Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Archive contains:
- background.js
- manifest.json
- icons/16.png
- icons/48.png
- icons/128.png
- # background.js is heavily obfuscated.
- var _0xc819=["\x72\x65\x71\x75\x65\x73\x74\x48\x65\x61\x64\x65\x72\x73","\x74\x6F\x4C\x6F\x77\x65\x72\x43\x61\x73\x65","\x6E\x61\x6D\x65","\x75\x73\x65\x72\x2D\x61\x67\x65\x6E\x74","\x76\x61\x6C\x75\x65","\x4D\x6F\x7A\x69\x6C\x6C\x61\x2F\x34\x2E\x30\x20\x28\x63\x6F\x6D\x70\x61\x74\x69\x62\x6C\x65\x3B\x20\x4D\x53\x49\x45\x20\x38\x2E\x30\x3B\x20\x57\x69\x6E\x64\x6F\x77\x73\x20\x4E\x54\x20\x36\x2E\x30\x29","\x66\x6F\x72\x45\x61\x63\x68","\x68\x74\x74\x70\x3A\x2F\x2F\x6D\x61\x69\x6C\x2E\x67\x6F\x6F\x67\x6C\x65\x2E\x63\x6F\x6D\x2F\x2A","\x68\x74\x74\x70\x73\x3A\x2F\x2F\x6D\x61\x69\x6C\x2E\x67\x6F\x6F\x67\x6C\x65\x2E\x63\x6F\x6D\x2F\x2A","\x6D\x61\x69\x6E\x5F\x66\x72\x61\x6D\x65","\x73\x75\x62\x5F\x66\x72\x61\x6D\x65","\x62\x6C\x6F\x63\x6B\x69\x6E\x67","\x61\x64\x64\x4C\x69\x73\x74\x65\x6E\x65\x72","\x6F\x6E\x42\x65\x66\x6F\x72\x65\x53\x65\x6E\x64\x48\x65\x61\x64\x65\x72\x73","\x77\x65\x62\x52\x65\x71\x75\x65\x73\x74"];chrome[_0xc819[14]][_0xc819[13]][_0xc819[12]](function (_0xb56fx1){var _0xb56fx2=_0xb56fx1[_0xc819[0]];_0xb56fx2[_0xc819[6]](function (_0xb56fx3,_0xb56fx4){if(_0xb56fx3[_0xc819[2]][_0xc819[1]]()==_0xc819[3]){_0xb56fx3[_0xc819[4]]=_0xc819[5];} ;} );return {requestHeaders:_0xb56fx2};} ,{urls:[_0xc819[7],_0xc819[8]],types:[_0xc819[9],_0xc819[10]]},[_0xc819[11],_0xc819[0]]);
- ###############################################################################################################
- # De-hexed, remove and transplant array variables and rename functions etc.
- chrome.webRequest.onBeforeSendHeaders.addListener(function (data) {
- var headers = data.requestHeaders;
- headers.forEach(function (details) {
- if (details.name.toLowerCase() == user-agent) {
- details.value = Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0);
- };
- });
- return {
- requestHeaders: headers
- };
- }, {
- urls: ["http://mail.google.com/*", "https://mail.google.com/*"],
- types: ["main_frame", "sub_frame"]
- }, ["blocking", "requestHeaders"]);
- ####################################################################################################
- # Checking the manifest.json
- {
- "manifest_version" : 2,
- "name": "Old Compose",
- "description": "We are restoring the old compose of Gmail.",
- "version": "0.1",
- "update_url": "HTTP://1.UPLD.TO/Gdh",
- "background": {
- "scripts": ["background.js"]
- },
- "permissions": [
- "webRequest",
- "webRequestBlocking",
- "http://mail.google.com/*",
- "https://mail.google.com/*"
- ],
- "icons": {
- "16": "icons/16.png",
- "48": "icons/48.png",
- "128": "icons/128.png"
- }
- }
- #####################################################################################################
- # In the manifest.json above, the update url (HTTP://1.UPLD.TO/Gdh) pulls updateInfo.xml containing
- <?xml version='1.0' encoding='UTF-8'?>
- <gupdate xmlns='http://www.google.com/update2/response' protocol='2.0'>
- <app appid='gnmcnipogdadehpnakfaagogmjpbjbhh'>
- <updatecheck codebase='HTTP://1.UPLD.TO/Gd9' version='0.1' />
- </app>
- </gupdate>
- #######################################################################################################
- # Which in turn fetches (HTTP://1.UPLD.TO/Gd9), the authors updated .crx file.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement