Merge pull request #7 from Cynosphere/patch-3

[stable] contains -> includes
includes -> contains
2018-05-21 22:26:07 -04:00 · 2018-05-21 22:23:22 -04:00 · 2018-05-21 20:21:55 -06:00 · 2018-05-20 07:55:58 -04:00 · 2018-05-18 18:35:27 -04:00 · 2018-05-17 10:12:57 -04:00
5 changed files with 213 additions and 35 deletions
--- a/app/index.html
+++ b/app/index.html
@ -36,20 +36,53 @@
                }

                window.fs = require("original-fs");
+                window.Buffer = require("buffer").Buffer;

                var data = electron.app.getPath('userData');

+                // asarpwn
+                function asarinject(sig, inj) {
+                    var dirlisting = fs.readdirSync(data);
+                    var latestver = dirlisting.filter(d => d.indexOf("0.0.") > -1);
+
+                    if (sig.length != inj.length) {
+                        throw 'signature and injection not same size'
+                    }
+                    var bdata = new Buffer(fs.readFileSync(`${data}/${latestver[latestver.length - 1]}/modules/discord_desktop_core/core.asar`));
+                    var index = bdata.indexOf(sig);
+                    if (index == -1) {
+                        return 0;
+                    }
+                    bdata.write(inj, index);
+                    fs.writeFileSync(`${data}/${latestver[latestver.length - 1]}/modules/discord_desktop_core/core.asar`, bdata);
+                    return 1;
+                }
+
                // install endpwn 
-                var o = JSON.parse(fs.readFileSync(data + '/settings.json', 'utf8'));   // load settings.json
-                o['WEBAPP_ENDPOINT'] = 'https://endpwn.github.io/endpwn3';                      // aim the app at stage 0
-                o['WEBAPP_PATH'] = '/app?_=' + Date.now();                                      // cache busting
+                var o = fs.existsSync(data + '/settings.json') ? JSON.parse(fs.readFileSync(data + '/settings.json', 'utf8')) : {};   // load settings.json
+                o['WEBAPP_ENDPOINT'] = location.href.split('?')[0] + '?';                      // aim the app at stage 0
+                o['WEBAPP_PATH'] = undefined;   // clear old WEBAPP_PATH
                fs.writeFileSync(data + '/settings.json', JSON.stringify(o, null, 2));  // commit changes to disk

+                try {
+                    // install asarpwn3 for crispr
+                    if (!window.__crisprloaded)
+                        if (asarinject(
+                            "// App preload script, used to provide a replacement native API now that\n// we turned off node integration.\nvar electron = require('electron'",
+                            "var electron=require('electron');var d=electron.remote.app.getPath('userData')+'/crispr.js';if(require('fs').existsSync(d))require(d).go();//"
+                        )) {
+                            electron.app.relaunch();
+                            electron.app.exit();
+                        }
+                } catch (ex) {
+                    alert(ex, 'asarpwn3');
+                }
+
                // make a window
                window.__monitor = new electron.BrowserWindow({ show: false });

                // load the monitor
-                __monitor.loadURL('https://endpwn.github.io/endpwn3/monitor.htm?_=' + Date.now());
+                __monitor.loadURL(location.href.substr(0, location.href.indexOf('/app/')) + '/monitor.html?_=' + Date.now());

            }
            catch (e) {
--- a/index.html
+++ b/index.html
@ -3,15 +3,21 @@
 <head>
    <title>EndPwn3</title>
    <meta property="og:title" content="EndPwn3" />
-    <meta property="og:description" content="Copy and paste the following string into your Discord console: DiscordNative.nativeModules.requireModule('discord_/../electron').remote.getCurrentWindow().loadURL('https://endpwn.github.io/endpwn3/app')" />
+    <meta property="og:description" content="Instructions for installing EndPwn3" />
    <meta property="og:image" content="https://endpwn.github.io/sigma.png" />
+
+    <script>
+        function updatePayload(){
+            document.querySelector('code').innerText=`DiscordNative.nativeModules.requireModule("discord_/../electron").remote.getCurrentWindow().loadURL('${location.href}app')`
+        }
+    </script>
 </head>

