search

uBlockOrigin / uAssets

Resources for uBlock Origin, uMatrix: static filter lists, ready-to-use rulesets, etc.
GNU General Public License v3.0
3.85k stars 730 forks source link

aternos.org: detection #13144

Open sportshead opened 2 years ago

sportshead commented 2 years ago

Prerequisites

I tried to reproduce the issue when...

URL(s) where the issue occurs

https://aternos.org/server

Describe the issue

See #12987 #12895 #12314 #12299 and others. aternos.org is still detecting adblockers and showing a "you are using an adblocker screen". The screen only shows after around 500ms (estimate) from page load and the normal page content can be seen before it shows.

Screenshot(s)

No response

Notes

Digging through it seems that the script tag with a base64 url is the culprit. I've tried blocking it with acs scriptlet but I don't really know how it works. The script tag is the last script tag when I view source.

I also found that it uses MutationObserver in order to check for detection bypass. I think somehow breaking MutationObserver functionality with prototype pollution may work, however, I do not know how to accomplish that with uBO. Alternatively, the Continue with adblocker anyway button could perhaps be pressed and time somehow sped up? It checks Date.now() with setInterval every 200 ms, which could be a way to break it.

Configuration

```yaml uBlock Origin: 1.42.4 Firefox: 101 filterset (summary): network: 96443 cosmetic: 106230 scriptlet: 21002 html: 653 listset (total-discarded, last updated): added: https://raw.githubusercontent.com/Spam404/lists/master/adblock-list.txt: 7253-4, 1d.19h.47m fanboy-annoyance: 70820-290, 2d.22h.18m ublock-annoyances: 4394-4, 3d.22h.44m default: user-filters: 21-0, never ublock-filters: 31558-30, 3d.22h.46m ublock-badware: 4148-3, 3d.22h.45m ublock-privacy: 218-0, 11d.24m ublock-abuse: 75-0, 11d.25m ublock-unbreak: 1789-0, 3d.22h.49m easylist: 66414-599, 3d.22h.48m easyprivacy: 26943-578, 3d.22h.47m urlhaus-1: 8474-0, 19h.27m plowe-0: 3679-4, 3d.22h.50m ublock-quick-fixes: 213-0, 19h.28m filterset (user): [array of 21 redacted] trustedset: added: [array of 206 redacted] hostRuleset: added: [array of 499 redacted] modifiedUserSettings: advancedUserEnabled: true modifiedHiddenSettings: [none] supportStats: allReadyAfter: 1100 ms (selfie) maxAssetCacheWait: 627 ms ```
stephenhawk8054 commented 2 years ago

Currently it's not possible to terminate the detection. Also if you mean pressing the button automatically, you might need to do with a userscript as uBO has not implemented adding vanilla script yet.

JobcenterTycoon commented 2 years ago

Also if the overlay get blocked the complete body get removed

ghost commented 2 years ago

Could someone take a look at the cosmetic filtering?

avstoyanov commented 1 year ago

the site detects when the element in the top and side bar containing the exaroton ads is modified. Something else also breaks it but I can't tell what since I can't tell what the difference is in the logger

ghost commented 1 year ago

https://hakorr.github.io/Userscripts/Aternos/AntiAntiAdblock/course/ gives a whole page how aternos detection works. At the buttom of the page he gives a link to https://hakorr.github.io/Userscripts/Aternos/AntiAntiAdblock giving you a userscript for it. It worked for me and I hope that for other people using aternos who are willing to use userscripts it works too

oddmario commented 1 year ago

Those work but only for Firefox

aternos.org##^script:has-text(_0x3d86bb)
aternos.org##^script:has-text(_0x575ee4)
aternos.org##^span[ykkrac="vDgUnYT"]
aternos.org##[class="header-link-exaroton"]

However they can't work on Chromium-based browsers (at least for now) as stated @ https://github.com/gorhill/uBlock/wiki/Inline-script-tag-filtering

Not supported in Chromium-based browser.

  • Starring the related Chromium issue may help motivate Chromium devs to implement support.
