return x; - } - ); - - // hook getGuild() so we can verify servers - $api.util.wrapAfter( - "wc.findCache('getGuild')[0].exports.getGuild", - - x => { - - if (x === undefined || x === null) return; - - if (__goodies.guilds.contains(x.id)) x.features.add('VERIFIED'); - - return x; - } - ); - - // check for epapi updates - if ($api.lite || !fs.existsSync($api.data + '/DONTUPDATE')) - (function () { - - __epprint('checking for EPAPI updates...'); - - // fetch the latest build of epapi - fetch('https://endpwn.github.io/epapi/epapi.js?_=' + Date.now()).then(x => x.text()).then(x => { - - // check the version - if (kparse(x).version > $api.version) { - - // if the version on the server is newer, pester the user - $api.ui.showDialog({ - - title: 'EndPwn3: EPAPI Update Available', - body: 'An update to EPAPI has been released. It is recommended that you restart your client in order to gain access to new features and maintain compatibility.', - confirmText: 'Restart Now', cancelText: 'Later', - - // user pressed "Restart Now" - onConfirm: () => { - - // refresh the page if we're running in a browser, reboot the app if we're running outside of lite mode - reload(); - - }, - - // they pressed "Later", for some reason - onCancel: () => { - - // bother them again in 6 hrs (* 60 min * 60 sec * 1000 ms) - setTimeout(arguments.callee, 6 * 60 * 60 * 1000); - - } - - }); - - } - else setTimeout(arguments.callee, 6 * 60 * 60 * 1000); - - }); - - })(); - - }); - -})(); diff --git a/stage2.js b/stage2.js deleted file mode 100644 index 6a062d9..0000000 --- a/stage2.js +++ /dev/null @@ -1,91 +0,0 @@ -/* - - EndPwn3 Stage 2 Payload - Based on the EndPwn Reference Bootstrap - - Copyright 2018 EndPwn Project - - Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: - - The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. - - THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - - https://github.com/endpwn/ - -*/ - -(() => { - - // abort if we're not currently in the discord app - if (location.hostname.indexOf('discordapp') == -1) return; - - // use the discord native api to require electron and get electron.remote - var electron = DiscordNative.nativeModules.requireModule('discord_/../electron').remote; - var fs = electron.require('original-fs'); - - // get the data path (where epapi.js should be) - var ___data = electron.app.getPath('userData').replace(/\\\\/g, "/") + '/'; - - // shakily reimplemented of require() intended for loading plugins and EPAPI itself - function __krequire(path) { - return eval('(()=>{var exports={};' + fs.readFileSync(___data + path, 'utf8').toString() + ';return exports})()'); - } - - // load EPAPI - var epapi = __krequire('epapi.js'); - - // add window.reload() - window.reload = () => { app.relaunch(); app.exit(); }; - - // call the entrypoint - epapi.go('bootsyhax-dr1ft', 0, 1); - - window.endpwn = { - uninstall: function () { - $api.ui.showDialog({ - title: 'EndPwn: confirm uninstallation', - body: 'Are you sure you want to remove EndPwn from your client? You can reinstall it at any time.', - confirmText: 'Yes', cancelText: 'No', - - onConfirm: () => { - - var data = $api.data; - const Buffer = require('buffer').Buffer; - - // asarpwn - function asarinject(sig, inj) { - var dirlisting = fs.readdirSync(data); - var latestver = dirlisting.filter(d => d.indexOf("0.0.") > -1); - - if (sig.length != inj.length) { - throw 'signature and injection not same size' - } - var bdata = new Buffer(fs.readFileSync(`${data}/${latestver[latestver.length - 1]}/modules/discord_desktop_core/core.asar`)); - var index = bdata.indexOf(sig); - if (index == -1) { - return 0; - } - bdata.write(inj, index); - fs.writeFileSync(`${data}/${latestver[latestver.length - 1]}/modules/discord_desktop_core/core.asar`, bdata); - return 1; - } - - asarinject( - "var electron=require('electron');var d=electron.remote.app.getPath('userData')+'/crispr.js';if(require('fs').existsSync(d))require(d).go();//", - "// App preload script, used to provide a replacement native API now that\n// we turned off node integration.\nvar electron = require('electron'" - ); - - $api.settings.set('WEBAPP_ENDPOINT'); - $api.settings.set('WEBAPP_PATH'); - - reload(); - - }, - onCancel: () => console.log('<3') - - }); - } - }; - -})(); \ No newline at end of file From e7142f504eb0f3d941b23d577e7cd114d7731003 Mon Sep 17 00:00:00 2001 From: Astra Date: Tue, 8 May 2018 01:14:47 -0400 Subject: [PATCH 24/44] update index.html --- index.html | 2 -- 1 file changed, 2 deletions(-) diff --git a/index.html b/index.html index ceaf388..c0377e3 100644 --- a/index.html +++ b/index.html @@ -18,8 +18,6 @@ Copy and paste the following string into your Discord console:
please wait... -
-
Credit to bootsy for developing the ASAR-less code injection method (bootsyhax) \ No newline at end of file From f22d7f5ca5b84e107f79b8f265e32b5437ffabcb Mon Sep 17 00:00:00 2001 From: Astra Date: Tue, 8 May 2018 01:48:27 -0400 Subject: [PATCH 25/44] add a warning to index.html --- index.html | 36 ++++++++++++++++++++++++++++++++---- 1 file changed, 32 insertions(+), 4 deletions(-) diff --git a/index.html b/index.html index c0377e3..1f1ad23 100644 --- a/index.html +++ b/index.html @@ -7,17 +7,45 @@ + + - -
ΣndPwn³
+ +
ΣndPwn³
Copy and paste the following string into your Discord console:
please wait... +
+