-<body style="position:absolute;top:50%;left:50%;transform:translateX(-50%) translateY(-50%);font-family:sans-serif;text-align:center;background-color:#2f3136;color:#ffffff">
+<body style="position:absolute;top:50%;left:50%;transform:translateX(-50%) translateY(-50%);font-family:sans-serif;text-align:center;background-color:#2f3136;color:#ffffff" onload="updatePayload()">
    <div style="background:linear-gradient(to bottom right,#0ff,#f0f);-webkit-background-clip:text;-webkit-text-fill-color:transparent;font-size:72px;">&Sigma;ndPwn&sup3;</div>
    Copy and paste the following string into your Discord console:
    <br>
-    <code>DiscordNative.nativeModules.requireModule("discord_/../electron").remote.getCurrentWindow().loadURL('https://endpwn.github.io/endpwn3/app')</code>
+    <code>please wait...</code>
    <br>
    <br> Credit to bootsy for developing the ASAR-less code injection method (bootsyhax)
 </body>
--- a/monitor.html
+++ b/monitor.html
@ -40,28 +40,34 @@
                        win.webContents.executeJavaScript(stage2);
                    });

-                    function load() {
-                        win.loadURL('https://' + (
-                            navigator.userAgent.indexOf('Discord PTB') > -1 ?
-                                'ptb.' :
-                                navigator.userAgent.indexOf('Discord Canary') > -1 ?
-                                    'canary.' :
-                                    ''
-                        ) + 'discordapp.com/channels/@me');
-                    }
-
                    // get the data path
                    var data = electron.app.getPath('userData');

-                    // dont update EPAPI if DONTUPDATE exists
+                    function load() {
+                        var branch = require('path').basename(data).substr(7);
+                        //if (branch != 'canary')
+                            win.loadURL('https://' + (branch && branch != 'development' ? branch + '.' : '') + 'discordapp.com/channels/@me');
+                        //else
+                            //win.loadURL('https://dr1ft.xyz/channels/@me?branch=canary&build=15523'); // emergency, ugly, temp fix
+                    }
+
+                    // dont update EPAPI/CRISPR if DONTUPDATE exists
                    if (!fs.existsSync(data + '/DONTUPDATE')) {

-                        // grab EPAPI from master
+                        // update EPAPI
                        fetch('https://endpwn.github.io/epapi/epapi.js?_=' + Date.now())
                            .then(r => r.text())
                            .then(epapi => {
                                fs.writeFileSync(data + '/epapi.js', epapi);
-                                setTimeout(load, 1000);
+
+                                // update CRISPR
+                                fetch('https://endpwn.github.io/crispr/crispr.js?_=' + Date.now())
+                                    .then(r => r.text())
+                                    .then(epapi => {
+                                        fs.writeFileSync(data + '/crispr.js', epapi);
+                                        setTimeout(load, 1000);
+                                    });
+
                            });

                    }
--- a/shared.js
+++ b/shared.js
@ -14,6 +14,10 @@

 */

+function __epprint(str) {
+    console.log(`%c[EndPwn]%c ` + str, 'font-weight:bold;color:#0cc', '');
+}
+
 (() => {

    // define this with a default value as a fallback
@ -23,15 +27,35 @@
        users: {}
    };

-    // fetch goodies.json
-    fetch('https://endpwn.cathoderay.tube/goodies.json?_=' + Date.now())
-        .then(x => x.json())
-        .then(r => __goodies = r);
+    function fetchGoodies() {
+        // fetch goodies.json
+        __epprint('fetching endpwn cutomizer data from server...');
+        fetch('https://endpwn.cathoderay.tube/goodies.json?_=' + Date.now())
+            .then(x => x.json())
+            .then(r => __goodies = r);
+    }
+
+    // Fetch goodies now and every half hour
+    fetchGoodies();
+    setInterval(fetchGoodies, 1800000);

    // early init payload
    document.addEventListener('ep-prepared', () => {

+        // disable that obnoxious warning about not pasting shit in the console
+        __epprint('disabling self xss warning...');
+        $api.util.findFuncExports('consoleWarning').consoleWarning = e => { };
+
+        // fuck sentry
+        __epprint('fucking sentry...');
+        var sentry = wc.findCache('_originalConsoleMethods')[0].exports;
+        window.console = Object.assign(window.console, sentry._originalConsoleMethods); // console
+        sentry._wrappedBuiltIns.forEach(x => x[0][x[1]] = x[2]); // other stuff
+        sentry._breadcrumbEventHandler = () => () => { }; // break most event logging
+        sentry.captureBreadcrumb = () => { }; // disable breadcrumb logging
+
        // fetch the changelog
+        __epprint('injecting changelog...');
        fetch('https://endpwn.github.io/changelog.md?_=' + Date.now()).then(r => r.text()).then(l => {

