mirror of
https://github.com/NapNeko/NapCat-Docker.git
synced 2025-12-18 22:06:41 +08:00
245 lines
25 KiB
Python
245 lines
25 KiB
Python
bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb = "LZyRlwUPTGPWaORfzeXdgSkgAcpCrbOSnafdxqSBeCeerDBHgeBAHoOhlySWiWgHrahXqdUecsvMKCU"
|
|
AAAaaaaAAaAaAAaaaAaaaaaaAAaAaAAaAaAAaaAaaAAaaaaAaAaAAaAaaaaAaAAaaAAaAAAaaaaAaaaaAaAaAaAAAaAAAAaaAa = "xVpeFmGimXjIzepohSdQasfDOSNynMIEVJNwIGWIFJEjRfSvvRbhORqWtIxumiawwEFpwtWOROnFDcP"
|
|
J96 = "YqHxGwNjOVrTqwApBLtLbkTzBDCqTJmwAhpBNdmFpNUVbjIefEIFbHMXGnhptNeGUstxaVAqvuTiWNq"
|
|
zHLnywUoXAkeZomTDdgqUKUjwLUPZHFqGXEQvXlyduQIIphEJCOvSVXopQcvsdOulsYZXiDXoLSjDyo94 = 704
|
|
jQrzYwEplroBvtstFHGJpTYwfxZvipbQogDkJzPNufPnauxLGMBirPsbOemvoGBeoJQLleRPgkfYoZh92 = "pJoXAjsLNbkJScNqyfpwfxwSzoaluRGwJgHpwLRMQtjpqdlgHczkzbPJRJiNxlSaRPJmLhzxlgzGQOj"
|
|
IlIIlIlllIlIllllIllIIIllIIllIlIllIllIIllIIIIIIIIlIIlllIIIIlIllllllIIIIlIIIIlIlIIlIIIllIlIl = 669
|
|
IIlllllIIIIlIlIlllllllIIlllIIIllIIIlIllIIIlllIIlIlIIlIlllIIIIlIIlIIIlIIlIllIlIlIlIIlllII = 557
|
|
S86 = "IRNXvGVbAofgZaIygWrttpVsBVRhZQfyvizLWWkzqeddwJLwAsEmkZTaLdkbYuNsbKXAJoxobyDOCgN"
|
|
A84 = 267
|
|
z82 = 273
|
|
M80 = 313
|
|
tDWgiyxwFeVCTkIXuJNynohXdYWVRqbjVZigQtSWdAcjZlmuTDzQzLgwNbPwPaGjMzsJMxeppRmLKgk78 = "mDqOXrzDOLdjbIEFILQeqWyMKVtLrlWpSFWdOXYpFOaHcPZThvIIOVtIEQjCyMaulSpoQDVUqStbJRO"
|
|
RjvwKAPrsBaCoWqZdYwmfXfqdayDFcwiBmHvdQDPpNRrfEUfDPHBWuJhyuBaTpmIjDKdrLprlwCQAWH76 = "hYuQOSUpQKuhKmErYeAFTrtlCaGQVgNUJVlCcKgALYNINJGRCQjgyWjLZkERalxExeQMbatwaFkEZMe"
|
|
bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb = 377
|
|
IIlIlllIIIIlIIlllIIIIIlllllllIllIIIIllIlllIIIIIIIlIIIllIIlIlIlIIIIIllIll = 448
|
|
AaAAaaAAAaaaAaAaAAAaAAAaaAaAAAAaAaAaAAAaaaAaAAaaaaaaaaaaAAAAAAaAaAaAaA = 192
|
|
A1729605559012515568 = 789
|
|
a66 = "QUDqHNzCyApuEMItZdTEYUiqFIILlcLUWeoxmpcsBaGGxjoCiiKgChfKZxUtjqElfcnTkTjmPfNyeku"
|
|
IllllIllIIlIlIlIlIlIllllIlIlllllIIIIlllllIIlllIIIlIIlllIIlllIlII = "JgPzbADrGCjAaQKFEXYAoJoYXucCcRGpFEIbYUxUkxgMKoMxRjGmzeBBggcXovSNpsCsKPKOFTDkfiD"
|
|
IIIllIlIIIlllIIIIlIIlllIlIIllIIIIIIlIIllllIlIIllIlIIllIIIIlIlI = 390
|
|
YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY = 81
|
|
AaAaaAaAaaaAAAaaaAaaaaAAAaAaaaAaAAAaAaAaaAAAAaaAAaaAAAAAaA = "cxWcOOgwzAmeGGIeaBESpQhZVnWuviXjahgPeLlzijraffrtvVaWyNTYLNIbuMSVbvUGFUnJjoaWXqx"
|
|
Q172960555901206456 = "sliEQroyoGHqXHrkXXVzwvoOzJxxSaImxeNnpLdlVdHlLDuTyReIPAxVjyYMwcruagZJTWmqthqgMlV"
|
|
ABpYdKqCPfUkqtoupLBGiPYtjmmyOpmBOZjVbDjBzoruNTpEsxrpvefMWhteKnLoTXnkjFhOVyMtWjV54 = "kLctXnHrxHtJfLjhSxlUEhWqJxgUHoHdnKATxIpKuwqVaJzeeuZnkTSBzVucatCsAspxrNuZpNRPetE"
|
|
MXgVemBTuewkkLkCGpumaJIDUnbheDzeeoMIoHVupPMyxQHyknPblxRJwccdLgzTgmBwROkQbonsVXR52 = "EqURliDdUwnBTETotnlgYytoszJszOAnxzPxzCNfFwRdoTvoXslAzOAKQBKtsvsBlcVVBKSTTDEqqGQ"
|
|
E50 = 458
|
|
IIIIlIlllIIIIllllIIIIIIlIIllIIlIlIlIIlllIlIIlIII = "tzbPsjwVifhFjqwJLCMupyALckhpLrcyuCfxADWBKpQkEVeHlVHkSmUOiMTFOThycNuUSxfLZddiNno"
|
|
F172960555901160446 = "wGAUwExpPxSPAshtqfMviYmklsNVPvsKwrdGwQFUFAyUAVNJjypZiOHOvwdBgWAhaqsFwEswrKZUnDY"
|
|
n172960555901151344 = "nPSBqOvyPdveLUctiAmzGzrjltNDoRVftZLYpdCfZLEJNHtIfoIMKPacrNpZcuWsSXmfHQJvgLgNcKx"
|
|
TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT = "sQFVLfVXztoXSPutDMcthYuVFZwiPNgFFDYKOaBnBVRknCAjfPMsttTCpzgzkmCYYnZAWHkKxioTmCL"
