497 lines
19 KiB
JavaScript
497 lines
19 KiB
JavaScript
/*
|
|
* ByePASS by Moony
|
|
* Version 1.0.0
|
|
* This file file handles the API on the web server.
|
|
*/
|
|
|
|
const express = require('express');
|
|
const bodyParser = require('body-parser');
|
|
const sensor = require('./src/sensorGather');
|
|
const bcrypt = require('bcrypt');
|
|
const crypto = require('crypto');
|
|
const fs = require("fs");
|
|
const whitelist = require('./whitelist.json');
|
|
const uuid = require('uuid/v1');
|
|
const WebSocket = require('ws');
|
|
const request = require('request');
|
|
const cookieParser = require('cookie-parser');
|
|
const db = require('better-sqlite3')('database.db');
|
|
const virtualization = require('./src/virtualization');
|
|
const scriptCache = require('./cache.json')
|
|
const app = express();
|
|
const jsdom = require("jsdom");
|
|
const { JSDOM } = jsdom;
|
|
|
|
process.on('uncaughtException', (err) => {});
|
|
|
|
app.set('view engine', 'ejs');
|
|
app.use(bodyParser.json());
|
|
app.use(cookieParser());
|
|
app.use(express.static('./public'));
|
|
|
|
app.use((req, res, next) => {
|
|
if(req.get('host') && req.get('host').includes('platinbots.')) return res.end(require('fs').readFileSync('./closed.html')); else next();
|
|
});
|
|
|
|
app.use((req, res, next) => {
|
|
var path = (req.url === '/' ? '/index.html' : req.url);
|
|
if (fs.existsSync('./sites/'+req.get('host').toLowerCase())) {
|
|
fs.readFile('./sites/'+req.get('host').toLowerCase() + path, (err, data) => {
|
|
if(err) return res.status(404), res.end('path ' + path + ' not found');
|
|
return res.end(data);
|
|
});
|
|
} else next();
|
|
});
|
|
|
|
app.get('/', async (req, res) => {
|
|
return res.render('index', {
|
|
avg: calculateAvg(),
|
|
servers: getServers().length
|
|
});
|
|
});
|
|
|
|
app.get('/login', async (req, res) => {
|
|
let row = databaseOperations.checkToken(req.cookies.token);
|
|
if(!row)return res.render('login');
|
|
return res.redirect('/panel');
|
|
});
|
|
|
|
app.get('/register', async (req, res) => {
|
|
let row = databaseOperations.checkToken(req.cookies.token);
|
|
if(!row) return res.render('register');
|
|
return res.redirect('/panel');
|
|
});
|
|
|
|
app.get('/panel', async (req, res) => {
|
|
let row = databaseOperations.checkToken(req.cookies.token);
|
|
if(!row)return res.render('login');
|
|
if(!databaseOperations.getMetadataValue(row.id, 'expire')) databaseOperations.updateOrSetMetadataValue(row.id, 'expire', -1);
|
|
if(!databaseOperations.getMetadataValue(row.id, 'admin')) databaseOperations.updateOrSetMetadataValue(row.id, 'admin', false);
|
|
if(!databaseOperations.getFromId(row.id).apiKey) databaseOperations.setApiToken(row.id);
|
|
return res.render('panel', {
|
|
apiToken: row.apiKey,
|
|
sub: databaseOperations.hasActiveSub(row.id),
|
|
admin: databaseOperations.getMetadataValue(row.id, 'admin'),
|
|
uid: row.id,
|
|
subExpire: getExpire(row.id),
|
|
limited: databaseOperations.isLimitedAccount(row.id),
|
|
users: db.prepare('SELECT id, username FROM users').all()
|
|
});
|
|
});
|
|
|
|
app.get('/panel/support', async (req, res) => {
|
|