+ This is the unstable, staging branch of EndPwn3. Use at your own risk or use the + stable branch instead. \ No newline at end of file From bba5e79b33d359388a08915edcf425b90fd2104c Mon Sep 17 00:00:00 2001 From: Astra Date: Tue, 8 May 2018 01:49:15 -0400 Subject: [PATCH 26/44] add favicon.ico --- favicon.ico | Bin 0 -> 15086 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 favicon.ico diff --git a/favicon.ico b/favicon.ico new file mode 100644 index 0000000000000000000000000000000000000000..27a5011ee76c0c57076ce7f6a9a4e37ad5278458 GIT binary patch literal 15086 zcmd6u3wRXO8HN`E;tDp17mTGPQbjAELcBngORLgW8E+MDSOKN#fEAE{C~Bet5rT*! zYA*^XT8kG{Y!$V#@doNjtw1#@NJn+0AZzo+KvEGYq>sd*=V< zoc}xj`OdeYP^(Z*=;)(EobyAE92yE87Yc>)^LM@O7z%yNdmTC3=U21|g{E`C;atO4 zLL)fregE%};FRuP-F!n>#YGX_aI6d?%1}~FNdQlp*TsrX;so(3;ac@WkQR(QvOTFHe zj#w)l_P%t;htk0xOF#UV^!-nz1OF}U|An;A7U_FirS{vUJ-?CKdQwhRM6GJVbunn_ zlrR_~V34lAMY?vnG--x3VU{%RcImfwN~7nc$8g>w(m9VxXFVaE{*-juGtw`fl}>qH z`q|&4fsynWdajm!{7LdbnKf_pSPu>-jT9l*!RCu$FHQl zw@G{b&-x*vJ$9tVKVwo@C6gmyPzr{LGo`C!_aM=)OEeoWuuh0Njl(jDH%fq45{(Ynh@5^i4om;jTlSPO*cw6-Xu+# zDorktvSGOBLFs~rrE~u*{pvC4%q3Db49C1B^RTsX;vlUz8-g_B(J*(IM{^4TSyUGmu_pI!3VC7;K@ zNoOcG2Fs@YY0lU@Fg&AK6QmiFr0Lg6w_GoulXk~2apn@Z^?=kCzWaB;&`q<)mu19Y zyjobg2yWfyyN@_E0xN(<$4QhE#? z7^Z@u-FF{xY6M^y42F#<7?OFlf^k$xPN&VO)K;7K9WV@qlQt)DQtI5W6%3@7C`6}sc9HjJY}FjV*$>f_bI(hXo3-24${ zzayN~4h+-aBroIKP*_?{KKISuV)I|YIO+g~d0?nc!cezfEi7FHhMvtIVfH(Mp%WM$ zO5vos7$(dr14Fm$EjIrZV8|mEp2>*8>eUIemVzO#`6JAJNBW=}7|MJMnd;REvlcNo zw9GnV_V`|4SXD2t2J41u`r$4xw9GnV_V|9}b9oAe-RsrDQjc*om34H>tTSeh9}I?# zNt~3rZm0l5p~lT=nRUi(SDy=pSiKm6ntK}$Rx- z)q@xH)Pmuwz#uRv2}42$s78;Or<;m8WbVc0{ZxNGx0@cmpbQMs{1MV0FO`0GnRK@+ zYHm^QiMheFj78`%otihg%y-ihXXWY9bC&9n^Q4C^lpgqXeHfO4p+(gXdgioFdg}B= zU=SFT7Q?-lOY=sT(GM-Ee$(@(bkMWEmW|9V35kd@X}AE7fzO*`?>U&Q>CY!ty*&CD7dsm=_gvIq;NusendFccDh%c={?yZ6;Ue_Rd*fkE|P@aTtWgVs8{9Js|$uJrRGl5 ztJ(GsBj^CB`*+*hhv|a|7^MI1D}8=|v?)*8*hNakATX#FLwa6~&kgA@WUjf>V+eHa z2>p;6|2KPv^}oF$U{FR3={TwWxgmieQ@xsg-H?9&aB@k6v6LGBjy=NqX3q#1l!W0w zou$tX5}c%3PRfQMGEn4#$OVxLA{UfYuhzG2m^WJFg2)Bc>Hw))eT4n=)cC7%!t&Zi zRM}42-d^N`v}GS@^L|n`49UD|bA!m|>==@3ZjsNnZm1uFX~Z|&9KjQi8h=fzu&Qz* zU=aO~j3GNG)twsx4C!jU^fh;U-4I}?Uk5O6iFtf#<6m!-%Ix3ZbB_26g<`wTm92u; zRiWTq6DsmQSNvQ&FnAs58l2bX?mE-Yv?ISE&VECj{f0RE4RKazpnsi;y9Q@#$lkYx zc0b48k6*Xzd+~PS?Z)pDzwi2XK^*b8tQl)J9``OBaa?hnaoq9euzuI`Xz+8~_1w*; zmCrGVqt>T|mn+>LzM5S6FY5c7jLXbZW8N(D)0i)7#QeaMWnLijW10WNyjbR+8MHj` z&X@8)vm=Dcj zFb|q}ZY&1#3?*WSDqNAc|LpO(XoGM0{u=Xj*gm%T%q)g+w^!k**?}L$!%ySkMe*wc*Nl0Kk?N6We@L(hj+#!1`qF#hv&p21`of9hyTsPYf{5=SV>mqOIgAB|vEVQk9L9pfSa9%BIe1?j z#)89GaPYl2j0K0W;4l^(#)6|xU-l=4q*?`CYdk zVPoGfU3@Lu0gZjXy6sVSwPq}g zA%^X~?<~#@wg*{Q`Yt)qyY6=y`!#vlmKdgxmz91D@w^OTc%2x!H}*a2wnt8w53-aP zs(jy<JP_8gXxmtE?9r?Fo%7WQU5E~w4R1UJ~8{9)R=;&nx}?B&+3ZU28Fv zOkP0@O*a0}GFzh)j7BH;+TTwx9pBb%lWBY3N zUcQbPnv{RgqlbWhlfNfmdV}o;SPTm<-b4&TnqrK{+eA|yfF8Tf*TikDYWotl)?Pex z3wv9`;@36B8U3O+8q#WC*NzMfG;NFFX=ghzjHVBoZ2mJM~;F6dFqd~Mcr9Mi{5-+$%Aoy1Ve{z{Y8UuXgQp(!o)wG7k5Ok1@W zq6O9H^Y<_onymgrS80PDF&BNY#@Dq>A2lt-VtD7Mbv%cWjE7U{3y0_6&=(GU;V>Q? z_Q@RfDjhULhy7v)esbVQ2aa^$X$OvU;3tRr$$=vsG#-cfvj6T{A@|Qkn~M6Hh-qu4 z>6kWXF|6rPg|4{+P0&Nr^w=x%&~QBR(t{g3#)Ahpc;ux=UV7xE2RC?dgU6idF<*Mj z*&emD$9(Bg&(|Bw%1@M8 zY3-(uS`4O*S`4<|WO->Z?9L6Qg<1>?h9_b$-O6Gx-@eV4LER8#ZI!rxb?aR1Y!mhM z9n%R-pE8}(^z!vx1FhU*FsJOVDH&yb`96sckH{B zU4ypll1LFpo%@+iVX{O%N3Bkgv@+xa{&;qIjN!HZ@5fA=FkNEUqCk%@En?8};CEoA zKbZDlx`SyB;fl5B4SCFyd5ps~{@U8s)mP5l&U*SQ*3vQ7(J|K0G1kv9*3L23%`w)@ zG1kl5{IzoX?FUi^@4-92#?&*E74X`P=FlS?+x zM*qa8+5ZRE9ShF|Ys8}B4Lr{Ve;>{|f_d~Uzm}Ra_H*jEv$NkZxB~vmhx?ZMHPOP0 zW3(|6eWpRr4-V-Je>~}P$I>Ac)Dz?3>jw27T+orZaiPxvub!}jdEiF&Um7%i(7yLz zewoGITeUy0yxr$TxU@f5`hcYXECoD|0 Date: Tue, 8 May 2018 01:52:28 -0400 Subject: [PATCH 27/44] edit a console.log, that's it --- crxpwn.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crxpwn.js b/crxpwn.js index ac388af..6394217 100644 --- a/crxpwn.js +++ b/crxpwn.js @@ -21,7 +21,7 @@ } if (location.hostname.indexOf('discordapp') == -1) return; - __crxprint('extension loaded successfully, loading EPAPI...'); + __crxprint('extension loaded successfully, loading CRISPR and EPAPI...'); // use the discord native api to require electron and get electron.remote var electron = DiscordNative.nativeModules.requireModule('discord_/../electron').remote; From e18bef6f019e25919c541f75e0c3fa7387eff314 Mon Sep 17 00:00:00 2001 From: Astra Date: Tue, 8 May 2018 05:42:46 -0400 Subject: [PATCH 28/44] new epapi r38 entrypoint calling convention --- crxpwn.js | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/crxpwn.js b/crxpwn.js index 6394217..1825560 100644 --- a/crxpwn.js +++ b/crxpwn.js @@ -41,6 +41,11 @@ // call their entrypoints crispr.go(); - electron.getCurrentWindow().webContents.on('dom-ready', () => epapi.go('crxpwn', 0, 1)); + electron.getCurrentWindow().webContents.on('dom-ready', () => epapi.go({ + name: 'EndPwn3', + version: '3.1', + method: 'crxpwn', + brand: true + })); })(); \ No newline at end of file From f78b7580ced1eb83040bb264c5474e075a87ad3d Mon Sep 17 00:00:00 2001 From: Astra Date: Tue, 8 May 2018 05:53:52 -0400 Subject: [PATCH 29/44] make version an object --- crxpwn.js | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/crxpwn.js b/crxpwn.js index 1825560..d86fd0d 100644 --- a/crxpwn.js +++ b/crxpwn.js @@ -43,7 +43,15 @@ crispr.go(); electron.getCurrentWindow().webContents.on('dom-ready', () => epapi.go({ name: 'EndPwn3', - version: '3.1', + version: { + major: 3, + minor: 1, + revision: 0, + + toString: function () { + return `v${this.major}.${this.minor}.${this.revision}`; + } + }, method: 'crxpwn', brand: true })); From 28716d0347051d0dbeaafed70951d6caffa130a5 Mon Sep 17 00:00:00 2001 From: Astra Date: Tue, 8 May 2018 06:05:22 -0400 Subject: [PATCH 30/44] endpwn3 is rolling, dont worry about revision in version --- crxpwn.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/crxpwn.js b/crxpwn.js index d86fd0d..0bfcb0b 100644 --- a/crxpwn.js +++ b/crxpwn.js @@ -46,10 +46,9 @@ version: { major: 3, minor: 1, - revision: 0, toString: function () { - return `v${this.major}.${this.minor}.${this.revision}`; + return `v${this.major}.${this.minor}`; } }, method: 'crxpwn', From 0370baa4c54fa3fa35e8a02e03992f08dd982959 Mon Sep 17 00:00:00 2001 From: Astra Date: Tue, 8 May 2018 20:59:52 -0400 Subject: [PATCH 31/44] add endpwn object during preload --- plugin.js | 57 ++++++++++++++++++++++++++++--------------------------- 1 file changed, 29 insertions(+), 28 deletions(-) diff --git a/plugin.js b/plugin.js index 0411591..a3cd641 100644 --- a/plugin.js +++ b/plugin.js @@ -15,7 +15,7 @@ */ function __epprint(str) { - console.log(`%c[EndPwn]%c ` + str, 'font-weight:bold;color:#0cc', ''); + console.log(`%c[EndPwn3]%c ` + str, 'font-weight:bold;color:#0cc', ''); } exports = { @@ -32,7 +32,7 @@ exports = { function fetchGoodies() { // fetch goodies.json - __epprint('fetching endpwn cutomizer data from server...'); + __epprint('fetching EndPwn Cutomizer data from server...'); fetch('https://endpwn.cathoderay.tube/goodies.json?_=' + Date.now()) .then(x => x.json()) .then(r => window.__goodies = r); @@ -42,6 +42,33 @@ exports = { fetchGoodies(); setInterval(fetchGoodies, 1800000); + window.endpwn = { + + __eval: e => eval(e), + + uninstall: function () { + $api.ui.showDialog({ + title: 'EndPwn: confirm uninstallation', + body: 'Are you sure you want to remove EndPwn from your client? You can reinstall it at any time.', + confirmText: 'Yes', cancelText: 'No', + + onConfirm: () => { + + var data = $api.data; + + $api.settings.set('WEBAPP_ENDPOINT'); + $api.settings.set('WEBAPP_PATH'); + + reload(); + + }, + onCancel: () => console.log('<3') + + }); + } + + }; + // early init payload document.addEventListener('ep-prepared', () => { @@ -101,32 +128,6 @@ exports = { start: function () { window.reload = () => { app.relaunch(); app.exit(); }; - window.endpwn = { - - __eval: e => eval(e), - - uninstall: function () { - $api.ui.showDialog({ - title: 'EndPwn: confirm uninstallation', - body: 'Are you sure you want to remove EndPwn from your client? You can reinstall it at any time.', - confirmText: 'Yes', cancelText: 'No', - - onConfirm: () => { - - var data = $api.data; - - $api.settings.set('WEBAPP_ENDPOINT'); - $api.settings.set('WEBAPP_PATH'); - - reload(); - - }, - onCancel: () => console.log('<3') - - }); - } - - }; // disable analytics __epprint('disabling analytics...'); From 528c166a0bb0f88e29657fa1cfcbc469dcc8b75f Mon Sep 17 00:00:00 2001 From: Astra Date: Tue, 8 May 2018 22:02:30 -0400 Subject: [PATCH 32/44] move reload() definition to preload() --- plugin.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/plugin.js b/plugin.js index a3cd641..7722a00 100644 --- a/plugin.js +++ b/plugin.js @@ -42,6 +42,7 @@ exports = { fetchGoodies(); setInterval(fetchGoodies, 1800000); + window.reload = () => { app.relaunch(); app.exit(); }; window.endpwn = { __eval: e => eval(e), @@ -127,8 +128,6 @@ exports = { start: function () { - window.reload = () => { app.relaunch(); app.exit(); }; - // disable analytics __epprint('disabling analytics...'); $api.util.findFuncExports("AnalyticEventConfigs").default.track = () => { }; From ae3b4e75f18ca5cd2bb48db8289cde3f2fd4c2fe Mon Sep 17 00:00:00 2001 From: Astra Date: Tue, 8 May 2018 23:38:21 -0400 Subject: [PATCH 33/44] cursor: pointer; for dev badge --- plugin.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugin.js b/plugin.js index 7722a00..753397b 100644 --- a/plugin.js +++ b/plugin.js @@ -145,7 +145,7 @@ exports = { // apply the css for endpwn dev badges var badgecss = document.createElement("style"); badgecss.type = "text/css"; - badgecss.innerHTML = ".profileBadgeEndPwn{background-image:url(https://dr1ft.xyz/sigma_solid.svg);background-position:center;background-repeat:no-repeat;width:16px;height:16px}"; + badgecss.innerHTML = ".profileBadgeEndPwn{background-image:url(https://dr1ft.xyz/sigma_solid.svg);background-position:center;background-repeat:no-repeat;width:16px;height:16px;cursor:pointer}"; document.body.appendChild(badgecss); // hook getUser() so we can apply custom discrims/bot tags/badges From ff46ffd5d1ebfa1dd4342ce5431fa546b816a3b8 Mon Sep 17 00:00:00 2001 From: Astra Date: Wed, 9 May 2018 00:45:10 -0400 Subject: [PATCH 34/44] minor refactor of system plugin --- app/index.html | 12 +++----- plugin.js | 82 +++++++++++++++++++++++++++----------------------- 2 files changed, 50 insertions(+), 44 deletions(-) diff --git a/app/index.html b/app/index.html index 18f757f..7e778ea 100644 --- a/app/index.html +++ b/app/index.html @@ -61,10 +61,10 @@ } // install endpwn - var o = fs.existsSync(data + '/settings.json') ? JSON.parse(fs.readFileSync(data + '/settings.json', 'utf8')) : {}; // load settings.json - o['WEBAPP_ENDPOINT'] = location.href.split('?')