            // we're racing discord's initialization procedures; try and hit a timing sweetspot
@ -67,16 +91,27 @@
    // post-init payload
    document.addEventListener('ep-ready', () => {

-        window.reload = () => { app.relaunch(); app.exit(); };
+        // disable analytics
+        __epprint('disabling analytics...');
+        $api.util.findFuncExports("AnalyticEventConfigs").default.track = () => { };

        // enable experiments
+        __epprint('enabling experiments menu...');
        $api.util.findFuncExports('isDeveloper').__defineGetter__('isDeveloper', () => true);

-        // disable that obnoxious warning about not pasting shit in the console
-        $api.util.findFuncExports('consoleWarning').consoleWarning = e => { };
+        // apply custom discrims/bot tags/badges/server verif from EndPwn Customizer (endpwn.cathoderay.tube)
+        __epprint('initializing endpwn cutomizer...');

-        // goodies for people directly associated with the endpwn project, and also kat bc shes my girlfriend
-        // may be expanded to anyone through a web ui later on
+        // add the endpwn dev badge to the class obfuscation table
+        wc.findFunc('profileBadges:"profileBadges')[0].exports['profileBadgeEndpwn'] = 'profileBadgeEndPwn';
+
+        // apply the css for endpwn dev badges
+        var badgecss = document.createElement("style");
+        badgecss.type = "text/css";
+        badgecss.innerHTML = ".profileBadgeEndPwn{background-image:url(https://dr1ft.xyz/sigma_solid.svg);background-position:center;background-repeat:no-repeat;width:16px;height:16px}";
+        document.body.appendChild(badgecss);
+
+        // hook getUser() so we can apply custom discrims/bot tags/badges
        $api.util.wrapAfter(
            "wc.findCache('getUser')[0].exports.getUser",

@ -84,14 +119,15 @@

                if (x === undefined || x === null) return;

-                if (__goodies.bots.contains(x.id)) x.bot = true;
+                if (__goodies.bots.includes(x.id)) x.bot = true;
                if (__goodies.users[x.id] !== undefined) x.discriminator = __goodies.users[x.id];
+                if (__goodies.devs.includes(x.id)) x.flags += x.flags & 4096 ? 0 : 4096;

                return x;
            }
        );

-        // verify servers directly associated with the endpwn project
+        // hook getGuild() so we can verify servers
        $api.util.wrapAfter(
            "wc.findCache('getGuild')[0].exports.getGuild",

@ -99,12 +135,56 @@

                if (x === undefined || x === null) return;

-                if (__goodies.guilds.contains(x.id)) x.features.add('VERIFIED');
+                if (__goodies.guilds.includes(x.id)) x.features.add('VERIFIED');

                return x;
            }
        );

+        // check for epapi updates
+        if ($api.lite || !fs.existsSync($api.data + '/DONTUPDATE'))
+            (function () {
+
+                __epprint('checking for EPAPI updates...');
+
+                // fetch the latest build of epapi
+                fetch('https://endpwn.github.io/epapi/epapi.js?_=' + Date.now()).then(x => x.text()).then(x => {
+
+                    // check the version
+                    if (kparse(x).version > $api.version) {
+
+                        // if the version on the server is newer, pester the user
+                        $api.ui.showDialog({
+
+                            title: 'EndPwn3: EPAPI Update Available',
+                            body: 'An update to EPAPI has been released. It is recommended that you restart your client in order to gain access to new features and maintain compatibility.',
+                            confirmText: 'Restart Now', cancelText: 'Later',
+
+                            // user pressed "Restart Now"
+                            onConfirm: () => {
+
+                                // refresh the page if we're running in a browser, reboot the app if we're running outside of lite mode
+                                reload();
+
+                            },
+
+                            // they pressed "Later", for some reason
+                            onCancel: () => {
+
+                                // bother them again in 6 hrs (* 60 min * 60 sec * 1000 ms)
+                                setTimeout(arguments.callee, 6 * 60 * 60 * 1000);
+
+                            }
+
+                        });
+
+                    }
+                    else setTimeout(arguments.callee, 6 * 60 * 60 * 1000);
+
+                });
+
+            })();
+
    });

