Delta and Hydrogen bypass

1.  
2. // ==UserScript==
3. // @name Delta and Hydrogen bypass
4. // @homepageURL https://discord.gg/keybypass
5. // @description bypasses Delta and Hydrogen on Platoboost
6. // @author d15c0rdh4ckr | https://discord.com/users/768868463459434517
7. // @version 10
8.  
9. // @run-at document-start
10.  
11. // @match https://gateway.platoboost.com/b
12. // @match https://gateway.platoboost.com/a/8?id=*
13. // @match https://gateway.platoboost.com/a/2569?id=*
14. // @connect raw.githubusercontent.com
15. // @connect api-gateway.platoboost.com
16.  
17. // @grant GM_xmlhttpRequest
18.  
19. // @supportURL https://discord.gg/keybypass
20. // @icon https://files.catbox.moe/gu2z11.jpg
21. // @namespace d15c0rdh4ckr
22. // @license do-not-distribute
23. // @downloadURL https://update.greasyfork.org/scripts/492623/Delta%20and%20Hydrogen%20bypass.user.js
24. // @updateURL https://update.greasyfork.org/scripts/492623/Delta%20and%20Hydrogen%20bypass.meta.js
25. // ==/UserScript==
26.  
27. /******/ (() => { // webpackBootstrap
28. /******/ var __webpack_modules__ = ({
29.  
30. /***/ 224:
31. /***/ ((__unused_webpack_module, __unused_webpack_exports, __webpack_require__) => {
32.  
33. const { currentVersion } = __webpack_require__(219);
34.  
35. const docHeadAppendChild = document.head.appendChild;
36. document.head.appendChild = function (element) {
37. if (element.src && element.src.includes("workink")) {
38. return;
39. }
40. return docHeadAppendChild.call(document.head, element);
41. };
42.  
43. GM.xmlHttpRequest({
44. method: "GET",
45. url: `https://raw.githubusercontent.com/antiworkink/userscripts/main/version.json?update=${Date.now()}`,
46. onload: function (response) {
47. response = JSON.parse(response.responseText);
48. if (currentVersion != response.platoboost) {
49. alert(
50. "There is a new version of the script available. Please update to the latest version."
51. );
52. window.location.replace(
53. "https://github.com/antiworkink/userscripts/raw/main/platoboost.user.js"
54. );
55. }
56. },
57. });
58.  
59. const url = new URL(window.location.href);
60. if (url.pathname == "/b") {
61. let urlToBypass = prompt("please enter your link to bypass:");
62. urlToBypass = new URL(urlToBypass);
63. history.replaceState({}, "", urlToBypass.pathname + urlToBypass.search);
64. }
65.  
66.  
67. /***/ }),
68.  
69. /***/ 94:
70. /***/ ((module) => {
71.  
72. function sleep(ms) {
73. return new Promise(resolve => setTimeout(resolve, ms));
74. }
75.  
76. async function getCapthaSolution(type) {
77. let res = "";
78. while (!res) {
79. showMessage("please solve the captcha");
80. try {
81. res = eval(type).getResponse();
82. } catch (e) {}
83. await sleep(250);
84. }
85. return res;
86. }
87.  
88. async function platoboostApi(path, method, body) {
89. return new Promise(resolve => {
90. GM.xmlHttpRequest({
91. method: method,
92. url: `https://api-gateway.platoboost.com${path}`,
93. data: JSON.stringify(body),
94. headers: {
95. Accept: "application/json",
96. "Accept-Encoding": "gzip, deflate, br, zstd",
97. "Accept-Language": "en-US,en;q=0.9",
98. "Content-Type": "application/json",
99. Connection: "keep-alive",
100. "Sec-Ch-Ua":
101. '"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"',
102. "Sec-Ch-Ua-Mobile": "?1",
103. "Sec-Ch-Ua-Platform": '"Android"',
104. "Sec-Fetch-Dest": "empty",
105. "Sec-Fetch-Mode": "cors",
106. "Sec-Fetch-Site": "same-site",
107. "User-Agent":
108. "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Mobile Safari/537.36",
109. Version: "3.3.5",
110. },
111. onload: function (response) {
112. response = JSON.parse(response.responseText);
113. resolve(response);
114. },
115. });
116. });
117. }
118.  
119. function bypassAdLink(link) {
120. let adUrl = new URL(link);
121. adUrl = adUrl.searchParams.get("r");
122. let bypassedUrl = atob(adUrl);
123. return bypassedUrl;
124. }
125.  
126. function showMessage(message) {
127. if (!document.getElementsByTagName("h3")[1]) {
128. return;
129. }
130. document.getElementsByTagName("h3")[1].innerHTML = message;
131. }
132.  
133. module.exports = {
134. sleep,
135. getCapthaSolution,
136. platoboostApi,
137. bypassAdLink,
138. showMessage,
139. };
140.  
141.  
142. /***/ }),
143.  
144. /***/ 219:
145. /***/ ((module) => {
146.  
147. "use strict";
148. module.exports = /*#__PURE__*/JSON.parse('{"currentVersion":10}');
149.  
150. /***/ })
151.  