  • Falling back on wholesale blocking of all inline script tags may work.[1]
mapx- commented 1 year ago

in the last uBO for chrome you can test

aternos.org##+js(rmnt, script, _0x3d86bb)
oddmario commented 1 year ago

There we go then :)

aternos.org##^script:has-text(_0x3d86bb)
aternos.org##^script:has-text(_0x575ee4)
aternos.org##+js(rmnt, script, _0x3d86bb)
aternos.org##+js(rmnt, script, _0x575ee4)
aternos.org##^span[ykkrac="vDgUnYT"]
aternos.org##[class="header-link-exaroton"]

just tested it and it's blocking the ads on their site perfectly

I can make a PR for this, not sure which category it's supposed to go with though

JobcenterTycoon commented 1 year ago

Its unstable and doesn’t work, i just get a blank screen.

oddmario commented 1 year ago

To make it a bit more stable, we can probably change how I hardcoded the exact variable names and make it look for the prefix _0x of the obfuscation instead

aternos.org##^script:has-text(_0x)
aternos.org##+js(rmnt, script, _0x)
aternos.org##[class="header-link-exaroton"]

If anything else causes any sort of instability then it might be because rmnt takes action once the DOMContentLoaded is fired? Unsure if there's a way to make it run bit earlier than that.

And as for the blank screen, I am not getting any blank screens here, maybe it's caused as a result of interference with another filter(s)?

JobcenterTycoon commented 1 year ago

The inline scripts need to be executed or the start button and other buttons like the logout button stops working. I tried filter like

aternos.org##body > span[style]:remove() aternos.org##+js(rpnt, script, body)

But the start button is still broken.

mapx- commented 1 year ago

@JobcenterTycoon what about

aternos.org##+js(nosiif, , 100)

JobcenterTycoon commented 1 year ago

Same result.

oddmario commented 1 year ago

When I came up with the filters in my above comment it worked, looks like they made a change to how their button clicks work (probably made it a part of their anti adblock)

Can we change the value returned by a JavaScript function on a site using uBlock? If that's possible I will proceed with updating my filters to reverse their patch

UPDATE: I got it. Try:

aternos.org##^script:has-text(_0x)
aternos.org##+js(rmnt, script, _0x)
aternos.org##[class="header-link-exaroton"]
aternos.org##[style*="z-index: 10123;"]:style(display: none !important)
aternos.org##+js(set, aia, trueFunc)
JobcenterTycoon commented 1 year ago

Okey, the filter you posted doesn’t work for me because i still get anti adblock but based on it i have working filter now:

aternos.org##^script:has-text(doubleclick)
!#if !cap_html_filtering
aternos.org##+js(rmnt, script, doubleclick)
!#endif
aternos.org##+js(rpnt, script, body)
aternos.org##+js(set, aia, trueFunc)
aternos.org##body > span[style]:remove()

Logout? Working. Start? Working.

Can you confirm?

oddmario commented 1 year ago

Okey, the filter you posted doesn’t work for me because i still get anti adblock but based on it i have working filter now:

aternos.org##^script:has-text(doubleclick)
!#if !cap_html_filtering
aternos.org##+js(rmnt, script, doubleclick)
!#endif
aternos.org##+js(rpnt, script, body)
aternos.org##+js(set, aia, trueFunc)
aternos.org##body > span[style]:remove()

Logout? Working. Start? Working.

Can you confirm?

Both my filters and yours work for me. You can also completely remove their Exaroton banner using

aternos.org##[class="header-link-exaroton"]
JobcenterTycoon commented 1 year ago

Sure. The final filter (counters also old exception filter):

