Instantly share code, notes, and snippets.
Created
September 26, 2020 04:38
-
Star
5
(5)
You must be signed in to star a gist -
Fork
0
(0)
You must be signed in to fork a gist
-
Save voidstar0/4e5a7eadf510cd5baf14b571fd63be63 to your computer and use it in GitHub Desktop.
Pooky Cookies
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| module.exports = class PookyCookies { | |
| /** | |
| * PookyCookies, used to generate a unique | |
| * set of cookies for the Supreme checkout | |
| * process. | |
| */ | |
| constructor(region, aesKey, encKey, decKey) { | |
| this.region = region | |
| this.pookyConstants = { | |
| 'pooky_telemetry': 45, | |
| 'pooky_recaptcha': 87, | |
| 'pooky_recaptcha_coherence': 40, | |
| 'pooky_data': 195, | |
| 'pooky_settings': 200 | |
| } | |
| this.deadbeef = new Uint8Array([239, 7, 16, 222, 173, 190]); | |
| this.key = aesKey; | |
| this.encKey = encKey; | |
| this.decKey = decKey; | |
| } | |
| /** | |
| * Random 16 bytes used as an initialization | |
| * vector for encryption | |
| */ | |
| genIV() { | |
| return cryptoGetRandom(new Uint8Array(16)) | |
| } | |
| /** | |
| * Encrypts the data using a slightly modified | |
| * CBC. The round keys are dynamically grabbed | |
| * by the pooky-key-extractor microservice | |
| * @param {array} bytes - The plaintext to be encrypted as bytes. | |
| * @param {array} iv - The initialization vector to be used as bytes | |
| */ | |
| encrypt(bytes, iv) { | |
| const aesCbc = new aesjs.ModeOfOperation.cbc(this.key, iv, this.encKey, this.decKey); | |
| const encryptedBytes = aesCbc.encrypt(aesjs.padding.pkcs7.pad(bytes)); | |
| return aesjs.utils.hex.fromBytes(iv) + aesjs.utils.hex.fromBytes(encryptedBytes) | |
| } | |
| /** | |
| * Generates the 'pooky' cookie. Also used | |
| * for the pooky_performance cookie. | |
| * @returns {string} Newly generated UUIDv4 | |
| */ | |
| genPookyCookie() { | |
| this.pooky_cookie = require('uuid/v4')() | |
| return this.pooky_cookie | |
| } | |
| getPookyCookie() { | |
| return this.pooky_cookie; | |
| } | |
| replaceUUIDIndicies(indicies, replacement){ | |
| this.pooky_cookie = this.pooky_cookie.replace(/-/g, "").split("").map((e, i) => indicies.includes(i) ? replacement : e); | |
| this.pooky_cookie.splice(8, 0, '-'); | |
| this.pooky_cookie.splice(13, 0, '-'); | |
| this.pooky_cookie.splice(18, 0, '-'); | |
| this.pooky_cookie.splice(23, 0, '-'); | |
| this.pooky_cookie = this.pooky_cookie.join(""); | |
| } | |
| genPOwlCookie() { | |
| return this.encrypt([113, 101, 135, 114, 37, 81, 55, 73, 2, 16, 21, 99, 67], this.genIV()) | |
| } | |
| /** | |
| * Generates the pooky_performance cookie, this | |
| * cookie is simply the 'pooky' cookie, reversed | |
| * with dashes removed and encrypted. | |
| */ | |
| genPookyPerformance() { | |
| const reversedPooky = [...this.pooky_cookie].reverse() | |
| .filter(c => c !== '-') | |
| .join(''); | |
| const pookyPerformanceBytes = aesjs.utils.hex.toBytes(reversedPooky); | |
| const newPookyBytes = []; | |
| for(const byte of pookyPerformanceBytes) { | |
| newPookyBytes.push(200); | |
| newPookyBytes.push(byte); | |
| } | |
| return this.encrypt(newPookyBytes, this.genIV()) | |
| } | |
| /** | |
| * Generates the pooky_mouse cookie, this | |
| * cookie utilizes the Date#now and | |
| * performs arithmetic on each digit | |
| */ | |
| genPookyMouse() { | |
| const pookyMouseBytes = []; | |
| const timeString = String(Date.now()); | |
| [...timeString].forEach(char => { | |
| pookyMouseBytes.push(parseInt(Math.floor(9 * Math.random()) + char, 16)) | |
| }) | |
| return this.encrypt(pookyMouseBytes, this.genIV()); | |
| } | |
| /** | |
| * Generates the pooky_order_allow cookie | |
| * {"tohru_ok": true,"enabled": true,"all_releases":true,"splay_env":"prod", "mouse_score":100,"bypass":true} | |
| * @return {string} Hardcoded JSON base64 encoded | |
| */ | |
| genPookyOrderAllow() { | |
| return "eyJ0b2hydV9vayI6IHRydWUsImVuYWJsZWQiOiB0cnVlLCJhbGxfcmVsZWFzZXMiOnRydWUsInNwbGF5X2VudiI6InByb2QiLCAibW91c2Vfc2NvcmUiOjEwMCwiYnlwYXNzIjp0cnVlfQ==" | |
| } | |
| genElectricBytes() { | |
| return new Uint8Array(16).map(byte => Math.floor(200 * Math.random())) | |
| } | |
| /** | |
| * Generates the 'pooky_electric' cookie | |
| * along with 5 separate cookies stored in | |
| * pookyConstants. A cookie is selected at | |
| * random and filled with DEADBEEF bytes, | |
| * the rest of the cookies are filled with | |
| * random. | |
| * @returns {string} The randomly selected | |
| * cookie's magic value nested in an array | |
| */ | |
| genPookyElectric() { | |
| const randomCookie = Object.keys(this.pookyConstants).sample() | |
| const pookyElectric = new Uint8Array(Array.of(this.pookyConstants[randomCookie])) | |
| Object.keys(this.pookyConstants).forEach(key => { | |
| const data = key === randomCookie ? this.deadbeef : this.genElectricBytes() | |
| this[key] = this.encrypt(data, this.genIV()) | |
| }) | |
| return this.encrypt(pookyElectric, this.genIV()) | |
| } | |
| /** | |
| * These set of keys are generated by genPookyElectric | |
| * They are seemingly random | |
| */ | |
| genPookyTelemetry() { | |
| return this.pooky_telemetry | |
| } | |
| genPookyRecaptcha() { | |
| return this.pooky_recaptcha | |
| } | |
| genPookyRecaptchaCoherence() { | |
| return this.pooky_recaptcha_coherence | |
| } | |
| genPookyData() { | |
| return this.pooky_data | |
| } | |
| genPookySettings() { | |
| return this.pooky_settings | |
| } | |
| /** | |
| * Generates the 'updated_pooky_coherence' cookie | |
| * this cookie is a garbage "padding" string | |
| * encrypted | |
| */ | |
| genUpdatedPookyCoherence() { | |
| const updated_pooky_coherence = aesjs.utils.utf8.toBytes("pad_PPPPPPPPPP"); | |
| return this.encrypt(updated_pooky_coherence, this.genIV()); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment