def handle_javascript(self, line): return eval_js( line.replace( "{}))", "{}).replace('document.open();document.write','').replace(';document.close();',''))", ) )
def addcrypted2(): package = flask.request.form.get( "package", flask.request.form.get("source", flask.request.form.get("referer")) ) crypted = flask.request.form["crypted"] jk = flask.request.form["jk"] crypted = standard_b64decode(unquote(crypted.replace(" ", "+"))) jk = eval_js(f"{jk} f()") try: key = bytes.fromhex(jk) except Exception: return "Could not decrypt key", 500 obj = Fernet(key) urls = obj.decrypt(crypted).replace("\x00", "").replace("\r", "").split("\n") urls = [url for url in urls if url.strip()] api = flask.current_app.config["PYLOAD_API"] try: if package: api.add_package(package, urls, 0) else: api.generate_and_add_packages(urls, 0) except Exception: return "failed can't add", 500 else: return "success\r\n"
def handle_free(self, pyfile): self.free_url = "http://turbobit.net/download/free/{}".format( self.info["pattern"]["ID"]) self.data = self.load(self.free_url) m = re.search(self.LIMIT_WAIT_PATTERN, self.data) if m is not None: self.retry(wait=m.group(1)) self.solve_captcha() m = re.search(r"minLimit : (.+?),", self.data) if m is None: self.fail(self._("minLimit pattern not found")) wait_time = eval_js(m.group(1)) self.wait(wait_time) self.req.http.c.setopt(pycurl.HTTPHEADER, ["X-Requested-With: XMLHttpRequest"]) self.data = self.load( "http://turbobit.net/download/getLinkTimeout/{}".format( self.info["pattern"]["ID"]), ref=self.free_url, ) self.req.http.c.setopt(pycurl.HTTPHEADER, ["X-Requested-With:"]) if "/download/started/" in self.data: self.data = self.load( "http://turbobit.net/download/started/{}".format( self.info["pattern"]["ID"])) m = re.search(self.LINK_FREE_PATTERN, self.data) if m is not None: self.link = "http://turbobit.net{}".format(m.group(1))
def handle_free(self, pyfile): m = re.search( r'<div class="video-wrapper">.+?<script type="text/javascript">(.+?)</script>', self.data, re.S, ) if m is None: self.error(self._("Player Javascript data not found")) script = m.group(1) m = re.search(r"qualityItems_\d+", script) if m is None: self.error(self._("`qualityItems` variable no found")) result_var = re.search(r"qualityItems_\d+", script).group(0) script = "".join(re.findall(r"^\s*var .+", script, re.M)) script = re.sub(r"[\n\t]|/\*.+?\*/", "", script) script += "JSON.stringify({});".format(result_var) res = eval_js(script) json_data = json.loads(res) urls = { int(re.search(r"^(\d+)", x["text"]).group(0)): x["url"] for x in json_data if x["url"] } quality = max(urls.keys()) self.link = urls[quality]
def addcrypted2(): package = flask.request.form.get( "package", flask.request.form.get("source", flask.request.form.get("referer"))) crypted = flask.request.form["crypted"] jk = flask.request.form["jk"] crypted = standard_b64decode(unquote(crypted.replace(" ", "+"))) jk = eval_js(f"{jk} f()") try: IV = key = bytes.fromhex(jk) except Exception: return "Could not decrypt key", 500 cipher = Cipher(algorithms.AES(key), modes.CBC(IV), backend=default_backend()) decryptor = cipher.decryptor() decrypted = decryptor.update(crypted) + decryptor.finalize() urls = to_str(decrypted).replace("\x00", "").replace("\r", "").split("\n") urls = [url for url in urls if url.strip()] api = flask.current_app.config["PYLOAD_API"] try: if package: api.add_package(package, urls, 0) else: api.generate_and_add_packages(urls, 0) except Exception: return "failed can't add", 500 else: return "success\r\n"
