python-aternos icon indicating copy to clipboard operation
python-aternos copied to clipboard
verified publisher icon DarkCat09

parse_token returns wrong ajax token

Open Lohorunk opened this issue 2 years ago • 11 comments

may be related to https://github.com/DarkCat09/python-aternos/issues/75#issuecomment-1572125741

(i dont think ajax tokens are sensitive info but will censor them anyway)

I noticed in the dev console that the ajax token used by aternos did not match the one given by the library LGuu**************** < used by aternos website TBsn**************** < used by the library

I deobfuscated the js function by hand to try and understand how it works

(() => /*window["AJAX_TOKEN"]="TBsn****************"}*/{window[["XAJA","OT_","K","NE"].map(s => s.split('').reverse().join('')).join('')]=!(window[["Map"].reverse().join('')]["prototype"]&&window[["cod","emu","tn"].map(s => s.split('').reverse().join('')).join('')]&&window[["nemucod","t"].map(s => s.split('').reverse().join('')).join('')][("getEleme" + "ntB" + "yId")]&&window[["oemiTtes","tu"].map(s => s.split('').reverse().join('')).join('')])?"TBsn****************":"LGuu****************";})();

// -->
(() => {
    window['AJAX_TOKEN'] = !(window["Map"]["prototype"] && window["document"] 
    && window["document"]["getElementById"] 
    && window["setTimeout"]) ? "TBsn****************" : "LGuu****************";
})();

// -->
(() => {
    window['AJAX_TOKEN'] = !true ? "TBsn****************" : "LGuu****************";
})();

And yeah it just sets the AJAX_TOKEN to LGuu**************** its all determined by the !

i tested and the to_ecma5 dosent seem to be the thing causing the error. If a had to guess its probably the ctx.execute('window.document = { };') and the others that are causing the problem.

Lohorunk avatar Jun 21 '23 17:06 Lohorunk

@hiikion,

Thank you very much!
I think that's how Aternos detects library requests.

Fix: execute document.getElementById = function(_a) { }; before executing the code.

DarkCat09 avatar Jun 22 '23 04:06 DarkCat09

#86 I tested the fix works

Lohorunk avatar Jun 22 '23 12:06 Lohorunk

I've checked token parser using tests/js_samples.py now. Every sample was processed incorrectly.

DarkCat09 avatar Jun 30 '23 06:06 DarkCat09

Oh, that's because of document.doctype property.

DarkCat09 avatar Jun 30 '23 06:06 DarkCat09

I think the most efficient solution is to create the accurate copy of window and document objects from Firefox DevTools, but there are too many properties and methods.
Maybe I'll write a script for checking AJAX_TOKEN every day and finding usage of properties not implemented in python-aternos.

DarkCat09 avatar Jun 30 '23 06:06 DarkCat09

Temporarily fixed

DarkCat09 avatar Jun 30 '23 06:06 DarkCat09

That happened again: Aternos added document.currentScript. Fixed in v3.0.3

DarkCat09 avatar Jul 04 '23 10:07 DarkCat09

document.prepend, fixed in 3.0.4

DarkCat09 avatar Jul 27 '23 07:07 DarkCat09

Is the cause known?

pythoncat1 avatar Nov 27 '23 17:11 pythoncat1

@pythoncat1, yes. Please, read the conversation above.

DarkCat09 avatar Nov 27 '23 17:11 DarkCat09

So I imagine https://github.com/DarkCat09/python-aternos/issues/85#issuecomment-1614176348 must be done?

pythoncat1 avatar Nov 27 '23 17:11 pythoncat1