@private.me/xbind 1.2.17 → 1.3.5

package/README.md

@@ -1,7 +1,7 @@
 # @private.me/xbind
 
 ![npm version](https://img.shields.io/npm/v/@private.me/xbind)
-![version](https://img.shields.io/badge/version-1.2.17-blue)
+![version](https://img.shields.io/badge/version-1.3.5-blue)
 ![tests](https://img.shields.io/badge/tests-1245%20passing-brightgreen)
 ![TypeScript](https://img.shields.io/badge/TypeScript-strict-blue)
 ![license](https://img.shields.io/badge/license-Proprietary-blue)
@@ -12,7 +12,7 @@ Build AI agents that communicate securely using ML-DSA-65 DID identity, ML-KEM-7
 
 Part of the **Private.Me** platform—where APIs have keys, but ACIs have identity.
 
-**Version 1.2.17** — **Documentation:** Generic pricing language per Gold Package Requirement #18 (removed specific operation counts). Previous v1.2.16: AWS/gRPC/HTTP Error Mappings - All 49 error codes now include protocol-specific mappings (aws, grpc, http fields) for cross-platform error translation.
+**Version 1.3.5** — **Critical Fix:** ML-KEM key generation is now deterministic from seed (uses `deriveKeyPair()` per FIPS 203). Previous versions had non-deterministic ML-KEM keys which broke `identityFromSeed()` device recovery - registered ML-KEM keys would never match re-derived identity, causing v3 envelope decryption to silently fail. This was the #1 P0 bug reported by early customers. **All users must upgrade immediately.** Previous v1.3.0 (Session 157): v12.0 Deployment Identity with 4-layer Share 2 validation.
 
 ## Install
 
@@ -141,14 +141,104 @@ See [pricing details](../../docs/pricing-reference.md) for current rates and tie
 **ALL API calls are blocked until you verify your email address.** This links your usage to a verified contact for security notifications and billing.
 
 ```bash
-npx xbind setup
+npx xbind setup --email user@example.com
 ```
 
 **What happens:**
-1. Enter your email address
-2. Receive 6-digit verification code (check spam folder)
-3. Enter code to activate account
-4. DeploymentID generated (persistent economic identity)
+1. **DID Generation**: Creates Ed25519 cryptographic identity (did:key:z6Mk...)
+2. **DeploymentID Creation**: Generates persistent economic identity (DEP-202605-XXXXXXXXXX)
+3. **Email Code Delivery**: Sends 6-digit verification code to your email
+4. **Code Verification**: Enter code to link email to DeploymentID
+5. **Identity Storage**: Saves to `~/.xbind/identity.json` (chmod 600)
+6. **Ready to Use**: No additional configuration needed
+
+**Dual-Mode Verification:**
+- **CLI/Programmatic**: 6-digit code (this method)
+- **Web/Browser**: Magic link (auto-verifies on click)
+
+**Command Options:**
+```bash
+npx xbind setup --email user@example.com  # Standard setup
+npx xbind setup --email user@example.com --force  # Overwrite existing identity
+npx xbind setup --dev  # Development mode (mock email provider)
+```
+
+**Security Notes:**
+- Disposable email services blocked (Mailinator, Guerrilla Mail, etc.)
+- Device fingerprinting active (100+ signals for abuse prevention)
+- DID ≠ DeploymentID (see Identity Model section below)
+
+---
+
+### Identity Model: DID vs DeploymentID
+
+**Two complementary identities for different purposes:**
+
+#### DID (Decentralized Identifier)
+- **Format**: `did:key:z6Mk...` (Ed25519 public key)
+- **Purpose**: Cryptographic authentication (message signing)
+- **Lifespan**: Ephemeral - can be rotated for security
+- **Use case**: Proving "I sent this message"
+- **Storage**: `~/.xbind/identity.json` (local only)
+
+#### DeploymentID (Persistent Economic Identity)
+- **Format**: `DEP-YYYYMM-XXXXXXXXXX` (month prefix + 10 hex digits)
+- **Purpose**: Billing and usage tracking (persistent across DIDs)
+- **Lifespan**: Permanent - never changes for your account
+- **Use case**: "This deployment used 50K operations this month"
+- **Prevents**: Economic state reset attacks (DID rotation to bypass usage limits)
+
+**Why Both?**
+- **Security**: Rotate DID without losing billing history
+- **Privacy**: DID is pseudonymous, DeploymentID links to verified email
+- **Billing**: Usage tracked by DeploymentID, even if DID changes
+- **Attack Prevention**: Cannot reset free tier quota by generating new DID
+
+**Example:**
+```
+User creates account:
+  - DID: did:key:z6MkABC123...  (for signing messages)
+  - DeploymentID: DEP-202605-7F3A2B1C  (for billing)
+
+User rotates DID for security:
+  - DID: did:key:z6MkXYZ789...  (NEW cryptographic identity)
+  - DeploymentID: DEP-202605-7F3A2B1C  (SAME billing identity)
+  - Usage history: Preserved ✅
+  - Free tier quota: Cannot reset ✅
+```
+
+---
+
+### Device Fingerprinting & Privacy
+
+**xBind collects device fingerprints for abuse prevention:**
+
+**What We Collect (100+ Signals):**
+1. **Browser**: User agent, language, timezone, screen resolution
+2. **OS**: Platform, CPU cores, memory (approximate)
+3. **Hardware**: GPU vendor, audio context, canvas fingerprint
+4. **Network**: IP address (hashed), connection type
+5. **Behavior**: Timing patterns, interaction signals
+6. **Fonts**: Installed font list (system fingerprint)
+
+**Why We Collect:**
+- Detect multi-accounting (creating unlimited free accounts)
+- Identify coordinated abuse patterns
+- Link DeploymentIDs across devices (same user, different machines)
+- Risk scoring (0-100 scale, manual review ≥70)
+
+**Privacy Protections:**
+- **SHA-256 hashed**: Fingerprints stored as hashes, not raw data
+- **No PII**: Individual signals don't identify you personally
+- **GDPR compliant**: Right to access, deletion, opt-out
+- **Minimization**: Only signals necessary for abuse detection
+- **Retention**: 90 days for fingerprints, 30 days for raw signals
+
+**Opt-Out:**
+Email contact@private.me with subject "Fingerprint Opt-Out" and your DeploymentID. Note: Opting out may trigger manual review for new accounts.
+
+**Transparency:**
+Full fingerprinting source code available at `apps/server/src/device-fingerprinting.ts`
 