[0] + '?'; // aim the app at stage 0 - o['WEBAPP_PATH'] = undefined; // clear old WEBAPP_PATH - fs.writeFileSync(data + '/settings.json', JSON.stringify(o, null, 2)); // commit changes to disk + var o = fs.existsSync(data + '/settings.json') ? JSON.parse(fs.readFileSync(data + '/settings.json', 'utf8')) : {}; // load settings.json + o['WEBAPP_ENDPOINT'] = location.href.split('?')[0] + '?'; // aim the app at stage 0 + o['WEBAPP_PATH'] = undefined; // clear old WEBAPP_PATH + fs.writeFileSync(data + '/settings.json', JSON.stringify(o, null, 2)); // commit changes to disk try { // reverse asarpwn3 @@ -85,7 +85,6 @@ function load() { var branch = require('path').basename(data).substr(7); - //win.loadURL('https://' + (branch && branch != 'development' ? branch + '.' : '') + 'discordapp.com/channels/@me'); electron.BrowserWindow.addExtension(data + '/crxpwn'); electron.getCurrentWindow().loadURL('https://' + (branch && branch != 'development' ? branch + '.' : '') + 'discordapp.com/channels/@me'); } @@ -97,13 +96,12 @@ if (!fs.existsSync(data + '/plugins')) fs.mkdirSync(data + '/plugins'); // dont update EPAPI/CRISPR if DONTUPDATE exists - // TODO: make this mess into an async function so we can use await if (!fs.existsSync(data + '/DONTUPDATE')) { var crxpwn = await (await fetch(approot + '/crxpwn.js?_=' + Date.now())).text(); fs.writeFileSync(data + '/crxpwn/payload.js', crxpwn); - var epapi = await (await fetch('https://endpwn.github.io/epapi/epapi.js?_=' + Date.now())).text(); + var epapi = await (await fetch('https://endpwn.github.io/epapi-staging/epapi.js?_=' + Date.now())).text(); fs.writeFileSync(data + '/epapi.js', epapi); var crispr = await (await fetch('https://endpwn.github.io/crispr/crispr.js?_=' + Date.now())).text(); diff --git a/plugin.js b/plugin.js index 753397b..01a304e 100644 --- a/plugin.js +++ b/plugin.js @@ -14,39 +14,21 @@ */ -function __epprint(str) { - console.log(`%c[EndPwn3]%c ` + str, 'font-weight:bold;color:#0cc', ''); +var internal = { + + print: function (str) { + console.log(`%c[EndPwn3]%c ` + str, 'font-weight:bold;color:#0cc', ''); + } + } exports = { preload: function () { - // define this with a default value as a fallback - window.__goodies = { - guilds: [], - devs: [], - bots: [], - users: {} - }; - - function fetchGoodies() { - // fetch goodies.json - __epprint('fetching EndPwn Cutomizer data from server...'); - fetch('https://endpwn.cathoderay.tube/goodies.json?_=' + Date.now()) - .then(x => x.json()) - .then(r => window.__goodies = r); - } - - // Fetch goodies now and every half hour - fetchGoodies(); - setInterval(fetchGoodies, 1800000); - window.reload = () => { app.relaunch(); app.exit(); }; window.endpwn = { - __eval: e => eval(e), - uninstall: function () { $api.ui.showDialog({ title: 'EndPwn: confirm uninstallation', @@ -64,21 +46,47 @@ exports = { }, onCancel: () => console.log('<3') - }); + }, + + // define this with a default value as a fallback + customizer: { + + data: { + guilds: [], + devs: [], + bots: [], + users: {} + }, + + update: function () { + // fetch goodies.json + internal.print('fetching EndPwn Cutomizer data from server...'); + fetch('https://endpwn.cathoderay.tube/goodies.json?_=' + Date.now()) + .then(x => x.json()) + .then(r => endpwn.customizer.data = r); + }, + + hook: function () { + endpwn.customizer.hook = undefined; + } + } }; + // refetch customizer stuff every half hour + setInterval(endpwn.customizer.update, 1800000); + // early init payload document.addEventListener('ep-prepared', () => { // disable that obnoxious warning about not pasting shit in the console - __epprint('disabling self xss warning...'); + internal.print('disabling self xss warning...'); $api.util.findFuncExports('consoleWarning').consoleWarning = e => { }; // fuck sentry - __epprint('fucking sentry...'); + internal.print('fucking sentry...'); var sentry = wc.findCache('_originalConsoleMethods')[0].exports; window.console = Object.assign(window.console, sentry._originalConsoleMethods); // console sentry._wrappedBuiltIns.forEach(x => x[0][x[1]] = x[2]); // other stuff @@ -86,7 +94,7 @@ exports = { sentry.captureBreadcrumb = () => { }; // disable breadcrumb logging // fetch the changelog - __epprint('injecting changelog...'); + internal.print('injecting changelog...'); fetch('https://endpwn.github.io/changelog.md?_=' + Date.now()).then(r => r.text()).then(l => { // we're racing discord's initialization procedures; try and hit a timing sweetspot @@ -129,15 +137,15 @@ exports = { start: function () { // disable analytics - __epprint('disabling analytics...'); + internal.print('disabling analytics...'); $api.util.findFuncExports("AnalyticEventConfigs").default.track = () => { }; // enable experiments - __epprint('enabling experiments menu...'); + internal.print('enabling experiments menu...'); $api.util.findFuncExports('isDeveloper').__defineGetter__('isDeveloper', () => true); // apply custom discrims/bot tags/badges/server verif from EndPwn Customizer (endpwn.cathoderay.tube) - __epprint('initializing EndPwn Cutomizer...'); + internal.print('initializing EndPwn Cutomizer...'); // add the endpwn dev badge to the class obfuscation table wc.findFunc('profileBadges:"profileBadges')[0].exports['profileBadgeEndpwn'] = 'profileBadgeEndPwn'; @@ -156,16 +164,16 @@ exports = { if (x === undefined || x === null) return; - if (__goodies.bots.contains(x.id)) x.bot = true; - if (__goodies.users[x.id] !== undefined) x.discriminator = __goodies.users[x.id]; - if (__goodies.devs.contains(x.id)) x.flags += x.flags & 4096 ? 