[req]: Wolfmax4k

[malomehi]

Have you read our Contributing Guidelines?

• I have read the Contributing Guidelines

Is there already a request for your tracker?

• I have checked older issues, open and closed

Type

Public

Tracker details

- Name: Wolfmax4k
- URL: https://wolfmax4k.com/
- Description: Wolfmax4k is a SPANISH Public tracker for MOVIES / TV
- Minimum Seeding Time and Minimum Ratio (if Private): 
- Additional Comments: 

[Jakmaster199]

Hi!

To add more info to the request... WolfMax4K it's a tracking site under Cloudflare protection... So you should click that annoying box most of the time to continue using it...

Also, they're using javascript libraries to hide links provided in each film/chapter page... To be more specific they're using Base64 as first layer and GibberishAES with an encryption key as second layer. I don't know which salt are they using yet.

Current Encryption Key

-> fee631d2cffda38a78b96ee6d2dfb43a <-

[RawSmokeTerribilus]

They also use an external system to protect links where you need to click in an add and wait 30 secs to unlock the download link, only once each 24h but, with no doubts, it's the best place to get spanish content.

[Jakmaster199]

Well... New extra info discovered and maybe website cr4ck3d (?)...

When you press the download button it redirects to an url hider website... but the base64 string of that URL is not the final one... Seems that they are using some type of caesar cipher in part of the string but not found what they really do yet.

If you create an script which can store the created php session and do the following flow you can fetch the real destination url:

1. GET to hider URL with headers "referer" as "https://www.wolfmax4k.com/" and "user-agent" one of the valid ones. (For example: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9")

2. POST to the url retrieved inside the "action" of the form stored in the response of the first GET.
   You need to use as body a variable called "linkser" which value is stored in a hidden field in the form called with same name.
   You also, you need to pass the headers "referer" with the URL of the "action" and the "user-agent" with the same value on step 1.

3. Use regex and fetch the content of link_out variable inside the raw response of the step 2:

var link_out = "VTJGc2RHVmtYMTlZaGlBOXo1VERNbVNUeUtCTXExL3FzM2F3eEU3elY1TWhQcmNUZWpmdkJTc1FGellWTUdmc3Y0WE5Ec2pPd2tRZ1JXcW9uQWViR1lyK0JFTklvaVg5d3Z2NHRlR1BWN0lRd0s3SEVzaTQ2bDRYL2svSXlvUHNlRFJPaU02amtvWDBlYkdrNGgzbzVrZjRBZWhWb2tEY2sxTTVVems0dlZtdTNENDJ5M0gzb2RUbHIyZ0FCMDAzaHpyaEd3Z2pTem1iV2hEVmIyeTUrdz09";

4. Now, this base64 string is the real destination URL buuuuut... encrypted with GibberishAES using the key that I wrote on my first comment :)

Note 1 - Example python code for decode the string with a given key:

import base64
import hashlib
import Crypto
import Crypto.Cipher.AES
import Crypto.Random
import Crypto.Util.Padding

def rawDecrypt(ciphertext: bytes, key: bytes, iv: bytes) -> bytes:
    return Crypto.Util.Padding.unpad(
        Crypto.Cipher.AES.new(key, Crypto.Cipher.AES.MODE_CBC, iv=iv).decrypt(ciphertext),
        16
    )

def openSSLKey(password: str, salt: bytes):
    salted_password = password.encode('utf-8') + salt
    hash_1 = hashlib.md5(salted_password).digest()
    hash_2 = hashlib.md5(hash_1 + salted_password).digest()
    hash_3 = hashlib.md5(hash_2 + salted_password).digest()
    return hash_1 + hash_2, hash_3

def dec(ciphertext: str, password: str):
    ciphertext = base64.b64decode(ciphertext)
    salt = ciphertext[8:16]
    ciphertext = ciphertext[16:]
    return rawDecrypt(ciphertext, *openSSLKey(password, salt))

[highfredo]

Thanks @Jakmaster199 !!

I'm working on the Indexer, it's not ready yet, but I hope to have it within the week
https://github.com/highfredo/Jackett/blob/master/src/Jackett.Common/Indexers/Wolfmax4K.cs

[garfield69]

v0.21.1730

[ilike2burnthing]

https://wolfmax4k.com/buscar

Warning
: Undefined variable $array in
/var/www/webs/wolfmax4k/pctn/library/content/newtemplate/buscar.php
on line
258

Fatal error
: Uncaught TypeError: sizeof(): Argument #1 ($value) must be of type Countable|array, null given in /var/www/webs/wolfmax4k/pctn/library/content/newtemplate/buscar.php:258 Stack trace: #0 /var/www/webs/wolfmax4k/pctn/library/include/selector.php(411): include() #1 /var/www/webs/wolfmax4k/pctn/index.php(56): require_once('...') #2 /var/www/webs/wolfmax4k/index.php(23): require_once('...') #3 {main} thrown in
/var/www/webs/wolfmax4k/pctn/library/content/newtemplate/buscar.php
on line
258

[Jakmaster199]

Why is down or waiting for removal?? It's working at this moment...

Also in Jackett logs it's also working:

[garfield69]

if you pay attention to the log you provided you will see that the keywordless TEST for wolfmax at 18:07 returned 0 results and only the manual search at 20:20 gave you results.
Until they fix it, or we fix it by discovering if our indexer needs to be amended to handle keywordless searches differently, the indexer is marked as down.

[djismgaming]

if you pay attention to the log you provided you will see that the keywordless TEST for wolfmax at 18:07 returned 0 results and only the manual search at 20:20 gave you results. Until they fix it, or we fix it by discovering if our indexer needs to be amended to handle keywordless searches differently, the indexer is marked as down.

Yeah, I see the same while trying to add as a new source:

[djismgaming]

Why is down or waiting for removal?? It's working at this moment...

Also in Jackett logs it's also working:

@Jakmaster199 Could you share your current wolfmax4k.json file in $APPDATA/Jackett/Indexers? I would want to add it manually for the time being. 😊 Jackett will not let me automatically as the test is not passed.

[ilike2burnthing]

[
  {
    "id": "sitelink",
    "type": "inputstring",
    "name": "Site Link",
    "value": "https://wolfmax4k.com/"
  },
  {
    "id": "cookieheader",
    "type": "hiddendata",
    "name": "CookieHeader",
    "value": ""
  },
  {
    "id": "lasterror",
    "type": "hiddendata",
    "name": "LastError",
    "value": ""
  },
  {
    "id": "tags",
    "type": "inputtags",
    "name": "Tags",
    "value": ""
  }
]

[ilike2burnthing]

Deleted as it included a potentially personally identifiable cookie, and redacting it would just result in the above.

[highfredo]

It seems like some kind of limitation of requests numbers to the website (maybe due to cloudflare?).
If you wait a few hours without making any calls (be careful with sonarr and radarr requests), it works again without problems.

edit:
@djismgaming Some Spanish ISPs are blocking access, so you may need a proxy. I am using this one and it works ok https://blog.caomingjun.com/run-cloudflare-warp-in-docker/en/

[vdias]

Not working on my side... read this issue, but not clear what is the actual state? should this this tracker avaiable or not?

[highfredo]

Not working on my side... read this issue, but not clear what is the actual state? should this this tracker avaiable or not?

If the Cloudflare protection pop up when making the /buscar request, it does not work. If it doesn't, it works correctly.
It's a matter of being lucky... I'm still looking at how to solve it

[vdias]

Not working on my side... read this issue, but not clear what is the actual state? should this this tracker avaiable or not?

If the Cloudflare protection pop up when making the /buscar request, it does not work. If it doesn't, it works correctly. It's a matter of being lucky... I'm still looking at how to solve it

But how to add it to jackett? tried mvarious times and no luck...

[garfield69]

But how to add it to jackett? tried mvarious times and no luck...

what platform are you running jackett on?

[vdias]

But how to add it to jackett? tried mvarious times and no luck...

what platform are you running jackett on?

docker-compose on a debian....

[garfield69]

docker-compose on a debian....

• restart Jackett and view the log
• scroll to the bottom and look for App config/log directory:
• open a terminal and cd to that folder
• now cd to the Indexers folder
• using a plain text editor create wolfmax4k.json
• copy and paste the content of [req]: Wolfmax4k #14511 (comment)
• save
• restart Jackett
• the wolfmax4k indexer should show up in your jackett dashboard active list

[vdias]

docker-compose on a debian....

* restart Jackett and view the log

* scroll to the bottom and look for `App config/log directory:`

* open a terminal and cd to that folder

* now cd to the Indexers folder

* using a plain text editor create `wolfmax4k.json`

* copy and paste the content of [[req]: Wolfmax4k #14511 (comment)](https://github.com/Jackett/Jackett/issues/14511#issuecomment-1974150241)

* save

* restart Jackett

* the wolfmax4k indexer should show up in your jackett dashboard active list

Thanks, kinda works... fails some times, but at the end it works... thanks!

[highfredo]

I just found the problem, FlareSolverrSharp is overwriting the session cookies, so the searchToken is not valid.

More details here FlareSolverr/FlareSolverrSharp#30

[ilike2burnthing]

Site no longer presents Cloudflare challenge, but FlareSolverrSharp has been updated to resolve this and (partially) Speed.CD - e552167

[garfield69]

The indexer is returning zero results for a TEST (keywordless search)

https://wolfmax4k.com/buscar PostData: {_ACTION=buscar, token=(removed) q=%, pgb=1} RawBody: )
returns NO EXISTEN RESULTADOS : %

[ilike2burnthing]

Is search working at all for you? I couldn't get it working on site or through Jackett, no matter what I searched.

[garfield69]

Ah, you're right, the search is broken.

[garfield69]

web site browser search is back, but a single percentage still does not return results.
however three of them does work so I will update the indexer.

[garfield69]

Nope, I cant get the indexer to work, clearly too complicated for me.
PR welcome.