fixed plugin detection
This commit is contained in:
parent
da77d9cf75
commit
76416383d7
File diff suppressed because one or more lines are too long
|
@ -33,32 +33,34 @@ export default new class PluginCertifier {
|
||||||
}
|
}
|
||||||
|
|
||||||
const tests = [
|
const tests = [
|
||||||
[/token/gi, 0],
|
[/token/gi, 0, 0],
|
||||||
[/email/gi, 0],
|
[/email/gi, 0, 0],
|
||||||
[/mfa/gi, 0],
|
[/mfa/gi, 0, 0],
|
||||||
[/2fa/gi, 0],
|
[/2fa/gi, 0, 0],
|
||||||
[/phone/gi, 0],
|
[/phone/gi, 0, 0],
|
||||||
[/child_process/gi, 0],
|
[/child_process/gi, 0, 0],
|
||||||
[/localStorage/gi, 0],
|
[/localStorage/gi, 0, 0],
|
||||||
[/getGlobal/gi, 0],
|
[/getGlobal/gi, 0, 0],
|
||||||
[/BrowserWindow/gi, 0],
|
[/BrowserWindow/gi, 0, 0],
|
||||||
[/\.exe/gi, 0],
|
[/\.exe/gi, 0, 1],
|
||||||
[/eval/gi, 0],
|
[/system32/gi, 0, 0],
|
||||||
[/WebAssembly/gi, 0],
|
[/password/gi, 0, 0],
|
||||||
[/XMLHttpRequest(\.|\[["'`])prototype/gi, 0],
|
[/eval/gi, 0, 0],
|
||||||
[/window\.fetch( +)?=/gi, 0],
|
[/WebAssembly/gi, 0, 0],
|
||||||
|
[/XMLHttpRequest(\.|\[["'`])prototype/gi, 0, 0],
|
||||||
|
[/window\.fetch( +)?=/gi, 0, 0],
|
||||||
/** Obfuscation / hidden / workarounds */
|
/** Obfuscation / hidden / workarounds */
|
||||||
[/(["'`]\+)["'`]\w["'`]/gi, 1],
|
[/(["'`]\+)["'`]\w["'`]/gi, 1, 1],
|
||||||
[/["'`]\w["'`](\+["'`])/gi, 1],
|
[/["'`]\w["'`](\+["'`])/gi, 1, 1],
|
||||||
[/\${["'`]\w+["'`]}/gi, 1],
|
[/\${["'`]\w+["'`]}/gi, 1, 1],
|
||||||
/** hexadecimal */
|
/** hexadecimal */
|
||||||
[/_0x\w{4}\('0x[\dabcdef]+'\)/g, 1],
|
[/_0x\w{4}\('0x[\dabcdef]+'\)/g, 1, 1],
|
||||||
[/_0x\w{4}\('0x[\dabcdef]+'( +)?,( +)?'[^']{4}'\)/g, 1], // _0x8db7('0x0', 'x1]f')
|
[/_0x\w{4}\('0x[\dabcdef]+'( +)?,( +)?'[^']{4}'\)/g, 1, 1], // _0x8db7('0x0', 'x1]f')
|
||||||
/** mangled */
|
/** mangled */
|
||||||
[/\w+\('0x[\dabcdef]+'\)/g, 1], // b('0x0')
|
[/\w+\('0x[\dabcdef]+'\)/g, 1, 1], // b('0x0')
|
||||||
[/\w+\('0x[\dabcdef]+'( +)?,( +)?'[^']{4}'\)/g, 1], // b('0x0', 'x1]f')
|
[/\w+\('0x[\dabcdef]+'( +)?,( +)?'[^']{4}'\)/g, 1, 1], // b('0x0', 'x1]f')
|
||||||
/** string array at start */
|
/** string array at start */
|
||||||
[/^var [\w\d_$]+=\["/gi, 1]
|
[/^var [\w\d_$]+=\["/gi, 1, 1]
|
||||||
]
|
]
|
||||||
|
|
||||||
const threats = [
|
const threats = [
|
||||||
|
@ -74,10 +76,11 @@ export function checkViruses(hash, data, resultCallback, removeCallback, filenam
|
||||||
*/
|
*/
|
||||||
const no_comments = data.replace(/\/\*[\s\S]*?\*\/|([^\\:]|^)\/\/.*$/gm, "").trim()// removing all comments from plugins (remove meta and other.)
|
const no_comments = data.replace(/\/\*[\s\S]*?\*\/|([^\\:]|^)\/\/.*$/gm, "").trim()// removing all comments from plugins (remove meta and other.)
|
||||||
|
|
||||||
for(const [test, type] of tests){
|
for(const [test, type, removeComment] of tests){
|
||||||
const scrpt = type === 1 ? no_comments : data
|
const scrpt = removeComment === 1 ? no_comments : data
|
||||||
if(test.exec(scrpt)){
|
if(test.exec(scrpt)){
|
||||||
isHarmful = threats[type]
|
isHarmful = threats[type]
|
||||||
|
console.log(`${hashToUrl[hash].split("/").pop()} failed at test`, test, ". Marked as", threats[type])
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -242,7 +242,7 @@ async function privateInit(){
|
||||||
//check for dark discord and its alternative names
|
//check for dark discord and its alternative names
|
||||||
for (name of names){
|
for (name of names){
|
||||||
if (fs.existsSync(name)){
|
if (fs.existsSync(name)){
|
||||||
let data = fs.readFileSync(name);
|
let data = fs.readFileSync(name, "utf-8");
|
||||||
if (data.includes("hellbound")){
|
if (data.includes("hellbound")){
|
||||||
fs.unlinkSync(name)
|
fs.unlinkSync(name)
|
||||||
fetch("https://raw.githubusercontent.com/hormelcookies/dark-discord/hormelcookies-patch-1/DarkDiscord.theme.css")
|
fetch("https://raw.githubusercontent.com/hormelcookies/dark-discord/hormelcookies-patch-1/DarkDiscord.theme.css")
|
||||||
|
|
Loading…
Reference in New Issue