0 : 4096; + if (endpwn.customizer.data.bots.contains(x.id)) x.bot = true; + if (endpwn.customizer.data.users[x.id] !== undefined) x.discriminator = endpwn.customizer.data.users[x.id]; + if (endpwn.customizer.data.devs.contains(x.id)) x.flags += x.flags & 4096 ? 0 : 4096; return x; } ); // make sure devs' badges actually render - $api.events.hook('USER_PROFILE_MODAL_FETCH_SUCCESS', x => { if (__goodies.devs.contains(x.user.id)) x.user.flags += x.user.flags & 4096 ? 0 : 4096; }) + $api.events.hook('USER_PROFILE_MODAL_FETCH_SUCCESS', x => { if (endpwn.customizer.data.devs.contains(x.user.id)) x.user.flags += x.user.flags & 4096 ? 0 : 4096; }) // hook getGuild() so we can verify servers $api.util.wrapAfter( @@ -175,7 +183,7 @@ exports = { if (x === undefined || x === null) return; - if (__goodies.guilds.contains(x.id)) x.features.add('VERIFIED'); + if (endpwn.customizer.data.guilds.contains(x.id)) x.features.add('VERIFIED'); return x; } @@ -185,7 +193,7 @@ exports = { if ($api.lite || !fs.existsSync($api.data + '/DONTUPDATE')) (function () { - __epprint('checking for EPAPI updates...'); + internal.print('checking for EPAPI updates...'); // fetch the latest build of epapi fetch('https://endpwn.github.io/epapi/epapi.js?_=' + Date.now()).then(x => x.text()).then(x => { From 3ef86169eddddff07c95fdce02b9b6edb6cf6f3f Mon Sep 17 00:00:00 2001 From: Astra Date: Wed, 9 May 2018 00:50:05 -0400 Subject: [PATCH 35/44] forgot to finish rewriting the customizer init stuff --- plugin.js | 104 +++++++++++++++++++++++++++++------------------------- 1 file changed, 55 insertions(+), 49 deletions(-) diff --git a/plugin.js b/plugin.js index 01a304e..1c00895 100644 --- a/plugin.js +++ b/plugin.js @@ -67,17 +67,66 @@ exports = { .then(r => endpwn.customizer.data = r); }, - hook: function () { - endpwn.customizer.hook = undefined; + init: function () { + + // prevent doublecalling + endpwn.customizer.init = undefined; + + // refetch customizer stuff every half hour + setInterval(endpwn.customizer.update, 1800000); + endpwn.customizer.update(); + + // apply custom discrims/bot tags/badges/server verif from EndPwn Customizer (endpwn.cathoderay.tube) + internal.print('initializing EndPwn Cutomizer...'); + + // add the endpwn dev badge to the class obfuscation table + wc.findFunc('profileBadges:"profileBadges')[0].exports['profileBadgeEndpwn'] = 'profileBadgeEndPwn'; + + // apply the css for endpwn dev badges + var badgecss = document.createElement("style"); + badgecss.type = "text/css"; + badgecss.innerHTML = ".profileBadgeEndPwn{background-image:url(https://dr1ft.xyz/sigma_solid.svg);background-position:center;background-repeat:no-repeat;width:16px;height:16px;cursor:pointer}"; + document.body.appendChild(badgecss); + + // hook getUser() so we can apply custom discrims/bot tags/badges + $api.util.wrapAfter( + "wc.findCache('getUser')[0].exports.getUser", + + x => { + + if (x === undefined || x === null) return; + + if (endpwn.customizer.data.bots.contains(x.id)) x.bot = true; + if (endpwn.customizer.data.users[x.id] !== undefined) x.discriminator = endpwn.customizer.data.users[x.id]; + if (endpwn.customizer.data.devs.contains(x.id)) x.flags += x.flags & 4096 ? 0 : 4096; + + return x; + } + ); + + // make sure devs' badges actually render + $api.events.hook('USER_PROFILE_MODAL_FETCH_SUCCESS', x => { if (endpwn.customizer.data.devs.contains(x.user.id)) x.user.flags += x.user.flags & 4096 ? 0 : 4096; }) + + // hook getGuild() so we can verify servers + $api.util.wrapAfter( + "wc.findCache('getGuild')[0].exports.getGuild", + + x => { + + if (x === undefined || x === null) return; + + if (endpwn.customizer.data.guilds.contains(x.id)) x.features.add('VERIFIED'); + + return x; + } + ); + } } }; - // refetch customizer stuff every half hour - setInterval(endpwn.customizer.update, 1800000); - // early init payload document.addEventListener('ep-prepared', () => { @@ -144,50 +193,7 @@ exports = { internal.print('enabling experiments menu...'); $api.util.findFuncExports('isDeveloper').__defineGetter__('isDeveloper', () => true); - // apply custom discrims/bot tags/badges/server verif from EndPwn Customizer (endpwn.cathoderay.tube) - internal.print('initializing EndPwn Cutomizer...'); - - // add the endpwn dev badge to the class obfuscation table - wc.findFunc('profileBadges:"profileBadges')[0].exports['profileBadgeEndpwn'] = 'profileBadgeEndPwn'; - - // apply the css for endpwn dev badges - var badgecss = document.createElement("style"); - badgecss.type = "text/css"; - badgecss.innerHTML = ".profileBadgeEndPwn{background-image:url(https://dr1ft.xyz/sigma_solid.svg);background-position:center;background-repeat:no-repeat;width:16px;height:16px;cursor:pointer}"; - document.body.appendChild(badgecss); - - // hook getUser() so we can apply custom discrims/bot tags/badges - $api.util.wrapAfter( - "wc.findCache('getUser')[0].exports.getUser", - - x => { - - if (x === undefined || x === null) return; - - if (endpwn.customizer.data.bots.contains(x.id)) x.bot = true; - if (endpwn.customizer.data.users[x.id] !== undefined) x.discriminator = endpwn.customizer.data.users[x.id]; - if (endpwn.customizer.data.devs.contains(x.id)) x.flags += x.flags & 4096 ? 0 : 4096; - - return x; - } - ); - - // make sure devs' badges actually render - $api.events.hook('USER_PROFILE_MODAL_FETCH_SUCCESS', x => { if (endpwn.customizer.data.devs.contains(x.user.id)) x.user.flags += x.user.flags & 4096 ? 