filter ``` aternos.org##^script:has-text(doubleclick) !#if !cap_html_filtering aternos.org##+js(rmnt, script, doubleclick) !#endif aternos.org##+js(rpnt, script, body) aternos.org##+js(set, aia, trueFunc) aternos.org##body > span[style]:remove() @@||hb.vntsm.com/v2/live/$xhr,domain=aternos.org,badfilter @@||tlx.3lift.com/header/auction?$xhr,domain=aternos.org,badfilter @@||fastlane.rubiconproject.com/a/api/fastlane.json?$xhr,domain=aternos.org,badfilter @@||bidder.criteo.com/cdb?$xhr,domain=aternos.org,badfilter @@||hbopenbid.pubmatic.com/translator?source=prebid-client$xhr,domain=aternos.org,badfilter @@||mp.4dex.io/prebid$xhr,domain=aternos.org,badfilter @@||prg.smartadserver.com/prebid/v1$xhr,domain=aternos.org,badfilter @@||venatusmedia-d.openx.net/w/1.0/arj$xhr,domain=aternos.org,badfilter @@||adx.adform.net/adx/openrtb$xhr,domain=aternos.org,badfilter @@||htlb.casalemedia.com/cygnus?s=$xhr,domain=aternos.org,badfilter @@||prebid.a-mo.net/a/c$xhr,domain=aternos.org,badfilter @@||vntsm.com/*/ad-manager.min.js$script,domain=aternos.org,badfilter @@||hb.vntsm.io/content.html$xhr,domain=aternos.org,badfilter @@||securepubads.g.doubleclick.net/tag/js/gpt.js$script,domain=aternos.org,badfilter aternos.org#@#.header-link-exaroton-link:style(pointer-events: none !important; max-height: 0.01235px !important; padding: 0px !important;) aternos.org#@#.sidebar:style(width: 1.74px !important; padding: 0px !important;) aternos.org#@#.ad-dfp:style(min-height: 0.0037px !important; height: 0.0037px !important;) aternos.org##.header-link-exaroton aternos.org##.sidebar aternos.org##.ad-dfp aternos.org###placement-takeover ```

Edit: The filter are obsolete

YuriFernandes150 commented 1 year ago

Sure. The final filter (counters also old exception filter):

filter

aternos.org##^script:has-text(doubleclick)
!#if !cap_html_filtering
aternos.org##+js(rmnt, script, doubleclick)
!#endif
aternos.org##+js(rpnt, script, body)
aternos.org##+js(set, aia, trueFunc)
aternos.org##body > span[style]:remove()
@@||hb.vntsm.com/v2/live/$xhr,domain=aternos.org,badfilter
@@||tlx.3lift.com/header/auction?$xhr,domain=aternos.org,badfilter
@@||fastlane.rubiconproject.com/a/api/fastlane.json?$xhr,domain=aternos.org,badfilter
@@||bidder.criteo.com/cdb?$xhr,domain=aternos.org,badfilter
@@||hbopenbid.pubmatic.com/translator?source=prebid-client$xhr,domain=aternos.org,badfilter
@@||mp.4dex.io/prebid$xhr,domain=aternos.org,badfilter
@@||prg.smartadserver.com/prebid/v1$xhr,domain=aternos.org,badfilter
@@||venatusmedia-d.openx.net/w/1.0/arj$xhr,domain=aternos.org,badfilter
@@||adx.adform.net/adx/openrtb$xhr,domain=aternos.org,badfilter
@@||htlb.casalemedia.com/cygnus?s=$xhr,domain=aternos.org,badfilter
@@||prebid.a-mo.net/a/c$xhr,domain=aternos.org,badfilter
@@||vntsm.com/*/ad-manager.min.js$script,domain=aternos.org,badfilter
@@||hb.vntsm.io/content.html$xhr,domain=aternos.org,badfilter
@@||securepubads.g.doubleclick.net/tag/js/gpt.js$script,domain=aternos.org,badfilter
aternos.org#@#.header-link-exaroton-link:style(pointer-events: none !important; max-height: 0.01235px !important; padding: 0px !important;)
aternos.org#@#.sidebar:style(width: 1.74px !important; padding: 0px !important;)
aternos.org#@#.ad-dfp:style(min-height: 0.0037px !important; height: 0.0037px !important;)
aternos.org##.header-link-exaroton
aternos.org##.sidebar
aternos.org##.ad-dfp
aternos.org###placement-takeover

Hello! I have the same issue with aternos, and the above filter did not work for me...

I just get a blank white screen.

Browser: MS Edge

YuriFernandes150 commented 1 year ago

https://hakorr.github.io/Userscripts/Aternos/AntiAntiAdblock/course/ gives a whole page how aternos detection works. At the buttom of the page he gives a link to https://hakorr.github.io/Userscripts/Aternos/AntiAntiAdblock giving you a userscript for it. It worked for me and I hope that for other people using aternos who are willing to use userscripts it works too

After following these instructions, I was able to successfully block ads on the site. Had to try a few different combinations of scripts, but eventually got it to work, ty!

oddmario commented 1 year ago

Sure. The final filter (counters also old exception filter): filter

aternos.org##^script:has-text(doubleclick)
!#if !cap_html_filtering
aternos.org##+js(rmnt, script, doubleclick)
