Research on a certain wall-climbing client

Structural Analysis#

Electron at a glance
So open resources and take a look

It's a bit different from the classic structure, normally the source code should be packaged into app.asar, but this one is different, it's exposed directly, which is convenient.

Research Process#

Open pacakage.json


First of all, it's difficult to crash because this project uses several common package managers. The json file mentions npm yarn, and there is also pnpm in the folder, just choose one. It's impressive that it can integrate so many and still run normally.

Next, let's focus on the main file
It's not encrypted, just compressed, formatting it will be fine.
Now let's move on to the author's brilliant operation.

There is obfuscation in the dependencies, but it's not used, I don't know why it's referenced.
Vue should be a development dependency, and it's directly included in the final package.
As a result, the final dependencies are nearly 100MB.
Now let's go back to the main file.

截屏 2024-04-01 20.48.24_副本

I immediately noticed these two strings, it looks like getting the address of oss first, then getting the panel address. They are clearly encrypted strings, and there is also base64 with == at the end, which clearly indicates that it's encrypted information.

console.log(w().replaceAll("}", ""));

Just take out the relevant function separately, and you can see the address by outputting it. It's from gitee.
Then get the content, modify the x function, and output it directly.

function x() {
            var n = f;
var data = "content obtained from gitee";
var n = new Buffer(data, "base64").toString("UTF-8");

The content is roughly like this, you can decrypt it yourself, I won't put it here because it's too long.

  apiUrl: 'https://.',
  crispId: '',
  siteName: '',
  website: 'https://',
  tgGroup: '',
  invite: '',
  inviteIntroduce: '',
  affText: 'Invite link: ',
  payMethod: '1',


Just modify the following code

await c().get("get address").then((e => {
                    var n = new Buffer(, "base64").toString("UTF-8");
                    m(n), x()

Then put the base64 encrypted json in the address part, the format is in the gitee obtained in the previous steps, decrypt it yourself and replace it.


How to get the package, those who understand, understand, gitee has given it to you.
To be honest, I only looked at the win client, um, how should I put it, judging from the code quality and implementation, I think there should be quite a few bugs.

Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.