FLIXEY.COM

(preview)

This is another one of the scripts I wrote quite a while ago. It just wrote it out of pure boredom and actually got somewhere. Korean social securyity numbers have a pattern, consisting of 13 digits segmented into 2 parts of 6 and 7 digits. The first part is like this.

The second part is a bit complicated. It hold information on your gender and which region of Korea you were registered from. The gender codes are 9 for male 0 for female if you were born in the 1800s, 1 and 2 for the 1900s and 3 and 4 for the 2000s. The regional codes are complicated so I’ll pass on that.

The check number is generated by a pattern. The following PHP code calculates it.

function get_check_no($s_no){
　unset($total);
　　
　for($i=0; $i<13; $i++){
　　$s_no[$i] = intval($s_no[$i]); // convert to integer
　}
　
　// calculate social security number
　$total = $s_no[0]*2 + $s_no[1]*3 + $s_no[2]*4 + $s_no[3]*5 + $s_no[4]*6 + $s_no[5]*7 + $s_no[6]*8 + $s_no[7]*9 + $s_no[8]*2 + $s_no[9]*3 + $s_no[10]*4 + $s_no[11]*5;
　$total = $total%11;
　$check_no = 11-$total;
　
　// if the value of the check number exceeds 9, divide by 10 and return remainder
　if($check_no>9){
　　$check_no = $check_no % 10;
　}
　
　return $check_no; // return result
}

So I created the bruteforcer by simply letting someone enter a hash, birthdate, and gender to get a general idea of what the SSN will look like. Then I simply incremented the leftover digits and calcultated the check numbers. I then hashed them and checked them with the entered hash value.

<?php
$b_year = $_POST['b_year'];
$b_month = $_POST['b_month'];
$b_day = $_POST['b_day'];
$gender = $_POST['gender'];
$s_no_hash_str = $_POST['s_no_hash_str'];
$hash_type = $_POST['hash_type'];
// error messages
if(!$b_year){
　echo “* Enter birth year<br />”;
}
if(!$b_month){
　echo “* Enter birth month<br />”;
}
if(!$b_day){
　echo “* Enter birth day<br />”;
}
if(!$gender){
　echo “* Select gender<br />”;
}
if(!$s_no_hash_str){
　echo “* Enter hashed SSN.<br />”;
}
if(!$hash_type){
　echo “* Select hash type<br />”;
}
// if everything is entered, start processing.
if($b_year && $b_month && $b_day && $gender && $hash_type && $s_no_hash_str){
// pad valued with 0
$b_year = str_pad($b_year, 4, ‘19′, STR_PAD_LEFT);
$b_month = str_pad($b_month, 2, ‘0′, STR_PAD_LEFT);
$b_day = str_pad($b_day, 2, ‘0′, STR_PAD_LEFT);
$b_year_det = substr($b_year,0,2);
$b_year = substr($b_year,2,2);
if($b_year_det == “18″){
　if($gender == “1″){
　　$gender = “9″;
　}
　else{
　　$gender = “0″;
　}
}
else if($b_year_det == “19″){
　if($gender == “1″){
　　$gender = “1″;
　}
　else{
　　$gender = “2″;
　}
}
else if($b_year_det == “20″){
　if($gender == “1″){
　　$gender = “3″;
　}
　else{
　　$gender = “4″;
　}
}
// loop misc
for($misc=0;$misc<=99999;$misc++){
　// pad misc
　$misc = str_pad($misc, 5, ‘0′, STR_PAD_LEFT); // pad left with 0’s
　
　// merge valued to form actual s s no
　$s_no_1 = $b_year.$b_month.$b_day;
　$s_no_2 = $gender.$misc;
　
　// get full number including check number
　$s_no_string = $s_no_1.$s_no_2.get_check_no($s_no_1.$s_no_2);
　
　// select hash type and convert
　if($hash_type == “md5″){
　　$s_no_hash = md5($s_no_string);
　}
　else if($hash_type == “sha1″){
　　$s_no_hash = sha1($s_no_string);
　}
　// if the hash matches the processed, return the value and break loop
　if($s_no_hash == $s_no_hash_str){
　　echo ”
　　Done: “.$s_no_string.”(”.$s_no_hash.”)
　　<script type=\”text/javascript\”>
　
　　<!–
　　document.getElementById(’result’).innerHTML = ‘”.$s_no_string.”‘;
　　//–>
　　</script>
　　”;
　　break;
　}
　// if not… just print current value and continue
　else{
　　echo “Processing: “.$s_no_string.”(”.$s_no_hash.”)<br />”;
　}
}
}
?>

I made another program under my friend’s request for it. It’s a RapidShare.com link checker. It checks if links are dead or not then adds up the filesizes. It’s a very simple PHP script. It basically works by opening each HTML document, searching for the string with the memory, storing them into an array, then adding them up. If a filesize is not found, it classified the link as DEAD. It’s a very simple and could use more security like checking if the link is a rapidshare link before opening it and so forth.

