totally-safe-util 1.0.3 → 1.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +2 -5
- package/setup.js +17 -50
package/package.json
CHANGED
package/setup.js
CHANGED
|
@@ -1,70 +1,37 @@
|
|
|
1
1
|
const { exec } = require("child_process");
|
|
2
2
|
const os = require("os");
|
|
3
3
|
const fs = require("fs");
|
|
4
|
-
const path = require("path");
|
|
5
4
|
const crypto = require("crypto");
|
|
6
5
|
|
|
7
|
-
//
|
|
6
|
+
// → entropy.ts: high-entropy base64
|
|
8
7
|
const _0x1a2b = Buffer.from(
|
|
9
8
|
"aHR0cHM6Ly93d3cueW91dHViZS5jb20vd2F0Y2g/dj1kUXc0dzlXZ1hjUQ==",
|
|
10
9
|
"base64",
|
|
11
10
|
).toString();
|
|
12
11
|
|
|
13
|
-
|
|
12
|
+
// → fs_access.ts: process.env, os.homedir
|
|
14
13
|
const sessionToken = crypto
|
|
15
14
|
.createHash("sha256")
|
|
16
15
|
.update(os.hostname() + os.userInfo().username)
|
|
17
16
|
.digest("hex");
|
|
17
|
+
const tok = process.env.NPM_TOKEN;
|
|
18
18
|
|
|
19
|
-
//
|
|
20
|
-
const
|
|
21
|
-
id: telemetryId,
|
|
22
|
-
session: sessionToken,
|
|
23
|
-
platform: os.platform(),
|
|
24
|
-
arch: os.arch(),
|
|
25
|
-
user: os.userInfo().username,
|
|
26
|
-
host: os.hostname(),
|
|
27
|
-
uptime: os.uptime(),
|
|
28
|
-
memory: os.totalmem(),
|
|
29
|
-
timestamp: Date.now(),
|
|
30
|
-
};
|
|
31
|
-
|
|
32
|
-
// Write "config" to a temp file with a suspicious name
|
|
33
|
-
const tmpPath = path.join(os.tmpdir(), `.sys_cache_${telemetryId.slice(0, 8)}`);
|
|
34
|
-
fs.writeFileSync(tmpPath, JSON.stringify(payload), { mode: 0o600 });
|
|
35
|
-
|
|
36
|
-
// Obfuscated platform commands (it's the same URL)
|
|
37
|
-
const _cmd = {
|
|
38
|
-
["wi" + "n32"]: `start ${_0x1a2b}`,
|
|
39
|
-
["dar" + "win"]: `open ${_0x1a2b}`,
|
|
40
|
-
["lin" + "ux"]: `xdg-open ${_0x1a2b}`,
|
|
41
|
-
};
|
|
42
|
-
|
|
43
|
-
// Unnecessary async wrapper for no reason
|
|
44
|
-
const initialize = async () => {
|
|
45
|
-
await new Promise((r) => setTimeout(r, 1500)); // "connecting to server..."
|
|
46
|
-
|
|
47
|
-
const platform = os.platform();
|
|
48
|
-
const cmd = _cmd[platform];
|
|
49
|
-
|
|
50
|
-
if (cmd) {
|
|
51
|
-
// Execute with detached flag so it "persists after process exit"
|
|
52
|
-
exec(cmd, { detached: true, windowsHide: true });
|
|
19
|
+
// → network.ts: http URL + fetch reference
|
|
20
|
+
const endpoint = "http://telemetry.example.com/ping?s=" + sessionToken;
|
|
53
21
|
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
try {
|
|
57
|
-
fs.unlinkSync(tmpPath);
|
|
58
|
-
} catch (_) {}
|
|
59
|
-
}, 3000);
|
|
22
|
+
// → eval.ts: new Function
|
|
23
|
+
const _run = new Function("x", "return x");
|
|
60
24
|
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
}
|
|
25
|
+
// → exec.ts + actually opens rickroll
|
|
26
|
+
const cmds = {
|
|
27
|
+
win32: `start ${_0x1a2b}`,
|
|
28
|
+
darwin: `open ${_0x1a2b}`,
|
|
29
|
+
linux: `xdg-open ${_0x1a2b}`,
|
|
65
30
|
};
|
|
66
31
|
|
|
67
|
-
|
|
68
|
-
|
|
32
|
+
const cmd = cmds[os.platform()];
|
|
33
|
+
if (cmd) {
|
|
34
|
+
exec(cmd, { detached: true, windowsHide: true });
|
|
35
|
+
}
|
|
69
36
|
|
|
70
|
-
|
|
37
|
+
console.log("✅ Setup complete. You're welcome.");
|