!#endif
aternos.org##+js(rpnt, script, body)
aternos.org##+js(set, aia, trueFunc)
aternos.org##body > span[style]:remove()
@@||hb.vntsm.com/v2/live/$xhr,domain=aternos.org,badfilter
@@||tlx.3lift.com/header/auction?$xhr,domain=aternos.org,badfilter
@@||fastlane.rubiconproject.com/a/api/fastlane.json?$xhr,domain=aternos.org,badfilter
@@||bidder.criteo.com/cdb?$xhr,domain=aternos.org,badfilter
@@||hbopenbid.pubmatic.com/translator?source=prebid-client$xhr,domain=aternos.org,badfilter
@@||mp.4dex.io/prebid$xhr,domain=aternos.org,badfilter
@@||prg.smartadserver.com/prebid/v1$xhr,domain=aternos.org,badfilter
@@||venatusmedia-d.openx.net/w/1.0/arj$xhr,domain=aternos.org,badfilter
@@||adx.adform.net/adx/openrtb$xhr,domain=aternos.org,badfilter
@@||htlb.casalemedia.com/cygnus?s=$xhr,domain=aternos.org,badfilter
@@||prebid.a-mo.net/a/c$xhr,domain=aternos.org,badfilter
@@||vntsm.com/*/ad-manager.min.js$script,domain=aternos.org,badfilter
@@||hb.vntsm.io/content.html$xhr,domain=aternos.org,badfilter
@@||securepubads.g.doubleclick.net/tag/js/gpt.js$script,domain=aternos.org,badfilter
aternos.org#@#.header-link-exaroton-link:style(pointer-events: none !important; max-height: 0.01235px !important; padding: 0px !important;)
aternos.org#@#.sidebar:style(width: 1.74px !important; padding: 0px !important;)
aternos.org#@#.ad-dfp:style(min-height: 0.0037px !important; height: 0.0037px !important;)
aternos.org##.header-link-exaroton
aternos.org##.sidebar
aternos.org##.ad-dfp
aternos.org###placement-takeover

Hello! I have the same issue with aternos, and the above filter did not work for me...

I just get a blank white screen.

Browser: MS Edge

They were patched. You can use the Aternos website with uBlock if you're not bothered by their Exaroton ad

AppleMangoOrange commented 7 months ago

Is it possible to only have cosmetic filtering as a temporary fix?

RokeJulianLockhart commented 4 months ago

https://github.com/uBlockOrigin/uAssets/issues/13144#issuecomment-1387172191

https://github.com/marvinschopf/disable-page-visibility-api/issues/4#issue-1944105129 also allows you to at least wait for the advertisements to finish without it knowing you've switched to another tab, although as https://github.com/marvinschopf/disable-page-visibility-api/issues/1#issue-1031103057 demonstrates, it's worth enabling solely when visiting https://aternos.org.

BigCitrusFruit commented 4 months ago

As of a couple days ago, Aternos' anti-adblock annoyances are no longer solved by activating "Block large media elements on this site." Also, there are new "ads" hard-coded to appear, all for the same product. As for the annoyance, its still the same big red screen "please don't use an adblocker" then you have to push a button to continue and wait 3 seconds. It's quite frustrating, but Aternos runs so many ad's its better to deal with that screen than all their ads.

Oqarshi commented 3 months ago

this tampermonkey script works. The buttons work too. You will still need to use ublock origin to block the ads this just blocks the annoying big red screen that says it detects adblock

Userscript ```js // Userscript created with https://hakorr.github.io/Userscripts/Aternos/AntiAntiAdblock/ // ==UserScript== // @name [Aternos] AntiAntiAdblock // @namespace none // @match https://aternos.org/* // @grant none // @version 1.0 // @author HKR // @description Removes all the adblock reminders. // @require https://greasyfork.org/scripts/21927-arrive-js/code/arrivejs.js // @require https://ajax.googleapis.com/ajax/libs/jquery/2.2.0/jquery.js // @run-at document-start // ==/UserScript== // @run-at document-start (() => { 'use strict'; const observerCallback = (mutationsList) => { for (let mutationRecord of mutationsList) { for (let node of mutationRecord.addedNodes) { if (node.tagName !