我匆忙运行了下面的脚本,现在我担心我的笔记本电脑被入侵了。我该如何确认我的数据是好的?
他们能从中获得什么数据?有人能帮助我吗?
警告::请不要执行以下行:
我执行了:powershell iex (irm 'https://hotgames[dot]gg/genshin/get_wish_url.ps1')
答案1
据我所知,此脚本不会对您的计算机进行任何更改。它会尝试从原神日志文件和/或其嵌入式浏览器的缓存存储。
它也不会在其他地方上传任何信息。
你已经意识到,你不应该只是运行来自互联网的脚本。相反,你应该下载它并仔细检查其内容:它是否被混淆了,或者你不理解它100%? 不要运行它。如果它似乎做出与其声明目的无关的更改,也不要运行它。如果它将数据上传到某处,…
仅运行您自己编写的脚本(给予足够的时间和研究)或来自可信来源(Microsoft、您的雇主等)的脚本。
无法可靠地确定系统是否干净。一旦您失去信心,请检查如何从我的电脑中删除恶意间谍软件、恶意软件、广告软件、病毒、木马或 rootkit?典型问题。
这是我下载 URL 时得到的脚本:
# script version 0.11
# author: jogerj
function processWishUrl($wishUrl) {
# check validity
if ($wishUrl -match "https:\/\/webstatic") {
if ($wishUrl -match "hk4e_global") {
$checkUrl = $wishUrl -replace "https:\/\/webstatic.+html\?", "https://hk4e-api-os.mihoyo.com/event/gacha_info/api/getGachaLog?"
} else {
$checkUrl = $wishUrl -replace "https:\/\/webstatic.+html\?", "https://hk4e-api.mihoyo.com/event/gacha_info/api/getGachaLog?"
}
$urlResponseMessage = Invoke-RestMethod -URI $checkUrl | % {$_.message}
} else {
$urlResponseMessage = Invoke-RestMethod -URI $wishUrl | % {$_.message}
}
if ($urlResponseMessage -ne "OK") {
Write-Host "Link found is expired/invalid! Open Wish History again to fetch a new link" -ForegroundColor Yellow
return $False
}
# OK
Write-Host $wishURL
Set-Clipboard -Value $wishURL
Write-Host "Link copied to clipboard, paste it back to paimon.moe" -ForegroundColor Green
return $True
}
$logPathGlobal = [System.Environment]::ExpandEnvironmentVariables("%userprofile%\AppData\LocalLow\miHoYo\Genshin Impact\output_log.txt");
$logPathChina = [System.Environment]::ExpandEnvironmentVariables("%userprofile%\AppData\LocalLow\miHoYo\$([char]0x539f)$([char]0x795e)\output_log.txt");
$globalExists = Test-Path $logPathGlobal;
$cnExists = Test-Path $logPathChina;
if ($globalExists) {
if ($cnExists) {
# both exists, pick newest one
if ((Get-Item $logPathGlobal).LastWriteTime -ge (Get-Item $logPathChina).LastWriteTime) {
$logPath = $logPathGlobal;
} else {
$logPath = $logPathChina;
}
} else {
$logPath = $logPathGlobal;
}
} else {
if ($cnExists) {
$logPath = $logPathChina;
} else {
Write-Host "Cannot find Genshin Impact log file! Make sure to run Genshin Impact and open the wish history at least once!" -ForegroundColor Red
if (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
Write-Host "Do you want to try to run the script as Administrator? Press [ENTER] to continue, or any key to cancel."
$keyInput = [Console]::ReadKey($true).Key
if ($keyInput -ne "13") {
return
}
$arguments = "& '" +$myinvocation.mycommand.definition + "'"
Start-Process powershell -Verb runAs -ArgumentList "-noexit $arguments $reg"
break
}
return
}
}
$logs = Get-Content -Path $logPath
$regexPattern = "(?m).:/.+(GenshinImpact_Data|YuanShen_Data)"
$logMatch = $logs -match $regexPattern
if (-Not $logMatch) {
Write-Host "Cannot find Genshin Impact path in log file! Make sure to run Genshin Impact and open the wish history at least once!" -ForegroundColor Red
pause
return
}
$gameDataPath = ($logMatch | Select -Last 1) -match $regexPattern
$gameDataPath = Resolve-Path $Matches[0]
# Method 1
$cachePath = "$gameDataPath\\webCaches\\2.15.0.0\\Cache\\Cache_Data\\data_2"
if (Test-Path $cachePath) {
$tmpFile = "$env:TEMP/ch_data_2"
Copy-Item $cachePath -Destination $tmpFile
$content = Get-Content -Encoding UTF8 -Raw $tmpfile
$splitted = $content -split "1/0/" | Select -Last 1
$found = $splitted -match "https.+?game_biz=hk4e_(global|cn)"
Remove-Item $tmpFile
if ($found) {
$wishUrl = $Matches[0]
if (processWishUrl $wishUrl) {
return
}
}
Write-Host "Retrying using fallback method..." -ForegroundColor Red
}
# Method 2 (Credits to PrimeCicada for finding this path)
$cachePath = "$gameDataPath\\webCaches\\2.15.0.0\\Service Worker\\CacheStorage\\f944a42103e2b9f8d6ee266c44da97452cde8a7c"
if (Test-Path $cachePath) {
Write-Host "Using Fallback Method (SW)" -ForegroundColor Yellow
$cacheFolder = Get-ChildItem $cachePath | sort -Property LastWriteTime -Descending | select -First 1
$content = Get-Content "$($cacheFolder.FullName)\\00d9a0f4d2a83ce0_0" | Select-String -Pattern "https.*#/log"
$logEntry = $content[0].ToString()
$wishUrl = $logEntry -match "https.*#/log"
if ($wishUrl) {
$wishUrl = $Matches[0]
if (processWishUrl $wishUrl) {
return
}
}
Write-Host "Fallback Method (SW) failed to find wish history URL! Retrying using second fallback method..." -ForegroundColor Red
}
# Method 3
Write-Host "Using Fallback method (CCV)" -ForegroundColor Yellow
$cachePath = "$gameDataPath\\webCaches\\2.15.0.0\\Cache\\Cache_Data"
$tempPath = mkdir "$env:TEMP\\paimonmoe" -Force
# downloads ChromeCacheView
Invoke-WebRequest -Uri "https://www.nirsoft.net/utils/chromecacheview.zip" -OutFile "$tempPath\\chromecacheview.zip"
Expand-Archive "$tempPath\\chromecacheview.zip" -DestinationPath "$tempPath\\chromecacheviewer" -Force
& "$tempPath\chromecacheviewer\\ChromeCacheView.exe" -folder $cachePath /scomma "$tempPath\\cache_data.csv"
# processing cache takes a while
while (!(Test-Path "$tempPath\\cache_data.csv")) { Start-Sleep 1 }
$wishLog = Import-Csv "$tempPath\\cache_data.csv" | select "Last Accessed", "URL" | ? URL -like "*event/gacha_info/api/getGachaLog*" | Sort-Object -Descending { $_."Last Accessed" -as [datetime] } | select -first 1
$wishUrl = $wishLog | % {$_.URL.Substring(4)}
# clean up
Remove-Item -Recurse -Force $tempPath
if ($wishUrl) {
if (processWishUrl $wishUrl) {
return
}
}
Write-Host "Link not found! Make sure Genshin Impact is installed and open Wish History page at least once." -ForegroundColor Red
pause