Javascript Question

[ds062692 19]

I want to incorporate a javascript script I found online. I found a specific piece of javascript code that works with the script and it works perfect when I run it in a browser, but everything I tried in Ubot does not work. I tried both eval and run javascript and tried using the few javascript posts on the forum as templates but with no success.

 

How do you use a script that is hosted online? And should I use Eval or Run Javascript?

 

Thanks

[brusacco 20]

Samples? ... Your questions is a very wide one ...

[UBotDev 276]

I want to incorporate a javascript script I found online. I found a specific piece of javascript code that works with the script and it works perfect when I run it in a browser, but everything I tried in Ubot does not work. I tried both eval and run javascript and tried using the few javascript posts on the forum as templates but with no success.

 

How do you use a script that is hosted online? And should I use Eval or Run Javascript?

 

Thanks

You can use either, $eval or "run javascript", the difference is that $eval will return value.

 

For script hosted online use "$read file" function.

[ds062692 19]

I have got it working a different way by using document.write('<script src="*.js"></script>'); inside of the $eval at the top but the problem now is that it works once or once every couple of times and than instead of returning the result it either does nothing or outputs <script src="*.js"></script>. How would I go about using the read file function? Any help will be appreciated. 

 

Here is the code.

$eval("document.write(\'<script src=\"http://crypto-js.googlecode.com/svn/tags/3.0.2/build/rollups/hmac-sha256.js\"></script>\');
document.write(\'<script src=\"http://crypto-js.googlecode.com/svn/tags/3.0.2/build/components/enc-base64.js\"></script>\');

var key = \"{#key}\";
var parameters = \"{#string}\";

var test_string = \"GET\\n\" + \"webservices.amazon.com\\n\" + \"/onca/xml\\n\" + parameters;

var signature2 = CryptoJS.HmacSHA256(test_string, key);
	
signature2.toString(CryptoJS.enc.Base64)

Thanks

Edited October 14, 2013 by ds062692

[UBotDev 276]

You can use "$read file" to "download" external scripts as I already said, then you use "run script"/"eval" to load the library that you read.

 

Here is an example that was tested and working:

set(#key, "key", "Global")
set(#string, "sring", "Global")
set(#SCRIPT, $read file("http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/hmac-sha256.js"), "Global")
run javascript(#SCRIPT)
set(#HASH, $eval("var hash = CryptoJS.HmacSHA256(\"{#string}\", \"{#key}\").toString();
hash;"), "Global")

I think that "run javascript" function and "$read file" command are more reliable than using document.write.

 

Also, you can hardcode script to #SCRIPT variable so bot won't need to download that script every time.

[Bot-Factory 602]

Thanks guys for this idea,

 

I just tried to change this to aes ancryption. 

Encryption works fine. But for some odd reason I can not decrypt it.

 

 

My javascript skills are very limited... So there is probably something wrong here:

set(#key, "test", "Global")
set(#string, "hallo", "Global")
set(#SCRIPT, $read file("http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/aes.js"), "Global")
navigate("http://www.google.de", "Wait")
run javascript(#SCRIPT)
set(#encrypt, $eval("var hash = CryptoJS.AES.encrypt(\"{#string}\", \"{#key}\").toString();hash;"), "Global")
set(#decrypt, $eval("var hash2 = CryptoJS.AES.decrypt(\"{#encrypt}\", \"{#key}\").toString();hash;"), "Global")

 

Also tried:

set(#decrypt, $eval("var hash2 = CryptoJS.AES.decrypt(\"{#encrypt}\", \"{#key}\").toString();hash2;"), "Global")

 

Would be great if someone has an idea.

 

Thanks

Dan

[UBotDev 276]

To print the result and make it available to variable you need to "echo" it at the end by adding this:

hash2;

to your decrypt $eval function. Similar to "hash".

[Bot-Factory 602]

I tired it with:

set(#decrypt, $eval("var hash2 = CryptoJS.AES.decrypt(\"{#encrypt}\", \"{#key}\").toString();hash2;"), "Global")

 

 

Is that what you mean? Because that's not working either. 