 **Note:** Disposable email services (Mailinator, Guerrilla Mail, etc.) are blocked. Use a real email address.
 

package/dist-standalone/_deps/crypto/base64.js

@@ -1,97 +1,222 @@
-const CHARS = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
-const URL_CHARS = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_';
-/**
- * Encode bytes to standard Base64 (RFC 4648).
- *
- * @param data - Bytes to encode
- * @returns Base64-encoded string with padding
- */
-export function toBase64(data) {
-    return encode(data, CHARS, true);
+function a0_0x1a56(_0x117fe5, _0x2d1341) {
+    _0x117fe5 = _0x117fe5 - 0x137;
+    const _0x1feac7 = a0_0x1fea();
+    let _0x1a56c9 = _0x1feac7[_0x117fe5];
+    if (a0_0x1a56['MLtNOO'] === undefined) {
+        var _0x12ed9d = function (_0x52f94e) {
+            const _0x285d42 = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';
+            let _0x220f0f = '', _0x126d3b = '';
+            for (let _0x72b6b7 = 0x0, _0x4d0738, _0x3e902c, _0x1471ac = 0x0; _0x3e902c = _0x52f94e['charAt'](_0x1471ac++); ~_0x3e902c && (_0x4d0738 = _0x72b6b7 % 0x4 ? _0x4d0738 * 0x40 + _0x3e902c : _0x3e902c, _0x72b6b7++ % 0x4) ? _0x220f0f += String['fromCharCode'](0xff & _0x4d0738 >> (-0x2 * _0x72b6b7 & 0x6)) : 0x0) {
+                _0x3e902c = _0x285d42['indexOf'](_0x3e902c);
+            }
+            for (let _0x3503b2 = 0x0, _0x5ec380 = _0x220f0f['length']; _0x3503b2 < _0x5ec380; _0x3503b2++) {
+                _0x126d3b += '%' + ('00' + _0x220f0f['charCodeAt'](_0x3503b2)['toString'](0x10))['slice'](-0x2);
+            }
+            return decodeURIComponent(_0x126d3b);
+        };
+        a0_0x1a56['HKytOx'] = _0x12ed9d, a0_0x1a56['FOcusJ'] = {}, a0_0x1a56['MLtNOO'] = !![];
+    }
+    const _0x7c7f86 = _0x1feac7[0x0], _0x46e4cd = _0x117fe5 + _0x7c7f86, _0x536556 = a0_0x1a56['FOcusJ'][_0x46e4cd];
+    return !_0x536556 ? (_0x1a56c9 = a0_0x1a56['HKytOx'](_0x1a56c9), a0_0x1a56['FOcusJ'][_0x46e4cd] = _0x1a56c9) : _0x1a56c9 = _0x536556, _0x1a56c9;
+}
+function a0_0x1fea() {
+    const _0x10e439 = [
+        'nJf4rMLLtNa',
+        'mZiXmdjtug5hwvC',
+        'z0LOuKi',
+        'v256tvG',
+        't3Dprg0',
+        'mtC1mNjlEhv5DG',
+        'swzXrLC',
+        'ndy1mdeYBfzxugT1',
+        'C1fvywO',
+        'wKLsDvq',
+        'C1r0r0m',
+        'sMHPB2e',
+        'CvLewe4',
+        'mtmXmJmWmZvIqwHZCxK',
+        'BgvUz3rO',
+        'z0Hdsg4',
+        'ugPgv1e',
+        'r2LcAuS',
+        'sgvIshi',
+        'qujdrevgr0HjsKTmtu5puffsu1rvvLDywvPHyMnKzwzNAgLQA2XTBM9WCxjZDhv2D3H5EJaXmJm0nty3odKRlW',
+        'mtbWqvjqENq',
+        'mJaXnJmYoe5mCMHeAq',
+        's3fhBLO',
+        'AvD4A3q',
+        'sg5AzeS',
+        'u09MB2G',
+        't1HVuLG',
+        'rxLOvKq',
+        'mtbOywPIseS',
+        'mtq4nJuXmdriDxP2Eu0',
+        'zMXVB3i',
+        'C2v0',
+        'CMvWBgfJzq',