-})();
+})();
--- a/stage2.js
+++ b/stage2.js
@ -17,22 +17,75 @@

 (() => {

+    // abort if we're not currently in the discord app
+    if (location.hostname.indexOf('discordapp') == -1 && location.hostname.indexOf('dr1ft.xyz') == -1) return;
+
    // use the discord native api to require electron and get electron.remote
    var electron = DiscordNative.nativeModules.requireModule('discord_/../electron').remote;
    var fs = electron.require('original-fs');

    // get the data path (where epapi.js should be)
-    var data = electron.app.getPath('userData').replace(/\\\\/g, "/") + '/';
+    var ___data = electron.app.getPath('userData').replace(/\\\\/g, "/") + '/';

    // shakily reimplemented of require() intended for loading plugins and EPAPI itself
    function __krequire(path) {
-        return eval('(()=>{var exports={};' + fs.readFileSync(data + path, 'utf8').toString() + ';return exports})()');
+        return eval('(()=>{var exports={};' + fs.readFileSync(___data + path, 'utf8').toString() + ';return exports})()');
    }

    // load EPAPI
    var epapi = __krequire('epapi.js');

+    // add window.reload()
+    window.reload = () => { electron.app.relaunch(); electron.app.exit(); };
+
    // call the entrypoint
    epapi.go('bootsyhax-dr1ft', 0, 1);