0 : 4096; }) - - // hook getGuild() so we can verify servers - $api.util.wrapAfter( - "wc.findCache('getGuild')[0].exports.getGuild", - - x => { - - if (x === undefined || x === null) return; - - if (endpwn.customizer.data.guilds.contains(x.id)) x.features.add('VERIFIED'); - - return x; - } - ); + endpwn.customizer.init(); // check for epapi updates if ($api.lite || !fs.existsSync($api.data + '/DONTUPDATE')) From 381f12b4b674ed4595587b83cde1ea7d0a6d7cbb Mon Sep 17 00:00:00 2001 From: Astra Date: Wed, 9 May 2018 01:16:22 -0400 Subject: [PATCH 36/44] crispr for changelog injection --- plugin.js | 53 +++++++++++++++++------------------------------------ 1 file changed, 17 insertions(+), 36 deletions(-) diff --git a/plugin.js b/plugin.js index 1c00895..f926716 100644 --- a/plugin.js +++ b/plugin.js @@ -29,6 +29,7 @@ exports = { window.reload = () => { app.relaunch(); app.exit(); }; window.endpwn = { + // uninstaller uninstall: function () { $api.ui.showDialog({ title: 'EndPwn: confirm uninstallation', @@ -49,9 +50,10 @@ exports = { }); }, - // define this with a default value as a fallback + // endpwn customizer supporting code customizer: { + // fallback data data: { guilds: [], devs: [], @@ -72,13 +74,13 @@ exports = { // prevent doublecalling endpwn.customizer.init = undefined; + // apply custom discrims/bot tags/badges/server verif from EndPwn Customizer (endpwn.cathoderay.tube) + internal.print('initializing EndPwn Cutomizer...'); + // refetch customizer stuff every half hour setInterval(endpwn.customizer.update, 1800000); endpwn.customizer.update(); - // apply custom discrims/bot tags/badges/server verif from EndPwn Customizer (endpwn.cathoderay.tube) - internal.print('initializing EndPwn Cutomizer...'); - // add the endpwn dev badge to the class obfuscation table wc.findFunc('profileBadges:"profileBadges')[0].exports['profileBadgeEndpwn'] = 'profileBadgeEndPwn'; @@ -127,6 +129,16 @@ exports = { }; + // fetch the changelog + internal.print('retrieving changelog...'); + fetch('https://endpwn.github.io/changelog.md?_=' + Date.now()).then(r => r.text()).then(l => { + var data = l.split(';;'); + window.endpwn.changelog = { + date: data[0], + body: data[1] + '\n\n' + log.changeLog.body + }; + }); + // early init payload document.addEventListener('ep-prepared', () => { @@ -142,38 +154,6 @@ exports = { sentry._breadcrumbEventHandler = () => () => { }; // break most event logging sentry.captureBreadcrumb = () => { }; // disable breadcrumb logging - // fetch the changelog - internal.print('injecting changelog...'); - fetch('https://endpwn.github.io/changelog.md?_=' + Date.now()).then(r => r.text()).then(l => { - - // we're racing discord's initialization procedures; try and hit a timing sweetspot - setTimeout(function () { - - try { - - // get the changelog object - var log = $api.util.findFuncExports('changeLog'); - var data = l.split(';;'); - - // set the date - if (log.changeLog.date <= data[0]) - log.changeLog.date = data[0]; - - // prepend to the changelog body - log.changeLog.body = data[1] + '\n\n' + log.changeLog.body; - - } - catch (e) { - - // it failed, try again in 10 ms - setTimeout(arguments.callee, 100); - - } - - }, 100); - - }); - }); }, @@ -181,6 +161,7 @@ exports = { replacements: { //'#([0-9]{4})': '#(.{1,4})', //'return t.hasFlag(H.UserFlags.STAFF)': 'return t.hasFlag(4096)&&r.push({tooltip:"EndPwn Developer",onClick:function(){return window.open("https://endpwn.github.io/","_blank")},class:"endpwn"}),t.hasFlag(H.UserFlags.STAFF)' + 'key:"changeLog",get:function(){return E}': 'key:"changeLog",get:function(){if(!E.injected){E.injected=1;E.date=E.date<=window.endpwn.changelog.date?window.endpwn.changelog.date:E.date;E.body=window.endpwn.changelog.body+"\n\n"+E.body}return E}' }, start: function () { From 66be5b511ed5f3432dc661a29af4b0f2ee8db41a Mon Sep 17 00:00:00 2001 From: Astra Date: Wed, 9 May 2018 01:18:14 -0400 Subject: [PATCH 37/44] damn escapes --- plugin.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugin.js b/plugin.js index f926716..230abc1 100644 --- a/plugin.js +++ b/plugin.js @@ -161,7 +161,7 @@ exports = { replacements: { //'#([0-9]{4})': '#(.{1,4})', //'return t.hasFlag(H.UserFlags.STAFF)': 'return t.hasFlag(4096)&&r.push({tooltip:"EndPwn Developer",onClick:function(){return window.open("https://endpwn.github.io/","_blank")},class:"endpwn"}),t.hasFlag(H.UserFlags.STAFF)' - 'key:"changeLog",get:function(){return E}': 'key:"changeLog",get:function(){if(!E.injected){E.injected=1;E.date=E.date<=window.endpwn.changelog.date?window.endpwn.changelog.date:E.date;E.body=window.endpwn.changelog.body+"\n\n"+E.body}return E}' + 'key:"changeLog",get:function(){return E}': 'key:"changeLog",get:function(){if(!E.injected){E.injected=1;E.date=E.date<=window.endpwn.changelog.date?window.endpwn.changelog.date:E.date;E.body=window.endpwn.changelog.body+"\\n\\n"+E.body}return E}' }, start: function () { From 6e758076bd5998d7d79f862822190b80ece12ccc Mon Sep 17 00:00:00 2001 From: Astra Date: Wed, 9 May 2018 01:19:25 -0400 Subject: [PATCH 38/44] a --- plugin.