search

DarkCat09 / python-aternos

[UNMAINTAINED] Unofficial Aternos API written in Python
https://pypi.org/project/python-aternos/
Apache License 2.0
92 stars 13 forks source link

parse_token returns wrong ajax token #85

Open Lohorunk opened 1 year ago

Lohorunk commented 1 year ago

may be related to https://github.com/DarkCat09/python-aternos/issues/75#issuecomment-1572125741

(i dont think ajax tokens are sensitive info but will censor them anyway)

I noticed in the dev console that the ajax token used by aternos did not match the one given by the library LGuu**************** < used by aternos website TBsn**************** < used by the library

I deobfuscated the js function by hand to try and understand how it works

(() => /*window["AJAX_TOKEN"]="TBsn****************"}*/{window[["XAJA","OT_","K","NE"].map(s => s.split('').reverse().join('')).join('')]=!(window[["Map"].reverse().join('')]["prototype"]&&window[["cod","emu","tn"].map(s => s.split('').reverse().join('')).join('')]&&window[["nemucod","t"].map(s => s.split('').reverse().join('')).join('')][("getEleme" + "ntB" + "yId")]&&window[["oemiTtes","tu"].map(s => s.split('').reverse().join('')).join('')])?"TBsn****************":"LGuu****************";})();

// -->
(() => {
    window['AJAX_TOKEN'] = !(window["Map"]["prototype"] && window["document"] 
    && window["document"]["getElementById"] 
    && window["setTimeout"]) ? "TBsn****************" : "LGuu****************";
})();

// -->
(() => {
    window['AJAX_TOKEN'] = !true ? "TBsn****************" : "LGuu****************";
})();

And yeah it just sets the AJAX_TOKEN to LGuu**************** its all determined by the !

i tested and the to_ecma5 dosent seem to be the thing causing the error. If a had to guess its probably the ctx.execute('window.document = { };') and the others that are causing the problem.

DarkCat09 commented 1 year ago

@hiikion,

Thank you very much!
I think that's how Aternos detects library requests.

Fix: execute document.getElementById = function(_a) { }; before executing the code.

Lohorunk commented 1 year ago

86 I tested the fix works

DarkCat09 commented 1 year ago

I've checked token parser using tests/js_samples.py now. Every sample was processed incorrectly.

DarkCat09 commented 1 year ago

Oh, that's because of document.doctype property.

DarkCat09 commented 1 year ago

I think the most efficient solution is to create the accurate copy of window and document objects from Firefox DevTools, but there are too many properties and methods.
Maybe I'll write a script for checking AJAX_TOKEN every day and finding usage of properties not implemented in python-aternos.

DarkCat09 commented 1 year ago

Temporarily fixed

DarkCat09 commented 1 year ago

That happened again: Aternos added document.currentScript. Fixed in v3.0.3

DarkCat09 commented 1 year ago

document.prepend, fixed in 3.0.4

pythoncat1 commented 9 months ago

Is the cause known?

DarkCat09 commented 9 months ago

@pythoncat1, yes. Please, read the conversation above.

pythoncat1 commented 9 months ago

So I imagine https://github.com/DarkCat09/python-aternos/issues/85#issuecomment-1614176348 must be done?