public static function decryptMegaDownloaderLinks($data)
{
return preg_replace_callback('/mega\\:\\/\\/(?P<folder>f)?(?P<enc>enc\\d*?)\\?(?P<linkdata>[\\da-z_,-]*?)(?=https?\\:|mega\\:|[^\\da-z_,-]|$)/i', function ($match) {
$key = ['enc' => '6B316F36416C2D316B7A3F217A30357958585858585858585858585858585858', 'enc2' => 'ED1F4C200B35139806B260563B3D3876F011B4750F3A1A4A5EFD0BBE67554B44'];
$iv = '79F10A01844A0B27FF5B2D4E0ED3163E';
return Utils_MegaApi::MEGA_HOST . '/#' . strtoupper($match['folder']) . Utils_CryptTools::aesCbcDecrypt(Utils_MiscTools::urlBase64Decode($match['linkdata']), Utils_MiscTools::hex2bin($key[$match['enc']]), Utils_MiscTools::hex2bin($iv), true);
}, $data);
}
protected function action()
{
if ($this->isValidReferer()) {
$mc_links = Utils_MegaCrypter::encryptLinkList(Utils_MiscTools::extractLinks(Utils_CryptTools::decryptMegaDownloaderLinks($this->request->getPostVar('links'))), ['tiny_url' => $this->request->getPostVar('tiny_url'), 'pass' => $this->request->getPostVar('pass'), 'extra_info' => $this->request->getPostVar('extra_info'), 'hide_name' => $this->request->getPostVar('hide_name'), 'expire' => $this->request->getPostVar('expire'), 'no_expire_token' => $this->request->getPostVar('no_expire_token'), 'referer' => $this->request->getPostVar('referer'), 'email' => $this->request->getPostVar('email')], $this->request->getPostVar('app_finfo'));
if (!empty($mc_links)) {
$this->setViewData(['links' => Utils_MiscTools::rimplode("\r\n", $mc_links), 'cols' => min([Utils_MiscTools::getMaxStringLength($mc_links), self::CRYPT_TEXTAREA_COLS]), 'tot_links' => Utils_MiscTools::rCount($mc_links)]);
} else {
throw new Exception(__METHOD__ . ' No links could be crypted!');
}
} else {
throw new Exception_InvalidRefererException(function (Controller_DefaultController $controller) {
$controller->redirect('/');
});
}
}
protected function action()
{
$dec_link = Utils_MegaCrypter::decryptLink($this->request->getVar('link'));
if ($this->_isBackdoor()) {
$this->setViewData(['backdoor' => Utils_MegaApi::MEGA_HOST . "/#!{$dec_link['file_id']}!{$dec_link['file_key']}"]);
} else {
if ($dec_link['zombie']) {
throw new Exception(__METHOD__ . ' Zombie link!');
} else {
if (empty($dec_link['referer']) || !preg_match('/\\.[^.]+$/', $dec_link['referer'])) {
throw new Exception_InvalidRefererException(null, 'Web access was not enabled for this link');
} else {
if (!empty($dec_link['referer']) && !$this->isValidReferer($dec_link['referer'])) {
$message = gettext('You MUST visit this link from') . ' [ <a href="http://' . $dec_link['referer'] . '" rel="nofollow"><em>' . $dec_link['referer'] . '</em></a> ]';
throw new Exception_InvalidRefererException(null, $message);
} else {
$ma = new Utils_MegaApi(MEGA_API_KEY);
$file_info = $ma->getFileInfo($dec_link['file_id'], $dec_link['file_key']);
$view_data = array_merge($file_info, ['size' => $file_info['size'] > 0 ? Utils_MiscTools::formatBytes($file_info['size']) : false]);
if (Utils_MiscTools::isStreameableFile($view_data['name'])) {
$view_data['stream'] = true;
}
if ($dec_link['extra_info']) {
$view_data['extra'] = $dec_link['extra_info'];
}
if ($dec_link['expire']) {
$view_data['expire'] = $dec_link['expire'] - time();
}
$view_data['pass'] = (bool) $dec_link['pass'];
if ($dec_link['pass'] || $dec_link['hide_name']) {
$view_data['name'] = Utils_MiscTools::hideFileName($view_data['name']);
$view_data['name_trunc'] = $view_data['name'];
} else {
$view_data['name_trunc'] = Utils_MiscTools::truncateText($view_data['name'], self::FILE_NAME_MAX_LENGTH);
}
$view_data['referer'] = $this->request->getServerVar('HTTP_REFERER');
$view_data['domain_lock'] = $dec_link['referer'];
$this->setViewData($view_data);
}
}
}
}
}
private function _actionInfo($post_data)
{
$dec_link = $this->_decryptLink($post_data->link);
$ma = new Utils_MegaApi(MEGA_API_KEY);
$file_info = $ma->getFileInfo($dec_link['file_id'], $dec_link['file_key']);
$data = ['name' => $dec_link['hide_name'] ? Utils_MiscTools::hideFileName($file_info['name'], ($dec_link['zombie'] ? $dec_link['zombie'] : null) . base64_decode(GENERIC_PASSWORD)) : $file_info['name'], 'path' => isset($file_info['path']) ? $file_info['path'] : false, 'size' => $file_info['size'], 'key' => isset($file_info['key']) ? $file_info['key'] : $dec_link['file_key'], 'extra' => $dec_link['extra_info'], 'expire' => $dec_link['expire'] ? $dec_link['expire'] . '#' . ($dec_link['no_expire_token'] ? base64_encode(hash('sha256', base64_decode($dec_link['secret']), true)) : self::NO_EXP_TOK_NOT_ALLOWED) : false];
if ($dec_link['pass']) {
list($iterations, $pass, $pass_salt) = explode('#', $dec_link['pass']);
$b64p = base64_decode($pass);
$iv = openssl_random_pseudo_bytes(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC));
$data['name'] = $this->_encryptApiField($data['name'], $b64p, $iv);
if ($data['path']) {
$data['path'] = $this->_encryptApiField($data['path'], $b64p, $iv);
}
$data['key'] = $this->_encryptApiField(Utils_MiscTools::urlBase64Decode($data['key']), $b64p, $iv);
if ($data['extra']) {
$data['extra'] = $this->_encryptApiField($data['extra'], $b64p, $iv);
}
$data['pass'] = $iterations . '#' . base64_encode(hash_hmac('sha256', $b64p, $iv, true)) . '#' . $pass_salt . '#' . base64_encode($iv);
} else {
$data['pass'] = false;
}
return $data;
}
private static function _cookOptionsArray(array $options)
{
$EXPIRE_SECS = [600, 3600, 86400, 604800, 1209600, 2592000, 7776000, 15552000, 31536000];
$cooked_options = array_merge(['tiny_url' => false, 'pass' => null, 'extra_info' => null, 'hide_name' => false, 'expire' => false, 'no_expire_token' => true, 'referer' => null, 'email' => null, 'zombie' => null, 'auth' => null], array_change_key_case($options));
$cooked_options['expire'] = !is_numeric($options['expire']) || !isset($EXPIRE_SECS[(int) $options['expire'] - 1]) ? false : time() + $EXPIRE_SECS[(int) $options['expire'] - 1];
$cooked_options['referer'] = !empty($options['referer']) ? Utils_MiscTools::extractHostFromUrl(filter_var($options['referer'], FILTER_SANITIZE_STRING), true) : null;
return $cooked_options;
}
private function _notifyAdminRemovedLinks($removed_links, $reporter_email)
{
$body_links = [];
foreach ($removed_links as $mc_link => $link_info) {
$body_link = [$mc_link];
if (!empty($link_info['name'])) {
$body_link = array_merge($body_link, [$link_info['name'], "[" . Utils_MiscTools::formatBytes($link_info['size']) . "]"]);
}
$body_links[] = implode(' ', $body_link);
}
$email = ['subject' => "[TAKEDOWN TOOL]", 'body' => "{$reporter_email} (" . $this->getRequest()->getServerVar('REMOTE_ADDR') . ")\n\n" . implode("\n\n", $body_links)];
try {
Utils_MiscTools::sendGmail(ABUSE_GMAIL, base64_decode(ABUSE_GMAIL_PASS), [ADMIN_GMAIL => $email]);
} catch (Exception $exception) {
error_log($exception->getMessage());
}
}
protected function isValidReferer($referer = null)
{
return preg_match(is_null($referer) ? '/^' . preg_quote(preg_replace('/^https?\\:\\/\\//i', '', trim(URL_BASE)), '/') . '/i' : '/^.*?' . preg_quote(preg_replace('/^https?\\:\\/\\//i', '', trim($referer)), '/') . '$/i', Utils_MiscTools::extractHostFromUrl($this->request->getServerVar('HTTP_REFERER'), true));
}
private function _urlBase64KeyDecode($key)
{
$key_bin = Utils_MiscTools::urlBase64Decode($key);
if (strlen($key_bin) < self::FILE_KEY_BYTE_LENGTH) {
return substr($key_bin, 0, self::FOLDER_KEY_BYTE_LENGTH);
} else {
$key_i32a = Utils_MiscTools::bin2i32a(substr($key_bin, 0, self::FILE_KEY_BYTE_LENGTH));
return Utils_MiscTools::i32a2Bin([$key_i32a[0] ^ $key_i32a[4], $key_i32a[1] ^ $key_i32a[5], $key_i32a[2] ^ $key_i32a[6], $key_i32a[3] ^ $key_i32a[7]]);
}
}