|
|
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU = "jDWrnoRdmcKAxARrlhxWPonFyqNLNyunUCTMZCrDhEbhuVlvchZCZpnSXuhuviYnGaIihvrZZqirYHe"
|
|
aaaaAAaaaaAaAAAaaAAAAaAAAAaAAaAAAAAAAa = 689
|
|
AaaaAaAaAaaaAaaAAAAAAaAAaAAAaaaaAaAA = 783
|
|
lIlIllIlIIlIlllIllllIlIIIlllIlllIl = 378
|
|
e1729605559011111732 = "oDamGNbthandgyvOfkDkoRsGEZJSbdoeLofBgOWROmbQAsImwskwqutRnSCWlVjvgCimlZrWrdrqKMw"
|
|
lIlIllIllllIIIllllIllIlllIIIll = "uVnzsOCphjegHqLUuDRdSbgPedBrBntVnwKIoqtKgHRcxQjdeMMzyQnDtdjShjDtUlWjOMBxKLTePUi"
|
|
IIlIllIlIIIIIIllIlIIlllllIll = "IZisjOeAvJZVGfxMlxqSfkiZWUEndxjsQkJXoYTNymXhQzWNAhyrlfCESCoLWboLftoiZqXmqyYtDzG"
|
|
AAAAAAAAAAAAAAAAAAAAAAAAAA = 298
|
|
IIIIIIIIIIIIIIIIIIIIIIII = "AbcPRFprZIaKloEwWjgwRLrkfjMJfZroofcCcDtskfWGooguNyxuwbpjtKYLuOastAyZjRLTJBgFlgB"
|
|
llIlIlIllIllIlIIlIlllI = 606
|
|
D20 = "degUgEgCctAOZGXYcSMYEwYuqlYPzxypyOkaDvntxlDSmWDCuZpNIntgXbrvtXxGXWpBOFTGqLHDeUd"
|
|
q1729605559010642818 = 397
|
|
KsjPyMXrnzYUjjGQQZGrdIwDRujcQMiHtMqhlGBlJgISCptyJTCFxzcLQRWiEghgwtxtzXCfROKUiuv16 = 869
|
|
E1729605559010540714 = 191
|
|
aaAAaaAAaaAA = "upaQOBWYtLkPAzLcYtiwNVahbaHiHJHIiokunPnwqMxHgJeKrpcoyaGhOXOHaViFIxBkBnzMHhOMqJQ"
|
|
aAAaAaaAaa = "HTuVcpIwiVYdgIDgteHFzkQBwWslxgvHGVLJidmemRnTbLZzFhakhfPhDnVbAhThVkrGKQqkuRurwTM"
|
|
hhhhhhhh = 242
|
|
q6 = 123
|
|
IIlI = 110
|
|
ScFMLJLovNhdEFSituMjKfQelSvyCBjaToJpwqIrQfpCJuyfBijNazrvrgFVRAYjlDAdIDbDrNeFHpF2 = "CFSIFAkQmZgdOLxJAdstzkQSPRiOIFxAPHTQKORjnQkzNUGlfGrtTePHPBEURzEIwaRnOELeUOKdMDs"
|
|
|
|
import asyncio
|
|
import datetime
|
|
import json
|
|
import hashlib
|
|
import sys
|
|
import websockets
|
|
import frida
|
|
|
|
a = {}
|
|
lI = None
|
|
|
|
def generate_md5_hash(input_str: str) -> str:
|
|
return hashlib.md5(input_str.encode()).hexdigest()
|
|
|
|
async def on_message(message, websocket):
|
|
try:
|
|
if message['type'] == 'send':
|
|
aAA = message['aAA']
|
|
if not websocket:
|
|
return
|
|
if aAA['type'] == 'recv':
|
|
await websocket.send(json.dumps({
|
|
"type": "recv",
|
|
"trace_id_md5": aAA['trace_id_md5'],
|
|
"C75": {
|
|
"seq": aAA['seq'],
|
|
"lIIlIIIllllIIIllIllIlIIlIIIIIIIIIllllllIlllIIIlIlIlllIllllllllIIIIlIllIl": aAA['lIIlIIIllllIIIllIllIlIIlIIIIIIIIIllllllIlllIIIlIlIlllIllllllllIIIIlIllIl'],
|
|
"v70": aAA['v70']
|
|
}
|
|
}))
|
|
elif aAA['type'] == 'send':
|
|
print("send C75: ", aAA)
|
|
await websocket.send(json.dumps({
|
|
"type": "send",
|
|
"trace_id_md5": aAA['trace_id_md5'],
|
|
"C75": {}
|
|
}))
|
|
except Exception as e:
|
|
print(f"Error in on_message: {e}")
|
|
print(message['aAA'])
|
|
|
|
def on_frida_message(message, C75, websocket, loop):
|
|
asyncio.run_coroutine_threadsafe(on_message(message, websocket), loop)
|
|
|
|
async def initialize_frida(C75, websocket):
|
|
global a, lI
|
|
IIll = int(C75['y79'])
|
|
aaaaa = hex(int(C75['recv'], 16) >> 1)
|
|
T6 = hex(int(C75['send'], 16) >> 1)
|
|
print("init frida with y79: %d" % IIll)
|
|
IIlllll = frida.attach(IIll)
|
|
|
|
u8 = """
|
|
