I am planning to create video downloader plugin.So basically we need signatures to download an video file from youtube.I referred other working plugins..They convert the signature to some format.
Basically orginal signature in youtube page source is
BBB4D55F9CF4387F77958A6960CA96708C73AB59B.037D413F53291E957891898307BBF1C41B6037D77D7
Plugins convert the above signature to below signature.
BB4D55F9CF4787F77958A6960CA96708C73AB59B.037D413F53291E957891898307BBF1C41B6037D3
I want to know is these some kind of hash ? has any one came across similar hash ?
Secret of Cipher Signature code:
Ciphered signature in Youtube are just 'scrambled' signature that you have to rearrange them according to the Algorithm present in the player file (HTML5 player or Flash player).
For example http://www.youtube.com/watch?v=UxxajLWwzqY is presently using the following HTML5 player file : //s.ytimg.com/yts/jsbin/html5player-vfltdb6U3.js
in this file you can easily search for signature decipher code by searching for 'sig'. Here in this case the Algo is:
function bz(a) {
a = a.split("");
a = cz(a, 61);
a = cz(a, 5);
a = a.reverse();
a = a.slice(2);
a = cz(a, 69);
a = a.slice(2);
a = a.reverse();
return a.join("")
}
function cz(a, b) {
var c = a[0];
a[0] = a[b % a.length];
a[b] = c;
return a
};
Above is the deciphering code.
But be aware, it keeps on changing when they change the player file, so you have to keep a tap on the player file being used.
Also to download videos with cipher signature you have to take care of the sending the same cookies, using the same user-agent header, sending the request from the same IP address, and sending the request shortly after extraction. All these are or were required at some point
For more check this API: Cipher API
Another cool API: YTstream API
you can follow on github the youtube-dl python application: it's the best small command-line program to download video that i've found so far, with a great team behind. More specifically, you can visit the youtube-script , in order to grab the latest working decyphering algorithm.
Have fun :)
now a days you can easily create your own youtube downloader via youtube-dl. It also support more than youtube.
I also made a tutorial on how to do this. You can read more about that here
Related
I am making a board where users can post text, photo, and YouTube video link
I am trying to generate embed url from different types of YouTube urls that user copy and paste.
thanks Stackoverflow gods, I almost got it but not 100%
my js regex for ajax call to api
const ytRegex = /^(https?\:\/\/)?(www\.)?(youtube\.com|youtu\.?be)\/.+$/
...
let video = $('#post-video').val();
if (ytRegex.test(video)) {
video = $('#post-video').val();
} else {
video = 0;
}
...
my python regex
video_receive = request.form['video_give']
video_id1 = re.findall("(https?\:\/\/)?(www\.)?(youtube\.com)\/.+$", video_receive)
video_id2 = re.findall("(https?\:\/\/)?(www\.)?(youtu\.?be)\/.+$", video_receive)
video_id3 = re.findall("(https?\:\/\/)?(www\.)?(youtube\.com)\/(shorts).+$", video_receive)
if video_id1 :
link = video_receive.split("=")[1]
embed = "https://www.youtube.com/embed/"
video = embed + link
elif video_id2:
link = video_receive.split("/")[3]
embed = "https://www.youtube.com/embed/"
video = embed + link
elif video_id3:
link = video_receive.split("/")[4]
embed = "https://www.youtube.com/embed/"
video = embed + link
else:
video = 1
I am targetting 3 example types of yt urls with variables video_id#
https://www.youtube.com/watch?v=bjkVUaFhwno
https://youtu.be/BEkxOupf9Zc
https://youtube.com/shorts/UZsysDAUHAY?feature=share
1 is for desktop share url for yt video and yt shorts
2 is mobile share url for yt video
3 is mobile share url for yt shorts
In my python code,
if video_id1 & elif video_id2 works fine but problem arise after I added elif video_id3
when I test with https://youtube.com/shorts/UZsysDAUHAY?feature=share
my code stores https://www.youtube.com/embed/share into db
It seems like if video_id1 is working on video_id3 format. I assume this because the testing url has = before share and if video_id1 has .split("=") condition.
when I delete ?feature=share from the testing url, my web page give me error(POST...500 (INTERNAL SERVER ERROR)) not even submitting to db due to ajax call error. but works with original testing url.
Please advise me where I am getting wrong with yt shorts url.
The regex you use for the first pattern will also match your shorts urls, simply just check for pattern 3 first.
I am trying to understand how to implement a minimal basic Public-key signature example based on the demo located here, using pure javascript.
My research has not yielded a simple javascript example that I can use to understand its inner workings, and the documentation is over my head at the moment.
I tried looking at the source code of the demo, but it is not revealing its secrets.
The library's examples does not have an example for this either.
Cryptography is something very new to me, so any baseline example of how to create their Public-key example with pure javascript in node.js would be greatly appreciated!
Pseudocode-ish:
const nacl = require('tweetnacl')
let message = "This is my unencrypted message"
let naclPair = nacl.sign.keyPair()
let signedMessage = nacl.sign(message, naclPair.secretKey)
let decrypted = nacl.sign.open(signedMessage, naclPair.publicKey) // is this right?
console.log(decrypted) // should this print the decrypted message?
As a side note, I'm more familiar with node.js require, than I am with ES6 import, if that has any bearing on answers here and could help demonstrate how to use this library.
TweetNaCl.js is a port to JavaScript of TweetNaCl. TweetNacl in turn is a compact implementation of NaCl, which provides various encryption and signature algorithms essentially based on Curve25519. There are NaCl-compatible implementations or wrappers for many platforms, so that any of these documentations can be used for an introduction, e.g. the clear documentation of the Libsodium fork.
The documentation of TweetNaCl.js also gives a short overview of the functionality: nacl.sign(message, secretKey) creates a signed message consisting of the 64 bytes signature with attached message. nacl.sign.open(signedMessage, publicKey) verifies the message using the signature and returns the message if verification is successful. The algorithm used for signing is Ed25519.
As already noted in the comments, you do not distinguish clearly between encryption (purpose: secrecy) and signing (purpose: authentication / integrity). In particular, secrecy of the message is not the purpose of signing. This becomes apparent e.g. when the return of nacl.sign() contains the unencrypted message (see code snippet below). However, it is true that encryption with the private key is performed during signing (but not for the purpose of keeping it secret).
The following implementation is a pure JavaScript implementation:
var keyPair = nacl.sign.keyPair();
var secretKey = keyPair.secretKey;
var publicKey = keyPair.publicKey;
var msgStr = "The quick brown fox jumps over the lazy dog";
var msg = nacl.util.decodeUTF8(msgStr);
var signature = nacl.sign(msg, secretKey);
var signatureB64 = nacl.util.encodeBase64(signature);
console.log(signatureB64.replace(/(.{64})/g,'$1\n')); // Display signature plus message (Base64 encoded)
var signatureMsgPart = signature.slice(64);
console.log(nacl.util.encodeUTF8(signatureMsgPart)); // Display message from nacl.sign() return value: signing is not for encryption!
var verifiedMsg = nacl.sign.open(signature, publicKey);
console.log(nacl.util.encodeUTF8(verifiedMsg)); // Display message after successfull verification
<script src="https://cdn.jsdelivr.net/npm/tweetnacl-util#0.15.0/nacl-util.min.js"></script>
<script src="https://cdn.jsdelivr.net/npm/tweetnacl#1.0.1/nacl.min.js"></script>
and applies the package tweetnacl-util-js for encoding.
By the way, in the implementation you posted only the Utf8 encoding/decoding was missing:
let message = "This is my unencrypted message"
let naclPair = nacl.sign.keyPair()
let signedMessage = nacl.sign(nacl.util.decodeUTF8(message), naclPair.secretKey)
let decrypted = nacl.sign.open(signedMessage, naclPair.publicKey) // is this right? -> Yes
console.log(nacl.util.encodeUTF8(decrypted)) // should this print the decrypted message? -> Yes, but the 'verified' message is printed!