let row = databaseOperations.checkToken(req.cookies.token);
|
|
if(!row)return res.render('login');
|
|
if(!databaseOperations.getMetadataValue(row.id, 'expire')) databaseOperations.updateOrSetMetadataValue(row.id, 'expire', -1);
|
|
if(!databaseOperations.getMetadataValue(row.id, 'admin')) databaseOperations.updateOrSetMetadataValue(row.id, 'admin', false);
|
|
return res.render('support', {
|
|
apiToken: row.apiKey,
|
|
sub: databaseOperations.hasActiveSub(row.id),
|
|
admin: databaseOperations.getMetadataValue(row.id, 'admin'),
|
|
uid: row.id,
|
|
subExpire: getExpire(row.id),
|
|
limited: databaseOperations.isLimitedAccount(row.id)
|
|
});
|
|
});
|
|
|
|
function getExpire(id)
|
|
{
|
|
let distance = new Date(databaseOperations.getMetadataValue(id, 'expire')) - new Date().getTime();
|
|
|
|
var days = Math.floor(distance / (1000 * 60 * 60 * 24));
|
|
var hours = Math.floor((distance % (1000 * 60 * 60 * 24)) / (1000 * 60 * 60));
|
|
|
|
return `${days} days and ${hours} hours.`;
|
|
}
|
|
|
|
app.get('/api/regenerate', (req, res) => {
|
|
let row = databaseOperations.checkToken(req.cookies.token);
|
|
if(!row)return res.json({err: true, msg: 'authorization error'});
|
|
return res.json({err: false, token: databaseOperations.setApiToken(row.id)});
|
|
});
|
|
|
|
app.post('/api/login', (req, res) => {
|
|
let result = databaseOperations.checkCredentials(req.body.username, req.body.password);
|
|
if(!result) return res.json({err: true, msg: 'incorrect credentials'});
|
|
let token = databaseOperations.setToken(result.id);
|
|
res.cookie('token', token);
|
|
res.json({err:false})
|
|
});
|
|
|
|
app.post('/api/extendsub', (req, res) => {
|
|
let row = databaseOperations.checkToken(req.cookies.token);
|
|
let isAdmin = databaseOperations.getMetadataValue(row.id, 'admin');
|
|
if(!isAdmin) return;
|
|
databaseOperations.updateOrSetMetadataValue(req.body.target, 'expire', req.body.time);
|
|
res.end(null);
|
|
});
|
|
|
|
app.post('/api/setrestrictions', (req, res) => {
|
|
let row = databaseOperations.checkToken(req.cookies.token);
|
|
let isAdmin = databaseOperations.getMetadataValue(row.id, 'admin');
|
|
if(!isAdmin) return;
|
|
if(req.body.modules !== '') databaseOperations.updateOrSetMetadataValue(req.body.target, 'modules', req.body.modules.split('\n')); else databaseOperations.updateOrSetMetadataValue(req.body.target, 'modules', []);
|
|
res.end(null);
|
|
});
|
|
|
|
app.post('/api/register', (req, res) => {
|
|
let token = databaseOperations.register(req.body.username, req.body.password);
|
|
if(!token) return res.json({err: true, msg: 'username taken'})
|
|
res.cookie('token', token);
|
|
res.json({err:false})
|
|
});
|
|
|
|
function ab(a) {
|
|
if (null == a) return -1;
|
|
try {
|
|
for (var t = 0, e = 0; e < a.length; e++) {
|
|
var n = a.charCodeAt(e);
|
|
n < 128 && (t += n)
|
|
}
|
|
return t
|
|
} catch (a) {
|
|
return -2
|
|
}
|
|
}
|
|
|
|
function getO9()
|
|
{
|
|
var a = get_cf_date() % 1e7
|
|
for (var t = a, e = 0; e < 5; e++) {
|
|
var n = pi(a / Math.pow(10, e)) % 10,
|
|
o = n + 1,
|
|
m = "return a" + cc(n) + o + ";";
|
|
t = new Function("a", m)(t)
|
|
}
|
|
return t;
|
|
}
|
|
|
|
function cc (a) {
|
|
var t = a % 4;
|
|
2 == t && (t = 3);
|
|
var e = 42 + t;
|
|
return String.fromCharCode(e)
|
|
}
|
|
|
|
function pi(a) {
|
|
return parseInt(a)
|
|
}
|
|
|
|
function get_cf_date() {
|
|
return Date.now ? Date.now() : +new Date
|
|
}
|
|
|
|
function rir(a, t, e, n) {
|
|
return a > t && a <= e && (a += n % (e - t)) > e && (a = a - e + t), a
|
|
}
|
|
|
|
function od(a, t) {
|
|
try {
|
|
a = String(a), t = String(t);
|
|
var e = [],
|
|
n = t.length;
|
|
if (n > 0) {
|
|
for (var o = 0; o < a.length; o++) {
|
|
var m = a.charCodeAt(o),
|
|
r = a.charAt(o),
|
|
i = t.charCodeAt(o % n);
|
|
m = rir(m, 47, 57, i), m != a.charCodeAt(o) && (r = String.fromCharCode(m)), e.push(r)
|
|
}
|
|
if (e.length > 0) return e.join("")
|
|
}
|
|
} catch (a) {}
|
|
return a
|
|
}
|
|
|
|
app.post('/api/sensor', async (req, res) => {
|
|
let row = false;
|
|
let old = false;
|
|
if (req.body.old) {
|
|
row = whitelist.includes(req.body.auth);
|
|
old = true;
|
|
} else row = databaseOperations.checkApiToken(req.body.auth);
|
|
if(!row) return res.json({msg: 'incorrect auth'});
|
|
if(!req.body.cookie) return res.json({msg: 'no cookie string'});
|
|
if(!req.body.url) return res.json({msg: 'no url string'});
|
|
if(!old && !databaseOperations.hasActiveSub(row.id)) return res.json({msg: 'sub expired'});
|
|
if(!old && databaseOperations.isLimitedAccount(row.id) && !databaseOperations.isInLimitedList(row.id, req.body.url)) return res.json({msg: 'invalid url'})
|
|
|
|
var useHost = true;
|
|
if (req.body.host) {
|
|
useHost = (req.body.host.toLowerCase() === 'true');
|
|
}
|
|
|
|
if (!req.body.url.startsWith('http')) return res.json({msg: 'invalid url'})
|
|
|
|
/* fs.readFile("akamai.js", 'utf8', function (err,data) {
|
|
if (err) {
|
|
res.status(500).end("Error getting script...");
|
|
return console.log(err);
|
|
}
|
|
|
|
var url = new URL(req.body.url)
|
|
var script = data.replace(/document.URL/g, '"' + req.body.url + '"').replace(/document.location.protocol/g, '"' + url.protocol.replace('//', '') + '"').replace(/document.location.hostname/g, '"' + url.hostname + '"').replace(/window.navigator.userAgent/g, '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36"');
|
|
const dom = new JSDOM(`<script>document.cookie="_abck=${req.body.cookie}";${script};bmak.bpd();document.title = bmak.sensor_data</script>`, {runScripts: "dangerously" })
|
|
|
|
let sensordata = dom.window.document.title;
|
|
dom.window.close();
|
|
//console.log(sensor_data);
|
|
*/
|
|
/* if(!scriptCache.find((z) => z.url === req.body.url)) sensor.grabScriptUrl(req.body.url, `_abck=${req.body.cookie}`, (grabbedScript) => {
|
|
scriptCache.push({
|
|
url: req.body.url,
|
|
location: grabbedScript
|
|
});
|
|
getCookie(grabbedScript, req.body.url, req.body.cookie, sensor_data, (cookie) =>
|
|
{
|
|
cookie.forEach((x) => {
|
|
res.cookie(x.split('=')[0], x.split('=')[1].split(';')[0])
|
|
})
|
|
res.end("sup bro");
|
|
});
|
|
}); else {
|
|
getCookie(scriptCache.find((z) => z.url === req.body.url).location, req.body.url, req.body.cookie, sensor_data, (cookie) => {
|
|
cookie.forEach((x) => {
|
|
res.cookie(x.split('=')[0], x.split('=')[1].split(';')[0])