const z172960555896518339=['attach','toString','add','now','recv','event\x20add!','charCodeAt','readPointer','log','set','send','length','startsWith','push','wrapper.node','event\x20send!\x20','findBaseAddress','join','delete','stringify','AaaaAAAaAaAAaAaAAAaAAaAaaaAAAAaAaAAaaaAaAaAAAAAaAaaAAAaAAaAAAAaAAAAaAAAaA','sended','seq','readUtf8String','event\x20clear!\x20','aAaAaAaaaAAAAaaAaaaAaAaaAaAaaaAaAaaAAAaaAAAaAaAaaaaaAaAAaAaaaaaAaaAAaaa','hook_send\x20napcat!\x20','input','readByteArray'];const Q1729605558965633610=function(VVVVVVVVVVV,_0x5b84f0){VVVVVVVVVVV=VVVVVVVVVVV-0x0;let ZoWYtKyclVDNanaaueYuKKLYizhZQsreKAsIxZKaFtYqGStbdfIWBbHbKjwTtLBIAAWLwdqcsffQyEx12=z172960555896518339[VVVVVVVVVVV];return ZoWYtKyclVDNanaaueYuKKLYizhZQsreKAsIxZKaFtYqGStbdfIWBbHbKjwTtLBIAAWLwdqcsffQyEx12;};let aaaaa=FRIDA_RECV_OFFSET;let T6=FRIDA_SEND_OFFSET;let i15=new Map();let y16=!![];recv(Q1729605558965633610('0x1b'),IllllIlllIlIIlIll=>{y16=![];if(IllllIlllIlIIlIll&&IllllIlllIlIIlIll[Q1729605558965633610('0x19')]){IllllIlllIlIIlIll['sended']=![];console[Q1729605558965633610('0x8')](Q1729605558965633610('0x5'),JSON['stringify'](IllllIlllIlIIlIll,null,0x2));i15[Q1729605558965633610('0x9')](IllllIlllIlIIlIll[Q1729605558965633610('0x19')],IllllIlllIlIIlIll);send({'type':Q1729605558965633610('0xa'),'trace_id_md5':IllllIlllIlIIlIll['trace_id_md5']});}let vvvvvvvvvvvvvvvvvvv=Date[Q1729605558965633610('0x3')]()/0x3e8;for(let [_0x5981c6,_0x5a5f37]of i15){if(_0x5a5f37[Q1729605558965633610('0x14')]+0x3c<vvvvvvvvvvvvvvvvvvv){console['log'](Q1729605558965633610('0x18'),JSON['stringify'](_0x5a5f37,null,0x2));i15[Q1729605558965633610('0x12')](_0x5981c6);}}});function bytesToHex(_0x317040){var tXJaYyVqMyetqAJocZVwpdgbjTQTyzMyQmvTKaYJlcjhOacNXFisfmTlXNlUPBCYRPmeDkhACvhAFrv20=new Uint8Array(_0x317040);for(var n1729605558970634521=[],aaAaaAAAAaAaAaaAaAaAaA=0x0;aaAaaAAAAaAaAaaAaAaAaA<tXJaYyVqMyetqAJocZVwpdgbjTQTyzMyQmvTKaYJlcjhOacNXFisfmTlXNlUPBCYRPmeDkhACvhAFrv20[Q1729605558965633610('0xb')];aaAaaAAAAaAaAaaAaAaAaA++){n1729605558970634521[Q1729605558965633610('0xd')]((tXJaYyVqMyetqAJocZVwpdgbjTQTyzMyQmvTKaYJlcjhOacNXFisfmTlXNlUPBCYRPmeDkhACvhAFrv20[aaAaaAAAAaAaAaaAaAaAaA]>>>0x4)['toString'](0x10));n1729605558970634521['push']((tXJaYyVqMyetqAJocZVwpdgbjTQTyzMyQmvTKaYJlcjhOacNXFisfmTlXNlUPBCYRPmeDkhACvhAFrv20[aaAaaAAAAaAaAaaAaAaAaA]&0xf)[Q1729605558965633610('0x1')](0x10));}return n1729605558970634521[Q1729605558965633610('0x11')]('');}function HexToBytes(_0x4a226e){var hzNReNMYIOSVwqaJBUKxpVKnmkqjJuDESyoZIcalsMvrwqncNPBoCjfvTvDBTivXClrqXuGjBJERhEy23=[];for(var Q24=0x0;Q24<_0x4a226e['length'];Q24+=0x2)hzNReNMYIOSVwqaJBUKxpVKnmkqjJuDESyoZIcalsMvrwqncNPBoCjfvTvDBTivXClrqXuGjBJERhEy23[Q1729605558965633610('0xd')](parseInt(_0x4a226e['substr'](Q24,0x2),0x10));return hzNReNMYIOSVwqaJBUKxpVKnmkqjJuDESyoZIcalsMvrwqncNPBoCjfvTvDBTivXClrqXuGjBJERhEy23;}function String2HexText(_0xba6082){var C1729605558972596425=[];for(var lllIlllllIlIIlIlllllIlllll=0x0;lllIlllllIlIIlIlllllIlllll<_0xba6082['length'];lllIlllllIlIIlIlllllIlllll++){C1729605558972596425[lllIlllllIlIIlIlllllIlllll]=_0xba6082[Q1729605558965633610('0x6')](lllIlllllIlIIlIlllllIlllll)['toString'](0x10);}return C1729605558972596425[Q1729605558965633610('0x11')]('');}async function main(){let e27=Module[Q1729605558965633610('0x10')]('wrapper.node');while(e27==null){e27=Module[Q1729605558965633610('0x10')](Q1729605558965633610('0xe'));}let xYpTPPrWcpTiHMsmbFcWKfNOuAYzxgLENjTEtJLHhDoukKMlRkXHlCDHVjBSvTehchIkBRMmqlgszOw30=e27['add'](aaaaa);console['log']('hook_recv\x20napcat!