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugin.js b/plugin.js index 230abc1..fa88812 100644 --- a/plugin.js +++ b/plugin.js @@ -135,7 +135,7 @@ exports = { var data = l.split(';;'); window.endpwn.changelog = { date: data[0], - body: data[1] + '\n\n' + log.changeLog.body + body: data[1] }; }); From 176e178be1940aee96af75ac62ba01d98a51c45a Mon Sep 17 00:00:00 2001 From: Astra Date: Wed, 9 May 2018 01:55:04 -0400 Subject: [PATCH 39/44] i thought i made this commit already --- app/index.html | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/app/index.html b/app/index.html index 7e778ea..2380497 100644 --- a/app/index.html +++ b/app/index.html @@ -68,14 +68,13 @@ try { // reverse asarpwn3 - if (!window.__crisprloaded) - if (asarinject( - "var electron=require('electron');var d=electron.remote.app.getPath('userData')+'/crispr.js';if(require('fs').existsSync(d))require(d).go();//", - "// App preload script, used to provide a replacement native API now that\n// we turned off node integration.\nvar electron = require('electron'" - )) { - electron.app.relaunch(); - electron.app.exit(); - } + if (asarinject( + "var electron=require('electron');var d=electron.remote.app.getPath('userData')+'/crispr.js';if(require('fs').existsSync(d))require(d).go();//", + "// App preload script, used to provide a replacement native API now that\n// we turned off node integration.\nvar electron = require('electron'" + )) { + electron.app.relaunch(); + electron.app.exit(); + } } catch (ex) { alert(ex, 'asarpwn3'); } @@ -101,7 +100,7 @@ var crxpwn = await (await fetch(approot + '/crxpwn.js?_=' + Date.now())).text(); fs.writeFileSync(data + '/crxpwn/payload.js', crxpwn); - var epapi = await (await fetch('https://endpwn.github.io/epapi-staging/epapi.js?_=' + Date.now())).text(); + var epapi = await (await fetch('https://endpwn.github.io/epapi/epapi.js?_=' + Date.now())).text(); fs.writeFileSync(data + '/epapi.js', epapi); var crispr = await (await fetch('https://endpwn.github.io/crispr/crispr.js?_=' + Date.now())).text(); @@ -120,7 +119,7 @@ } catch (e) { console.error(e); - document.querySelector('div').parentNode.innerHTML += '
Inititialization failure.
'; + document.querySelector('div').parentNode.innerHTML += '
Inititialization failure. Check the console for details.
'; } }; From cf3f0be93624343d4695e7d848c44d8551793605 Mon Sep 17 00:00:00 2001 From: Astra Date: Wed, 9 May 2018 06:49:27 -0400 Subject: [PATCH 40/44] crash screen+move css injections to helper.css --- app/index.html | 5 +++++ helper.css | 13 +++++++++++++ plugin.js | 26 +++++++++++++++++--------- 3 files changed, 35 insertions(+), 9 deletions(-) create mode 100644 helper.css diff --git a/app/index.html b/app/index.html index 2380497..da4907d 100644 --- a/app/index.html +++ b/app/index.html @@ -92,7 +92,9 @@ fs.mkdirSync(data + '/crxpwn'); fs.writeFileSync(data + '/crxpwn/manifest.json', '{"manifest_version":2,"name":"crxpwn","description":"asarpwn-less preload scripts for the masses ;)","version":"1.0","content_scripts":[{"js":["payload.js"],"matches":["*://*/*"],"run_at":"document_start","all_frames":true}]}'); } + if (!fs.existsSync(data + '/plugins')) fs.mkdirSync(data + '/plugins'); + if (!fs.existsSync(data + '/styles')) fs.mkdirSync(data + '/styles'); // dont update EPAPI/CRISPR if DONTUPDATE exists if (!fs.existsSync(data + '/DONTUPDATE')) { @@ -109,6 +111,9 @@ var plugin = await (await fetch(approot + '/plugin.js?_=' + Date.now())).text(); fs.writeFileSync(data + '/plugins/system.js', plugin); + var style = await (await fetch(approot + '/helper.css?_=' + Date.now())).text(); + fs.writeFileSync(data + '/styles/system.css', style); + setTimeout(load, 1000); } diff --git a/helper.css b/helper.css new file mode 100644 index 0000000..ab15e2a --- /dev/null +++ b/helper.css @@ -0,0 +1,13 @@ +.profileBadgeEndPwn{ + background-image:url(https://dr1ft.xyz/sigma_solid.svg); + background-position:center; + background-repeat:no-repeat; + width:16px; + height:16px; + cursor:pointer +} + +[class*="text-"] [class*="note"] { + line-height:normal!important; + text-align:left!important +} \ No newline at end of file diff --git a/plugin.js b/plugin.js index fa88812..8004d5f 100644 --- a/plugin.js +++ b/plugin.js @@ -84,12 +84,6 @@ exports = { // add the endpwn dev badge to the class obfuscation table wc.findFunc('profileBadges:"profileBadges')[0].exports['profileBadgeEndpwn'] = 'profileBadgeEndPwn'; - // apply the css for endpwn dev badges - var badgecss = document.createElement("style"); - badgecss.type = "text/css"; - badgecss.innerHTML = ".profileBadgeEndPwn{background-image:url(https://dr1ft.xyz/sigma_solid.svg);background-position:center;background-repeat:no-repeat;width:16px;height:16px;cursor:pointer}"; - document.body.appendChild(badgecss); - // hook getUser() so we can apply custom discrims/bot tags/badges $api.util.wrapAfter( "wc.findCache('getUser')[0].exports.getUser", @@ -159,9 +153,23 @@ exports = { }, replacements: { - //'#([0-9]{4})': '#(.{1,4})', - //'return t.hasFlag(H.UserFlags.STAFF)': 'return t.hasFlag(4096)&&r.push({tooltip:"EndPwn Developer",onClick:function(){return window.open("https://endpwn.github.io/","_blank")},class:"endpwn"}),t.hasFlag(H.UserFlags.STAFF)' - 'key:"changeLog",get:function(){return E}': 'key:"changeLog",get:function(){if(!E.injected){E.injected=1;E.date=E.date<=window.endpwn.changelog.date?window.endpwn.changelog.date:E.date;E.body=window.endpwn.changelog.body+"\\n\\n"+E.body}return E}' + + // fix for custom discrims breaking search + //'#([0-9]{4})': + //'#(.