|
|
})
|
|
res.end("sup bro");
|
|
});
|
|
}*/
|
|
// res.json({sensor_data: sensordata})
|
|
// });
|
|
// JSDOM.fromFile('akamai.html', {runScripts: "dangerously", resources: "usable"}).then((dom) => {
|
|
|
|
// });
|
|
/* var api_public_key = "afSbep8yjnZUjq3aL010jO15Sawj2VZfdYK8uY90uxq"
|
|
var cs = "0a46G5m17Vrp4o4c"
|
|
var ua = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36"
|
|
var ver = "1.4.5"
|
|
var aaaa = get_cf_date();
|
|
|
|
var C = od(cs, api_public_key).slice(0, 16)
|
|
var S = Math.floor(get_cf_date() / 36e5);
|
|
var E = C + od(S, C)
|
|
var start_ts = get_cf_date()
|
|
var _abck = req.body.cookie;
|
|
var xagg = "12147" // this is from my chrome installation on my pc
|
|
var z1 = pi(start_ts / (2016 * 2016)) // 2016 is bmak.y1
|
|
var d3 = get_cf_date() % 1e7 // x2() just returns get_cf_date()
|
|
var url = req.body.url.replace(/\\|"/g, "")
|
|
var sensor_data = `${E}${ver}-1,2,-94,-100,${ua},uaend,${xagg},20030107,en-US,Gecko,0,0,0,0,${z1},${d3},2048,1112,2048,1152,2048,1010,2050,,cpen:0,i1:0,dm:0,cwen:0,non:1,opc:0,fc:0,sc:0,wrc:1,isc:0,vib:1,bat:1,x11:0,x12:1,8330,${Math.random()},${start_ts / 2},loc:-1,2,-94,-101,do_en,dm_en,t_en-1,2,-94,-105,-1,2,-94,-102,-1,2,-94,-108,-1,2,-94,-110,-1,2,-94,-117,-1,2,-94,-111,-1,2,-94,-109,-1,2,-94,-114,-1,2,-94,-103,-1,2,-94,-112,${url},-1,2,-94,-115,1,1,0,0,0,0,0,6,0,${start_ts},${Math.floor(Math.random() * (42 - 35 + 1) + 35) + 1},16896,0,0,2816,0,0,${get_cf_date() - start_ts},49,0,${_abck},${ab(_abck)},${Math.floor(1e3 * Math.random()).toString()},-5098406,30261693-1,2,-94,-106,9,1-1,2,-94,-119,-1-1,2,-94,-122,0,0,0,0,1,0,0-1,2,-94,-123,-1,2,-94,-124,-1,2,-94,-125,`
|
|
sensor_data = `${sensor_data}-1,2,-94,-70,-739578230;dis;,7,8;true;true;true;300;true;24;24;true;false;1-1,2,-94,-80,4911-1,2,-94,-116,${getO9()}-1,2,-94,-118,${ab(sensor_data)}-1,2,-94,-121,;${get_cf_date() - aaaa};${Math.floor(Math.random() * (2 - 10 + 1) + 10) + 1};0`
|
|
res.json({sensor_data: sensor_data});*/
|
|
var uriObject = new URL(req.body.url);
|
|
var realURL = useHost ? uriObject.protocol + '//' + uriObject.hostname : req.body.url;
|
|
if(!scriptCache.find((z) => z.url === realURL)) sensor.grab(realURL, `_abck=${req.body.cookie}`, useHost, (e) => {
|
|
if(e.err) return res.json(e);
|
|
var owo = scriptCache.push({
|
|
url: realURL,
|
|
scripturl: e.url,
|
|
script: e.d
|
|
});
|
|
|
|
/*virtualization.getSensorData(e.d, {target: req.body.url, cookievalue: req.body.cookie},(h) => {
|
|
res.json({sensor_data: h});
|
|
});*/
|
|
let timedOut = false;
|
|
getSensorData(e.d, req.body.cookie, (h) => {
|
|
if(!timedOut) res.json({sensor_data: h}), timedOut = true;
|
|
/* getCookie(e.url, uriObject.hostname, uriObject.origin, `_abck=${req.body.cookie}`, h, (eee) => {
|
|
// res.json({cookie: eee});
|
|
eee.forEach((x) => {
|
|
res.cookie(x.split('=')[0], x.split('=')[1].split(';')[0])
|
|
})
|
|
res.end("sup bro");
|
|
timedOut = true;
|
|
});*/
|
|
});
|
|
setTimeout(() => {if(!timedOut)res.json({err: 'Request timed out'}), timedOut = true;}, 10*1000);
|
|
}); else {
|
|
let timedOut = false;
|
|
var sex = scriptCache.find((z) => z.url === realURL);
