前言#
The client is shown in the following image
Open its installation directory, it's an electron app. And it can only be automatically installed, and it's installed in the test directory?
Analysis#
No need to decompress asar, no need to process the source code. Because nothing is encrypted, it runs directly, only one 6.
Crack#
Find the file shown in the image, the m() function will decrypt a string and return the URL of the configuration file.
The returned result is shown in the image
Just modify the return value of m() function
function m() {
return"your configuration file address";
}
The configuration file is shown below, encrypt it with base64 and put it on your own website. You will understand the specific meaning by looking at it yourself.
{
"apiUrl":"https://xxxx.com",//Interface address (v2b address)
"crispId":"",
"siteName":"Your site name",
"website": "https://xxxx.com"",//Website address (v2b address)
"tgGroup": "https://t.me/",
"invite": "https://xxxx.com"/#/register?code=",
"FZHxIHSc":"For every friend you invite and become our member, you will receive an invitation commission reward (commission rate 20%)",
"affText":"Recommend a useful software, get an additional 10GB of free usage traffic: ",
"payMethod": 6,
"activeNodeId":-1,
"subscribeFlowIndex": 0,
"subscribeFlowDescribe": "When the traffic is exhausted, the package will be invalid, please do not purchase repeatedly",
"subscribeData": [{
"id": 4,
"flow": "500GB",
"expire": "* Validity period: permanent",
"price": "100",
"remarks": "Save 5%",
"type": "onetime_price"
},{
"id": 4,
"flow": "1000GB",
"expire": "* Validity period: permanent",
"price": "180",
"remarks": "Save 10%",
"type": "onetime_price"
},{
"id": 4,
"flow": "1888GB",
"expire": "* Validity period: permanent",
"price": "288",
"remarks": "Save 15%",
"type": "onetime_price"
}],
"subscribeDataPeriodValue": 1,
"subscribeDataMonthly": [{
"id": 1,
"remarks": "30G/month, when the traffic is exhausted or expired, the package will be invalid",
"periodArr": [{
"id": 11,
"total": "Total: ¥5",
"month": "¥5/month",
"remarks": "Monthly payment",
"type": "month_price"
},
{
"id": 12,
"total": "Total: ¥15.00",
"month": "¥5/month",
"remarks": "Quarterly payment",
"type": "quarter_price"
},
{
"id": 13,
"total": "Total: ¥30",
"month": "¥5/month",
"remarks": "Half-yearly payment",
"type": "half_year_price"
}
]
},
{
"id": 5,
"remarks": "80G/month, when the traffic is exhausted or expired, the package will be invalid",
"periodArr": [{
"id": 21,
"total": "Total: ¥10",
"month": "¥10/month",
"remarks": "Monthly payment",
"type": "month_price"
},
{
"id": 22,
"total": "Total: ¥30",
"month": "¥10/month",
"remarks": "Quarterly payment",
"type": "quarter_price"
},
{
"id": 23,
"total": "Total: ¥50",
"month": "¥10/month",
"remarks": "Half-yearly payment",
"type": "quarter_price"
}
]
}
],
"faqData": [{
"label": "What should 'I' pay attention to!",
"value": "When you break through the Great Firewall, you are already a free person, but you still need to be humble, civilized, and abide by local laws."
},
{
"label": "Do you limit the number of online devices & speed?",
"value": "We do not limit the number of online devices, nor do we limit the speed."
},
{
"label": "Will you monitor 'my' data?",
"value": "Everyone has the right to enjoy internet freedom. We respect personal privacy and data. No one can monitor your data."
},
{
"label": "Can the account of mobile phone and computer be shared?",
"value": "Yes, you can, even share it with friends."
},
{
"label": "What is the difference between smart mode and global mode?",
"value": "In smart mode, domestic websites & applications do not use the proxy node, which can save traffic. In global mode, all websites & applications will use the proxy node, and domestic websites & applications will be slower."
}
],
"notice":{
"show":true,
"title":"Welcome to use your site name",
"content":"Homepage announcement"
}
}