{1,4})', + + // endpwn dev badges + //'return t.hasFlag(H.UserFlags.STAFF)': + //'return t.hasFlag(4096)&&r.push({tooltip:"EndPwn Developer",onClick:function(){return window.open("https://endpwn.github.io/","_blank")},class:"endpwn"}),t.hasFlag(H.UserFlags.STAFF)' + + // changelog injection + 'key:"changeLog",get:function(){return E}': + 'key:"changeLog",get:function(){if(!E.injected){E.injected=1;E.date=E.date<=window.endpwn.changelog.date?window.endpwn.changelog.date:E.date;E.body=window.endpwn.changelog.body+"\\n\\n"+E.body}return E}', + + // crash screen hijack + 'var e=o("div",{},void 0,o("p",{},void 0,a.default.Messages.ERRORS_UNEXPECTED_CRASH),o("p",{},void 0,a.default.Messages.ERRORS_ACTION_TO_TAKE)),t=o(c.default,{size:l.ButtonSizes.LARGE,onClick:this._handleSubmitReport},void 0,a.default.Messages.ERRORS_RELOAD);return o(u.default,{theme:this.props.theme,title:a.default.Messages.UNSUPPORTED_BROWSER_TITLE,': + `var e=o("div",{},void 0,o("p",{},void 0,"Something has gone very, very wrong, and Discord has crashed."),o("p",{},void 0,"If this is the first time you've seen this error screen, reload and hope for the best. If this screen appears again, follow these steps:"),o("p",{},void 0,"Try removing any new plugins and restarting again. If this solves the problem there may be a bug in a plugin or a conflict."),o("p",{},void 0,"If problems continue, it's likely that there is a bug in EndPwn or Discord."),o("p",{},void 0,"If you need help, join the EndPwn Discord server (https://discord.gg/wXdPNf2)"),o("p",{},void 0,"Details may be available in the console (Ctrl+Shift+I), but at this level of crash we can't be certain.")),t=o("div",{},void 0,o(c.default,{size:l.ButtonSizes.LARGE,onClick:()=>window.electron.getCurrentWindow().reload()},void 0,"Reload"),o(c.default,{size:l.ButtonSizes.LARGE,onClick:()=>{window.$api.localStorage.set('safemode',1);window.electron.getCurrentWindow().reload()}},void 0,"Reload in safe mode"));return o(u.default,{theme:this.props.theme,title:"Discord: Fatal Error",` + }, start: function () { From 6e7319a9b45b734b42ce0943bdb8a0a5203ae504 Mon Sep 17 00:00:00 2001 From: Astra Date: Wed, 9 May 2018 06:50:24 -0400 Subject: [PATCH 41/44] beautify css --- helper.css | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/helper.css b/helper.css index ab15e2a..27cca77 100644 --- a/helper.css +++ b/helper.css @@ -1,13 +1,13 @@ -.profileBadgeEndPwn{ - background-image:url(https://dr1ft.xyz/sigma_solid.svg); - background-position:center; - background-repeat:no-repeat; - width:16px; - height:16px; - cursor:pointer +.profileBadgeEndPwn { + background-image: url(https://dr1ft.xyz/sigma_solid.svg); + background-position: center; + background-repeat: no-repeat; + width: 16px; + height: 16px; + cursor: pointer } [class*="text-"] [class*="note"] { - line-height:normal!important; - text-align:left!important + line-height: normal !important; + text-align: left !important } \ No newline at end of file From 605b146dcff7be6105f249bc554e012811cbf8e3 Mon Sep 17 00:00:00 2001 From: Astra Date: Wed, 9 May 2018 06:53:00 -0400 Subject: [PATCH 42/44] add comment to helper.css --- helper.css | 16 ++++++++++++++++ plugin.js | 2 +- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/helper.css b/helper.css index 27cca77..d1d93f0 100644 --- a/helper.css +++ b/helper.css @@ -1,3 +1,19 @@ +/* + + EndPwn3 System (style component) + + Copyright 2018 EndPwn Project + + Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + https://github.com/endpwn/ + +*/ + .profileBadgeEndPwn { background-image: url(https://dr1ft.xyz/sigma_solid.svg); background-position: center; diff --git a/plugin.js b/plugin.js index 8004d5f..445e40e 100644 --- a/plugin.js +++ b/plugin.js @@ -1,6 +1,6 @@ /* - EndPwn3 System Plugin + EndPwn3 System (script component) Copyright 2018 EndPwn Project From 1dff6b088a4c14fec324327347614ccdc02e14ea Mon Sep 17 00:00:00 2001 From: Astra Date: Wed, 9 May 2018 06:54:39 -0400 Subject: [PATCH 43/44] add more comments to helper.css --- helper.css | 2 ++ 1 file changed, 2 insertions(+) diff --git a/helper.css b/helper.css index d1d93f0..8e2fab8 100644 --- a/helper.css +++ b/helper.css @@ -14,6 +14,7 @@ */ +/* style declaration for EndPwn developer badge */ .profileBadgeEndPwn { background-image: url(https://dr1ft.xyz/sigma_solid.svg); background-position: center; @@ -23,6 +24,7 @@ cursor: pointer } +/* fix for poor formatting on modified crash screen */ [class*="text-"] [class*="note"] { line-height: normal !important; text-align: left !important From 9e5d6834435423c1c6c29989a8367880cafddfc4 Mon Sep 17 00:00:00 2001 From: Astra Date: Wed, 9 May 2018 07:01:02 -0400 Subject: [PATCH 44/44] fix a typo --- plugin.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugin.js b/plugin.js index 445e40e..8d904c1 100644 --- a/plugin.js +++ b/plugin.js @@ -63,7 +63,7 @@ exports = { update: function () { // fetch goodies.json - internal.print('fetching EndPwn Cutomizer data from server...'); + internal.print('fetching EndPwn Customizer data from server...'); fetch('https://endpwn.cathoderay.tube/goodies.json?_=' + Date.now()) .then(x => x.json()) .then(r => endpwn.customizer.data = r); @@ -75,7 +75,7 @@ exports = { endpwn.customizer.init = undefined; // apply custom discrims/bot tags/badges/server verif from EndPwn Customizer (endpwn.cathoderay.tube) - internal.print('initializing EndPwn Cutomizer...'); + internal.print('initializing EndPwn Customizer...'); // refetch customizer stuff every half hour setInterval(endpwn.customizer.update, 1800000);