CrackedShell allows you to self-host and configure Shell Shockers - all while playing on official servers!
Features:
- Script Injection
- Theme Injection
- Client + Server Customization
- Fully Open Source!
You can try a demo @ shell.onlypuppy7.online.
Here's how to set up your own deployment:
- Install Bun & git.
- Clone the repository (
git clone https://github.com/VillainsRule/CrackedShell && cd CrackedShell). - Configure the server in your local config.ts file.
- Run the server using bun (
bun .). - Play CrackedShell at
localhost:6900!
Note
You don't need to run bun i or install any dependencies, as Bun provides everything out of the box.
If you are developing, it might be useful to run this in order to get type annotation in your editor.
CrackedShell works in a somewhat similar way to Tampermonkey in terms of scripting, and supports many of the GM values and offers alternatives for other ones.
- GM.addElement: use insertAdjacentHTML or normal selectors.
- GM.addStyle: use a style tag.
- GM.download: there are lots of tutorials online (check StackOverflow).
- GM.log: use console.log, stop being lazy.
- GM.notification: use the notification API.
- GM.openInTab: use the window opening API.
- GM.setClipboard: use the clipboard API.
- GM.setValue: use the localStorage API.
- GM.getValue: use the localStorage API.
- GM.deleteValue: use the localStorage API.
- GM.listValues: use the localStorage API.
- GM.setValues: use the localStorage API.
- GM.getValues: use the localStorage API.
- GM.deleteValues: use the localStorage API.
- GM_addValueChangeListener: use the above localStorage API & setInterval at a low value.
- GM_removeValueChangeListener: use clearInterval on the previously set interval.
- GM_xmlhttpRequest: use the XMLHttpRequest API.
- GM_cookie: use the cookie API.
- window.onurlchange: use the popstate event.
This value can be achieved (likely normally) using the native close() function, due to how CrackedShell opens the tab. You might want to wrap this in a catch block and use the $INSTANCE variable to instead close the page. Here's an example:
function closePage() {
try {
window.close();
} catch {
window.$INSTANCE.close();
}
}The $INSTANCE variable is a reference to the parent CrackedShell launcher. Note that if the launcher is closed, this will error.
- GM_getResourceText: this is specific to Tampermonkey meta unused by CrackedShell.
- GM_getResourceURL: this is specific to Tampermonkey meta unused by CrackedShell.
- GM_info: this is specific to Tampermonkey meta unused by CrackedShell.
- GM_registerMenuCommand: the browser cannot do this in a website.
- GM_unregisterMenuCommand: the browser cannot do this in a website.
- GM_getTab: the browser cannot do this in a website.
- GM_saveTab: the browser cannot do this in a website.
- GM_getTabs: the browser cannot do this in a website.
- GM_webRequest: the browser cannot do this in a website.
- window.focus: window.focus() might work, or fail due to browser privacy settings.
Since v2, GM.* APIs are no longer built in. Define them yourself.
Note
Patch finds & replacements are in patches.ts.
To fix WebSocket issues, the WebSocket object is patched.
These patches obviously modify the original shellshock.js as fetched by the game. If you want an original copy of the Shell Shockers JS script pre-patches, you can fetch /js/shellshock.og.js.
You can detect CrackedShell clients versus a normal client by checking the existence of a global $INSTANCE variable. Renaming, reusing, or otherwise deleting this variable will result in CrackedShell not functioning properly.
The server cache stores all of the files of Shell Shockers locally after fetch. This cache can be cleared by stopping and starting CrackedShell. I recommend you have a program do this every couple hours anyways, as restarting is harmless and doesn't end any WebSocket connections since these don't go through CrackedShell.
The server protects itself from malicious injected scripts that might point to an IP logger, to help keep the server's IP safe. If you develop a script and test it on an instance, ensure the script's host is whitelisted in config.ts. If you do not own the instance, ask the instance owner. The default souces can be found in config.ts. Fetchables do not in any way guarantee that there is no malware in any scripts/dependencies. The purpose of this whitelist is to protect the server, not the users.
You can import things using the Tampermonkey @require system. This works the same in terms of cross-compatibility. All dependencies must be part of the "Fetchables" list, so it is recommended to import your libraries using one of the default allowed CDNs or a raw Github link.