def handle_web_links(self): pack_links = [] self.log_debug("Handling Web links") # TODO: Gather paginated web links pattern = r"javascript:_get\(\'(.*?)\', \d+, \'\'\)" ids = re.findall(pattern, self.data) self.log_debug(f"Decrypting {len(ids)} Web links") for i, ID in enumerate(ids): try: self.log_debug(f"Decrypting Web link {i + 1}, [{ID}]") dw_link = self.base_url + "/get/lnk/" + ID res = self.load(dw_link) code = re.search(r"frm/(\d+)", res).group(1) fw_link = self.base_url + "/get/frm/" + code res = self.load(fw_link) jscode = re.search( r'<script language="javascript">\s*eval\((.*)\)\s*</script>', res, re.S, ).group(1) jscode = eval_js(self._("f = {}").format(jscode)) jslauncher = "window=''; parent={frames:{Main:{location:{href:''}}},location:''}; {}; parent.frames.Main.location.href" dl_link = eval_js(jslauncher.format(jscode)) self.log_debug( "JsEngine returns value [{}] for redirection link".format( dl_link)) pack_links.append(dl_link) except Exception as detail: self.log_debug(f"Error decrypting Web link [{ID}], {detail}") self.log_debug(f"{len(pack_links)} links") return pack_links
def handle_free(self, pyfile): # step 1: get essential information: the media URL and the javascript # translating the URL m = re.search(self.MEDIA_URL_PATTERN, self.data) if m is None: self.fail(self._("Could not find any media URLs")) encoded_media_url = m.group(1) self.log_debug(f"Found encoded media URL: {encoded_media_url}") m = re.search(self.COMMUNITY_JS_PATTERN, self.data) if m is None: self.fail( self._("Could not find necessary javascript script to load")) community_js_url = m.group(1) self.log_debug(f"Found community js at {community_js_url}") community_js_code = self.load(community_js_url) # step 2: from the js code, parse the necessary parts: the decoder function and the headers # as the jscript is fairly long, we'll split it to make parsing easier community_js_code = community_js_code.partition(self.JS_SPLIT_WORD)[0] m = re.search(self.JS_HEADER_PATTERN, community_js_code) if m is None: self.fail( self._( "Could not parse the necessary parts off the javascript")) decoder_function = m.group("decoder") initialization = m.group("initvars") m = re.search(self.JS_PROCESS_PATTERN, community_js_code) if m is None: self.fail( self. _("Could not parse the processing function off the javascript" )) process_function = m.group(0) new_js_code = (decoder_function + "; " + initialization + "; var " + process_function + '; processRecording("' + encoded_media_url + '");') self.log_debug(f"Running js script: {new_js_code}") js_result = eval_js(new_js_code) self.log_debug(f"Result is: {js_result}") self.link = js_result
def _solve_cf_ddos_challenge(addon_plugin, owner_plugin, data): try: addon_plugin.log_info( addon_plugin._("Detected CloudFlare's DDoS protection page")) # Cloudflare requires a delay before solving the challenge owner_plugin.set_wait(5) last_url = owner_plugin.req.last_effective_url urlp = urllib.parse.urlparse(last_url) domain = urlp.netloc submit_url = "{}://{}/cdn-cgi/l/chk_jschl".format( urlp.scheme, domain) get_params = {} try: get_params["jschl_vc"] = re.search( r'name="jschl_vc" value="(\w+)"', data).group(1) get_params["pass"] = re.search(r'name="pass" value="(.+?)"', data).group(1) # Extract the arithmetic operation js = re.search( r"setTimeout\(function\(\){\s+(var s,t,o,p,b,r,e,a,k,i,n,g,f.+?\r?\n[\s\S]+?a\.value =.+?)\r?\n", data, ).group(1) js = re.sub(r"a\.value = (parseInt\(.+?\)).+", r"\1", js) js = re.sub(r"\s{3,}[a-z](?: = |\.).+", "", js) js = re.sub(r"[\n\\']", "", js) except Exception: # Something is wrong with the page. # This may indicate CloudFlare has changed their anti-bot # technique. owner_plugin.log_error( addon_plugin._( "Unable to parse CloudFlare's DDoS protection page")) return None #: Tell the exception handler to re-throw the exception # Safely evaluate the Javascript expression get_params["jschl_answer"] = str(int(eval_js(js)) + len(domain)) owner_plugin.wait() #: Do the actual wait return owner_plugin.load(submit_url, get=get_params, ref=last_url) except Exception as exc: addon_plugin.log_error(exc) return None #: Tell the exception handler to re-throw the exception
def _get_links(self, crypted, jk): #: Get key jreturn = eval_js(self._("{} f()").format(jk)) self.log_debug(f"JsEngine returns value [{jreturn}]") key = bytes.fromhex(jreturn) #: Decrypt obj = Fernet(key) text = obj.decrypt(base64.b64decode(crypted)) #: Extract links text = text.replace("\x00", "").replace("\r", "") links = [link for link in text.split("\n") if link] #: Log and return self.log_debug(f"Block has {len(links)} links") return links