+        'mZGZnJi3mLngr0zOqG',
+        'z2v0',
+        'ndK4ndjzBw1TENO'
+    ];
+    a0_0x1fea = function () {
+        return _0x10e439;
+    };
+    return a0_0x1fea();
 }
-/**
- * Decode standard Base64 string to bytes.
- *
- * @param str - Base64-encoded string
- * @returns Decoded bytes
- */
-export function fromBase64(str) {
-    return decode(str, CHARS);
+const a0_0x120b36 = a0_0x1a56;
+(function (_0x210da6, _0x4aa025) {
+    const a0_0x8226aa = {
+            _0x5e7a46: 0x147,
+            _0x132b9b: 0x14f,
+            _0x4842b6: 0x139,
+            _0x1f3a87: 0x149,
+            _0x429453: 0x141,
+            _0x1367da: 0x155,
+            _0x5329d6: 0x138
+        }, _0x2ca543 = a0_0x1a56, _0x506e18 = _0x210da6();
+    while (!![]) {
+        try {
+            const _0x2cb49d = -parseInt(_0x2ca543(0x148)) / 0x1 * (parseInt(_0x2ca543(a0_0x8226aa._0x5e7a46)) / 0x2) + parseInt(_0x2ca543(a0_0x8226aa._0x132b9b)) / 0x3 + -parseInt(_0x2ca543(a0_0x8226aa._0x4842b6)) / 0x4 * (-parseInt(_0x2ca543(0x140)) / 0x5) + parseInt(_0x2ca543(0x14d)) / 0x6 * (parseInt(_0x2ca543(a0_0x8226aa._0x1f3a87)) / 0x7) + -parseInt(_0x2ca543(a0_0x8226aa._0x429453)) / 0x8 + parseInt(_0x2ca543(a0_0x8226aa._0x1367da)) / 0x9 * (parseInt(_0x2ca543(a0_0x8226aa._0x5329d6)) / 0xa) + parseInt(_0x2ca543(0x145)) / 0xb;
+            if (_0x2cb49d === _0x4aa025)
+                break;
+            else
+                _0x506e18['push'](_0x506e18['shift']());
+        } catch (_0x2e7a6b) {
+            _0x506e18['push'](_0x506e18['shift']());
+        }
+    }
+}(a0_0x1fea, 0xe340c));
+const CHARS = a0_0x120b36(0x137), URL_CHARS = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_';
+export function toBase64(_0x1fb314) {
+    return encode(_0x1fb314, CHARS, !![]);
 }
-/**
- * Encode bytes to Base64url (RFC 4648 Section 5).
- * Uses URL-safe characters (-_ instead of +/) and no padding.
- *
- * @param data - Bytes to encode
- * @returns Base64url-encoded string without padding
- */
-export function toBase64Url(data) {
-    return encode(data, URL_CHARS, false);
+export function fromBase64(_0x1e6caa) {
+    const _0x44599e = a0_0x1a56, _0xe56bee = {
+            'HnZdK': function (_0x3c1faf, _0x492e04, _0x4cc08a) {
+                return _0x3c1faf(_0x492e04, _0x4cc08a);
+            }
+        };
+    return _0xe56bee[_0x44599e(0x13c)](decode, _0x1e6caa, CHARS);
 }
-/**
- * Decode Base64url string to bytes.
- *
- * @param str - Base64url-encoded string
- * @returns Decoded bytes
- */
-export function fromBase64Url(str) {
-    return decode(str, URL_CHARS);
+export function toBase64Url(_0x4655d5) {
+    return encode(_0x4655d5, URL_CHARS, ![]);
 }
-/** Encode bytes using the given alphabet. */
-function encode(data, alphabet, pad) {
-    let result = '';
-    for (let i = 0; i < data.length; i += 3) {
-        const a = data[i];
