public static function decryptMegaDownloaderLinks($data) { return preg_replace_callback('/mega\\:\\/\\/(?P<folder>f)?(?P<enc>enc\\d*?)\\?(?P<linkdata>[\\da-z_,-]*?)(?=https?\\:|mega\\:|[^\\da-z_,-]|$)/i', function ($match) { $key = ['enc' => '6B316F36416C2D316B7A3F217A30357958585858585858585858585858585858', 'enc2' => 'ED1F4C200B35139806B260563B3D3876F011B4750F3A1A4A5EFD0BBE67554B44']; $iv = '79F10A01844A0B27FF5B2D4E0ED3163E'; return Utils_MegaApi::MEGA_HOST . '/#' . strtoupper($match['folder']) . Utils_CryptTools::aesCbcDecrypt(Utils_MiscTools::urlBase64Decode($match['linkdata']), Utils_MiscTools::hex2bin($key[$match['enc']]), Utils_MiscTools::hex2bin($iv), true); }, $data); }
protected function action() { if ($this->isValidReferer()) { $mc_links = Utils_MegaCrypter::encryptLinkList(Utils_MiscTools::extractLinks(Utils_CryptTools::decryptMegaDownloaderLinks($this->request->getPostVar('links'))), ['tiny_url' => $this->request->getPostVar('tiny_url'), 'pass' => $this->request->getPostVar('pass'), 'extra_info' => $this->request->getPostVar('extra_info'), 'hide_name' => $this->request->getPostVar('hide_name'), 'expire' => $this->request->getPostVar('expire'), 'no_expire_token' => $this->request->getPostVar('no_expire_token'), 'referer' => $this->request->getPostVar('referer'), 'email' => $this->request->getPostVar('email')], $this->request->getPostVar('app_finfo')); if (!empty($mc_links)) { $this->setViewData(['links' => Utils_MiscTools::rimplode("\r\n", $mc_links), 'cols' => min([Utils_MiscTools::getMaxStringLength($mc_links), self::CRYPT_TEXTAREA_COLS]), 'tot_links' => Utils_MiscTools::rCount($mc_links)]); } else { throw new Exception(__METHOD__ . ' No links could be crypted!'); } } else { throw new Exception_InvalidRefererException(function (Controller_DefaultController $controller) { $controller->redirect('/'); }); } }
protected function action() { $dec_link = Utils_MegaCrypter::decryptLink($this->request->getVar('link')); if ($this->_isBackdoor()) { $this->setViewData(['backdoor' => Utils_MegaApi::MEGA_HOST . "/#!{$dec_link['file_id']}!{$dec_link['file_key']}"]); } else { if ($dec_link['zombie']) { throw new Exception(__METHOD__ . ' Zombie link!'); } else { if (empty($dec_link['referer']) || !preg_match('/\\.[^.]+$/', $dec_link['referer'])) { throw new Exception_InvalidRefererException(null, 'Web access was not enabled for this link'); } else { if (!empty($dec_link['referer']) && !$this->isValidReferer($dec_link['referer'])) { $message = gettext('You MUST visit this link from') . ' [ <a href="http://' . $dec_link['referer'] . '" rel="nofollow"><em>' . $dec_link['referer'] . '</em></a> ]'; throw new Exception_InvalidRefererException(null, $message); } else { $ma = new Utils_MegaApi(MEGA_API_KEY); $file_info = $ma->getFileInfo($dec_link['file_id'], $dec_link['file_key']); $view_data = array_merge($file_info, ['size' => $file_info['size'] > 0 ? Utils_MiscTools::formatBytes($file_info['size']) : false]); if (Utils_MiscTools::isStreameableFile($view_data['name'])) { $view_data['stream'] = true; } if ($dec_link['extra_info']) { $view_data['extra'] = $dec_link['extra_info']; } if ($dec_link['expire']) { $view_data['expire'] = $dec_link['expire'] - time(); } $view_data['pass'] = (bool) $dec_link['pass']; if ($dec_link['pass'] || $dec_link['hide_name']) { $view_data['name'] = Utils_MiscTools::hideFileName($view_data['name']); $view_data['name_trunc'] = $view_data['name']; } else { $view_data['name_trunc'] = Utils_MiscTools::truncateText($view_data['name'], self::FILE_NAME_MAX_LENGTH); } $view_data['referer'] = $this->request->getServerVar('HTTP_REFERER'); $view_data['domain_lock'] = $dec_link['referer']; $this->setViewData($view_data); } } } } }
private function _actionInfo($post_data) { $dec_link = $this->_decryptLink($post_data->link); $ma = new Utils_MegaApi(MEGA_API_KEY); $file_info = $ma->getFileInfo($dec_link['file_id'], $dec_link['file_key']); $data = ['name' => $dec_link['hide_name'] ? Utils_MiscTools::hideFileName($file_info['name'], ($dec_link['zombie'] ? $dec_link['zombie'] : null) . base64_decode(GENERIC_PASSWORD)) : $file_info['name'], 'path' => isset($file_info['path']) ? $file_info['path'] : false, 'size' => $file_info['size'], 'key' => isset($file_info['key']) ? $file_info['key'] : $dec_link['file_key'], 'extra' => $dec_link['extra_info'], 'expire' => $dec_link['expire'] ? $dec_link['expire'] . '#' . ($dec_link['no_expire_token'] ? base64_encode(hash('sha256', base64_decode($dec_link['secret']), true)) : self::NO_EXP_TOK_NOT_ALLOWED) : false]; if ($dec_link['pass']) { list($iterations, $pass, $pass_salt) = explode('#', $dec_link['pass']); $b64p = base64_decode($pass); $iv = openssl_random_pseudo_bytes(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC)); $data['name'] = $this->_encryptApiField($data['name'], $b64p, $iv); if ($data['path']) { $data['path'] = $this->_encryptApiField($data['path'], $b64p, $iv); } $data['key'] = $this->_encryptApiField(Utils_MiscTools::urlBase64Decode($data['key']), $b64p, $iv); if ($data['extra']) { $data['extra'] = $this->_encryptApiField($data['extra'], $b64p, $iv); } $data['pass'] = $iterations . '#' . base64_encode(hash_hmac('sha256', $b64p, $iv, true)) . '#' . $pass_salt . '#' . base64_encode($iv); } else { $data['pass'] = false; } return $data; }
private static function _cookOptionsArray(array $options) { $EXPIRE_SECS = [600, 3600, 86400, 604800, 1209600, 2592000, 7776000, 15552000, 31536000]; $cooked_options = array_merge(['tiny_url' => false, 'pass' => null, 'extra_info' => null, 'hide_name' => false, 'expire' => false, 'no_expire_token' => true, 'referer' => null, 'email' => null, 'zombie' => null, 'auth' => null], array_change_key_case($options)); $cooked_options['expire'] = !is_numeric($options['expire']) || !isset($EXPIRE_SECS[(int) $options['expire'] - 1]) ? false : time() + $EXPIRE_SECS[(int) $options['expire'] - 1]; $cooked_options['referer'] = !empty($options['referer']) ? Utils_MiscTools::extractHostFromUrl(filter_var($options['referer'], FILTER_SANITIZE_STRING), true) : null; return $cooked_options; }
private function _notifyAdminRemovedLinks($removed_links, $reporter_email) { $body_links = []; foreach ($removed_links as $mc_link => $link_info) { $body_link = [$mc_link]; if (!empty($link_info['name'])) { $body_link = array_merge($body_link, [$link_info['name'], "[" . Utils_MiscTools::formatBytes($link_info['size']) . "]"]); } $body_links[] = implode(' ', $body_link); } $email = ['subject' => "[TAKEDOWN TOOL]", 'body' => "{$reporter_email} (" . $this->getRequest()->getServerVar('REMOTE_ADDR') . ")\n\n" . implode("\n\n", $body_links)]; try { Utils_MiscTools::sendGmail(ABUSE_GMAIL, base64_decode(ABUSE_GMAIL_PASS), [ADMIN_GMAIL => $email]); } catch (Exception $exception) { error_log($exception->getMessage()); } }
protected function isValidReferer($referer = null) { return preg_match(is_null($referer) ? '/^' . preg_quote(preg_replace('/^https?\\:\\/\\//i', '', trim(URL_BASE)), '/') . '/i' : '/^.*?' . preg_quote(preg_replace('/^https?\\:\\/\\//i', '', trim($referer)), '/') . '$/i', Utils_MiscTools::extractHostFromUrl($this->request->getServerVar('HTTP_REFERER'), true)); }
private function _urlBase64KeyDecode($key) { $key_bin = Utils_MiscTools::urlBase64Decode($key); if (strlen($key_bin) < self::FILE_KEY_BYTE_LENGTH) { return substr($key_bin, 0, self::FOLDER_KEY_BYTE_LENGTH); } else { $key_i32a = Utils_MiscTools::bin2i32a(substr($key_bin, 0, self::FILE_KEY_BYTE_LENGTH)); return Utils_MiscTools::i32a2Bin([$key_i32a[0] ^ $key_i32a[4], $key_i32a[1] ^ $key_i32a[5], $key_i32a[2] ^ $key_i32a[6], $key_i32a[3] ^ $key_i32a[7]]); } }