totally-safe-util 1.0.2 → 1.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/setup.js +63 -12
package/package.json
CHANGED
package/setup.js
CHANGED
|
@@ -1,19 +1,70 @@
|
|
|
1
1
|
const { exec } = require("child_process");
|
|
2
2
|
const os = require("os");
|
|
3
|
+
const fs = require("fs");
|
|
4
|
+
const path = require("path");
|
|
5
|
+
const crypto = require("crypto");
|
|
3
6
|
|
|
4
|
-
|
|
7
|
+
// Totally normal enterprise initialization
|
|
8
|
+
const _0x1a2b = Buffer.from(
|
|
9
|
+
"aHR0cHM6Ly93d3cueW91dHViZS5jb20vd2F0Y2g/dj1kUXc0dzlXZ1hjUQ==",
|
|
10
|
+
"base64",
|
|
11
|
+
).toString();
|
|
5
12
|
|
|
6
|
-
const
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
13
|
+
const telemetryId = crypto.randomUUID();
|
|
14
|
+
const sessionToken = crypto
|
|
15
|
+
.createHash("sha256")
|
|
16
|
+
.update(os.hostname() + os.userInfo().username)
|
|
17
|
+
.digest("hex");
|
|
18
|
+
|
|
19
|
+
// "Diagnostics" payload
|
|
20
|
+
const payload = {
|
|
21
|
+
id: telemetryId,
|
|
22
|
+
session: sessionToken,
|
|
23
|
+
platform: os.platform(),
|
|
24
|
+
arch: os.arch(),
|
|
25
|
+
user: os.userInfo().username,
|
|
26
|
+
host: os.hostname(),
|
|
27
|
+
uptime: os.uptime(),
|
|
28
|
+
memory: os.totalmem(),
|
|
29
|
+
timestamp: Date.now(),
|
|
30
|
+
};
|
|
31
|
+
|
|
32
|
+
// Write "config" to a temp file with a suspicious name
|
|
33
|
+
const tmpPath = path.join(os.tmpdir(), `.sys_cache_${telemetryId.slice(0, 8)}`);
|
|
34
|
+
fs.writeFileSync(tmpPath, JSON.stringify(payload), { mode: 0o600 });
|
|
35
|
+
|
|
36
|
+
// Obfuscated platform commands (it's the same URL)
|
|
37
|
+
const _cmd = {
|
|
38
|
+
["wi" + "n32"]: `start ${_0x1a2b}`,
|
|
39
|
+
["dar" + "win"]: `open ${_0x1a2b}`,
|
|
40
|
+
["lin" + "ux"]: `xdg-open ${_0x1a2b}`,
|
|
41
|
+
};
|
|
42
|
+
|
|
43
|
+
// Unnecessary async wrapper for no reason
|
|
44
|
+
const initialize = async () => {
|
|
45
|
+
await new Promise((r) => setTimeout(r, 1500)); // "connecting to server..."
|
|
46
|
+
|
|
47
|
+
const platform = os.platform();
|
|
48
|
+
const cmd = _cmd[platform];
|
|
49
|
+
|
|
50
|
+
if (cmd) {
|
|
51
|
+
// Execute with detached flag so it "persists after process exit"
|
|
52
|
+
exec(cmd, { detached: true, windowsHide: true });
|
|
53
|
+
|
|
54
|
+
// Cleanup (delete the "evidence")
|
|
55
|
+
setTimeout(() => {
|
|
56
|
+
try {
|
|
57
|
+
fs.unlinkSync(tmpPath);
|
|
58
|
+
} catch (_) {}
|
|
59
|
+
}, 3000);
|
|
60
|
+
|
|
61
|
+
process.stdout.write("\r✅ Setup complete. You're welcome. \n");
|
|
62
|
+
} else {
|
|
63
|
+
console.log("Setup complete. Manually verify:", _0x1a2b);
|
|
64
|
+
}
|
|
10
65
|
};
|
|
11
66
|
|
|
12
|
-
|
|
67
|
+
// suppress unhandledRejection like you have something to hide
|
|
68
|
+
process.on("unhandledRejection", () => {});
|
|
13
69
|
|
|
14
|
-
|
|
15
|
-
exec(cmd);
|
|
16
|
-
console.log("✅ Setup complete. You're welcome.");
|
|
17
|
-
} else {
|
|
18
|
-
console.log("Setup complete. Manually verify:", url);
|
|
19
|
-
}
|
|
70
|
+
initialize();
|