It bringst a result, but it's not the correct result.

 

Dan

[UBotDev 276]

 

I tired it with:

set(#decrypt, $eval("var hash2 = CryptoJS.AES.decrypt(\"{#encrypt}\", \"{#key}\").toString();hash2;"), "Global")

 

 

Is that what you mean? Because that's not working either. 

It bringst a result, but it's not the correct result.

 

Dan

 

Yes, that's what I meant. If the result is not correct you need to look into the library you are using, since UBot part works OK.

[Bot-Factory 602]

 

 

Ok, I found my error:

 

set(#decrypt, $eval("var hash2 = CryptoJS.AES.decrypt(\"{#encrypt}\", \"{#key}\").toString(CryptoJS.enc.Utf8);hash2;"), "Global")

 

 

CryptoJS.enc.Utf8

was the missing thing.

 

 

So here's the complete script:

set(#key, "meingeheimerkey", "Global")

set(#string, "hallo ubot test", "Global")

set(#SCRIPT, $read file("http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/aes.js"), "Global")

navigate("http://www.google.com", "Wait")

run javascript(#SCRIPT)

set(#encrypt, $eval("var hash = CryptoJS.AES.encrypt(\"{#string}\", \"{#key}\").toString();hash;"), "Global")

set(#decrypt, $eval("var hash2 = CryptoJS.AES.decrypt(\"{#encrypt}\", \"{#key}\").toString(CryptoJS.enc.Utf8);hash2;"), "Global")

 

You can test the decryption here:

http://jsfiddle.net/G5RWa/

 

Just change the variables a little bit:

// Replace this with user input (only user should know the passphrase which can be used to decrypt the message)
var passphrase = 'meingeheimerkey';

// Some content that we want to crypt
var content = 'Hallo Test';

// Use CryptoJS.AES to encrypt content using AES (Advanced Encryption Standard)
// var encryptedContent = CryptoJS.AES.encrypt(content, passphrase);
var encryptedContent = 'U2FsdGVkX1+bPVf7VpUzY/PXo9RBQJZEYyqDjmlBJuY=';

// Use CryptoJS.AES also to decrypt content
var decryptedContent = CryptoJS.AES.decrypt(encryptedContent, passphrase).toString(CryptoJS.enc.Utf8);

// Test decrypting the content using wrong passphrase
var wrongPassphrase = 'wrong-passphrase-here-results-an-empty-string';
var failedToDecryptContent = CryptoJS.AES.decrypt(encryptedContent, wrongPassphrase).toString(CryptoJS.enc.Utf8);

// And display some test cases so we can see whether encryption works
$('#info').append('<b>Original content:</b><br />' + content + '<br /><br />');
$('#info').append('<b>Encrypted content:</b><br />' + encryptedContent + '<br /><br />');

// Decrypted message using correct passphrase
$('#info').append('<b style="color: #3b0;">Decrypted content using correct passphrase:</b><br />' + decryptedContent + '<br /><br />');

// Decrypt message using wrong passphrase
$('#info').append('<b style="color: #d00;">Decrypted content using wrong passphrase:</b><br />' + failedToDecryptContent + '<br /><br />');

The only thing that is a little bit strange in ubot is the fact that I need to navigate to a site between Set(#script... and run javascript.

If someone has an idea how that could be avoided?.

 

Dan

Edited February 9, 2014 by dan

[UBotDev 276]

 The only thing that is a little bit strange in ubot is the fact that I need to navigate to a site between Set(#script... and run javascript.

If someone has an idea how that could be avoided?.

You have 2 options to avoid that:

1.) Hardcode the library so it's not downloaded every time

2.) Execute "$read file" in a new browser

 

I think it happens because you are downloading the library...it also happens with regular download.

[Bot-Factory 602]

As UBotDev suggested, I hard-coded the JS into my bot. 

 

Here's an example:

http://www.ubotstudio.com/forum/index.php?/topic/16076-free-google-cryptjs-aes-encryption-decryption/

 

Cheers

Dan