CRISTL (a bloxd cheat) [updated to 1.2]

A Bloxd.io cheat with features like: kill aura, etc. tags: bloxd, bloxd io, bloxd cheat, bloxd hack, hack bloxd io, cristl, spectra, wisk, bloxd auto clicker
Install this script ?
Ask a question, post a review, or report the script.
Wrap lines
// ==UserScript==
// @name        CRISTL (a bloxd cheat) [updated to 1.2]
// @namespace   CRISTL
// @match       *://bloxd.io/*
// @grant       GM_xmlhttpRequest
// @version     1.5
// @author      cristll :3
// @description A Bloxd.io cheat with features like: kill aura, etc. tags: bloxd, bloxd io, bloxd cheat, bloxd hack, hack bloxd io, cristl, spectra, wisk, bloxd auto clicker
// ==/UserScript==

(function(){
  'use strict';

  // raw URL to the file in Gitea
  const remoteUrlBase = 'https://gitea.com/cristl/cristl-bloxd-cheat/raw/branch/main/cristl.js';

  // Add cache-busting param (use commit SHA instead for a permanent solution)
  const remoteUrl = remoteUrlBase + (remoteUrlBase.includes('?') ? '&' : '?') + '_=' + Date.now();

  function tryInlineInjection(code){
    try {
      const si = document.createElement('script');
      si.type = 'text/javascript';
      si.textContent = code;
      (document.head || document.documentElement).appendChild(si);
      console.log('[CRISTL] Inline injection succeeded.');
      setTimeout(()=>si.remove(), 1500);
    } catch (e) {
      console.error('[CRISTL] Inline injection failed:', e);
    }
  }

  function performInjection(text){
    const looksLikeHtml = /^\s*<!doctype|^\s*<html/i.test(text) || text.includes('<html') || text.length < 20;
    if (looksLikeHtml) {
      console.warn('[CRISTL] Remote response looks like HTML (maybe a viewer or error page). Aborting blob injection. Response snippet:', text.slice(0,200));
      return;
    }

    try {
      const s = document.createElement('script');
      s.type = 'text/javascript';
      const blob = new Blob([text], { type: 'text/javascript' });
      s.src = URL.createObjectURL(blob);
      s.onload = () => {
        setTimeout(()=> {
          try { URL.revokeObjectURL(s.src); } catch(e) {}
          s.remove();
        }, 30000);
        console.log('[CRISTL] Script injected via blob URL.');
      };
      s.onerror = () => {
        console.warn('[CRISTL] Blob script failed to load; falling back to inline.');
        tryInlineInjection(text);
        s.remove();
      };
      (document.head || document.documentElement).appendChild(s);
    } catch(err){
      console.warn('[CRISTL] Blob creation/insertion failed, falling back to inline injection.', err);
      tryInlineInjection(text);
    }
  }

  console.log('[CRISTL] fetching remote script from:', remoteUrlBase);

  GM_xmlhttpRequest({
    method: 'GET',
    url: remoteUrl,
    headers: {
      // try to get freshest copy
      'Cache-Control': 'no-cache, no-store, must-revalidate',
      'Pragma': 'no-cache'
    },
    onload(response){
      try {
        const status = response.status || 0;
        console.log('[CRISTL] GM_xmlhttpRequest status:', status, 'response length:', (response.responseText||'').length);
        if (status < 200 || status >= 300) {
          console.warn('[CRISTL] Unexpected status code; response likely not raw JS. Snippet:', (response.responseText||'').slice(0,300));
          return;
        }
        const text = response.responseText || '';
        // quick sanity: log first 200 chars (helps detect HTML viewer)
        console.log('[CRISTL] response snippet:', text.slice(0,200));
        performInjection(text);
      } catch (e){
        console.error('[CRISTL] Error processing response', e);
      }
    },
    onerror(err){
      console.error('[CRISTL] GM_xmlhttpRequest error', err);
    },
    ontimeout(){
      console.warn('[CRISTL] GM_xmlhttpRequest timeout');
    },
    timeout: 15000
  });

})();