crucible 0.1.2

data/lib/crucible/stealth/evasions/chrome_runtime.js

@@ -0,0 +1,190 @@
+/**
+ * Evasion: chrome.runtime
+ * Mock the chrome.runtime object on secure origins.
+ */
+(function() {
+  'use strict';
+
+  const utils = window._stealthUtils;
+  if (!utils) return;
+
+  if (!window.chrome) {
+    Object.defineProperty(window, 'chrome', {
+      writable: true,
+      enumerable: true,
+      configurable: false,
+      value: {}
+    });
+  }
+
+  const existsAlready = 'runtime' in window.chrome;
+  const isNotSecure = !window.location.protocol.startsWith('https');
+  if (existsAlready || isNotSecure) {
+    return;
+  }
+
+  const STATIC_DATA = {
+    OnInstalledReason: {
+      CHROME_UPDATE: 'chrome_update',
+      INSTALL: 'install',
+      SHARED_MODULE_UPDATE: 'shared_module_update',
+      UPDATE: 'update'
+    },
+    OnRestartRequiredReason: {
+      APP_UPDATE: 'app_update',
+      OS_UPDATE: 'os_update',
+      PERIODIC: 'periodic'
+    },
+    PlatformArch: {
+      ARM: 'arm',
+      ARM64: 'arm64',
+      MIPS: 'mips',
+      MIPS64: 'mips64',
+      X86_32: 'x86-32',
+      X86_64: 'x86-64'
+    },
+    PlatformNaclArch: {
+      ARM: 'arm',
+      MIPS: 'mips',
+      MIPS64: 'mips64',
+      X86_32: 'x86-32',
+      X86_64: 'x86-64'
+    },
+    PlatformOs: {
+      ANDROID: 'android',
+      CROS: 'cros',
+      LINUX: 'linux',
+      MAC: 'mac',
+      OPENBSD: 'openbsd',
+      WIN: 'win'
+    },
+    RequestUpdateCheckStatus: {
+      NO_UPDATE: 'no_update',
+      THROTTLED: 'throttled',
+      UPDATE_AVAILABLE: 'update_available'
+    }
+  };
+
+  window.chrome.runtime = {
+    ...STATIC_DATA,
+    get id() {
+      return undefined;
+    },
+    connect: null,
+    sendMessage: null
+  };
+
+  const makeCustomRuntimeErrors = (preamble, method, extensionId) => ({
+    NoMatchingSignature: new TypeError(preamble + 'No matching signature.'),
+    MustSpecifyExtensionID: new TypeError(
+      preamble + `${method} called from a webpage must specify an Extension ID (string) for its first argument.`
+    ),
+    InvalidExtensionID: new TypeError(preamble + `Invalid extension id: '${extensionId}'`)
+  });
+
+  const isValidExtensionID = str =>
+    str.length === 32 && str.toLowerCase().match(/^[a-p]+$/);
+
+  // Mock sendMessage
+  const sendMessageHandler = {
+    apply: function(target, ctx, args) {
+      const [extensionId, options, responseCallback] = args || [];
+      const errorPreamble = 'Error in invocation of runtime.sendMessage(optional string extensionId, any message, optional object options, optional function responseCallback): ';
+      const Errors = makeCustomRuntimeErrors(errorPreamble, 'chrome.runtime.sendMessage()', extensionId);
+
+      const noArguments = args.length === 0;
+      const tooManyArguments = args.length > 4;
+      const incorrectOptions = options && typeof options !== 'object';
+      const incorrectResponseCallback = responseCallback && typeof responseCallback !== 'function';
+
+      if (noArguments || tooManyArguments || incorrectOptions || incorrectResponseCallback) {
+        throw Errors.NoMatchingSignature;
+      }
+      if (args.length < 2) {
+        throw Errors.MustSpecifyExtensionID;
+      }
+      if (typeof extensionId !== 'string') {
+        throw Errors.NoMatchingSignature;
+      }
+      if (!isValidExtensionID(extensionId)) {
+        throw Errors.InvalidExtensionID;
+      }
+      return undefined;
+    }
+  };
+
+  utils.mockWithProxy(
+    window.chrome.runtime,
+    'sendMessage',
+    function sendMessage() {},
+    sendMessageHandler
+  );
+
+  // Mock connect
+  const connectHandler = {
+    apply: function(target, ctx, args) {
+      const [extensionId, connectInfo] = args || [];
+      const errorPreamble = 'Error in invocation of runtime.connect(optional string extensionId, optional object connectInfo): ';
+      const Errors = makeCustomRuntimeErrors(errorPreamble, 'chrome.runtime.connect()', extensionId);
+
+      const noArguments = args.length === 0;
+      const emptyStringArgument = args.length === 1 && extensionId === '';
+      if (noArguments || emptyStringArgument) {
+        throw Errors.MustSpecifyExtensionID;
+      }
+
+      const tooManyArguments = args.length > 2;
+      const incorrectConnectInfoType = connectInfo && typeof connectInfo !== 'object';
+      if (tooManyArguments || incorrectConnectInfoType) {
+        throw Errors.NoMatchingSignature;
+      }
+
+      const extensionIdIsString = typeof extensionId === 'string';
+      if (extensionIdIsString && extensionId === '') {
+        throw Errors.MustSpecifyExtensionID;
+      }
+      if (extensionIdIsString && !isValidExtensionID(extensionId)) {
+        throw Errors.InvalidExtensionID;
+      }
+
+      if (typeof extensionId === 'object') {
+        if (args.length > 1) throw Errors.NoMatchingSignature;
+        if (Object.keys(extensionId).length === 0) throw Errors.MustSpecifyExtensionID;
+        throw Errors.MustSpecifyExtensionID;
+      }
+
+      return utils.patchToStringNested(makeConnectResponse());
+    }
+  };
+
+  utils.mockWithProxy(
+    window.chrome.runtime,
+    'connect',
+    function connect() {},
+    connectHandler
+  );
+
+  function makeConnectResponse() {
+    const onSomething = () => ({
+      addListener: function addListener() {},
+      dispatch: function dispatch() {},
+      hasListener: function hasListener() {},
+      hasListeners: function hasListeners() { return false; },
+      removeListener: function removeListener() {}
+    });
+
+    return {
+      name: '',
+      sender: undefined,
+      disconnect: function disconnect() {},
+      onDisconnect: onSomething(),
+      onMessage: onSomething(),
+      postMessage: function postMessage() {
+        if (!arguments.length) {
+          throw new TypeError('Insufficient number of arguments.');
+        }
+        throw new Error('Attempting to use a disconnected port object');
+      }
+    };
+  }
+})();