-        const b = i + 1 < data.length ? data[i + 1] : 0;
-        const c = i + 2 < data.length ? data[i + 2] : 0;
-        result += alphabet[(a >> 2)];
-        result += alphabet[((a & 0x03) << 4) | (b >> 4)];
-        if (i + 1 < data.length) {
-            result += alphabet[((b & 0x0f) << 2) | (c >> 6)];
-        }
-        if (i + 2 < data.length) {
-            result += alphabet[c & 0x3f];
-        }
+export function fromBase64Url(_0x5f0a55) {
+    const _0x413957 = a0_0x1a56, _0x4e499f = {
+            'OXoRX': function (_0x1ccb30, _0x3f2cea, _0x1789f6) {
+                return _0x1ccb30(_0x3f2cea, _0x1789f6);
+            }
+        };
+    return _0x4e499f[_0x413957(0x13e)](decode, _0x5f0a55, URL_CHARS);
+}
+function encode(_0x4e5d82, _0x5e5dba, _0x522ba5) {
+    const a0_0x43f2f3 = {
+            _0x4370a2: 0x13b,
+            _0x456b7a: 0x156,
+            _0x47f355: 0x158
+        }, _0x54ac56 = a0_0x1a56, _0x536e1f = {
+            'iWxkt': function (_0x319a25, _0xe45684) {
+                return _0x319a25 < _0xe45684;
+            },
+            'qYDXN': function (_0xa1982, _0x5f0ad9) {
+                return _0xa1982 + _0x5f0ad9;
+            },
+            'SOfoh': function (_0x418270, _0x293b0c) {
+                return _0x418270 | _0x293b0c;
+            },
+            'Jmvyp': function (_0x5e46d, _0x26f2c0) {
+                return _0x5e46d << _0x26f2c0;
+            },
+            'EyhVD': function (_0x28821d, _0x570435) {
+                return _0x28821d & _0x570435;
+            },
+            'oxoab': function (_0x16e5c7, _0x7b08db) {
+                return _0x16e5c7 % _0x7b08db;
+            },
+            'ZIRuT': function (_0x2292b7, _0x3e8dd8) {
+                return _0x2292b7 === _0x3e8dd8;
+            },
+            'PjFWQ': function (_0x4b6ed0, _0x26cc76) {
+                return _0x4b6ed0 === _0x26cc76;
+            }
+        };
+    let _0x12c5c4 = '';
+    for (let _0x4587e3 = 0x0; _0x536e1f[_0x54ac56(a0_0x43f2f3._0x4370a2)](_0x4587e3, _0x4e5d82[_0x54ac56(a0_0x43f2f3._0x456b7a)]); _0x4587e3 += 0x3) {
+        const _0x330004 = _0x4e5d82[_0x4587e3], _0x29f7a7 = _0x536e1f[_0x54ac56(0x154)](_0x4587e3, 0x1) < _0x4e5d82[_0x54ac56(a0_0x43f2f3._0x456b7a)] ? _0x4e5d82[_0x4587e3 + 0x1] : 0x0, _0x1a4eb5 = _0x4587e3 + 0x2 < _0x4e5d82[_0x54ac56(a0_0x43f2f3._0x456b7a)] ? _0x4e5d82[_0x4587e3 + 0x2] : 0x0;
+        _0x12c5c4 += _0x5e5dba[_0x330004 >> 0x2], _0x12c5c4 += _0x5e5dba[(_0x330004 & 0x3) << 0x4 | _0x29f7a7 >> 0x4], _0x4587e3 + 0x1 < _0x4e5d82[_0x54ac56(0x156)] && (_0x12c5c4 += _0x5e5dba[_0x536e1f[_0x54ac56(0x13d)](_0x536e1f['Jmvyp'](_0x29f7a7 & 0xf, 0x2), _0x1a4eb5 >> 0x6)]), _0x4587e3 + 0x2 < _0x4e5d82[_0x54ac56(a0_0x43f2f3._0x456b7a)] && (_0x12c5c4 += _0x5e5dba[_0x536e1f[_0x54ac56(0x13f)](_0x1a4eb5, 0x3f)]);
     }
-    if (pad) {
-        const remainder = data.length % 3;