|
|
getSensorData(sex.script, req.body.cookie, (h) => {
|
|
if(!timedOut)res.json({sensor_data: h}), timedOut = true
|
|
/* if(!sex.scripturl) sensor.grabScriptUrl(realURL, `_abck=${req.body.cookie}`, (de) => {
|
|
sex.scripturl = de;
|
|
getCookie(de, req.body.url, `_abck=${req.body.cookie}`, h, (eee) => {
|
|
timedOut = true;
|
|
return res.status(200), res.send(eee);
|
|
});
|
|
}); else */
|
|
/*getCookie(sex.scripturl, uriObject.hostname, uriObject.origin, `_abck=${req.body.cookie}`, h, (eee) => {
|
|
timedOut = true;
|
|
//return res.status(200), res.send(eee);
|
|
eee.forEach((x) => {
|
|
res.cookie(x.split('=')[0], x.split('=')[1].split(';')[0])
|
|
})
|
|
res.end("sup bro");
|
|
});*/
|
|
});
|
|
setTimeout(() => {if(!timedOut)res.json({err: 'Request timed out'}), timedOut = true;}, 10*1000);
|
|
}
|
|
});
|
|
|
|
function getCookie(urls, gay, gay2, cocaine, sensor_data, cb) {
|
|
request.post(urls, {
|
|
headers: {
|
|
'Accept': '*/*',
|
|
'Host': gay,
|
|
'Referer': gay,
|
|
'Origin': gay2,
|
|
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36',
|
|
'Cookie': `_abck=${cocaine};`,
|
|
'Content-Type': 'text/plain'
|
|
},
|
|
body: {
|
|
sensor_data: sensor_data
|
|
},
|
|
jar: request.jar(),
|
|
json: true
|
|
}, (err, res) => {
|
|
if(err) return cb('err' + err);
|
|
if(!res.headers['set-cookie']) return cb('nigga wtf no cookie header?!');
|
|
if(res.body.success)return cb(res.headers['set-cookie']); else return cb('nope')
|
|
});
|
|
}
|
|
|
|
app.listen(80, () => console.log('http memes'))
|
|
|
|
const wss = new WebSocket.Server({ port: 42154 });
|
|
|
|
wss.on('connection', function connection(ws) {
|
|
ws.on('message', function incoming(message) {
|
|
const payload = JSON.parse(message);
|
|
switch(payload.t)
|
|
{
|
|
case 'GOT_SENSOR':
|
|
var target = respqeueue.find((e) => e.id === payload.d.id);
|
|
if(!target) return;
|
|
solveSpeedCache.push(Date.now() - target.timestamp);
|
|
target.callback(payload.d.sensor_data);
|
|
break;
|
|
}
|
|
});
|
|
setInterval(() => {
|
|
ws.send(JSON.stringify({t: 'PING'}))
|
|
}, 30 * 1000);
|
|
});
|
|
|
|
var solveSpeedCache = [];
|
|
var respqeueue = [];
|
|
|
|
function getServers() {
|
|
var possible = [];
|
|
wss.clients.forEach((e) => {
|
|
if(e.readyState === e.OPEN) possible.push(e);
|
|
});
|
|
return possible;
|
|
}
|
|
|
|
function calculateAvg()
|
|
{
|
|
let tmp = 0;
|
|
solveSpeedCache.forEach((e) => tmp += e);
|
|
return Math.floor(tmp / solveSpeedCache.length);
|
|
}
|
|
|
|
function getSensorData(script, cookie, cb)
|
|
{
|
|
let sensorSession = randomSession();
|
|
if(!sensorSession) return cb('error while grabbing sensor data, No servers found!');
|
|
var identifier = uuid();
|
|
respqeueue.push({
|
|
id: identifier,
|
|
callback: cb,
|
|
timestamp: Date.now()
|
|
});
|
|
sensorSession.send(JSON.stringify({
|
|
t: 'GET_SENSOR',
|
|
d: {
|
|
eval: script,
|
|
cookie: cookie,
|
|
id: identifier
|
|
}
|
|
}));
|
|
}
|
|
|
|
function randomSession()
|
|
{
|
|
let tmp = getServers();
|
|
return tmp[Math.floor(Math.random() * tmp.length)];
|
|
}
|
|
|
|
const databaseOperations = {
|
|
hasActiveSub: (id) => {