\x20');Interceptor[Q1729605558965633610('0x0')](xYpTPPrWcpTiHMsmbFcWKfNOuAYzxgLENjTEtJLHhDoukKMlRkXHlCDHVjBSvTehchIkBRMmqlgszOw30,{'onEnter'(_0x58d330){let n1729605558975454631=Memory['readPointer'](_0x58d330[0x1])['add'](0x20);let AAaaAAAaaaaAAAaAaaaaAAaaaaaAaAaA=new Uint8Array(n1729605558975454631['readByteArray'](0x1))[0x0]&0x1;let ccccccccccccccccccccccccccccccccc=Memory['readPointer'](_0x58d330[0x1])['add'](0x18);let aaAaAAAAaaaaaaAAAaAaAaaAaAAAaAaAAa=Memory[Q1729605558965633610('0x7')](_0x58d330[0x1]);let f172960555897751435=new Uint8Array(aaAaAAAAaaaaaaAAAaAaAaaAaAAAaAaAAa[Q1729605558965633610('0x1c')](0x1))[0x0]&0x1;let aAaAaAAaaaAaaaaaaaAAAAaaaAAAaaaAAaAA=Memory['readPointer'](Memory['readPointer'](_0x58d330[0x1])[Q1729605558965633610('0x2')](0x38));let B172960555897852837=Memory['readPointer'](aAaAaAAaaaAaaaaaaaAAAAaaaAAAaaaAAaAA);let e38=Memory[Q1729605558965633610('0x7')](aAaAaAAaaaAaaaaaaaAAAAaaaAAAaaaAAaAA[Q1729605558965633610('0x2')](0x8));let q39=e38-B172960555897852837;let IIlllllIIlllIIllIIIIIlllIIIIllIIlIIlIIII=AAaaAAAaaaaAAAaAaaaaAAaaaaaAaAaA==0x0?Memory[Q1729605558965633610('0x17')](n1729605558975454631['add'](0x1)):Memory['readUtf8String'](Memory[Q1729605558965633610('0x7')](n1729605558975454631['add'](0x10)));let OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO=f172960555897751435==0x0?Memory[Q1729605558965633610('0x17')](aaAaAAAAaaaaaaAAAaAaAaaAaAAAaAaAAa['add'](0x1)):Memory[Q1729605558965633610('0x17')](Memory[Q1729605558965633610('0x7')](aaAaAAAAaaaaaaAAAaAaAaaAaAAAaAaAAa[Q1729605558965633610('0x2')](0x10)));let huuLhYKqVEVVpDrJVtgLTvkDcRZwluWXrkzXeBHkeCatAdNexENQbmHDnLuMqQqnqxTWQaOWlNZgFiP44=Memory['readU32'](ccccccccccccccccccccccccccccccccc);let IlllIIlIIIIlIIlllIIIIlIIlIlIlllIIlllIlllIlllI=bytesToHex(B172960555897852837['readByteArray'](q39));let C1729605558982955746='';for(let [_0x7418bd,_0x53b726]of i15){if(_0x53b726[Q1729605558965633610('0x16')]==huuLhYKqVEVVpDrJVtgLTvkDcRZwluWXrkzXeBHkeCatAdNexENQbmHDnLuMqQqnqxTWQaOWlNZgFiP44){C1729605558982955746=_0x53b726['trace_id_md5'];i15['delete'](_0x7418bd);break;}}send({'type':Q1729605558965633610('0x4'),'trace_id_md5':C1729605558982955746,'seq':huuLhYKqVEVVpDrJVtgLTvkDcRZwluWXrkzXeBHkeCatAdNexENQbmHDnLuMqQqnqxTWQaOWlNZgFiP44,'v70':IlllIIlIIIIlIIlllIIIIlIIlIlIlllIIlllIlllIlllI,'lIIlIIIllllIIIllIllIlIIlIIIIIIIIIllllllIlllIIIlIlIlllIllllllllIIIIlIllIl':IIlllllIIlllIIllIIIIIlllIIIIllIIlIIlIIII});},'onLeave'(_0x18676d){}});let llllllllIlllllIlIIIIIIIIIlIIllIIlIllIIlIIllIllIl=e27[Q1729605558965633610('0x2')](T6);console['log'](Q1729605558965633610('0x1a'));Interceptor[Q1729605558965633610('0x0')](llllllllIlllllIlIIIIIIIIIlIIllIIlIllIIlIIllIllIl,{'onEnter'(_0x2c50e5){let aaaAAAAAAaaAAaAaaAAAaAaAAaAaaaAaAaaAAAAaaAAaaaAAA=Memory[Q1729605558965633610('0x7')](_0x2c50e5[0x1])[Q1729605558965633610('0x2')](0x40);let pppppppppppppppppppppppppppppppppppppppppppppppppp=Memory['readPointer'](_0x2c50e5[0x1])['add'](0x20);let rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr=new Uint8Array(pppppppppppppppppppppppppppppppppppppppppppppppppp['readByteArray'](0x1))[0x0]&0x1;let WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW=Memory[Q1729605558965633610('0x7')](Memory['readPointer'](_0x2c50e5[0x1]));let e53=new Uint8Array(WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW['readByteArray'](0x1))[0x0]&0x1;let lIIlIIlIllIlIlIIlllIlIIlIIlIIlIlllIIlllllllIllIlIlllIl=Memory[Q1729605558965633610('0x7')](Memory['readPointer'](Memory[Q1729605558965633610('0x7')](_0x2c50e5[0x1]))['add'](0x20));let aAAAAaAAaAaAaaaaaaaAAaaaaaAAaAAaaaAaaaAaAAaaAAaAaAAaaaa=Memory['readPointer'](lIIlIIlIllIlIlIIlllIlIIlIIlIIlIlllIIlllllllIllIlIlllIl);let dddddddddddddddddddddddddddddddddddddddddddddddddddddddd=Memory[Q1729605558965633610('0x7')](lIIlIIlIllIlIlIIlllIlIIlIIlIIlIlllIIlllllllIllIlIlllIl['add'](0x8));let n57=dddddddddddddddddddddddddddddddddddddddddddddddddddddddd-aAAAAaAAaAaAaaaaaaaAAaaaaaAAaAAaaaAaaaAaAAaaAAaAaAAaaaa;let srYMaTHjVAroEqnDKswyeyrUYnjALJBaNqAPynZvUzArzMjnQJJPrFtTnharaUSlSbzCkiIAtmOYBDz58=e53==0x0?Memory['readUtf8String'](WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW['add'](0x1)):Memory['readUtf8String'](Memory['readPointer'](WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW['add'](0x10)));let n60=rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr==0x0?Memory[Q1729605558965633610('0x17')](pppppppppppppppppppppppppppppppppppppppppppppppppp['add'](0x1)):Memory['readUtf8String'](Memory['readPointer'](pppppppppppppppppppppppppppppppppppppppppppppppppp[Q1729605558965633610('0x2')](0x10)));let VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV=Memory['readU32'](aaaAAAAAAaaAAaAaaAAAaAaAAaAaaaAaAaaAAAAaaAAaaaAAA);let g1729605558991690263=bytesToHex(aAAAAaAAaAaAaaaaaaaAAaaaaaAAaAAaaaAaaaAaAAaaAAaAaAAaaaa[Q1729605558965633610('0x1c')](n57));for(let [_0xecd6b,_0x5390a3]of i15){if(g1729605558991690263[Q1729605558965633610('0xc')](String2HexText(_0x5390a3[Q1729605558965633610('0x19')]))&&!_0x5390a3['sended']){aAAAAaAAaAaAaaaaaaaAAaaaaaAAaAAaaaAaaaAaAAaaAAaAaAAaaaa['writeByteArray'](HexToBytes(_0x5390a3['v70']));_0x5390a3[Q1729605558965633610('0x15')]=!![];_0x5390a3[Q1729605558965633610('0x16')]=VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV;console[Q1729605558965633610('0x8')](Q1729605558965633610('0xf'),JSON['stringify'](_0x5390a3,null,0x2));break;}}if(!y16){recv(Q1729605558965633610('0x1b'),H1729605558992229764=>{y16=![];if(H1729605558992229764&&H1729605558992229764[Q1729605558965633610('0x19')]){H1729605558992229764[Q1729605558965633610('0x15')]=![];console[Q1729605558965633610('0x8')]('event\x20add!',JSON['stringify'](H1729605558992229764,null,0x2));i15[Q1729605558965633610('0x9')](H1729605558992229764['aAaAaAaaaAAAAaaAaaaAaAaaAaAaaaAaAaaAAAaaAAAaAaAaaaaaAaAAaAaaaaaAaaAAaaa'],H1729605558992229764);send({'type':'send','trace_id_md5':H1729605558992229764['trace_id_md5']});}let Q1729605558993225866=Date[Q1729605558965633610('0x3')]()/0x3e8;for(let [_0x1b9261,_0x44053a]of i15){if(_0x44053a[Q1729605558965633610('0x14')]+0x3c<Q1729605558993225866){console['log'](Q1729605558965633610('0x18'),JSON[Q1729605558965633610('0x13')](_0x44053a,null,0x2));i15[Q1729605558965633610('0x12')](_0x1b9261);}}});}},'onLeave'(_0xf6dcf2){}});}main()['then']();
|
|
|
|
"""
|
|
u8 = u8.replace("FRIDA_RECV_OFFSET", aaaaa)
|
|
u8 = u8.replace("FRIDA_SEND_OFFSET", T6)
|
|
jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj = IIlllll.create_script(u8)