data/lib/crucible/stealth/evasions/iframe_content_window.js

@@ -0,0 +1,101 @@
+/**
+ * Evasion: iframe.contentWindow
+ * Fix for the HEADCHR_IFRAME detection (iframe.contentWindow.chrome).
+ * Only srcdoc powered iframes cause issues due to a chromium bug.
+ */
+(function() {
+  'use strict';
+
+  const utils = window._stealthUtils;
+  if (!utils) return;
+
+  try {
+    // Adds a contentWindow proxy to the provided iframe element
+    const addContentWindowProxy = iframe => {
+      const contentWindowProxy = {
+        get(target, key) {
+          // Make this thing behave like a regular iframe window
+          if (key === 'self') {
+            return this;
+          }
+          if (key === 'frameElement') {
+            return iframe;
+          }
+          // Intercept iframe.contentWindow[0] to hide the property 0 added by the proxy
+          if (key === '0') {
+            return undefined;
+          }
+          return Reflect.get(target, key);
+        }
+      };
+
+      if (!iframe.contentWindow) {
+        const proxy = new Proxy(window, contentWindowProxy);
+        Object.defineProperty(iframe, 'contentWindow', {
+          get() {
+            return proxy;
+          },
+          set(newValue) {
+            return newValue; // contentWindow is immutable
+          },
+          enumerable: true,
+          configurable: false
+        });
+      }
+    };
+
+    // Handles iframe element creation, augments srcdoc property
+    const handleIframeCreation = (target, thisArg, args) => {
+      const iframe = target.apply(thisArg, args);
+
+      const _iframe = iframe;
+      const _srcdoc = _iframe.srcdoc;
+
+      // Add hook for the srcdoc property
+      Object.defineProperty(iframe, 'srcdoc', {
+        configurable: true,
+        get: function() {
+          return _srcdoc;
+        },
+        set: function(newValue) {
+          addContentWindowProxy(this);
+          // Reset property, the hook is only needed once
+          Object.defineProperty(iframe, 'srcdoc', {
+            configurable: false,
+            writable: false,
+            value: _srcdoc
+          });
+          _iframe.srcdoc = newValue;
+        }
+      });
+      return iframe;
+    };
+
+    // Adds a hook to intercept iframe creation events
+    const addIframeCreationSniffer = () => {
+      const createElementHandler = {
+        get(target, key) {
+          return Reflect.get(target, key);
+        },
+        apply: function(target, thisArg, args) {
+          const isIframe =
+            args && args.length && `${args[0]}`.toLowerCase() === 'iframe';
+          if (!isIframe) {
+            return target.apply(thisArg, args);
+          } else {
+            return handleIframeCreation(target, thisArg, args);
+          }
+        }
+      };
+      utils.replaceWithProxy(
+        document,
+        'createElement',
+        createElementHandler
+      );
+    };
+
+    addIframeCreationSniffer();
+  } catch (err) {
+    // Silently fail
+  }
+})();