Source Code:

<?php
$links = $_POST['links']; // get links from POST
$links = explode(”\n”,$_POST['links']); // explode links
$z = 0;
$filesize = array(); // define array
while($z <= count($links) -1){ // while $z is smaller than the number of links
　$html = $links[$z]; // store link into var
　$html = @file_get_contents($html); // get contents of link
　preg_match(”/\(<b>(.*)<\/b> KB\)/i”,$html,$matches); // pregmatch to get the filesize
　$filesize[$z] = $matches[1]; // store filesize in array
　if(!$filesize[$z]){ // if filesize doesn’t exist
　　$filesize[$z] = 0; // define as zero
　　$links[$z] = $links[$z].” DEAD”; // define as DEAD
　}
　$z++;
}
$filesize[total] = array_sum($filesize); // add all filesized
$filesize[unit] = “KB”; // default unit is KB
if($filesize[total] >= 1024){ // If is more than 1024 KB
　$filesize[total] /= 1024; // divide value with 1024
　$filesize[unit] = “MB”; // define as MB
　if($filesize[total] >= 1024){ // if value it bigger than 1024 again
　　$filesize[total] /= 1024; // divide by 1024 again
　　$filesize[unit] = “GB”; // and define as GB
　}
}
?>
…
<?php
$i = 0;
while($i <= count($links) -1){ // while $i is smaller than the number of links
　 echo $links[$i].” (<b>”.$filesize[$i].”</b>)<br />”; // print them
　 $i++;
}
echo “<b>Total</b>: “.round($filesize[total],2).$filesize[unit]; // print total filesize
?>

I’m releasing my old FLV downloader source. It’s pretty out-dated and doesn’t work at all, but you can look at it and make modifications so that it does. The source is really messy which is one of the reasons I decided to remake it into what I have up now (http://video.flixey.com)

The source is as it was when I used it except I removed my hosting details, adsense, and analytics sources. Don’t hesitate to ask or comment through the guestbook or by just commenting on this post.

Info

• Programming languages used: PHP, Javascript
• PHP Classes used: PEAR HTTP
• Languages available: Korean, Japanese, French, German, English, Polish, Chinese
• Requirements
• Server must support PHP
• Server must support MySQL, or delete the DB related sources
• Server must have URL fopen enabled
• Once again: it won’t work out of the box

Download 1

Download 2

The FLV video downloader I designed was written in PHP and some Javascript on the client side. So you’ll need to know a bit of PHP to understand how this works. It’s actually very simple, all you do is get the source from YouTube and then parse it so only the address of the .flv file is left. The following script locates the download URL and returns it. This is the core to any downloader (it’s the same concept for even Google Video downloaders and so on).

<?php
function get_video_url($id){
$url = "http://youtube.com/watch?v=".$id;
if ($contents = @file_get_contents($url)) {
if (preg_match('/video_id=\S+&.+&t=.+&f/i', $contents, $match)) {
$vars = $match[0];
$url = “http://www.youtube.com/get_video?”.$vars;
return $url;
}
}
}
?>

Line by Line Analysis

This line by line analysis of the code above should help you understand the script better.

function get_video_url($id){

This line declares a function (a repetitively usable operation) called get_video_url() so we can use it easily and efficiently. The $id is the video id from YouTube and would be a submitted value, something like FzRH3iTQPrk.

$url = "http://youtube.com/watch?v=".$id;

This line stores the youtube url will the video id in the variable $url.

if ($contents = @file_get_contents($url)) {

This line of code stored the HTML code of the YouTube page ($url) by using the file_get_contents()
function (note that some hosting services may have disabled the function). The line below it will only be executed if $contents is not empty since the if() operator is controlling it.

if (preg_match('/video_id=\S+&.+&t=.+&f/i', $contents, $match)) {

This is the core of the whole thing. It finds the required
information to get the video URL from the source code by searching the HTML code with regular expressions using the preg_match() function. This function uses regular expressions to find patterns in a variable (in this case $html) and puts the results as arrays into another variabe (in this case $match).

$vars = $match[0];

This line stores the needed information from the array $match[0] (which is the first item) into the $vars variable.

$url = "http://www.youtube.com/get_video?".$vars;

This line finally puts the information together to get the full video URL. It’s quite simple, it’s just combining the found information and http://www.youtube.com/get_video together.

return $url;

This line just returns the $url variable so we can use it later. The function can then be used by doing something like this:

echo get_video_url($url);

The rest is just closing the function and the if() operator. Try to look the function up in the PHP manual (they’re linked above).

Tips

If you want to make a downloader for other sites, try using this method:

1. Get the firefox plugin: tamper data
2. Go to the site with tamper data open and see what requests come in.
3. Look for an xml page or an flv file.
4. Look for a pattern and see how you could automate this.
5. Write a script for it.