-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[req]: Wolfmax4k #14511
Comments
This comment was marked as duplicate.
This comment was marked as duplicate.
Hi! To add more info to the request... WolfMax4K it's a tracking site under Cloudflare protection... So you should click that annoying box most of the time to continue using it... Also, they're using javascript libraries to hide links provided in each film/chapter page... To be more specific they're using Base64 as first layer and GibberishAES with an encryption key as second layer. I don't know which salt are they using yet. Current Encryption Key-> fee631d2cffda38a78b96ee6d2dfb43a <- |
They also use an external system to protect links where you need to click in an add and wait 30 secs to unlock the download link, only once each 24h but, with no doubts, it's the best place to get spanish content. |
This comment was marked as duplicate.
This comment was marked as duplicate.
Well... New extra info discovered and maybe website cr4ck3d (?)... When you press the download button it redirects to an url hider website... but the base64 string of that URL is not the final one... Seems that they are using some type of caesar cipher in part of the string but not found what they really do yet. If you create an script which can store the created php session and do the following flow you can fetch the real destination url:
var link_out = "VTJGc2RHVmtYMTlZaGlBOXo1VERNbVNUeUtCTXExL3FzM2F3eEU3elY1TWhQcmNUZWpmdkJTc1FGellWTUdmc3Y0WE5Ec2pPd2tRZ1JXcW9uQWViR1lyK0JFTklvaVg5d3Z2NHRlR1BWN0lRd0s3SEVzaTQ2bDRYL2svSXlvUHNlRFJPaU02amtvWDBlYkdrNGgzbzVrZjRBZWhWb2tEY2sxTTVVems0dlZtdTNENDJ5M0gzb2RUbHIyZ0FCMDAzaHpyaEd3Z2pTem1iV2hEVmIyeTUrdz09";
Note 1 - Example python code for decode the string with a given key: import base64
import hashlib
import Crypto
import Crypto.Cipher.AES
import Crypto.Random
import Crypto.Util.Padding
def rawDecrypt(ciphertext: bytes, key: bytes, iv: bytes) -> bytes:
return Crypto.Util.Padding.unpad(
Crypto.Cipher.AES.new(key, Crypto.Cipher.AES.MODE_CBC, iv=iv).decrypt(ciphertext),
16
)
def openSSLKey(password: str, salt: bytes):
salted_password = password.encode('utf-8') + salt
hash_1 = hashlib.md5(salted_password).digest()
hash_2 = hashlib.md5(hash_1 + salted_password).digest()
hash_3 = hashlib.md5(hash_2 + salted_password).digest()
return hash_1 + hash_2, hash_3
def dec(ciphertext: str, password: str):
ciphertext = base64.b64decode(ciphertext)
salt = ciphertext[8:16]
ciphertext = ciphertext[16:]
return rawDecrypt(ciphertext, *openSSLKey(password, salt)) |
Thanks @Jakmaster199 !! I'm working on the Indexer, it's not ready yet, but I hope to have it within the week |
v0.21.1730 |
|
if you pay attention to the log you provided you will see that the keywordless TEST for wolfmax at 18:07 returned 0 results and only the manual search at 20:20 gave you results. |
|
@Jakmaster199 Could you share your current wolfmax4k.json file in |
[
{
"id": "sitelink",
"type": "inputstring",
"name": "Site Link",
"value": "https://wolfmax4k.com/"
},
{
"id": "cookieheader",
"type": "hiddendata",
"name": "CookieHeader",
"value": ""
},
{
"id": "lasterror",
"type": "hiddendata",
"name": "LastError",
"value": ""
},
{
"id": "tags",
"type": "inputtags",
"name": "Tags",
"value": ""
}
] |
Deleted as it included a potentially personally identifiable cookie, and redacting it would just result in the above. |
It seems like some kind of limitation of requests numbers to the website (maybe due to cloudflare?). edit: |
Not working on my side... read this issue, but not clear what is the actual state? should this this tracker avaiable or not? |
If the Cloudflare protection pop up when making the /buscar request, it does not work. If it doesn't, it works correctly. |
But how to add it to jackett? tried mvarious times and no luck... |
what platform are you running jackett on? |
docker-compose on a debian.... |
|
Thanks, kinda works... fails some times, but at the end it works... thanks! |
I just found the problem, FlareSolverrSharp is overwriting the session cookies, so the searchToken is not valid. More details here FlareSolverr/FlareSolverrSharp#30 |
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
The indexer is returning zero results for a TEST (keywordless search) https://wolfmax4k.com/buscar PostData: {_ACTION=buscar, token=(removed) q=%, pgb=1} RawBody: ) |
Is search working at all for you? I couldn't get it working on site or through Jackett, no matter what I searched. |
Ah, you're right, the search is broken. |
web site browser search is back, but a single percentage still does not return results. |
Nope, I cant get the indexer to work, clearly too complicated for me. |
Have you read our Contributing Guidelines?
Is there already a request for your tracker?
Type
Public
Tracker details
The text was updated successfully, but these errors were encountered: