// ==UserScript== // @name [Demo]彩云 // @name:en demo@caiyunFakeupload // @description A useless Demo for study purposes (scriptcat only),simple and stupid. // @author ae86_qiu // @namespace [Demo]caiyunFakeupload@bbs.tampermonkey.net.cn // @version 002.2022.0831.3 // @match https://yun.139.com/w/#/index // @match https://yun.139.com/w//index // @match https://yun.139.com/w/#/main?t=* // @icon https://www.google.com/s2/favicons?sz=64&domain=yun.139.com // @connect yun.139.com // @require https://z.chaoxing.com/js/jquery-3.5.0.min.js // @require https://cdn.staticfile.org/blueimp-md5/2.19.0/js/md5.min.js // ==/UserScript== // 【Demo演示,请勿日常使用】 'use strict'; var $ = $ || window.$ // Official website homepage update var DebugMODE = false // whether to console.log all xhrs //The GM_caiyun constructor function GM_caiyunStruct(){ GM_caiyunInit(this, arguments) // init caiyun } const DEFAULT_ROOT_ID = '00019700101000000001' // THis is the initializer function function readCookie(name) { var nameEQ = name + "="; var ca = document.cookie.split(';'); for(var i=0;i < ca.length;i++) { var c = ca[i]; while (c.charAt(0)==' ') c = c.substring(1,c.length); if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length); } return null; } function GM_caiyunInit(config){// config means 'this' of GM_caiyunStruct /* config.userInfo = JSON.parse(localStorage.getItem('userInfo')) // login info */ // userInfo is now invalid config.account = atob(localStorage.getItem('encryptAccount')) // phone number config.phoneNumber = atob(localStorage.getItem('encryptAccount')) // phone number config.RootparentCatalogID = DEFAULT_ROOT_ID // root Folder var userId = JSON.parse(readCookie('userInfo'))['userId'] config.myCollectionParentCatalogID = userId + DEFAULT_ROOT_ID // 'MyAppCollection' 1011ZTlv31Qh00019700101000000071 userId + DEFAULT_ROOT_ID } GM_caiyunStruct.prototype = {// #GM_caiyunStruct.prototype region start /** * this obfuscated getNewSign function comes from official app.9dd75283.js * @param {undefined} e * @param {body} t * @param {timestamp} a * @param {randStr16} n */ getNewSign: function(e, t, a, n) { var r = "", i = ""; if (t) { var s = Object.assign({}, t); i = JSON.stringify(s), i = i.replace(/\s*/g, ""), i = encodeURIComponent(i); var c = i.split(""), u = c.sort(); i = u.join("") } // the declaration of md5 function is at the bottom of this page var A = md5(this.btoa(this.utob(i))) // var A = md5(btoa(utob(i))), // utils.GetMD5Encode(ts+":"+randStr) var l = md5(a + ":" + n) // l = md5(a + ":" + n); return md5(A + l).toUpperCase() }, getRandomSring: function(t) {// the employees of China Mobile misspelled the word 'string' for (var e = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", a = "", n = 0; n < t; n++) { var o = Math.floor(Math.random() * e.length); a += e.substring(o, o + 1) } return a }, getRandomString16: function(){// length = 16, random string return this.getRandomSring(16) }, Lt: function() {// 20220830122815 https://yun.139.com/w/static/js/app.9dd75283.js #L10769 var t = new Date , e = t.getFullYear() , a = t.getMonth() + 1 < 10 ? "0".concat(t.getMonth() + 1) : t.getMonth() + 1 , n = t.getDate() < 10 ? "0".concat(t.getDate()) : t.getDate() , o = t.getHours() < 10 ? "0".concat(t.getHours()) : t.getHours() , i = t.getMinutes() < 10 ? "0".concat(t.getMinutes()) : t.getMinutes() , s = t.getSeconds() < 10 ? "0".concat(t.getSeconds()) : t.getSeconds(); return "".concat(e).concat(a).concat(n).concat(o).concat(i).concat(s) }, // https://bobbyhadz.com/blog/javascript-format-date-yyyy-mm-dd-hh-mm-ss formatDate: function(date) {// return 'yyyy-MM-dd hh:mm:ss' format date let padTo2Digits = (num) => num.toString().padStart(2, '0') return ( [ date.getFullYear(), padTo2Digits(date.getMonth() + 1), padTo2Digits(date.getDate()), ].join('-') + ' ' + [ padTo2Digits(date.getHours()), padTo2Digits(date.getMinutes()), padTo2Digits(date.getSeconds()), ].join(':') );// '2022-08-31 20:30:00' }, btoa: function(v){ // base64 encode return btoa(v) // return Buffer.from(v).toString('base64') }, utob: function(str) { const u = String.fromCharCode return str.replace(/[\uD800-\uDBFF][\uDC00-\uDFFFF]|[^\x00-\x7F]/g, (t) => { if (t.length < 2) { var e = t.charCodeAt(0); return e < 128 ? t : e < 2048 ? u(192 | e >>> 6) + u(128 | 63 & e) : u(224 | e >>> 12 & 15) + u(128 | e >>> 6 & 63) + u(128 | 63 & e) } e = 65536 + 1024 * (t.charCodeAt(0) - 55296) + (t.charCodeAt(1) - 56320); return u(240 | e >>> 18 & 7) + u(128 | e >>> 12 & 63) + u(128 | e >>> 6 & 63) + u(128 | 63 & e) }) }, createHeaders: function(body) { timestamp = this.formatDate(new Date()) // '2022-08-31 20:30:00' // timestamp = this.moment(new Date()) // let timestamp = moment(new Date()) let key = this.getRandomString16() // let key = getRandomSring(16) // let sign = getNewSign(undefined, body, timestamp, key) let sign = this.getNewSign(undefined, body, timestamp, key) let headers = { 'x-huawei-channelSrc': '10000034', 'x-inner-ntwk': '2', 'mcloud-channel': '1000101', 'mcloud-client': '10701', 'mcloud-sign': timestamp + "," + key + "," + sign, // 'mcloud-skey': null, 'content-type': "application/json;charset=UTF-8", 'caller': 'web', 'CMS-DEVICE': 'default', 'x-DeviceInfo': '||9|85.0.4183.83|chrome|85.0.4183.83|||windows 10||zh-CN|||', 'x-SvcType': '1', // 'referer': 'https://yun.139.com/w/', } return headers }, userInfo,// login info account,// phone number phoneNumber,// phone number userId,// userId token,// token from localStorage userInfo RootparentCatalogID, }; // #GM_caiyunStruct.prototype region end // create default instance of GM_caiyun var caiyun = new GM_caiyunStruct(); (function () { 'use strict' function PostData(dict) { var k, tmp, v; tmp = []; for (k in dict) { v = dict[k]; tmp.push(k + "=" + v); } return tmp.join('&'); } const byteSize = str => new Blob([str]).size // https://dev.to/rajnishkatharotiya/get-byte-size-of-the-string-in-javascript-20jm // let params = fakeFilePayload({name:'a.txt',size:10,digest:'e4f58a805a6e1fd0f6bef58c86f9ceb3'}) function createFileFromLine(line){ let numbersignCount = line.replace(/[^#]/g, "").length if(numbersignCount == 3){ let arr = line.split('#') let digest = arr[0] let size = arr[2] let name = arr[3] // params = fakeFilePayload(createFileFromLine(line)) return { name: name, size: size, digest: digest } } return null } function shitcode_EasterEgg(){ let sing = 'OTc1Y2FlZTRkNmRiZjQ5NTM0MTNmNmIyNjJjYzJjNWIjNDFlN2Q1YjFjOTE1ZmRhYzM1NzE3ODRjNjJhNjNiNmMjMzU0ODQwNDcjQWxsIFRoZSBXYXkgTm9ydGggW0luaXRpYWwgUV0ubXAz' let jump = 'NjQwNWZjMzQyOWM0ZjgwNmI4NGJkMGIyZDM0ZmFiZmEjNWM4YzIzZjllYmUyYjFkNjc4MGMzZmI5OWM4Y2UxNTMjNTcwOTU4I2xlbmEuanBn' let rape = 'ZTRmNThhODA1YTZlMWZkMGY2YmVmNThjODZmOWNlYjMjZTRmNThhODA1YTZlMWZkMGY2YmVmNThjODZmOWNlYjMjMTAjbHV2IGxldHRlci50eHQ=' let cxk = {egg1: sing,egg2: jump,egg3: rape} return cxk } function fakeFilePayload(config){ // foo config {name:'a.txt',size:2,digest:'60b725f10c9c85c70d97880dfe8191b3',parentCatalogID:''} console.log(config) let config_uploadContent = { 'contentName': config.name, 'contentSize': parseInt(config.size),// [Must be a Number] 'digest':config.digest } let otherPayload = {// 'parentCatalogID': config.parentCatalogID || caiyun.RootparentCatalogID, // default parent:root folder } let payload = { 'manualRename': 2,// [Must be a Number] 'operation': 0,// upload [Must be a Number] 'fileCount': 1,// only support one file [Must be a Number] 'totalSize':parseInt(config.size),// [Must be a Number] // 'uploadContentList':[config_uploadContent], type UploadContentInfo[] 'uploadContentList':[config_uploadContent], // 'parentCatalogID' 'newCatalogName': '', 'commonAccountInfo':{ 'account':caiyun.phoneNumber, 'accountType':1 } } return {...payload,...otherPayload} } async function fakeUpload(fileinfoDict){ let params = fakeFilePayload(fileinfoDict) if(DebugMODE){ console.log("POSTing") } const r = await $.ajax({ method: "POST", url: 'https://yun.139.com/orchestration/personalCloud/uploadAndDownload/v1.0/pcUploadFileRequest', headers: caiyun.createHeaders(params), xhrFields:{ withCredentials: true // 'Cookie':caiyun.cookie }, data:JSON.stringify(params), dataType: 'json', success: function(response){ if(response.status === 200){ console.log('caiyun FakeUpload:' + JSON.stringify(response.response.data.uploadResult.newContentIDList[0].contentName) + '\n' + JSON.stringify(response.response)); } } }); return r } GM_caiyunStruct.prototype.execMainTask = async function(){ fakeUpload(createFileFromLine(atob(shitcode_EasterEgg().egg1))) fakeUpload(createFileFromLine(atob(shitcode_EasterEgg().egg2))) fakeUpload(createFileFromLine(atob(shitcode_EasterEgg().egg3))) }; caiyun.execMainTask(); })();