ningmou

ningmou

telegram

Pluto win端 analysis

Preface
A long time ago, there was a Windows client that had no obfuscated source code. You could simply unzip the app.asar file and start using it.

Cracking
Find remote.js, which contains two addresses for obtaining the domain name. The address for gitee can no longer be accessed, but the address for gitlab is still available.

After accessing it, the content obtained is:

1D2C700C5B35126668012E103E1E561F694E24000A5D5D0308500C014D3403084151596B1A4620094134160C011B301554417C787D1C1A3E16282757294A29174A507C5077545C4B070E485E5A060C240E450E514C3315143B5C1D6F4E53511C6A14571C3E273E11402948272B4C334637425E072E0E34104649071B1051081D5978551D51014B690A16661E422C41424C5D27184B47642A7E1F162E093726017C46221A5155355B684B1E16571C4A4D13401B271612401C0A24180B3D444F6C4F144B1C37150608643F261044355C6B7D5B36083F1A4A0B280430080D144D070749171B077919085951591A

The encryption/decryption code is here:
image

Delete these lines, then open the browser console and paste the rest in. It can be used, but remember to restore the code.

exports.encrypt = function(text) {
	return es(text)
};
exports.decrypt = function(text) {
	return ds(text)
};

Calling the decryption code gives:

[{"host":"https://cdn.xpluto.cyou"},{"host":"https://x.xpluto.cyou:10088"},{"host":"https://zero.us.xpluto.cyou"},{"host":"https://zero.kr.xpluto.cyou"},{"host":"https://zero.hk.xpluto.cyou"},{"host":"https://xpluto.newlightcloud.com"}]

Encrypt the above format using the encryption code and place it on your own website. Then replace the two addresses at the beginning and it will be okay.

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.