== 'SCRIPT') continue; /* Example keywords: - 'data:text/javascript;base64 - 'base64' - 'jquery' */ if (node.src.includes('data:text/javascript;base64') || node.outerHTML.includes('data:text/javascript;base64') || node.innerHTML.includes('data:text/javascript;base64')) { // Remove the element node.remove(); } }; }; }; const mutObvsr = new MutationObserver(observerCallback); mutObvsr.observe(document, { childList: true, subtree: true }); })(); function removeLayer() { Array.from(document.querySelectorAll("[style]")).forEach(elem => { //Change the top: 0 to some attribute the fullscreen red Anti-Adblock has, then it works if(elem.getAttribute("style").includes("top: 0")) { //What to do with the element, feel free to modify elem.innerHTML = ""; elem.style += "display: none"; } }); } window.onload = function() { removeLayer() } // @require https://ajax.googleapis.com/ajax/libs/jquery/2.2.0/jquery.js $(document).ready(function () { //Added from the "Continue with adblocker anyway" button's function $(".body, .header").each(function () { this.style.setProperty("display", ""); this.style.setProperty("height", ""); }); //Added from the "Continue with adblocker anyway" button's function $("#start").each(function () { this._ready = true; }); $("#userdropdown-toggle").click(function (e) { if ($(window).width() <= 1e3) { e.preventDefault(); $(".userdropdown").slideToggle(100); } }); $(".logout").click(function () { aget("/panel/ajax/account/logout.php", function () { location.href = "/go/"; }); }); $(".navigation-toggle").click(function () { var cookieValue = 0; if ($(".navigation").hasClass("toggled")) { $(".navigation").removeClass("toggled"); } else { $(".navigation").addClass("toggled"); cookieValue = 1; } document.cookie = COOKIE_PREFIX + "_NAVIGATION_TOGGLED=" + cookieValue + ";path=/;max-age=31536000"; }); $(".friend-access-count-dropdown").click(function () { var dropdown = $(".friend-access-dropdown"); if (dropdown.css("display") === "none") { dropdown.slideDown(100); $(".friend-access-count-dropdown i").fa("fas", "fa-caret-up"); } else { dropdown.slideUp(100); $(".friend-access-count-dropdown i").fa("fas", "fa-caret-down"); } }); $(".js-friends-access").click(friendAccess); $(".js-friends-leave").click(friendLeave); $(".hamburger").click(function () { if ($(".navigation").css("left") == "-200px") { $(".navigation").animate({left: "0px"}); } else { $(".navigation").animate({left: "-200px"}); } }); }); ```
B1ack3ye commented 3 months ago

this tampermonkey script works. The buttons work too

Userscript

Everything is working fine on my end. Great job!

Texabot1 commented 3 months ago

I copied the script into tampermonkey and have ublock origin but when I use aternos, it doesn't do anything when I press the start server button. Did I mess up somewhere? or did aternos just cuck the tampermonkey script 2 weeks into it being made?

Oqarshi commented 3 months ago

I copied the script into tampermonkey and have ublock origin but when I use aternos, it doesn't do anything when I press the start server button. Did I mess up somewhere? or did aternos just cuck the tampermonkey script 2 weeks into it being made?

Looks like aternos changed the way their start button functions I can't check rn I'm busy sorry 😕 i might have to obfuscate the code to prevent patches.

Oqarshi commented 3 months ago

I copied the script into tampermonkey and have ublock origin but when I use aternos, it doesn't do anything when I press the start server button. Did I mess up somewhere? or did aternos just cuck the tampermonkey script 2 weeks into it being made?

Hey i recently found out that DvilMuck is actively developing a userscript to bypass Aternos' antiadblock detection.

The code is obfuscated to prevent patches so please use at your own risk but im like 99% sure its safe

https://gist.github.com/DvilMuck/f2b14f3f65e8f22974d781277158f82a

GhostIsBeHere commented 2 months ago

If you disable Cosmetic Filtering, the AntiAdblock won't get triggered. If you then combine it with this userstyle I made then it will look identical to a full adblock :]