parse_token returns wrong ajax token

[Lohorunk]

may be related to #75 (comment)

(i dont think ajax tokens are sensitive info but will censor them anyway)

I noticed in the dev console that the ajax token used by aternos did not match the one given by the library
LGuu**************** < used by aternos website
TBsn**************** < used by the library

I deobfuscated the js function by hand to try and understand how it works

(() => /*window["AJAX_TOKEN"]="TBsn****************"}*/{window[["XAJA","OT_","K","NE"].map(s => s.split('').reverse().join('')).join('')]=!(window[["Map"].reverse().join('')]["prototype"]&&window[["cod","emu","tn"].map(s => s.split('').reverse().join('')).join('')]&&window[["nemucod","t"].map(s => s.split('').reverse().join('')).join('')][("getEleme" + "ntB" + "yId")]&&window[["oemiTtes","tu"].map(s => s.split('').reverse().join('')).join('')])?"TBsn****************":"LGuu****************";})();

// -->
(() => {
    window['AJAX_TOKEN'] = !(window["Map"]["prototype"] && window["document"] 
    && window["document"]["getElementById"] 
    && window["setTimeout"]) ? "TBsn****************" : "LGuu****************";
})();

// -->
(() => {
    window['AJAX_TOKEN'] = !true ? "TBsn****************" : "LGuu****************";
})();

And yeah it just sets the AJAX_TOKEN to LGuu**************** its all determined by the !

i tested and the to_ecma5 dosent seem to be the thing causing the error.
If a had to guess its probably the ctx.execute('window.document = { };') and the others that are causing the problem.

[DarkCat09]

@hiikion,

Thank you very much!
I think that's how Aternos detects library requests.

Fix: execute document.getElementById = function(_a) { }; before executing the code.

[Lohorunk]

#86 I tested the fix works

[DarkCat09]

I've checked token parser using tests/js_samples.py now. Every sample was processed incorrectly.

[DarkCat09]

Oh, that's because of document.doctype property.

[DarkCat09]

I think the most efficient solution is to create the accurate copy of window and document objects from Firefox DevTools, but there are too many properties and methods.
Maybe I'll write a script for checking AJAX_TOKEN every day and finding usage of properties not implemented in python-aternos.

[DarkCat09]

Temporarily fixed

[DarkCat09]

That happened again: Aternos added document.currentScript. Fixed in v3.0.3

[DarkCat09]

document.prepend, fixed in 3.0.4

[pythoncat1]

Is the cause known?

[DarkCat09]

@pythoncat1, yes. Please, read the conversation above.

[pythoncat1]

So I imagine #85 (comment) must be done?