Preface#
The client is shown in the figure below
Open its installation directory, it's clearly Electron. And it can only be automatically installed, and it's installed in the test directory?
Analysis#
No need to decompress asar, no need to process the source code. Because nothing is encrypted, it runs directly, only one 6.
Crack#
Find the file shown in the figure below, where the m() function decrypts a string and returns the URL of the configuration file.
The returned result is shown in the figure below
Just directly modify the return value of m()
function m() {
return "your configuration file address";
}
The configuration file is shown below, after being encrypted with base64, put it on your own website. You can understand the specific meaning by looking at it yourself.
{
"apiUrl":"https://xxxx.com",//Interface address (v2b address)
"crispId":"",
"siteName":"Your site name",
"website": "https://xxxx.com"",//Website address (v2b address)
"tgGroup": "https://t.me/",
"invite": "https://xxxx.com"/#/register?code=",
"FZHxIHSc":"For every friend you invite and become our member, you will receive an invitation commission reward (commission rate 20%)",
"affText":"Recommend a useful software, get an additional 10GB of free usage traffic: ",
"payMethod": 6,
"activeNodeId":-1,
"subscribeFlowIndex": 0,
"subscribeFlowDescribe": "When the traffic is exhausted, the package will be invalid, please do not purchase repeatedly",
"subscribeData": [{
"id": 4,
"flow": "500GB",
"expire": "* Validity period permanent",
"price": "100",
"remarks": "Save 5%",
"type": "onetime_price"
},{
"id": 4,
"flow": "1000GB",
"expire": "* Validity period permanent",
"price": "180",
"remarks": "Save 10%",
"type": "onetime_price"
},{
"id": 4,
"flow": "1888GB",
"expire": "* Validity period permanent",
"price": "288",
"remarks": "Save 15%",
"type": "onetime_price"
}],
"subscribeDataPeriodValue": 1,
"subscribeDataMonthly": [{
"id": 1,
"remarks": "30G/month, when the traffic is exhausted or expired, the package will be invalid",
"periodArr": [{
"id": 11,
"total": "Total: ¥5",
"month": "¥5/month",
"remarks": "Monthly payment",
"type": "month_price"
},
{
"id": 12,
"total": "Total: ¥15.00",
"month": "¥5/month",
"remarks": "Quarterly payment",
"type": "quarter_price"
},
{
"id": 13,
"total": "Total: ¥30",
"month": "¥5/month",
"remarks": "Half-yearly payment",
"type": "half_year_price"
}
]
},
{
"id": 5,
"remarks": "80G/month, when the traffic is exhausted or expired, the package will be invalid",
"periodArr": [{
"id": 21,
"total": "Total: ¥10",
"month": "¥10/month",
"remarks": "Monthly payment",
"type": "month_price"
},
{
"id": 22,
"total": "Total: ¥30",
"month": "¥10/month",
"remarks": "Quarterly payment",
"type": "quarter_price"
},
{
"id": 23,
"total": "Total: ¥50",
"month": "¥10/month",
"remarks": "Half-yearly payment",
"type": "quarter_price"
}
]
}
],
"faqData": [{
"label": "What should 'I' pay attention to!",
"value": "When you break through the Great Firewall, you are already a free person, but you still need to be humble, civilized, and abide by local laws."
},
{
"label": "Do you limit the number of online devices and speed?",
"value": "We do not limit the number of online devices, nor do we limit the speed."
},
{
"label": "Will you monitor 'my' data?",
"value": "Everyone has the right to enjoy internet freedom, we respect personal privacy and data, and no one can monitor your data."
},
{
"label": "Can the account of the phone and computer be shared?",
"value": "Yes, you can even share it with friends."
},
{
"label": "What is the difference between Smart Mode and Global Mode?",
"value": "In Smart Mode, domestic websites and applications do not use the ladder node, which can save traffic. In Global Mode, all websites and applications will use the ladder node, and domestic websites and applications will be slower."
}
],
"notice":{
"show":true,
"title":"Welcome to use your site name",
"content":"Homepage announcement"
}
}