<script src="https://cdn.jsdelivr.net/npm/tweetnacl-util#0.15.0/nacl-util.min.js"></script>
<script src="https://cdn.jsdelivr.net/npm/tweetnacl#1.0.1/nacl.min.js"></script>
Please see the following links for public key encryption and symmetric encryption with TweetNaCl.js. This is about keeping a message secret.
By the way, using the example page(Public-key signatures) to test the code need to use nacl.sign.detached(message, secretKey) not nacl.sign(msg, secretKey) 😂
reference
TweetNaCl.js Public-key signatures example err
I'm working on a suitescript to integrate NetSuite with the Walmart Marketplace APIs. And, as the another OP here says it right their documentation pretty much says if you don't use Java you're on your own.
I'm looking for a way to do the same either in suitescript or javascript.
Instruction from Walmart's API documentation:
Sign the byte array representation of this data by:
Decoding the Base 64, PKCS-8 representation of your private key. Note that the key is encoded using PKCS-8. Libraries in various languages offer the ability to specify that the key is in this format and not in other conflicting formats such as PKCS-1. Use this byte representation of your key to sign the data using SHA-256 With RSA. Encode the resulting signature using Base 64.
And, a java code from their documentation to do the same:
public static String signData(String stringToBeSigned, String encodedPrivateKey) {
String signatureString = null;
try {
byte[] encodedKeyBytes = Base64.decodeBase64(encodedPrivateKey);
PKCS8EncodedKeySpec privSpec = new PKCS8EncodedKeySpec(encodedKeyBytes);
KeyFactory kf = KeyFactory.getInstance("RSA");
PrivateKey myPrivateKey = kf.generatePrivate(privSpec);
Signature signature = Signature.getInstance("SHA256withRSA");
signature.initSign(myPrivateKey);
byte[] data = stringToBeSigned.getBytes("UTF-8");
signature.update(data);
byte[] signedBytes = signature.sign();
signatureString = Base64.encodeBase64String(signedBytes);
} catch (Exception e) {
e.printStackTrace();
}
return signatureString;
}
For reference, here's the similar thing asked for dot net. Any help would be appreciated.
I tried developing a SAML connector in Javascript once and found several libraries that deal with different key file formats etc. I got fairly far along but the time to run some of the scripts was incredible (imagine trying to login but the process taking two minutes to decide your login was valid)
At that point I switched to an external system and managed the SSO with Netsuite's inbound SSO.
It doesn't look like things have improved that much with NS in the crypto department even with SS 2.0.
I'd tend to package this into two parts. Generate your files in Suitescript and pass them through a java based web service that handles the signing requirements. Minimizes the amount of Java you have to write and keeps your transaction extraction/formatting scripts under easy control.
I found a library (jsrsasign) that will do the Walmart signature from NetSuite server side in under 4 seconds! (Marketplace has gone to OAuth2, but I'm stuck with signing as a Drop Ship Vendor)
/**
*#NApiVersion 2.x
*#NScriptType ScheduledScript
*/
define(['N/log', 'N/https', '../lib/jsrsasign-master/jsrsasign-all-min'],
function(log, https) {
function execute(context) {
var pkcs8Der = {Your Walmart Private Key};
var pkcs8Pem = [
'-----BEGIN PRIVATE KEY-----',
pkcs8Der.match(/.{0,64}/g).join('\n'),
'-----END PRIVATE KEY-----'
].join('\n');
var tStamp = Date.now()
var stringToSign = [
tStamp,
{Your Walmart Comsumer Id},
{Request URL},
{Request Method (All Caps)}
].join('\n') + '\n';
var sig = new KJUR.crypto.Signature({"alg": "SHA256withRSA"});
sig.init(pkcs8Pem);
var sigVal = hextob64(sig.signString(stringToSign));
log.audit({title: 'Signature', details: sigVal});
log.audit({title: 'Timestamp', details: tStamp});
}
return {
execute: execute,
};
}
);
I had to add the following code to the jsrsasign-all-min.js library file for the Scheduled Script to load the module:
var navigator = {}, window = undefined;
I am trying to integrate SigWeb API into my application. I want to use the digital signature in all modern browsers. Now it works only in IE, using ActiveX object. The problem is that I can not use the encryption key.