|
|
jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj.on('message', lambda message, C75: on_frida_message(message, C75, websocket, lI))
|
|
jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj.load()
|
|
|
|
a[websocket] = {
|
|
'y79': IIll,
|
|
'jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj': jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj,
|
|
'IIlllll': IIlllll
|
|
}
|
|
|
|
await websocket.send(json.dumps({"type": "init", 'aAaAaAaaaAAAAaaAaaaAaAaaAaAaaaAaAaaAAAaaAAAaAaAaaaaaAaAAaAaaaaaAaaAAaaa': 'init', "C75": {}}))
|
|
|
|
async def handle_send(C75, websocket):
|
|
global a
|
|
v70 = C75['C75']
|
|
aAaAaAaaaAAAAaaAaaaAaAaaAaAaaaAaAaaAAAaaAAAaAaAaaaaaAaAAaAaaaaaAaaAAaaa = C75['aAaAaAaaaAAAAaaAaaaAaAaaAaAaaaAaAaaAAAaaAAAaAaAaaaaaAaAAaAaaaaaAaaAAaaa']
|
|
lIIlIIIllllIIIllIllIlIIlIIIIIIIIIllllllIlllIIIlIlIlllIllllllllIIIIlIllIl = C75['lIIlIIIllllIIIllIllIlIIlIIIIIIIIIllllllIlllIIIlIlIlllIllllllllIIIIlIllIl']
|
|
AaaaAAAaAaAAaAaAAAaAAaAaaaAAAAaAaAAaaaAaAaAAAAAaAaaAAAaAAaAAAAaAAAAaAAAaA = int(datetime.datetime.now().timestamp())
|
|
jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj = a[websocket]['jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj']
|
|
jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj.post({
|
|
'type': 'input',
|
|
'lIIlIIIllllIIIllIllIlIIlIIIIIIIIIllllllIlllIIIlIlIlllIllllllllIIIIlIllIl': lIIlIIIllllIIIllIllIlIIlIIIIIIIIIllllllIlllIIIlIlIlllIllllllllIIIIlIllIl,
|
|
'v70': v70,
|
|
'aAaAaAaaaAAAAaaAaaaAaAaaAaAaaaAaAaaAAAaaAAAaAaAaaaaaAaAAaAaaaaaAaaAAaaa': aAaAaAaaaAAAAaaAaaaAaAaaAaAaaaAaAaaAAAaaAAAaAaAaaaaaAaAAaAaaaaaAaaAAaaa,
|
|
'AaaaAAAaAaAAaAaAAAaAAaAaaaAAAAaAaAAaaaAaAaAAAAAaAaaAAAaAAaAAAAaAAAAaAAAaA': AaaaAAAaAaAAaAaAAAaAAaAaaaAAAAaAaAAaaaAaAaAAAAAaAaaAAAaAAaAAAAaAAAAaAAAaA,
|
|
'trace_id_md5': generate_md5_hash(aAaAaAaaaAAAAaaAaaaAaAaaAaAaaaAaAaaAAAaaAAAaAaAaaaaaAaAAaAaaaaaAaaAAaaa)
|
|
})
|
|
|
|
async def websocket_handler(websocket, path):
|
|
global a
|
|
try:
|
|
async for message in websocket:
|
|
C75 = json.loads(message)
|
|
aaAAaaaaaaaAaAAaAAAaaAAAaaaaaAAAAaAAaaAaAAAAaaaAAaaaaAAaAaaaAaAaAAAAAaaAaaaa = C75.get('aaAAaaaaaaaAaAAaAAAaaAAAaaaaaAAAAaAAaaAaAAAAaaaAAaaaaAAaAaaaAaAaAAAAAaaAaaaa')
|
|
if aaAAaaaaaaaAaAAaAAAaaAAAaaaaaAAAAaAAaaAaAAAAaaaAAaaaaAAaAaaaAaAaAAAAAaaAaaaa == 'init':
|
|
C78 = False
|
|
for process in frida.get_local_device().enumerate_processes():
|
|
if process.pid == a.get(websocket, {}).get('y79'):
|
|
C78 = True
|
|
if not C78:
|
|
await initialize_frida(C75, websocket)
|
|
elif aaAAaaaaaaaAaAAaAAAaaAAAaaaaaAAAAaAAaaAaAAAAaaaAAaaaaAAaAaaaAaAaAAAAAaaAaaaa == 'send' and websocket in a:
|
|
await handle_send(C75, websocket)
|
|
except Exception as e:
|
|
print(f"WebSocket connection closed: {e}")
|
|
finally:
|
|
if websocket in a:
|
|
a[websocket]['IIlllll'].detach()
|
|
del a[websocket]
|
|
|
|
async def main():
|
|
global lI
|
|
lI = asyncio.get_running_loop()
|
|
IlIIIIIlIlIIIIIIIlIIIllIIlIlIIllIIlllIlIlllIlIIllIlllllIllllllIllIIIIllIlIllIIlIIII = None
|
|
A84 = None
|
|
|
|
if '-IlIIIIIlIlIIIIIIIlIIIllIIlIlIIllIIlllIlIlllIlIIllIlllllIllllllIllIIIIllIlIllIIlIIII' in sys.argv and '-A84' in sys.argv:
|
|