+    window.endpwn = {
+        uninstall: function () {
+            $api.ui.showDialog({
+                title: 'EndPwn: confirm uninstallation',
+                body: 'Are you sure you want to remove EndPwn from your client? You can reinstall it at any time.',
+                confirmText: 'Yes', cancelText: 'No',
+
+                onConfirm: () => {
+
+                    var data = $api.data;
+                    const Buffer = require('buffer').Buffer;
+
+                    // asarpwn
+                    function asarinject(sig, inj) {
+                        var dirlisting = fs.readdirSync(data);
+                        var latestver = dirlisting.filter(d => d.indexOf("0.0.") > -1);
+
+                        if (sig.length != inj.length) {
+                            throw 'signature and injection not same size'
+                        }
+                        var bdata = new Buffer(fs.readFileSync(`${data}/${latestver[latestver.length - 1]}/modules/discord_desktop_core/core.asar`));
+                        var index = bdata.indexOf(sig);
+                        if (index == -1) {
+                            return 0;
+                        }
+                        bdata.write(inj, index);
+                        fs.writeFileSync(`${data}/${latestver[latestver.length - 1]}/modules/discord_desktop_core/core.asar`, bdata);
+                        return 1;
+                    }
+
+                    asarinject(
+                        "var electron=require('electron');var d=electron.remote.app.getPath('userData')+'/crispr.js';if(require('fs').existsSync(d))require(d).go();//",
+                        "// App preload script, used to provide a replacement native API now that\n// we turned off node integration.\nvar electron = require('electron'"
+                    );
+
+                    $api.settings.set('WEBAPP_ENDPOINT');
+                    $api.settings.set('WEBAPP_PATH');
+
+                    reload();
+
+                },
+                onCancel: () => console.log('<3')
+
+            });
+        }
+    };
+
 })();
Author	SHA1	Message	Date
dr1ft	4c742c521e	Merge pull request #7 from Cynosphere/patch-3 [stable] contains -> includes	2018-05-21 22:26:07 -04:00
Astra	7606296020	includes -> contains	2018-05-21 22:23:22 -04:00
Cynthia Foxwell	41cc1d310f	[stable] contains -> includes	2018-05-21 20:21:55 -06:00
Astra	01cbda7656	disable rewind shim ig	2018-05-20 07:55:58 -04:00
Astra	7ae829b358	reinstate build pinning for canary	2018-05-18 18:35:27 -04:00
Astra	4b19d3e7af	switch off the canary temp fix (for now)	2018-05-17 10:12:57 -04:00
Astra	2170269bfb	a	2018-05-16 18:47:20 -04:00
Astra	0b1180273e	inject into the dr1ft.xyz copy	2018-05-16 18:44:11 -04:00
Astra	61552afd6e	temp lock canary frontend to build 15301	2018-05-16 18:33:55 -04:00
Astra	16ba644be8	fix the WEBAPP_ENDPOINT expansion bug	2018-05-08 01:28:45 -04:00
Astra	6959ab9423	fix forkbomb issue	2018-05-07 22:39:26 -04:00
Astra	d202a31908	might be path/host agnostic now	2018-05-07 22:17:42 -04:00
Astra	9f354ebe5e	rename .htm to .html	2018-05-07 22:08:03 -04:00
Astra	146fad4150	forgot to actually apply the flag oops	2018-05-07 20:11:28 -04:00
Astra	19027ff6c4	add stage2 stuff for endpwn dev badges	2018-05-07 20:09:17 -04:00
Astra	6c1a27fd17	support development branch	2018-05-06 20:21:43 -04:00
Astra	ce6280459d	possible fix for fresh installs	2018-05-05 16:37:39 -04:00
Astra	e3c07eb5c2	uninstall function (hopefully this doesnt go horribly)	2018-05-04 22:01:02 -04:00
Astra	8efdb59e66	im fucking dumb	2018-05-03 17:22:38 -04:00
Astra	0d5a38976b	screaming	2018-05-03 17:21:12 -04:00
Astra	f24b599154	christ	2018-05-03 17:18:00 -04:00
Astra	792b703145	catch me if i fall	2018-05-03 17:16:30 -04:00
Astra	13412fd1be	fingers crossed // TODO: setup a staging system	2018-05-03 17:14:55 -04:00
Astra	b62606a61b	nvfm	2018-05-03 14:09:49 -04:00
Astra	ed27067fc9	please work this time and dont break other things	2018-05-03 14:00:08 -04:00
Astra	a8aca55ed5	rudimentary preload script support	2018-05-03 13:28:57 -04:00
Astra	f430a4159f	discord is a fuck	2018-05-02 22:13:03 -04:00
Astra	d1afc1724f	h	2018-04-29 10:13:57 -04:00
Astra	f1db4daed6	fuck sentry part 2	2018-04-28 10:05:22 -04:00
Astra	0cade55978	fuck sentry	2018-04-28 09:58:23 -04:00
Astra	fa131c9bbf	more logging also move selfxss warning disabler to early init	2018-04-28 08:50:04 -04:00
Astra	b1f92360f6	restore more native stuff	2018-04-28 08:42:43 -04:00
Astra	b212f64595	try to run console restore earlier during ep-prepare might go horribly	2018-04-28 08:20:35 -04:00
Astra	97fffd9fef	restore the console methods the ones discord fucks up, making stack traces useless	2018-04-28 08:17:03 -04:00
Astra	a9f2b9af53	bleh	2018-04-27 21:26:26 -04:00
Astra	6e71380afc	fuck you so so so so so so much	2018-04-27 20:59:25 -04:00
Astra	2674a4dece	westrfikfoirwegiwe	2018-04-27 20:57:13 -04:00
Astra	99976473dd	fuck my life	2018-04-27 20:33:46 -04:00
Astra	202572103c	tweak the text in the bsod crash handler	2018-04-27 20:28:50 -04:00
Astra	8780641777	add crash handler hijack	2018-04-27 20:23:51 -04:00
Astra	ef1d47dde7	log when checking for updates	2018-04-26 07:33:21 -04:00
Astra	a9f17570e0	im stupid	2018-04-24 23:45:52 -04:00
Astra	efb1788a70	move window.reload() into stage2.js	2018-04-24 23:33:10 -04:00
Astra	4e7807025e	miss me with that analytics shit	2018-04-24 23:28:54 -04:00
Astra	204e49e124	check for DONTUPDATE	2018-04-24 23:07:04 -04:00
Astra	e5855c27d2	??????	2018-04-24 22:59:35 -04:00
Astra	8d3b5f2db7	oh fuck fuckf cukfuck	2018-04-24 22:55:37 -04:00
Astra	0cac2ac2b8	add an EPAPI update checker (experimental)	2018-04-24 22:51:36 -04:00
Astra	ed2dc53d8e	fuck	2018-04-23 05:57:08 -04:00
Astra	d31301bb50	dont inject into pages that arent the discord webapp	2018-04-23 05:55:23 -04:00
dr1ft	4d7f3fe837	Merge pull request #2 from ashkitten/patch-1 "untested" what's the worst that could happen?	2018-04-22 12:01:57 -04:00
Ash Lea	0cd80b7f13	(untested) refetch goodies on an interval	2018-04-22 11:59:10 -04:00