Submitted by Admin on

It's nice to see that websites try to protected their code from reverse engineering.

uaserials crypt key

To solve this stuff without AI would take much time, since there completely decoded string

 file: "uq+6oayQ0N7XnGdhbWtRRh5DUTc4Jj0ARhsBUuzn4bbTwtzc3a+5/q+2goKDiCxrcW4wVhwCX3F5YSQ4HgATV+3x4cqtkZ+JgI7ppbiozYCek5t9In4pVBA===",

which is decoded by obfuscated js somewhere here with the help of #w and #_ functions.

 '==' === this.#t[_0x447010(0xa9)]?.['slice'](-(-0x1f * -0xe7 + 0x12ca + -0x2ec1)) && (this.#t[_0x447010(0xa9)] = this.#w(this.#t['file'][_0x447010(0x8b)](-0x10d + 0x18f5 * -0x1 + -0x1a02 * -0x1, -(0x4 * 0x12e + -0xa34 + -0x2 * -0x2bf)))),

uaserials tortuga obfuscated

I didn't try to figure out it manually, but simple AI agent did a trick in a second. We're in big trouble.

function decodeField(input) {
    // strip trailing ==
    const stripped = input.slice(0, -2);
    
    const decoded = atob(stripped);
    if (decoded.length < 1) return input;

    const key = decoded.charCodeAt(0);  // seed = first byte

    let result = '';
    for (let i = 1; i < decoded.length; i++) {
        const keystreamByte = (key + 7 * (i - 1) + 13) % 256;
        result += String.fromCharCode(decoded.charCodeAt(i) ^ keystreamByte);
    }

    try {
        return decodeURIComponent(escape(result));
    } catch {
        return result;
    }
}

New 0.9.6 version already available with this fix! https://github.com/onesixromcom/movies-downloader

Tags