def get_link(self): #: Get all the scripts inside the html body soup = BeautifulSoup(self.data) scripts = [ s.getText() for s in soup.body.findAll("script", type="text/javascript") if "('dlbutton').href =" in s.getText() ] #: Emulate a document in JS inits = [ """ var document = {} document.getElementById = function(x) { if (!this.hasOwnProperty(x)) { this[x] = {getAttribute : function(x) { return this[x] } } } return this[x] } """ ] #: inits is meant to be populated with the initialization of all the DOM elements found in the scripts eltRE = r'getElementById\([\'"](.+?)[\'"]\)(\.)?(getAttribute\([\'"])?(\w+)?([\'"]\))?' for m in re.findall(eltRE, " ".join(scripts)): JSid, JSattr = m[0], m[3] values = [ f for f in (elt.get(JSattr, None) for elt in soup.findAll(id=JSid)) if f ] if values: inits.append( 'document.getElementById("{}")["{}"] = "{}"'.format( JSid, JSattr, values[-1])) #: Add try/catch in JS to handle deliberate errors scripts = [ "\n".join(("try{", script, "} catch(err){}")) for script in scripts ] #: Get the file's url by evaluating all the scripts scripts = inits + scripts + ["document.dlbutton.href"] return eval_js("\n".join(scripts))
def _solve_cf_ddos_challenge(addon_plugin, owner_plugin, data): try: addon_plugin.log_info( addon_plugin._("Detected CloudFlare's DDoS protection page")) wait_time = (int( re.search(r"submit\(\);\r?\n\s*},\s*([0-9]+)", data).group(1)) + 999) // 1000 owner_plugin.set_wait(wait_time) last_url = owner_plugin.req.last_effective_url urlp = urllib.parse.urlparse(last_url) domain = urlp.netloc submit_url = "{}://{}/cdn-cgi/l/chk_jschl".format( urlp.scheme, domain) get_params = {} try: get_params["jschl_vc"] = re.search( r'name="jschl_vc" value="(\w+)"', data).group(1) get_params["pass"] = re.search(r'name="pass" value="(.+?)"', data).group(1) get_params['s'] = re.search(r'name="s" value="(.+?)"', data).group(1) # Extract the arithmetic operation js = re.search( r"setTimeout\(function\(\){\s+(var s,t,o,p,b,r,e,a,k,i,n,g,f.+?\r?\n[\s\S]+?a\.value =.+?)\r?\n", data, ).group(1) js = re.sub(r'a\.value = (.+\.toFixed\(10\);).+', r'\1', js) solution_name = re.search( r's,t,o,p,b,r,e,a,k,i,n,g,f,\s*(.+)\s*=', js).group(1) g = re.search( r'(.*};)\n\s*(t\s*=(.+))\n\s*(;%s.*)' % solution_name, js, re.M | re.I | re.S).groups() js = g[0] + g[-1] js = re.sub(r"[\n\\']", "", js) except Exception: # Something is wrong with the page. # This may indicate CloudFlare has changed their anti-bot # technique. owner_plugin.log_error( addon_plugin._( "Unable to parse CloudFlare's DDoS protection page")) return None #: Tell the exception handler to re-throw the exception if "toFixed" not in js: owner_plugin.log_error( owner_plugin._( "Unable to parse CloudFlare's DDoS protection page")) return None # Tell the exception handler to re-throw the exception atob = 'var atob = function(str) {return Buffer.from(str, "base64").toString("binary");}' try: k = re.search(r'k\s*=\s*\'(.+?)\';', data).group(1) v = re.search(r'<div(?:.*)id="%s"(?:.*)>(.*)</div>' % k, data).group(1) doc = 'var document= {getElementById: function(x) { return {innerHTML:"%s"};}}' % v except (AttributeError, IndexError): doc = "" js = '%s;%s;var t="%s";%s' % (doc, atob, domain, js) # Safely evaluate the Javascript expression res = eval_js(js) try: get_params['jschl_answer'] = str(float(res)) except ValueError: owner_plugin.log_error( owner_plugin._( "Unable to parse CloudFlare's DDoS protection page")) return None # Tell the exception handler to re-throw the exception owner_plugin.wait() #: Do the actual wait return owner_plugin.load(submit_url, get=get_params, ref=last_url) except BadHeader as exc: raise exc #: Huston, we have a BadHeader! except Exception as exc: addon_plugin.log_error(exc) return None #: Tell the exception handler to re-throw the exception