# -*- coding: utf-8 -*- from Crypto.Cipher import AES from module.plugins.Crypter import Crypter import base64 import binascii import re class NCryptIn(Crypter): __name__ = "NCryptIn" __type__ = "crypter" __pattern__ = r"http://(?:www\.)?ncrypt.in/folder-([^/\?]+)" __version__ = "1.0" __description__ = """NCrypt.in Crypter Plugin""" __author_name__ = ("fragonib") __author_mail__ = ("fragonib[AT]yahoo[DOT]es") # Constants _JK_KEY_ = "jk" _CRYPTED_KEY_ = "crypted" def setup(self): self.html = None def decrypt(self, pyfile): # Init self.pyfile = pyfile self.package = pyfile.package() # Request package self.html = self.requestPackage() if not self.isOnline(): self.offline() # Check for password protection if self.isPasswordProtected(): self.html = self.submitPassword() if self.html is None: self.fail("Incorrect password, please set right password on Edit package form and retry") # Get package name and folder (package_name, folder_name) = self.getPackageInfo() # Get package links try: package_links = [] (vcrypted, vjk) = self.getCipherParams() for (crypted, jk) in zip(vcrypted, vjk): package_links = package_links + self.getLinks(crypted, jk) except: self.fail("Unable to decrypt package") # Pack self.packages = [(package_name, package_links, folder_name)] def isOnline(self): if "Your folder does not exist" in self.html: self.log.debug("NCryptIn: File not found") return False return True def isPasswordProtected(self): p1 = r'''''' p2 = r'''''' m1 = re.search(p1, self.html) m2 = re.search(p2, self.html) if m1 is not None and m2 is not None: self.log.debug("NCryptIn: Links are password protected") return True return False def requestPackage(self): return self.load(self.pyfile.url) def submitPassword(self): # Gather data password = self.package.password # Submit package password url = self.pyfile.url post = { 'submit_protected' : 'Weiter zum Ordner', 'password' : password } self.log.debug("NCryptIn: Submitting password [%s] for protected links" % (password,)) html = self.load(url, {}, post) # Check for invalid password if "This password is invalid!" in html: self.log.debug("NCryptIn: Incorrect password, please set right password on Add package form and retry") return None else: return html def getPackageInfo(self): title_re = r'

(?P[^<]+).*?</span>.*?</h2>' regex = re.compile(title_re, re.DOTALL) m = regex.search(self.html) if m is not None: title = m.group('title').strip() name = folder = title self.log.debug("NCryptIn: Found name [%s] and folder [%s] in package info" % (name, folder)) return (name, folder) else: name = self.package.name folder = self.package.folder self.log.debug("NCryptIn: Package info not found, defaulting to pyfile name [%s] and folder [%s]" % (name, folder)) return (name, folder) def getCipherParams(self): pattern = r'<input.*?name="%s".*?value="(.*?)"' # Get jk jk_re = pattern % NCryptIn._JK_KEY_ vjk = re.findall(jk_re, self.html) # Get crypted crypted_re = pattern % NCryptIn._CRYPTED_KEY_ vcrypted = re.findall(crypted_re, self.html) # Log and return self.log.debug("NCryptIn: Detected crypted blocks [%d]" % len(vcrypted)) return (vcrypted, vjk) def getLinks(self, crypted, jk): # Get key jreturn = self.js.eval("%s f()" % jk) self.log.debug("NCryptIn: JsEngine returns value [%s]" % jreturn) key = binascii.unhexlify(jreturn) # Decode crypted crypted = base64.standard_b64decode(crypted) # Decrypt Key = key IV = key obj = AES.new(Key, AES.MODE_CBC, IV) text = obj.decrypt(crypted) # Extract links text = text.replace("\x00", "").replace("\r", "") links = text.split("\n") links = filter(lambda x: x != "", links) # Log and return self.log.debug("NCryptIn: Package has %d links" % len(links)) return links