Let me explain:
Old version js code looks like:
SigPlus1.AutoKeyStart();
SigPlus1.AutoKeyData = "Some Key Data";
SigPlus1.AutoKeyFinish();
SigPlus1.EncryptionMode = 2;
SigPlus1.SigCompressionMode = 1;
var strSignature = SigPlus1.SigString;
New version (using SigWebTablet.js):
AutoKeyStart();
SetAutoKeyData("Some Key Data");
AutoKeyFinish();
SetEncryptionMode(2);
SetSigCompressionMode(1);
var strSignature = GetSigString();
The value of strSignature is passed to the server and converted to .jpg file. On the server side (java) I am using following code:
ClassLoader firma = (com.topaz.sigplus.SigPlus.class).getClassLoader();
sigObj = (SigPlus)Beans.instantiate(firma, "com.topaz.sigplus.SigPlus");
sigObj.autoKeyStart();
sigObj.setAutoKeyData("Some Key Data"); // the same data in front-end
sigObj.autoKeyFinish();
sigObj.setEncryptionMode (2);
sigObj.setSigCompressionMode(1);
sigObj.setSigString(strSignature);
The problem in setSigString method - it doesn't set the new value (with the old code SigPlus1.SigString works), but if I disable setAutoKeyData - it works fine.
The tablet model: T-LBK766SE-BHSB-R
I have found a solution which works for me. Before signature capture it needs to reset the encryption mode, i.e. to call SetEncryptionMode(0)
UPD (05/03/2017). Guys from dev support recommended me to use AutoKeyAddData function instead AutoKeyStart and AutoKeyFinish functions. I have tested and it works for me. I think this better solution of this issue.
http://www.sigplusweb.com/sigwebtablet_autokeydemo.htm
I've been trying to get Authorization for Amazon's s3 rest api going. It's pretty damn complicated.
Because I'm trying to make a simple GET request from an admin page on my website, I'm just trying to do this through Javascript. Here are the instructions for constructing the Signature for the Authorization header:
Signature = Base64( HMAC-SHA1( YourSecretAccessKeyID, UTF-8-Encoding-Of( StringToSign ) ))
To keep us sane, they give us a few examples, with the following givens:
var AWSSecretAccessKey = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY,
StringToSign = 'GET\n\n\nTue, 27 Mar 2007 19:36:42 +0000\n/johnsmith/photos/puppy.jpg;'
The output for this in their docs is bWq2s1WEIj+Ydj0vQ697zp+IXMU=. Based on the following I am getting ZGVjNzNmNTE0MGU4OWQxYTg3NTg0M2MxZDM5NjIyZDI0MGQxZGY0ZQ==:
function encode_utf8(s) {
return unescape(encodeURIComponent(s));
}
I used code.google.com's CryptoJS.HmacSHA1 function for the SHA1 hashing. My final Signature function looks like this:
var signature = btoa( CryptoJS.HmacSHA1( aws_secret, encode_utf8( StringToSign) ) );
What is going wrong here???
I actually found the answer from an SO question with reference to google's older (2.0) CrytpoJs library. You need:
2.0.0-crypto-sha1.js
2.0.0-hmac-min.js
Then you create your signature as so:
Signature = btoa( Crypto.HMAC(Crypto.SHA1, encode_utf8(StringToSign), aws_secret, { asString: true }) )
I couldn't find a way to to get Strings instead of Bits in the new version.