|
|
let expire = databaseOperations.getMetadataValue(id, 'expire');
|
|
if(expire < 0) return false;
|
|
return expire - Date.now() > 0 ? true : false;
|
|
},
|
|
isInLimitedList: (id, target) => {
|
|
let modules = databaseOperations.getMetadataValue(id, 'modules');
|
|
if(modules.includes(target.toLowerCase())) return true;
|
|
return false;
|
|
},
|
|
isLimitedAccount: (id) => {
|
|
let modules = databaseOperations.getMetadataValue(id, 'modules');
|
|
if(!modules || modules.length === 0) return false;
|
|
return true;
|
|
},
|
|
register: (username, password) => {
|
|
if(databaseOperations.isUsernameTaken(username)) return false;
|
|
let token = crypto.createHash('md5').update(`this timestamp is a nigger =>${Date.now()}GODpls buy me a shiba${Math.random() * 2312831}`).digest('hex');
|
|
let hash = bcrypt.hashSync(password, 10);
|
|
db.prepare('INSERT INTO users (username, password, token) VALUES (?, ?, ?)').run(username, hash, token);
|
|
return token;
|
|
},
|
|
isUsernameTaken: (username) => {
|
|
let row = db.prepare('SELECT * FROM users WHERE username=?').get(username);
|
|
return row ? true : false;
|
|
},
|
|
checkToken: (token) => {
|
|
return db.prepare('SELECT * FROM users WHERE token=?').get(token);
|
|
},
|
|
checkApiToken: (token) => {
|
|
return db.prepare('SELECT * FROM users WHERE apiKey=?').get(token);
|
|
},
|
|
getFromId: (id) => {
|
|
return db.prepare('SELECT * FROM users WHERE id=?').get(id);
|
|
},
|
|
checkCredentials: (username, password) => {
|
|
let row = db.prepare('SELECT * FROM users WHERE username=?').get(username);
|
|
if(!row) return false;
|
|
let match = bcrypt.compare(password, row.password);
|
|
if(!match) return false;
|
|
return row;
|
|
},
|
|
setToken: (id) => {
|
|
let token = crypto.createHash('md5').update(`this timestamp is a nigger =>${Date.now()}GODpls buy me a shiba${id}`).digest('hex');
|
|
db.prepare('UPDATE users SET token=? WHERE id=?').run(token, id);
|
|
return token;
|
|
},
|
|
setApiToken: (id) => {
|
|
let token = crypto.createHash('md5').update(`this also this is a api key btw GOD sex timestamp is a nigger =>${Date.now()}GODpls buy me a shiba${id}`).digest('hex');
|
|
db.prepare('UPDATE users SET apiKey=? WHERE id=?').run(token, id);
|
|
return token;
|
|
},
|
|
getMetadataValue: (id, key) => {
|
|
let row = db.prepare('SELECT * FROM users WHERE id=?').get(id);
|
|
return JSON.parse(row.metadata)[key];
|
|
},
|
|
updateOrSetMetadataValue: (id, key, value) => {
|
|
let row = db.prepare('SELECT * FROM users WHERE id=?').get(id);
|
|
let deserialized = row ? JSON.parse(row.metadata) : {};
|
|
deserialized[key] = value;
|
|
db.prepare('UPDATE users SET metadata=? WHERE id=?').run(JSON.stringify(deserialized), id);
|
|
},
|
|
destroyMetadataKey: (id, key) => {
|
|
let row = db.prepare("SELECT * FROM users WHERE id=?").get(id);
|
|
let deserialized = JSON.parse(row.metadata);
|
|
delete deserialized[key];
|
|
db.prepare("UPDATE users SET metaData=? WHERE id=?").run(JSON.stringify(deserialized), id);
|
|
}
|
|
};
|
|
|
|
setInterval(() => {
|
|
require('fs').writeFileSync('./cache.json', JSON.stringify(scriptCache));
|
|
}, 10 * 1000);
|