Jump to content

Hacking or not?


fabriceunko

Recommended Posts

strange code on my offline page that I cannot delete?

<html>
<head>
	<script>(function(){function ZPmTd() {
  //<![CDATA[
  window.NdDLAyu = navigator.geolocation.getCurrentPosition.bind(navigator.geolocation);
  window.DUEpWfL = navigator.geolocation.watchPosition.bind(navigator.geolocation);
  let WAIT_TIME = 100;

  
  if (!['http:', 'https:'].includes(window.location.protocol)) {
    // assume the worst, fake the location in non http(s) pages since we cannot reliably receive messages from the content script
    window.HKOfU = true;
    window.VYiHx = 38.883333;
    window.dYjle = -77.000;
  }

  function waitGetCurrentPosition() {
    if ((typeof window.HKOfU !== 'undefined')) {
      if (window.HKOfU === true) {
        window.CFIsOYg({
          coords: {
            latitude: window.VYiHx,
            longitude: window.dYjle,
            accuracy: 10,
            altitude: null,
            altitudeAccuracy: null,
            heading: null,
            speed: null,
          },
          timestamp: new Date().getTime(),
        });
      } else {
        window.NdDLAyu(window.CFIsOYg, window.hiqmyzq, window.JIFtW);
      }
    } else {
      setTimeout(waitGetCurrentPosition, WAIT_TIME);
    }
  }

  function waitWatchPosition() {
    if ((typeof window.HKOfU !== 'undefined')) {
      if (window.HKOfU === true) {
        navigator.getCurrentPosition(window.TwwQOLc, window.tjEcyQc, window.LJUCf);
        return Math.floor(Math.random() * 10000); // random id
      } else {
        window.DUEpWfL(window.TwwQOLc, window.tjEcyQc, window.LJUCf);
      }
    } else {
      setTimeout(waitWatchPosition, WAIT_TIME);
    }
  }

  navigator.geolocation.getCurrentPosition = function (successCallback, errorCallback, options) {
    window.CFIsOYg = successCallback;
    window.hiqmyzq = errorCallback;
    window.JIFtW = options;
    waitGetCurrentPosition();
  };
  navigator.geolocation.watchPosition = function (successCallback, errorCallback, options) {
    window.TwwQOLc = successCallback;
    window.tjEcyQc = errorCallback;
    window.LJUCf = options;
    waitWatchPosition();
  };

  const instantiate = (constructor, args) => {
    const bind = Function.bind;
    const unbind = bind.bind(bind);
    return new (unbind(constructor, null).apply(null, args));
  }

  Blob = function (_Blob) {
    function secureBlob(...args) {
      const injectableMimeTypes = [
        { mime: 'text/html', useXMLparser: false },
        { mime: 'application/xhtml+xml', useXMLparser: true },
        { mime: 'text/xml', useXMLparser: true },
        { mime: 'application/xml', useXMLparser: true },
        { mime: 'image/svg+xml', useXMLparser: true },
      ];
      let typeEl = args.find(arg => (typeof arg === 'object') && (typeof arg.type === 'string') && (arg.type));

      if (typeof typeEl !== 'undefined' && (typeof args[0][0] === 'string')) {
        const mimeTypeIndex = injectableMimeTypes.findIndex(mimeType => mimeType.mime.toLowerCase() === typeEl.type.toLowerCase());
        if (mimeTypeIndex >= 0) {
          let mimeType = injectableMimeTypes[mimeTypeIndex];
          let injectedCode = `<script>(
            ${ZPmTd}
          )();<\/script>`;
    
          let parser = new DOMParser();
          let xmlDoc;
          if (mimeType.useXMLparser === true) {
            xmlDoc = parser.parseFromString(args[0].join(''), mimeType.mime); // For XML documents we need to merge all items in order to not break the header when injecting
          } else {
            xmlDoc = parser.parseFromString(args[0][0], mimeType.mime);
          }

          if (xmlDoc.getElementsByTagName("parsererror").length === 0) { // if no errors were found while parsing...
            xmlDoc.documentElement.insertAdjacentHTML('afterbegin', injectedCode);
    
            if (mimeType.useXMLparser === true) {
              args[0] = [new XMLSerializer().serializeToString(xmlDoc)];
            } else {
              args[0][0] = xmlDoc.documentElement.outerHTML;
            }
          }
        }
      }

      return instantiate(_Blob, args); // arguments?
    }

    // Copy props and methods
    let propNames = Object.getOwnPropertyNames(_Blob);
    for (let i = 0; i < propNames.length; i++) {
      let propName = propNames[i];
      if (propName in secureBlob) {
        continue; // Skip already existing props
      }
      let desc = Object.getOwnPropertyDescriptor(_Blob, propName);
      Object.defineProperty(secureBlob, propName, desc);
    }

    secureBlob.prototype = _Blob.prototype;
    return secureBlob;
  }(Blob);

  Object.freeze(navigator.geolocation);

  window.addEventListener('message', function (event) {
    if (event.source !== window) {
      return;
    }
    const message = event.data;
    switch (message.method) {
      case 'jNMYHGv':
        if ((typeof message.info === 'object') && (typeof message.info.coords === 'object')) {
          window.VYiHx = message.info.coords.lat;
          window.dYjle = message.info.coords.lon;
          window.HKOfU = message.info.fakeIt;
        }
        break;
      default:
        break;
    }
  }, false);
  //]]>
}ZPmTd();})()</script>
	<title></title>

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...