>>4https://smitop.com/post/reddit-whiteops/Reddit’s source code uses bundling and minification, but I was able to infer that in ./src/reddit/index.tsx, a script was conditionally loaded into the page.
main.js does a bunch of other interesting things, but there’s so many that I’ve written a whole seperate blog post about all of the ones I found. Here are some highlights:
Contains what appears to be a Javascript engine JIT exploit/bug, "haha jit go brrrrr" appears in a part of the code that appears to be doing something weird with math operations.
Has an obfuscated reference to res://ieframe.dll/acr.js, which can be used to exploit old Internet Explorer versions (I think)
Many checks for various global variables and other indicators of headless and automated browsers.
Sends data to vprza.com and minkatu.com.
Checks if devtools is open
Detects installed text to speech voices
Checks if browsers have floating point errors when rounding 0.49999999999999994 and 2^52
Detects if some Chrome extensions are installed
Checks if function bodies that are implemented in the browser contain [native code] when stringified
it get’s kinda meta, it checks if toString itself is implemented in native code (although it doesn’t go any levels deeper than data)
Checks for Apple Pay support