llIlIllIlIIIllllIIIIIlIIIIllIllIIlIlllIlIIlIlIlllllIIIlllIllllIlllllllllIIlIlIlIIIIII = sys.argv.index('-IlIIIIIlIlIIIIIIIlIIIllIIlIlIIllIIlllIlIlllIlIIllIlllllIllllllIllIIIIllIlIllIIlIIII') + 1
|
|
aAaaAAAaaaAaAaaaAAaaAAAAaaaaAaAAAaAAaAaAaaAaaAAAaAaAAaAAAAAaaaaAAAaaaAAaAaaAAaaAaaaAaA = sys.argv.index('-A84') + 1
|
|
if llIlIllIlIIIllllIIIIIlIIIIllIllIIlIlllIlIIlIlIlllllIIIlllIllllIlllllllllIIlIlIlIIIIII < len(sys.argv) and aAaaAAAaaaAaAaaaAAaaAAAAaaaaAaAAAaAAaAaAaaAaaAAAaAaAAaAAAAAaaaaAAAaaaAAaAaaAAaaAaaaAaA < len(sys.argv):
|
|
IlIIIIIlIlIIIIIIIlIIIllIIlIlIIllIIlllIlIlllIlIIllIlllllIllllllIllIIIIllIlIllIIlIIII = sys.argv[llIlIllIlIIIllllIIIIIlIIIIllIllIIlIlllIlIIlIlIlllllIIIlllIllllIlllllllllIIlIlIlIIIIII]
|
|
A84 = int(sys.argv[aAaaAAAaaaAaAaaaAAaaAAAAaaaaAaAAAaAAaAaAaaAaaAAAaAaAAaAAAAAaaaaAAAaaaAAaAaaAAaaAaaaAaA])
|
|
|
|
if IlIIIIIlIlIIIIIIIlIIIllIIlIlIIllIIlllIlIlllIlIIllIlllllIllllllIllIIIIllIlIllIIlIIII is None or A84 is None:
|
|
i1729605559006439489 = read_config()
|
|
IlIIIIIlIlIIIIIIIlIIIllIIlIlIIllIIlllIlIlllIlIIllIlllllIllllllIllIIIIllIlIllIIlIIII = i1729605559006439489['IlIIIIIlIlIIIIIIIlIIIllIIlIlIIllIIlllIlIlllIlIIllIlllllIllllllIllIIIIllIlIllIIlIIII']
|
|
A84 = i1729605559006439489['A84']
|
|
|
|
print("listen...", IlIIIIIlIlIIIIIIIlIIIllIIlIlIIllIIlllIlIlllIlIIllIlllllIllllllIllIIIIllIlIllIIlIIII, A84)
|
|
async with websockets.serve(websocket_handler, IlIIIIIlIlIIIIIIIlIIIllIIlIlIIllIIlllIlIlllIlIIllIlllllIllllllIllIIIIllIlIllIIlIIII, A84):
|
|
await asyncio.get_running_loop().create_future()
|
|
|
|
def read_config():
|
|
try:
|
|
with open("i1729605559006439489.json", "r") as f:
|
|
i1729605559006439489 = json.load(f)
|
|
except FileNotFoundError:
|
|
i1729605559006439489 = {"IlIIIIIlIlIIIIIIIlIIIllIIlIlIIllIIlllIlIlllIlIIllIlllllIllllllIllIIIIllIlIllIIlIIII": "127.0.0.1", "A84": 8086}
|
|
with open("i1729605559006439489.json", "w") as f:
|
|
f.write(json.dumps(i1729605559006439489))
|
|
return i1729605559006439489
|
|
|
|
if '__main__' == '__main__':
|
|
asyncio.run(main())
|
|
I = "qcCwkYsdVQJGVZxSLLDrZokMPYTbuFoIqEpCvGNSvHQQAImigWFBVWhdNHJPUrnGUexnxPFaqlwIKEk"
|
|
kDcjHhsfXxvUgKPoyYyzGeqEdkCENsrQyAFlzYWHhNxemNgWiyaIiSocDhZrsodTFxQvbNEbInNpVHu3 = 324
|
|
aaaaa = "eellpzrcIATOZbXjlIyIrdJxzhXUmEcZsNUdVhAfxUUxEhbpFqScuqbXeGFlPZkStUcPmEuGqQcckWt"
|
|
a7 = "ohtlZzTaOcYklfLLTrabfZZinDihDWlsOTFFiHifYIKEIurXtCbghsCQcEYYlLWhFaxvUvVoxBCjumm"
|
|
aaAaaaAAA = 398
|
|
lIIlIlIIIIl = "UjtlhFWZAoabZmFgZxKnBhyEgWTfvAhtpUjstkqObFAwSoaapIkoDCaeDGzEUlxbNspUhGXUMOUPoEm"
|
|
ooooooooooooo = "gZdYMAnfgqiPfihdDiXxhxKlIUoBWgsmYXisoqONdftGDLpHQhHQavLwHJnRXVlaBSbUYnwZhyZMlHi"
|
|
ggggggggggggggg = 498
|
|
S17 = "FjWUvzBxopmCmiOiFwHQGWITZJJKAFBKJaQxfZTDSBcOgxbheUkfzBJfKiQMilxQcANlnkVxNQWbrcc"
|
|
XXXXXXXXXXXXXXXXXXX = "kaMYlCQtfVfNPlsXfCrQqWwfALCMChNRuoVYEcFUUnsHaHtnndeUsWfQiWLcISRyzwvlyGPgLhNOYMA"
|
|
KxkUeCvXbWlQuDoXMHkrwhhdXpOYMWtxGrvoJyQnPLhfNfsUaWvCVgWBPlTSaKSoDqbdrwioUmMqeZE21 = 581
|
|
b23 = 418
|
|
m1729605559010858525 = 261
|
|
J1729605559010910727 = "hHZTbqZduRsaLrCYwYqYFJXIcEdQdgygIhIwluXErCvqJqpKdXEttahtsEHAIyjHKCmqNXjpCsgjJgM"
|
|
AAAaAAAaAAaAaAAAaAaaaAaAaaAaA = 387
|
|
aaaaAAAAaAAaaaaAAaaAaaAaAAAaaAa = 230
|
|
aAaAAaaAaAaaAaAaAAAaAAAaAaaAaAAaA = "JvLptSyeiAEWAygBReikZspNrDyZXGAXyePjmvSsqyfHANhPKpZmWhiaCvdFJEKxNuTYVKIDUDnFAAy"
|
|
n35 = 680
|
|
fFqrSSwhFveNYfYPgBgdDEfdPRripfJEQdZWUKnairCNcLzNjPOGDmMrHaKYDvrAcUHlpTWkNCuLBMQ37 = 455
|
|
llIllIIIlIIIIlIlIIIllIIlIIIllIlIIlllIll = "aHlBsFjExGOPpltJBjprPxHzBCtiYPRdWWhRVaKABuyhAtgUTrrdUnQBGVfjNHxjBAQgbiBHjHODtLQ"
|
|
l1729605559011397641 = 306
|
|
aaAaAAaaaaAaaaAaAAAaaAaaaaaAaAAAAaaAaAAAAaA = 408
|
|
u1729605559011558845 = "ExckhNQFJSoQOnFhGibdjFUnRRemyUHLysIkEizfKXcONLFHhzVjxHXRmJrraAZjFySGRLvqSZjDHNW"
|
|
sxqwiZjNWFDfyXHthuiuxynwXzvqcrDTuNVRWVmJFIKdvmiliROidsZYNeZLZjVYPIprxwRmQcJZnUU47 = 222
|
|
j49 = 91
|
|
AaaaAAAaaAaaAaAAAaaAaaaaaAaAAAaAAaAaAAAaAAaaAaAaAAa = "yNrqkLYcxsezxRlOvzeuGSQQPTvsCKejQpLkDZToGwFxBpFKFdXwiCbpumzHNnPRdsgPTsxLlPoWEiL"
|
|
AAAAaaaaAAAAAAaaaAaAAAAAaAAAAaAaaAaaaAAaaAAaAaaaAAaaa = 385
|
|
dFPRzxQAdUNnernPKwEJEncqkJfXExJkBLFhRkbEBJDMsxdEHJIDINYnyZBTJSuYJnFQWdqeADREHJy55 = 712
|
|
aAAAaAaaaAAAaAAaAaaAAaAAAAaaAAAaaaAAaAAaAAAaAaAaAaAaaAAAa = 592
|
|
P59 = "nFziEeEjJXYTHfLavYwXnAahpMzzbxWpuMEIHqIPNiXjtjZPvKTJcENweaDcbFqhJWdWeFFAqFMkgIZ"
|
|
O1729605559012232861 = 218
|
|
iycCUwGeDKkPHqTozvmUsGroEEHuezpzJtusAaQTrGETUwXToLgPFaGBsypicvQNJiMVCspcCGhvCzn63 = "APFqYJClWgLfYMVQVWnChVnkJNzNtqrMINInHIHBZGQAMzvVDlfTPbcBvwulIUyzKKQtsxAqolFwRMp"
|
|
t172960555901242565 = 427
|
|
suAzLdZEAOywJexLvvdXNOkxnKUyBiMZchjWrmiEGwHANaIeymKJVZAYMgTeuzZTFwuuCwJrfDeJKMN67 = 355
|
|
ggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggg = "LEuJoBbGkDVqsSDhfgyTfYMEsHLRCGToqyRAhliczdWsuGQmhdfzgodsvICyzlYIJqDUwYpiQaQHwqr"
|
|
aAaAaAaAaAAaAaAAAAaaAAaAAAAaaAAAaAAaaaAAaaAAAAAaAaaaaaaaaaaAaAaAAAaAaaA = 576
|
|
IIIllIIIlIlllllllIIIIIIllIllllllIIIIIlIIIlIIllIIIIIIIIlllIlIllIlllIlllIIl = "qQzMsbFUavYtTBVbgfHTXjwNGUeJMAbMxBNfPAeHwSMLAuhYvlrkysuaAJPIihJILDjpgHYFZjIJsPp"
|
|
HroXildqrvTnrEGSeQCHTdznwthbQLwyMlZojBhvbuaJTIOUizhCnKQTTMmqYIhVIJPOwbYXQxMucXO75 = 261
|
|
lIIlIIlIlIlllIllllIllIIllIlllllllllIIIlIlIlIIlllIIIlllIllIIlIIIlIIllIIlIlllll = 172
|
|
yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy = 703
|
|
aAaaAAAAaAAaaAAaaAAAAAAaaAaaaAAaAAAAAaAAaAAaaaAAAAAAaAAAAAAAaAAaAaAaAAaaAAaaAaAaa = "EKTnkAXQWNADXebGZTPCqKpePasjsFChvxYYEDoIoNYlnQNxRzesSbcOAcPCTiRrMBjjpDJmqsbeUNZ"
|
|
ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc = "oXMisUgarygtyxTfRmEvAhzIXpgFgAmMcffUQsPZLMYycbctAzWDDlfEuOphEocgxbZplMlAvZTepBp"
|
|
e1729605559013153685 = 442
|
|
AaAAaAAaaAAaAaaaaaAAaAAAAaAaAAAaAaAaaaaaAaAaaAaAAaAAaAaaAAaaAAAAAaaAaAaAaaaAAAaAAaaaaAA = 282
|
|
aaaaaaaaAAAaaaAaaAaaaAAaaAAaaAAAAAAAaAaAAAAaAaaaaAaaaAAaAAAAaAaAAAaAaaAaAaAAaaAaaAaaaaAaA = "QPvcrJFsENBJDpzCWQTMsnupwxSQhwRIhpbjbsmHvVUSRAazeujBGtrraNhTseYSQHcSfMAgjUtvfvZ"
|
|
a172960555901342291 = 136
|
|
E1729605559013547793 = "WSXYsFvZCmztZBTMoXqDdHRjCPRRrUaMuOrHMCurUTXmitRuemTJRkdJJBVNUimpNTEQaYPMdZnGPTR"
|
|
IIllIllllIIIIIlIlIIllIIIIlllIIlIIIllllllIlIlIlllllIlIIlIllllIIIlllIIlllIIIllIlIIIIllIIIIIIIIIll = "boXWyQWlCwBsLCkGFWqVIVvuyuTENGvkFKbevUcojHVEbmMSMeEsvCylhwJdnrThlcJajbPCaqsYuBo"
|
|
aAAaaaAAaaaAaAAAaaAAaAAaaAAaAaaAAAAAaaAAAAaaAAaaAAAAaAaAAaaaAAAAaAAAaaAaaAAAAaAAAaaaaaAAAAAaaaaaA = 343
|
|
lNzRrVRIkMPpZAUHRmLfgHRACurAoeuGwRMAvvqdhRxWgZIyfkJcqGwuiWpDQLVbdoPZhYIEFGdvkSH99 = "DEqjRDfpUvofhmROxnsNygFXYQVVJkjnsxcpRqoDkmPQOUuBCWUxxmbJSinAEnawhyHrbsdRhoowUDt"
|
|
ttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttt = 75
|