CrackedShell is a modified copy of Shell Shockers that allows you to inject mods into the game.
This works with a combination of a server-side "proxy" & URL params.

We do not offer any pre-deployed version at this time.
Here's how to set up your own copy:

1. Install Node.JS, NPM, & git.
2. Clone the repository from git: git clone https://github.com/VillainsRule/CrackedShell && cd CrackedShell
3. If it is not already on your machine, add PNPM: npm i -g pnpm
4. Install dependencies: pnpm i
5. Configure the game in config.js (see the Configuration section for more information)
6. Run the server: pnpm dev
7. Visit the game at localhost:6900!

If you want a public instance, try this:

1. Install ngrok.
2. Run ngrok http {{port here}} (example: ngrok http 6900) in another terminal.
3. Ngrok should input a URL you can visit on any device.

WARNING: THIS URL CONTAINS YOUR IP ADDRESS. Be careful who you give this to.

Local CrackedShell instances can be configued in config.js. Here's what's going on in there:

This tells the server what port to run on.
If you're a developer and are using port 6900 for something else, change this. If not, ignore it.

This specifies allowed script origins in the cache.
This prevents your server/computer from being IP logged from malicious scripts put in the /mod page.
If you don't care about your privacy, you can add the * script to disable this entirely.

Note: the default scripts are ALL trusted raw script sources that will not attack your computer.

This allows you to customize the Shell Shockers server host.

This specifies the URL of the server. You're best off using an official Shell Shockers instance such as shellshock.io.
If hosting locally, use localhost:port.

This specifies whether or not the server is secure (wss:// or ws://).
For official servers, set this to true. For locally hosted servers, set it to false.

This is a boolean that helps you make connect custom servers.
Keep this as false unless instructed to by the server provider.

If you are the host of a CrackedShell instance, you can force files to be replaced.
Here's how:

1. Make a folder named replacements/ in the root CrackedShell folder.
2. Encode the file name in Base64 and then put it in replacements/. Do NOT add extensions.
3. Add the contents to replace into the file!

The server will replace the file when sending server data!

Hey, fellow Developers! Here's a bit of information on turning your Tampermonkey script into a CrackedShell script!

CrackedShell supports a few GM values & defines them no matter what:

• GM_getValue (using localStorage.getItem)
• GM_setValue (using localStorage.setItem)
• GM_deleteValue (using localStorage.removeItem)
• GM_listValues (using localStorage)
• GM_setClipboard (using navigator.clipboard.writeText)

If you need a GM value that isn't defined here, add a workaround or open a pull request!
These values are not exposed to the window, so don't worry about being detected!

In order to fix WebSocket issues, shellshock.js is modified on the server. Here's the list of patches:

['||location.host,', '||\'risenegg.com\','], // replace /matchmaker/ socket
['${location.hostname}', 'risenegg.com'], // replace /services/ socket
['dynamicContentRoot+', `"risenegg.com"+`], // replace /services/ socket
['window.location.hostname', '"risenegg.com"'], // replace /game/ socket
['isHttps()', 'true'] // fix socket http issues

This would prioritize anything done with injected scripts.
If you want an original copy of the Shell Shockers JS script before it's modified, you can fetch /js/shellshock.og.js.
Do NOT use this to replace script injection. It will cause WebSocket errors - the modified code is shown above.

You can detect CrackedShell clients with a isCrackedShell boolean on the scope of your script.
Like the GM modifications, this is undetectable.

The cache is a way we store large masses of code.
Storing them locally and removing the fetching requirement speeds up script injection.
In order to prevent the server IP from being logged, we only allow the following script sources:

• https://raw.githack.com
• https://raw.githubusercontent.com
• https://gist.githubusercontent.com
• https://pastebin.com/raw
• https://cdn.jsdelivr.net/npm
• https://cdnjs.cloudflare.com/ajax/libs

You can add or remove these in the config.

Not all information is contained in these docs.
If you want to learn more, read the codebase - it's a small number of files with simplistic & modern code.