# -*- coding: utf-8 -*- from Crypto.Cipher import AES from module.plugins.Crypter import Crypter import base64 import binascii import re class NCryptIn(Crypter): __name__ = "NCryptIn" __type__ = "crypter" __pattern__ = r"http://(?:www\.)?ncrypt.in/folder-([^/\?]+)" __version__ = "1.0" __description__ = """NCrypt.in Crypter Plugin""" __author_name__ = ("fragonib") __author_mail__ = ("fragonib[AT]yahoo[DOT]es") # Constants _JK_KEY_ = "jk" _CRYPTED_KEY_ = "crypted" def setup(self): self.html = None def decrypt(self, pyfile): # Init self.pyfile = pyfile self.package = pyfile.package() # Request package self.html = self.requestPackage() if not self.isOnline(): self.offline() # Check for password protection if self.isProtected(): self.html = self.submitProtection() # Get package name and folder (package_name, folder_name) = self.getPackageInfo() # Get package links try: package_links = [] (vcrypted, vjk) = self.getCipherParams() for (crypted, jk) in zip(vcrypted, vjk): package_links = package_links + self.getLinks(crypted, jk) except: self.fail("Unable to decrypt package") # Pack self.packages = [(package_name, package_links, folder_name)] def isOnline(self): if "Your folder does not exist" in self.html: self.log.debug("NCryptIn: File not found") return False return True def isProtected(self): p1 = r'''''' p2 = r'''''' m1 = re.search(p1, self.html) m2 = re.search(p2, self.html) captcha = False if "" in self.html: captcha = True if m1 is not None and m2 is not None or captcha: self.log.debug("NCryptIn: Links are protected") return True return False def requestPackage(self): return self.load(self.pyfile.url) def submitProtection(self): # Gather data password = self.package.password post = {} if "" in self.html: url = re.search(r'src="(/temp/anicaptcha/[^"]+)', self.html).group(1) print url captcha = self.decryptCaptcha("http://ncrypt.in"+ url) post.update({"captcha" : captcha}) # Submit package password and captcha url = self.pyfile.url post.update({ 'submit_protected' : 'Weiter zum Ordner', 'password' : password }) self.log.debug("NCryptIn: Submitting password [%s] for protected links" % (password,)) html = self.load(url, {}, post) # Check for invalid password if "This password is invalid!" in html: self.log.debug("NCryptIn: Incorrect password, please set right password on Add package form and retry") self.fail("Incorrect password, please set right password on Edit package form and retry") if "The securitycheck was wrong!" in html: return self.submitProtection() return html def getPackageInfo(self): title_re = r'

(?P[^<]+).*?</span>.*?</h2>' regex = re.compile(title_re, re.DOTALL) m = regex.search(self.html) if m is not None: title = m.group('title').strip() name = folder = title self.log.debug("NCryptIn: Found name [%s] and folder [%s] in package info" % (name, folder)) return (name, folder) else: name = self.package.name folder = self.package.folder self.log.debug("NCryptIn: Package info not found, defaulting to pyfile name [%s] and folder [%s]" % (name, folder)) return (name, folder) def getCipherParams(self): pattern = r'<input.*?name="%s".*?value="(.*?)"' # Get jk jk_re = pattern % NCryptIn._JK_KEY_ vjk = re.findall(jk_re, self.html) # Get crypted crypted_re = pattern % NCryptIn._CRYPTED_KEY_ vcrypted = re.findall(crypted_re, self.html) # Log and return self.log.debug("NCryptIn: Detected crypted blocks [%d]" % len(vcrypted)) return (vcrypted, vjk) def getLinks(self, crypted, jk): # Get key jreturn = self.js.eval("%s f()" % jk) self.log.debug("NCryptIn: JsEngine returns value [%s]" % jreturn) key = binascii.unhexlify(jreturn) # Decode crypted crypted = base64.standard_b64decode(crypted) # Decrypt Key = key IV = key obj = AES.new(Key, AES.MODE_CBC, IV) text = obj.decrypt(crypted) # Extract links text = text.replace("\x00", "").replace("\r", "") links = text.split("\n") links = filter(lambda x: x != "", links) # Log and return self.log.debug("NCryptIn: Package has %d links" % len(links)) return links