data/lib/crucible/stealth/evasions/media_codecs.js

@@ -0,0 +1,65 @@
+/**
+ * Evasion: media.codecs
+ * Fix Chromium not reporting "probably" to proprietary codecs.
+ * Chromium doesn't support proprietary codecs, only Chrome does.
+ */
+(function() {
+  'use strict';
+
+  const utils = window._stealthUtils;
+  if (!utils) return;
+
+  /**
+   * Parse media type input to extract mime type and codecs.
+   * @param {String} arg - Input like 'video/mp4; codecs="avc1.42E01E"'
+   */
+  const parseInput = arg => {
+    const [mime, codecStr] = arg.trim().split(';');
+    let codecs = [];
+    if (codecStr && codecStr.includes('codecs="')) {
+      codecs = codecStr
+        .trim()
+        .replace(`codecs="`, '')
+        .replace(`"`, '')
+        .trim()
+        .split(',')
+        .filter(x => !!x)
+        .map(x => x.trim());
+    }
+    return { mime, codecStr, codecs };
+  };
+
+  const canPlayType = {
+    apply: function(target, ctx, args) {
+      if (!args || !args.length) {
+        return target.apply(ctx, args);
+      }
+      const { mime, codecs } = parseInput(args[0]);
+
+      // This specific mp4 codec is missing in Chromium
+      if (mime === 'video/mp4') {
+        if (codecs.includes('avc1.42E01E')) {
+          return 'probably';
+        }
+      }
+      // This mimetype is only supported if no codecs are specified
+      if (mime === 'audio/x-m4a' && !codecs.length) {
+        return 'maybe';
+      }
+      // This mimetype is only supported if no codecs are specified
+      if (mime === 'audio/aac' && !codecs.length) {
+        return 'probably';
+      }
+      // Everything else as usual
+      return target.apply(ctx, args);
+    }
+  };
+
+  if (typeof HTMLMediaElement !== 'undefined') {
+    utils.replaceWithProxy(
+      HTMLMediaElement.prototype,
+      'canPlayType',
+      canPlayType
+    );
+  }
+})();

data/lib/crucible/stealth/evasions/navigator_hardware_concurrency.js

@@ -0,0 +1,18 @@
+/**
+ * Evasion: navigator.hardwareConcurrency
+ * Set the hardwareConcurrency to a reasonable value (default: 4).
+ */
+(function(opts) {
+  'use strict';
+
+  const utils = window._stealthUtils;
+  if (!utils) return;
+
+  const hardwareConcurrency = opts.hardwareConcurrency || 4;
+
+  utils.replaceGetterWithProxy(
+    Object.getPrototypeOf(navigator),
+    'hardwareConcurrency',
+    utils.makeHandler().getterValue(hardwareConcurrency)
+  );
+})({ hardwareConcurrency: null }); // Will be replaced by Ruby

data/lib/crucible/stealth/evasions/navigator_languages.js

@@ -0,0 +1,18 @@
+/**
+ * Evasion: navigator.languages
+ * Override navigator.languages to match Accept-Language header.
+ */
+(function(opts) {
+  'use strict';
+
+  const utils = window._stealthUtils;
+  if (!utils) return;
+
+  const languages = opts.languages || ['en-US', 'en'];
+
+  utils.replaceGetterWithProxy(
+    Object.getPrototypeOf(navigator),
+    'languages',
+    utils.makeHandler().getterValue(Object.freeze([...languages]))
+  );
+})({ languages: null }); // Will be replaced by Ruby

