function mega_get_file_keys($hash) { preg_match('/\\!(.*?)\\!(.*)/', $hash, $matches); $id = $matches[1]; $key = $matches[2]; $key = base64_to_a32($key); $k = array($key[0] ^ $key[4], $key[1] ^ $key[5], $key[2] ^ $key[6], $key[3] ^ $key[7]); $iv = array_merge(array_slice($key, 4, 2), array(0, 0)); $meta_mac = array_slice($key, 6, 2); return array('id' => $id, 'key' => $key, 'k' => $k, 'iv' => $iv, 'meta_mac' => $meta_mac); }
function getfiles() { global $master_key, $root_id, $inbox_id, $trashbin_id; $files = api_req(array('a' => 'f', 'c' => 1)); foreach ($files->f as $file) { if ($file->t == 0 || $file->t == 1) { $key = substr($file->k, strpos($file->k, ':') + 1); $key = decrypt_key(base64_to_a32($key), $master_key); if ($file->t == 0) { $k = array($key[0] ^ $key[4], $key[1] ^ $key[5], $key[2] ^ $key[6], $key[3] ^ $key[7]); $iv = array_merge(array_slice($key, 4, 2), array(0, 0)); $meta_mac = array_slice($key, 6, 2); } else { $k = $key; } $attributes = base64urldecode($file->a); $attributes = dec_attr($attributes, $k); if ($file->h == 'gldU3Tab') { downloadfile($file, $attributes, $k, $iv, $meta_mac); } } else { if ($file->t == 2) { $root_id = $file->k; } else { if ($file->t == 3) { $inbox_id = $file->k; } else { if ($file->t == 4) { $trashbin_id = $file->k; } } } } } }
die("<strong><font color=red>Not Support Folder</font></strong>"); } if (!preg_match('@!([^!]{8})!([\\w\\-\\,]{43})@i', $url, $fid)) { die("<strong><font color=red>FileID or Key not found at link.</font></strong>"); } else { $sid = ''; $seqno = rand(0, 0xffffffff); $post = array(array('a' => 'g', 'g' => 1, 'p' => $fid[1])); $json = json_encode($post); $data = $this->curl('https://g.api.mega.co.nz/cs?id=' . $seqno++ . ($sid ? '&sid=' . $sid : ''), "", $json, 0, 1); $res = json_decode($data, true); if (isset($res[0]['e'])) { $code = $res[0]['e']; if (is_numeric($code)) { die("<strong><font color=red>File temporarily not available.</font></strong>"); } } if (!isset($res[0]['s']) || !isset($res[0]['at'])) { die(Tools_get::report($Original, "dead")); } $key = base64_to_a32($fid[2]); $k = array($key[0] ^ $key[4], $key[1] ^ $key[5], $key[2] ^ $key[6], $key[3] ^ $key[7]); $iv = array_merge(array_slice($key, 4, 2), array(0, 0)); $meta_mac = array_slice($key, 6, 2); $enc_attributes = base64urldecode($res[0]['at']); $attributes = dec_attr($enc_attributes, $k); $infolink = array('url' => $res[0]['g'], 'size' => $res[0]['s'], 'name' => $attributes->n, 'key' => $key, 'iv' => $iv, 'mac' => $meta_mac); $link = trim($infolink['url']); $filename = $infolink['name']; $filesize = $infolink['size']; }
function SavedLogin($user, $pass) { global $T8, $cookie, $secretkey; if (!defined('DOWNLOAD_DIR')) { global $options; if (substr($options['download_dir'], -1) != '/') { $options['download_dir'] .= '/'; } define('DOWNLOAD_DIR', substr($options['download_dir'], 0, 6) == 'ftp://' ? '' : $options['download_dir']); } $user = strtolower($user); $filename = DOWNLOAD_DIR . basename('mega_ul.php'); if (!file_exists($filename) || filesize($filename) <= 6) { return Login($user, $pass); } $file = file($filename); $savedcookies = unserialize($file[1]); unset($file); $hash = hash('crc32b', $user . ':' . $pass); if (is_array($savedcookies) && array_key_exists($hash, $savedcookies)) { $_secretkey = $secretkey; $secretkey = hash('crc32b', $pass) . sha1($user . ':' . $pass) . hash('crc32b', $user); // A 56 char key should be safer. :D $cookie = decrypt(urldecode($savedcookies[$hash]['enc'])) == 'OK' ? IWillNameItLater($savedcookies[$hash]['cookie']) : ''; $secretkey = $_secretkey; if (is_array($cookie) && count($cookie) < 1 || empty($cookie)) { return Login($user, $pass); } $T8['sid'] = $cookie['sid']; $T8['user_handle'] = $cookie['user_handle']; $T8['master_key'] = base64_to_a32($cookie['master_key']); $T8['root_id'] = $cookie['root_id']; $rsa_priv_key = explode('/T8\\', $cookie['rsa_priv_key']); $test = apiReq(array('a' => 'uq')); // I'm using the 'User quota details' request for validating the session id. if (is_numeric($test[0]) && $test[0] < 0) { if ($test[0] == -15) { // Session code expired... We need to get a newer one. if (!extension_loaded('bcmath')) { html_error('This plugin needs BCMath extension for login.'); } $T8['sid'] = false; // Do not send old sid or it will get '-15' error. $res = apiReq(array('a' => 'us', 'user' => $user, 'uh' => $T8['user_handle'])); if (is_numeric($res[0])) { check_errors($res[0], 'Cannot re-login'); } $T8['sid'] = rsa_decrypt(mpi2bc(base64url_decode($res[0]['csid'])), $rsa_priv_key[0], $rsa_priv_key[1], $rsa_priv_key[2]); $T8['sid'] = base64url_encode(substr(strrev($T8['sid']), 0, 43)); t8ArrToCookieArr(); SaveCookies($user, $pass); // Update cookies file with new SID. $cookie = ''; return; } check_errors($test[0], 'Cannot validate saved-login'); } SaveCookies($user, $pass); // Update last used time. $cookie = ''; return; } return Login($user, $pass); }