-        if (remainder === 1)
-            result += '==';
-        else if (remainder === 2)
-            result += '=';
+    if (_0x522ba5) {
+        const _0x180ba1 = _0x536e1f['oxoab'](_0x4e5d82[_0x54ac56(0x156)], 0x3);
+        if (_0x536e1f[_0x54ac56(0x151)](_0x180ba1, 0x1))
+            _0x12c5c4 += '==';
+        else {
+            if (_0x536e1f[_0x54ac56(a0_0x43f2f3._0x47f355)](_0x180ba1, 0x2))
+                _0x12c5c4 += '=';
+        }
     }
-    return result;
+    return _0x12c5c4;
 }
-/** Build a reverse lookup map for a Base64 alphabet. */
-function buildLookup(alphabet) {
-    const map = new Map();
-    for (let i = 0; i < alphabet.length; i++) {
-        map.set(alphabet[i], i);
+function buildLookup(_0x4b5260) {
+    const _0x4d3d7e = a0_0x1a56, _0xbaf997 = new Map();
+    for (let _0x40d789 = 0x0; _0x40d789 < _0x4b5260[_0x4d3d7e(0x156)]; _0x40d789++) {
+        _0xbaf997[_0x4d3d7e(0x143)](_0x4b5260[_0x40d789], _0x40d789);
     }
-    return map;
+    return _0xbaf997;
 }
-const STD_LOOKUP = buildLookup(CHARS);
-const URL_LOOKUP = buildLookup(URL_CHARS);
-/** Decode a Base64 string using the given lookup. Tolerates whitespace (RFC 2045). */
-function decode(str, alphabet) {
-    const lookup = alphabet === CHARS ? STD_LOOKUP : URL_LOOKUP;
-    const stripped = str.replace(/\s/g, '');
-    const cleaned = stripped.replace(/=+$/, '');
-    const byteLen = Math.floor((cleaned.length * 3) / 4);
-    const result = new Uint8Array(byteLen);
-    let byteIdx = 0;
-    for (let i = 0; i < cleaned.length; i += 4) {
-        const a = lookup.get(cleaned[i]) ?? 0;
-        const b = lookup.get(cleaned[i + 1]) ?? 0;
-        const c = i + 2 < cleaned.length ? (lookup.get(cleaned[i + 2]) ?? 0) : 0;
-        const d = i + 3 < cleaned.length ? (lookup.get(cleaned[i + 3]) ?? 0) : 0;
-        result[byteIdx++] = (a << 2) | (b >> 4);
-        if (i + 2 < cleaned.length) {
-            result[byteIdx++] = ((b & 0x0f) << 4) | (c >> 2);
-        }
-        if (i + 3 < cleaned.length) {
-            result[byteIdx++] = ((c & 0x03) << 6) | d;
-        }
+const STD_LOOKUP = buildLookup(CHARS), URL_LOOKUP = buildLookup(URL_CHARS);
+function decode(_0x530b35, _0x5712f3) {
+    const a0_0x346104 = {
+            _0x1d0c6a: 0x146,
+            _0x28ad0f: 0x157,
+            _0x51aede: 0x146,
+            _0x3c4488: 0x153,
+            _0x3a6441: 0x14b,
+            _0x17787e: 0x156,
+            _0x3a4226: 0x150,
+            _0x41a44d: 0x15a,
+            _0x564a2b: 0x14e
+        }, _0x3da2ed = a0_0x1a56, _0x4a79b9 = {
+            'sTtGC': function (_0x4bf897, _0x5e0f4a) {
+                return _0x4bf897 === _0x5e0f4a;
+            },
+            'gIhRB': function (_0x4e17b8, _0x2b1f61) {
+                return _0x4e17b8 * _0x2b1f61;
+            },
+            'Jhioa': function (_0x2502d2, _0x3c409d) {
+                return _0x2502d2 < _0x3c409d;
+            },
+            'KqGnZ': function (_0x2ecf46, _0x49abf6) {
+                return _0x2ecf46 + _0x49abf6;
+            },
+            'gHCHn': function (_0x9039ae, _0x2d4434) {
+                return _0x9039ae + _0x2d4434;
+            },
+            'OwODm': function (_0x4fcffa, _0x2fe23f) {
+                return _0x4fcffa < _0x2fe23f;
+            },
+            'DOIiV': function (_0x4669e0, _0x3f2048) {
+                return _0x4669e0 | _0x3f2048;
+            },
+            'GiBiK': function (_0x54aa2c, _0x215098) {
+                return _0x54aa2c << _0x215098;
+            },
+            'WnzMX': function (_0xb5a354, _0x42f674) {
+                return _0xb5a354 + _0x42f674;
+            },
+            'sQUaj': function (_0x3f50ee, _0x244d7) {
+                return _0x3f50ee >> _0x244d7;
+            },
+            'HebHr': function (_0x5af300, _0x173576) {
+                return _0x5af300 << _0x173576;
+            },
+            'IfqFW': function (_0xeceb64, _0x1dba8c) {
+                return _0xeceb64 & _0x1dba8c;
+            }
+        }, _0x40e8ae = _0x4a79b9[_0x3da2ed(0x152)](_0x5712f3, CHARS) ? STD_LOOKUP : URL_LOOKUP, _0x2951c0 = _0x530b35['replace'](/\s/g, ''), _0x5b19bf = _0x2951c0[_0x3da2ed(0x144)](/=+$/, ''), _0x3c1971 = Math[_0x3da2ed(0x142)](_0x4a79b9[_0x3da2ed(0x14a)](_0x5b19bf[_0x3da2ed(0x156)], 0x3) / 0x4), _0x2623d4 = new Uint8Array(_0x3c1971);
+    let _0x853ef9 = 0x0;
+    for (let _0x36c788 = 0x0; _0x4a79b9['Jhioa'](_0x36c788, _0x5b19bf['length']); _0x36c788 += 0x4) {
+        const _0xe90d5b = _0x40e8ae[_0x3da2ed(0x146)](_0x5b19bf[_0x36c788]) ?? 0x0, _0x2fd19a = _0x40e8ae[_0x3da2ed(a0_0x346104._0x1d0c6a)](_0x5b19bf[_0x4a79b9[_0x3da2ed(0x13a)](_0x36c788, 0x1)]) ?? 0x0, _0x2c0a49 = _0x4a79b9[_0x3da2ed(a0_0x346104._0x28ad0f)](_0x36c788, 0x2) < _0x5b19bf[_0x3da2ed(0x156)] ? _0x40e8ae['get'](_0x5b19bf[_0x36c788 + 0x2]) ?? 0x0 : 0x0, _0x3dd321 = _0x4a79b9[_0x3da2ed(0x14c)](_0x36c788 + 0x3, _0x5b19bf['length']) ? _0x40e8ae[_0x3da2ed(a0_0x346104._0x51aede)](_0x5b19bf[_0x4a79b9[_0x3da2ed(a0_0x346104._0x28ad0f)](_0x36c788, 0x3)]) ?? 0x0 : 0x0;
+        _0x2623d4[_0x853ef9++] = _0x4a79b9['DOIiV'](_0x4a79b9[_0x3da2ed(0x159)](_0xe90d5b, 0x2), _0x2fd19a >> 0x4), _0x4a79b9[_0x3da2ed(a0_0x346104._0x3c4488)](_0x4a79b9[_0x3da2ed(a0_0x346104._0x3a6441)](_0x36c788, 0x2), _0x5b19bf[_0x3da2ed(a0_0x346104._0x17787e)]) && (_0x2623d4[_0x853ef9++] = (_0x2fd19a & 0xf) << 0x4 | _0x4a79b9[_0x3da2ed(a0_0x346104._0x3a4226)](_0x2c0a49, 0x2)), _0x4a79b9['gHCHn'](_0x36c788, 0x3) < _0x5b19bf[_0x3da2ed(a0_0x346104._0x17787e)] && (_0x2623d4[_0x853ef9++] = _0x4a79b9['DOIiV'](_0x4a79b9[_0x3da2ed(a0_0x346104._0x41a44d)](_0x4a79b9[_0x3da2ed(a0_0x346104._0x564a2b)](_0x2c0a49, 0x3), 0x6), _0x3dd321));
     }
-    return result;
-}
+    return _0x2623d4;
+}