From 7662f02d9c4b0ae56214d809ea4ed3132dfb484a Mon Sep 17 00:00:00 2001 From: DarkCat09 Date: Mon, 26 Dec 2022 17:24:34 +0400 Subject: [PATCH] NodeJS bugfix, js_samples script --- python_aternos/atjsparse.py | 1 + python_aternos/data/server.js | 19 +++++-- tests/js_samples.py | 101 ++++++++++++++++++++++++++++++++++ 3 files changed, 115 insertions(+), 6 deletions(-) create mode 100755 tests/js_samples.py diff --git a/python_aternos/atjsparse.py b/python_aternos/atjsparse.py index d002a0b..3aa11e4 100644 --- a/python_aternos/atjsparse.py +++ b/python_aternos/atjsparse.py @@ -104,6 +104,7 @@ class NodeInterpreter(Interpreter): def get_var(self, name: str) -> Any: resp = requests.post(self.url, data=name) resp.raise_for_status() + logging.debug('NodeJS response: %s', resp.content) return json.loads(resp.content) def __del__(self) -> None: diff --git a/python_aternos/data/server.js b/python_aternos/data/server.js index d7d7f16..72f4ed9 100644 --- a/python_aternos/data/server.js +++ b/python_aternos/data/server.js @@ -3,11 +3,21 @@ const process = require('process') const { VM } = require('vm2') -args = process.argv.slice(2) - +const args = process.argv.slice(2) const port = args[0] || 8000 const host = args[1] || 'localhost' +const vm = new VM({ + timeout: 2000, + allowAsync: false, + sandbox: { + atob: atob, + setTimeout: (_a, _b) => {}, + setInterval: (_a, _b) => {}, + }, +}) +vm.run('var window = global; var document = {}') + const listener = (req, res) => { if (req.method != 'POST') @@ -18,15 +28,12 @@ const listener = (req, res) => { req.on('end', () => { let resp - try { resp = JSON.stringify(new VM().run(body)) } + try { resp = JSON.stringify(vm.run(body)) } catch (ex) { resp = ex.message } res.writeHead(200) res.end(resp) }) } -window = global -document = window.document || {} - const server = http.createServer(listener) server.listen(port, host, () => console.log('OK')) diff --git a/tests/js_samples.py b/tests/js_samples.py new file mode 100755 index 0000000..410473a --- /dev/null +++ b/tests/js_samples.py @@ -0,0 +1,101 @@ +#!/usr/bin/env python3 + +# How to use +# ******************************* +# 1. Open DevTools at aternos.org +# 2. Get AJAX_TOKEN variable value (without quotes) +# +# 3. Pass it to this script as an argument, e.g.: +# python3 js_samples.py xKflIsKHxlv96fLc1tht +# +# 4. The script will request the token 100 times +# and check it with different built-in interpreters +# (now there are only js2py and nodejs) +# 5. Array "errored" which is printed at the end +# contains indexes of incorrectly executed JS functions +# 6. Enter this index in the opened console +# or enter "exit" to exit + +import re +import sys + +from python_aternos import AternosConnect +from python_aternos import Js2PyInterpreter +from python_aternos import NodeInterpreter + +TIMES = 100 + +js = re.compile(r'\(\(\).*?\)\(\);') +conn = AternosConnect() +jsi1 = Js2PyInterpreter() +jsi2 = NodeInterpreter() + +token = sys.argv[1] + +samples = [] +errored = [] + + +def get_code() -> bool: + + r = conn.request_cloudflare( + 'https://aternos.org/go', 'GET' + ) + if r.status_code != 200: + print(r.status_code) + + code = js.search(r.text) + if code is None: + print('No match!') + return False + + sample = code.group(0) + samples.append(sample) + + print(sample) + print('***') + + jsi1.exec_js(sample) + jsi2.exec_js(sample) + var1 = jsi1['AJAX_TOKEN'] + var2 = jsi2['AJAX_TOKEN'] + + print(var1) + print(var2) + print('***') + print() + print() + + return var1 == var2 == token + + +def main() -> None: + + print() + + for i in range(TIMES): + print(i) + if not get_code(): + errored.append(i) + + print('Errored:', errored) + + print('Choose sample number:') + while True: + try: + print('>', end=' ') + cmd = input() + if cmd.strip().lower() in ('exit', 'quit'): + print('Quit') + break + print(samples[int(cmd)]) + except KeyboardInterrupt: + print() + print('Quit') + break + except Exception as err: + print(err) + + +if __name__ == '__main__': + main()