Important bugfix in javascript parser

Author: DarkCat09

python_aternos/atconnect.py

@@ -4,12 +4,12 @@
 import lxml.html
 from requests import Response
 from cloudscraper import CloudScraper
-from typing import Optional, Union
+from typing import Optional, Union, Dict
 
 from . import atjsparse
 from .aterrors import CredentialsError, CloudflareError
 
-REQUA = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Goanna/4.8 Firefox/68.0 PaleMoon/29.4.0.2'
+REQUA = 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 OPR/85.0.4341.47'
 
 class AternosConnect:
 
@@ -86,13 +86,29 @@ def convert_num(
 			num //= base
 		return result
 
+	def add_headers(self, headers:Optional[Dict[str,str]]=None):
+
+		headers = headers or {}
+		headers.update({
+			'host': 'aternos.org',
+			'user-agent': REQUA,
+			'sec-ch-ua': '" Not A;Brand";v="99", "Chromium";v="100", "Opera";v="86"',
+			'sec-ch-ua-mobile': '?0',
+			'sec-ch-ua-platform': '"Linux"',
+			'sec-fetch-dest': 'document',
+			'sec-fetch-mode': 'navigate',
+			'sec-fetch-site': 'same-origin',
+			'sec-fetch-user': '?1',
+			'upgrade-insecure-requests': '1'
+		})
+
 	def request_cloudflare(
 		self, url:str, method:str,
 		params:Optional[dict]=None, data:Optional[dict]=None,
 		headers:Optional[dict]=None, reqcookies:Optional[dict]=None,
 		sendtoken:bool=False, redirect:bool=True, retry:int=0) -> Response:
 
-		if retry > 2:
+		if retry > 3:
 			raise CloudflareError('Unable to bypass Cloudflare protection')
 
 		try:
@@ -105,9 +121,8 @@ def request_cloudflare(
 
 		params = params or {}
 		data = data or {}
-		headers = headers or {}
 		reqcookies = reqcookies or {}
-		headers['User-Agent'] = REQUA
+		self.add_headers(headers)
 
 		if sendtoken:
 			params['TOKEN'] = self.token
@@ -143,7 +158,8 @@ def request_cloudflare(
 				url, method,
 				params, data,
 				headers, reqcookies,
-				sendtoken, redirect
+				sendtoken, redirect,
+				retry - 1
 			)
 
 		logging.info(

python_aternos/atjsparse.py

@@ -20,5 +20,10 @@ def atob(s:str) -> str:
 
 def exec(f:str) -> Any:
 	ctx = js2py.EvalJs({'atob': atob})
+	ctx.execute('window.document = { };')
+	ctx.execute('window.Map = function(_i){ };')
+	ctx.execute('window.setTimeout = function(_f,_t){ };')
+	ctx.execute('window.setInterval = function(_f,_t){ };')
+	ctx.execute('window.encodeURIComponent = function(_s){ };')
 	ctx.execute(to_ecma5_function(f))
 	return ctx

tests/js2py_test.py

@@ -27,10 +27,12 @@ def setUp(self) -> None:
 			'CuUcmZ27Fb8bVBNw12Vj',
 			'YPPe8Ph7vzYaZ9PF9oQP',
 			'UfLlemvKEE16ltk0hZNM',
-			'q6pYdP6r7xiVHhbotvlN',
-			'q6pYdP6r7xiVHhbotvlN',
-			'XAIbksgkVX9JYboMDI7D',
-			'sBImgVg6RL98W1khPYMl'
+			'S1Oban9UGRXVIepREw9q',
+			'S1Oban9UGRXVIepREw9q',
+			'KYDDyT1DWOJTZpNtJWhM',
+			'lZPFwRqIGIf8JKk1LG02',
+			'KbxzYCJUrFjWzbeZcAmE',
+			'KbxzYCJUrFjWzbeZcAmE'
 		]
 
 	def test_base64(self) -> None:
@@ -45,6 +47,27 @@ def test_conv(self) -> None:
 		f = atjsparse.to_ecma5_function(token)
 		self.assertEqual(f, '(function(){window["AJAX_TOKEN"]=("2r" + "KO" + "A1" + "IFdBcHhEM" + "61" + "6cb");})()')
 
+	def test_ecma6parse(self) -> None:
+
+		code = '''
+		window.t0 =
+			window['document']&&
+			!window[["p","Ma"].reverse().join('')]||
+			!window[["ut","meo","i","etT","s"].reverse().join('')];'''
+
+		part1 = '''window.t1 = Boolean(window['document']);'''
+		part2 = '''window.t2 = Boolean(!window[["p","Ma"].reverse().join('')]);'''
+		part3 = '''window.t3 = Boolean(!window[["ut","meo","i","etT","s"].reverse().join('')]);'''
+
+		ctx0 = atjsparse.exec(code)
+		ctx1 = atjsparse.exec(part1)
+		ctx2 = atjsparse.exec(part2)
+		ctx3 = atjsparse.exec(part3)
+
+		self.assertEqual(ctx1.window['t1'], True)
+		self.assertEqual(ctx2.window['t2'], False)
+		self.assertEqual(ctx3.window['t3'], False)
+	
 	def test_exec(self) -> None:
 
 		for i, f in enumerate(self.tests):

token.txt

@@ -15,3 +15,5 @@
 (() => {window["AJAX_TOKEN"]=window['document']&&window["Map"]&&window[["out","e","Tim","et","s"].reverse().join('')]?["pREw9q","XVIe","UGR","S1Oban9"].reverse().join(''):["dYp6q","Vix7r6P","tobhH","Nlv"].map(s => s.split('').reverse().join('')).join('');})();
 (() => {window[["OKEN", "T", "_", "AJAX"].reverse().join("")] = window["document"] && window["Map"] && window["set" + "T" + "im" + "e" + "o" + "u" + "t"] ? ["DYK", "OWD1TyD", "TJ", "JtNpZ", "MhW"].map((s) => s.split("").reverse().join("")).join("") : "XAIbksgkVX9JYboMDI7D";})();
 (() => {window[["XAJA","T_","NEKO"].map(s => s.split('').reverse().join('')).join('')]=window['document']&&window[["ap","M"].reverse().join('')]&&window[["es","iTt","oem","u","t"].map(s => s.split('').reverse().join('')).join('')]?["Kk1LG02","If8J","lZPFwRqIG"].reverse().join(''):("sBI" + "mgV" + "g6RL98W1" + "khPY" + "Ml");})();
+(() => {window[["N","KE","_TO","X","JA","A"].reverse().join('')]=window['document']&&!window[["p","Ma"].reverse().join('')]||!window[["ut","meo","i","etT","s"].reverse().join('')]?("1UY5" + "1inS" + "kzlSO" + "QmKU0mK"):"KbxzYCJUrFjWzbeZcAmE";})();
+(() => {window[["EN", "TOK", "AJAX_"].reverse().join('')] = window['document'] && window["Map"] && window[("s" + "et" + "Tim" + "e" + "o" + "ut")] ? "KbxzYCJUrFjWzbeZcAmE" : ["mK", "SOQmKU0", "zl", "1inSk", "1UY5"].reverse().join('');})();