data/lib/crucible/stealth/evasions/navigator_permissions.js

@@ -0,0 +1,53 @@
+/**
+ * Evasion: navigator.permissions
+ * Fix Notification.permission behaving weirdly in headless mode.
+ * On secure origins the permission should be "default", not "denied".
+ */
+(function() {
+  'use strict';
+
+  const utils = window._stealthUtils;
+  if (!utils) return;
+
+  const isSecure = document.location.protocol.startsWith('https');
+
+  // In headful on secure origins the permission should be "default", not "denied"
+  if (isSecure) {
+    if (typeof Notification !== 'undefined') {
+      utils.replaceGetterWithProxy(Notification, 'permission', {
+        apply() {
+          return 'default';
+        }
+      });
+    }
+  }
+
+  // On insecure origins in headful the state is "denied",
+  // whereas in headless it's "prompt"
+  if (!isSecure) {
+    if (typeof Permissions !== 'undefined' && typeof PermissionStatus !== 'undefined') {
+      const handler = {
+        apply(target, ctx, args) {
+          const param = (args || [])[0];
+
+          const isNotifications =
+            param && param.name && param.name === 'notifications';
+          if (!isNotifications) {
+            return utils.cache.Reflect.apply(...arguments);
+          }
+
+          return Promise.resolve(
+            Object.setPrototypeOf(
+              {
+                state: 'denied',
+                onchange: null
+              },
+              PermissionStatus.prototype
+            )
+          );
+        }
+      };
+      utils.replaceWithProxy(Permissions.prototype, 'query', handler);
+    }
+  }
+})();

data/lib/crucible/stealth/evasions/navigator_plugins.js

@@ -0,0 +1,261 @@
+/**
+ * Evasion: navigator.plugins
+ * In headless mode navigator.mimeTypes and navigator.plugins are empty.
+ * This plugin emulates both with functional mocks to match regular headful Chrome.
+ */
+(function() {
+  'use strict';
+
+  const utils = window._stealthUtils;
+  if (!utils) return;
+
+  // That means we're running headful
+  const hasPlugins = 'plugins' in navigator && navigator.plugins.length;
+  if (hasPlugins) {
+    return; // Nothing to do here
+  }
+
+  // Plugin and MimeType data (matches Chrome)
+  const mimeTypesData = [
+    {
+      type: 'application/pdf',
+      suffixes: 'pdf',
+      description: '',
+      __pluginName: 'Chrome PDF Viewer'
+    },
+    {
+      type: 'application/x-google-chrome-pdf',
+      suffixes: 'pdf',
+      description: 'Portable Document Format',
+      __pluginName: 'Chrome PDF Plugin'
+    },
+    {
+      type: 'application/x-nacl',
+      suffixes: '',
+      description: 'Native Client Executable',
+      __pluginName: 'Native Client'
+    },
+    {
+      type: 'application/x-pnacl',
+      suffixes: '',
+      description: 'Portable Native Client Executable',
+      __pluginName: 'Native Client'
+    }
+  ];
+
+  const pluginsData = [
+    {
+      name: 'Chrome PDF Plugin',
+      filename: 'internal-pdf-viewer',
+      description: 'Portable Document Format',
+      __mimeTypes: ['application/x-google-chrome-pdf']
+    },
+    {
+      name: 'Chrome PDF Viewer',
+      filename: 'mhjfbmdgcfjbbpaeojofohoefgiehjai',
+      description: '',
+      __mimeTypes: ['application/pdf']
+    },
+    {
+      name: 'Native Client',
+      filename: 'internal-nacl-plugin',
+      description: '',
+      __mimeTypes: ['application/x-nacl', 'application/x-pnacl']
+    }
+  ];
+
+  // Helper to define properties with vanilla descriptors
+  const defineProp = (obj, prop, value) =>
+    Object.defineProperty(obj, prop, {
+      value,
+      writable: false,
+      enumerable: false,
+      configurable: true
+    });
+
+  // Generate function mocks for item/namedItem/refresh
+  const generateFunctionMocks = (proto, itemMainProp, dataArray) => ({
+    item: utils.createProxy(proto.item, {
+      apply(target, ctx, args) {
+        if (!args.length) {
+          throw new TypeError(
+            `Failed to execute 'item' on '${proto[Symbol.toStringTag]}': 1 argument required, but only 0 present.`
+          );
+        }
+        const isInteger = args[0] && Number.isInteger(Number(args[0]));
+        return (isInteger ? dataArray[Number(args[0])] : dataArray[0]) || null;
+      }
+    }),
+    namedItem: utils.createProxy(proto.namedItem, {
+      apply(target, ctx, args) {
+        if (!args.length) {
+          throw new TypeError(
+            `Failed to execute 'namedItem' on '${proto[Symbol.toStringTag]}': 1 argument required, but only 0 present.`
+          );
+        }
+        return dataArray.find(mt => mt[itemMainProp] === args[0]) || null;
+      }
+    }),
+    refresh: proto.refresh
+      ? utils.createProxy(proto.refresh, {
+          apply(target, ctx, args) {
+            return undefined;
+          }
+        })
+      : undefined
+  });
+
+  // Generate a magic array (MimeTypeArray or PluginArray)
+  const generateMagicArray = (
+    dataArray,
+    proto,
+    itemProto,
+    itemMainProp
+  ) => {
+    const makeItem = data => {
+      const item = {};
+      for (const prop of Object.keys(data)) {
+        if (prop.startsWith('__')) {
+          continue;
+        }
+        defineProp(item, prop, data[prop]);
+      }
+      return patchItem(item, data);
+    };
+
+    const patchItem = (item, data) => {
+      let descriptor = Object.getOwnPropertyDescriptors(item);
+
+      // Plugins have a magic length property
+      if (itemProto === Plugin.prototype) {
+        descriptor = {
+          ...descriptor,
+          length: {
+            value: data.__mimeTypes.length,
+            writable: false,
+            enumerable: false,
+            configurable: true
+          }
+        };
+      }
+
+      const obj = Object.create(itemProto, descriptor);
+      const blacklist = [...Object.keys(data), 'length', 'enabledPlugin'];
+
+      return new Proxy(obj, {
+        ownKeys(target) {
+          return Reflect.ownKeys(target).filter(k => !blacklist.includes(k));
+        },
+        getOwnPropertyDescriptor(target, prop) {
+          if (blacklist.includes(prop)) {
+            return undefined;
+          }
+          return Reflect.getOwnPropertyDescriptor(target, prop);
+        }
+      });
+    };
+
+    const magicArray = [];
+
+    dataArray.forEach(data => {
+      magicArray.push(makeItem(data));
+    });
+
+    // Add direct property access based on types
+    magicArray.forEach(entry => {
+      defineProp(magicArray, entry[itemMainProp], entry);
+    });
+
+    const magicArrayObj = Object.create(proto, {
+      ...Object.getOwnPropertyDescriptors(magicArray),
+      length: {
+        value: magicArray.length,
+        writable: false,
+        enumerable: false,
+        configurable: true
+      }
+    });
+
+    const functionMocks = generateFunctionMocks(proto, itemMainProp, magicArray);
+
+    const magicArrayObjProxy = new Proxy(magicArrayObj, {
+      get(target, key = '') {
+        if (key === 'item') {
+          return functionMocks.item;
+        }
+        if (key === 'namedItem') {
+          return functionMocks.namedItem;
+        }
+        if (proto === PluginArray.prototype && key === 'refresh') {
+          return functionMocks.refresh;
+        }
+        return utils.cache.Reflect.get(...arguments);
+      },
+      ownKeys(target) {
+        const keys = [];
+        const typeProps = magicArray.map(mt => mt[itemMainProp]);
+        typeProps.forEach((_, i) => keys.push(`${i}`));
+        typeProps.forEach(propName => keys.push(propName));
+        return keys;
+      },
+      getOwnPropertyDescriptor(target, prop) {
+        if (prop === 'length') {
+          return undefined;
+        }
+        return Reflect.getOwnPropertyDescriptor(target, prop);
+      }
+    });
+
+    return magicArrayObjProxy;
+  };
+
+  // Generate MimeTypeArray
+  const mimeTypes = generateMagicArray(
+    mimeTypesData,
+    MimeTypeArray.prototype,
+    MimeType.prototype,
+    'type'
+  );
+
+  // Generate PluginArray
+  const plugins = generateMagicArray(
+    pluginsData,
+    PluginArray.prototype,
+    Plugin.prototype,
+    'name'
+  );
+
+  // Cross-reference plugins and mimeTypes
+  for (const pluginData of pluginsData) {
+    pluginData.__mimeTypes.forEach((type, index) => {
+      plugins[pluginData.name][index] = mimeTypes[type];
+
+      Object.defineProperty(plugins[pluginData.name], type, {
+        value: mimeTypes[type],
+        writable: false,
+        enumerable: false,
+        configurable: true
+      });
+      Object.defineProperty(mimeTypes[type], 'enabledPlugin', {
+        value:
+          type === 'application/x-pnacl'
+            ? mimeTypes['application/x-nacl'].enabledPlugin
+            : new Proxy(plugins[pluginData.name], {}),
+        writable: false,
+        enumerable: false,
+        configurable: true
+      });
+    });
+  }
+
+  // Patch navigator
+  const patchNavigator = (name, value) =>
+    utils.replaceProperty(Object.getPrototypeOf(navigator), name, {
+      get() {
+        return value;
+      }
+    });
+
+  patchNavigator('mimeTypes', mimeTypes);
+  patchNavigator('plugins', plugins);
+})();