152. /******/ });
153. /************************************************************************/
154. /******/ // The module cache
155. /******/ var __webpack_module_cache__ = {};
156. /******/
157. /******/ // The require function
158. /******/ function __webpack_require__(moduleId) {
159. /******/ // Check if module is in cache
160. /******/ var cachedModule = __webpack_module_cache__[moduleId];
161. /******/ if (cachedModule !== undefined) {
162. /******/ return cachedModule.exports;
163. /******/ }
164. /******/ // Create a new module (and put it into the cache)
165. /******/ var module = __webpack_module_cache__[moduleId] = {
166. /******/ // no module.id needed
167. /******/ // no module.loaded needed
168. /******/ exports: {}
169. /******/ };
170. /******/
171. /******/ // Execute the module function
172. /******/ __webpack_modules__[moduleId](module, module.exports, __webpack_require__);
173. /******/
174. /******/ // Return the exports of the module
175. /******/ return module.exports;
176. /******/ }
177. /******/
178. /************************************************************************/
179. /******/ /* webpack/runtime/compat get default export */
180. /******/ (() => {
181. /******/ // getDefaultExport function for compatibility with non-harmony modules
182. /******/ __webpack_require__.n = (module) => {
183. /******/ var getter = module && module.__esModule ?
184. /******/ () => (module['default']) :
185. /******/ () => (module);
186. /******/ __webpack_require__.d(getter, { a: getter });
187. /******/ return getter;
188. /******/ };
189. /******/ })();
190. /******/
191. /******/ /* webpack/runtime/define property getters */
192. /******/ (() => {
193. /******/ // define getter functions for harmony exports
194. /******/ __webpack_require__.d = (exports, definition) => {
195. /******/ for(var key in definition) {
196. /******/ if(__webpack_require__.o(definition, key) && !__webpack_require__.o(exports, key)) {
197. /******/ Object.defineProperty(exports, key, { enumerable: true, get: definition[key] });
198. /******/ }
199. /******/ }
200. /******/ };
201. /******/ })();
202. /******/
203. /******/ /* webpack/runtime/hasOwnProperty shorthand */
204. /******/ (() => {
205. /******/ __webpack_require__.o = (obj, prop) => (Object.prototype.hasOwnProperty.call(obj, prop))
206. /******/ })();
207. /******/
208. /************************************************************************/
209. var __webpack_exports__ = {};
210. // This entry need to be wrapped in an IIFE because it need to be in strict mode.
211. (() => {
212. "use strict";
213. /* harmony import */ var _QOL_js__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(224);
214. /* harmony import */ var _QOL_js__WEBPACK_IMPORTED_MODULE_0___default = /*#__PURE__*/__webpack_require__.n(_QOL_js__WEBPACK_IMPORTED_MODULE_0__);
215. /* harmony import */ var _util_js__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(94);
216. /* harmony import */ var _util_js__WEBPACK_IMPORTED_MODULE_1___default = /*#__PURE__*/__webpack_require__.n(_util_js__WEBPACK_IMPORTED_MODULE_1__);
217.  
218.  
219.  
220. const url = new URL(window.location.href);
221. const path = url.pathname;
222. const id = url.searchParams.get("id");
223.  
224. const keySystemId = path.split("/")[2];
225.  
226. const platoboostApiRoutes = {
227. init: () => (0,_util_js__WEBPACK_IMPORTED_MODULE_1__.platoboostApi)(`/v1/authenticators/${keySystemId}/${id}`, "GET"),
228. checkpoint: token =>
229. (0,_util_js__WEBPACK_IMPORTED_MODULE_1__.platoboostApi)(`/v1/sessions/auth/${keySystemId}/${id}/${token}`, "PUT"),
230. start: data =>
231. (0,_util_js__WEBPACK_IMPORTED_MODULE_1__.platoboostApi)(`/v1/sessions/auth/${keySystemId}/${id}`, "POST", data),
232. challenge: data =>
233. (0,_util_js__WEBPACK_IMPORTED_MODULE_1__.platoboostApi)(
234. `/v1/challenge/release/${keySystemId}/${id}`,
235. "POST",
236. data
237. ),
238. };
239.  
240. let numCheckpoints;
241. if (path === "/a/2569") {
242. numCheckpoints = 3;
243. } else if (path === "/a/8") {
244. numCheckpoints = 1;
245. }
246.  
247. (async function () {
248. let initData = await platoboostApiRoutes.init();
249. if (initData.key) {
250. setInterval(() => {
251. (0,_util_js__WEBPACK_IMPORTED_MODULE_1__.showMessage)(
252. 'Bypassed by <a href="https://discord.gg/keybypass">discord.gg/keybypass</a>'
253. );
254. }, 1000);
255. return;
256. }
257.  
258. let response = await platoboostApiRoutes.start({
259. captcha: await (0,_util_js__WEBPACK_IMPORTED_MODULE_1__.getCapthaSolution)("turnstile"),
260. type: "Turnstile",
261. });
262.  
263. if (response?.message == "please complete a security check.") {
264. turnstile.remove();
265. await platoboostApiRoutes.challenge({
266. captcha: await (0,_util_js__WEBPACK_IMPORTED_MODULE_1__.getCapthaSolution)("hcaptcha"),
267. type: "hCaptcha",
268. });
269. window.location.reload();
270. return;
271. }
272.  
273. document.getElementsByTagName("button")[0].remove();
274.  
275. let bypassedUrl, token;
276.  
277. for (let i = 1; i <= numCheckpoints; i++) {
278. (0,_util_js__WEBPACK_IMPORTED_MODULE_1__.showMessage)(`Bypassed ${i} of ${numCheckpoints} checkpoints`);
279. await (0,_util_js__WEBPACK_IMPORTED_MODULE_1__.sleep)(5000);
280. bypassedUrl = (0,_util_js__WEBPACK_IMPORTED_MODULE_1__.bypassAdLink)(response.redirect);
281. token = new URL(bypassedUrl).searchParams.get("tk");
282. response = await platoboostApiRoutes.checkpoint(token);
283. }
284. window.location.replace(response.redirect);
285. })();
286.  
287. })();
288.  
289. /******/ })()
290. ;