What Is JAV.GURU Using as Their Server Button

[momomesh]

hi guys,

I came across JAV.GURU, they're prominent Japanese adult site,
I found that they're using some kind of code to mask their embed links from DMCA bots,

anyone know what plugin are they using or is it a custom code?
if you can provide me with the service kindly post or pm me please~

Thanks

 

[oneskystudio105]

jav guru is one of the most visited sites. Following nice info dude

 

[Hyperz]

Don't waste your time with this. It takes 5 minutes to figure out how to work around it: regex out these:

"iframe_url":"aHR0cHM6Ly9qYXYuZ3VydS9zZWFyY2gvP2JkPTA3MzNhN2U2Nzc3NjM2MTdmNmY2Njc3NmE2YjYwNyZiZz1odHRwcyUzQSUyRiUyRmphdi5ndXJ1JTJGd3AtY29udGVudCUyRnVwbG9hZHMlMkYyMDIwJTJGMTElMkZkYXNkNzY4cGwuanBnJiZiZz1odHRwcyUzQSUyRiUyRmphdi5ndXJ1JTJGd3AtY29udGVudCUyRnVwbG9hZHMlMkYyMDIwJTJGMTElMkZkYXNkNzY4cGwuanBn"

Base64 decode so you get this iframe source url:

https://jav.guru/search/?td=47433767539343c6a7463373d646e6e62627f6077716e6e6832737a677978603&bg=https%3A%2F%2Fjav.guru%2Fwp-content%2Fuploads%2F2020%2F11%2Fdasd768pl.jpg&&bg=https%3A%2F%2Fjav.guru%2Fwp-content%2Fuploads%2F2020%2F11%2Fdasd768pl.jpg

Parse out the td parameter so you get 47433767539343c6a7463373d646e6e62627f6077716e6e6832737a677978603

Reverse this value:

function decode(s) {
    var x = s.length;
    var decoded = "";
    while (x>=0) {
        decoded = decoded + s.charAt(x);
        x--;
    }
    return decoded;
}

So you get 306879776a7372386e6e6177706f72626e6e646d3733647a6c34393576733474. Now use it to make a request to
https://jav.guru/search/?tr=306879776a7372386e6e6177706f72626e6e646d3733647a6c34393576733474, which will redirect to the real url, which is https://dood.watch/e/y9y1wsxa3ed643pmp0evwg9vjbpd8ph in this case.

If it took me 5 minutes to bypass I'll let you guess how effective this is at stopping DMCA bots... If you want to get around DMCA's use a script that replaces links the second they get DMCA'd. There is no other way. At least none that wouldn't frustrate your users to the point of leaving the site.

 

[darkestblue]

Know-it-all mode:
s.split("").reverse().join("");

 

[momomesh]

Don't waste your time with this. It takes 5 minutes to figure out how to work around it: regex out these:

"iframe_url":"aHR0cHM6Ly9qYXYuZ3VydS9zZWFyY2gvP2JkPTA3MzNhN2U2Nzc3NjM2MTdmNmY2Njc3NmE2YjYwNyZiZz1odHRwcyUzQSUyRiUyRmphdi5ndXJ1JTJGd3AtY29udGVudCUyRnVwbG9hZHMlMkYyMDIwJTJGMTElMkZkYXNkNzY4cGwuanBnJiZiZz1odHRwcyUzQSUyRiUyRmphdi5ndXJ1JTJGd3AtY29udGVudCUyRnVwbG9hZHMlMkYyMDIwJTJGMTElMkZkYXNkNzY4cGwuanBn"

Base64 decode so you get this iframe source url:

https://jav.guru/search/?td=47433767539343c6a7463373d646e6e62627f6077716e6e6832737a677978603&bg=https%3A%2F%2Fjav.guru%2Fwp-content%2Fuploads%2F2020%2F11%2Fdasd768pl.jpg&&bg=https%3A%2F%2Fjav.guru%2Fwp-content%2Fuploads%2F2020%2F11%2Fdasd768pl.jpg

Parse out the td parameter so you get 47433767539343c6a7463373d646e6e62627f6077716e6e6832737a677978603

Reverse this value:

function decode(s) {
    var x = s.length;
    var decoded = "";
    while (x>=0) {
        decoded = decoded + s.charAt(x);
        x--;
    }
    return decoded;
}

So you get 306879776a7372386e6e6177706f72626e6e646d3733647a6c34393576733474. Now use it to make a request to
https://jav.guru/search/?tr=306879776a7372386e6e6177706f72626e6e646d3733647a6c34393576733474, which will redirect to the real url, which is https://dood.watch/e/y9y1wsxa3ed643pmp0evwg9vjbpd8ph in this case.

If it took me 5 minutes to bypass I'll let you guess how effective this is at stopping DMCA bots... If you want to get around DMCA's use a script that replaces links the second they get DMCA'd. There is no other way. At least none that wouldn't frustrate your users to the point of leaving the site.

you guys speak a foreign language to me just wanted to figure out what system is he using any keywords I can "google" to learn how to implement the system or codes on my site like "iframe call hidden" etc on google so I can read up on this? Thanks

 

[darkestblue]

you guys speak a foreign language to me just wanted to figure out what system is he using any keywords I can "google" to learn how to implement the system or codes on my site like "iframe call hidden" etc on google so I can read up on this? Thanks

i dont know if there is a public plugin for this or if this self coded from jav.guru developer.
but like Hyperz says and shows, this is 0 % DMCA bot protected. everyone who want to scrape this iframe link info, can do this without problem.

but without infos about your own website , i think its hard to help you

 

[momomesh]

i dont know if there is a public plugin for this or if this self coded from jav.guru developer.
but like Hyperz says and shows, this is 0 % DMCA bot protected. everyone who want to scrape this iframe link info, can do this without problem.

but without infos about your own website , i think its hard to help you

like what you said this is not DMCA bot proof, I'm guessing the DMCA people can just use a bot to follow the bee line, yep, I guess using a replacer tool is much more effective like "Stream Defence" that's been promoted here.

 

[darkestblue]

I'm guessing the DMCA people can just use a bot to follow the bee line

thats what we want to say. find a stream replacer tool that suit your needs, i cant help you with this

 

[momomesh]

you got any good tools that you can recommend? oops, you said you can't help in this department~ But really thank you for the kind reply!

 

[Hyperz]

Know-it-all mode:
s.split("").reverse().join("");

Well yeah... What I posted was their javascript. Otherwise I would've used python's s[::-1]

 

[darkestblue]

Well yeah... What I posted was their javascript. Otherwise I would've used python's s[::-1]

oh ok, i dont said anything.

 

[Hyperz]

like what you said this is not DMCA bot proof, I'm guessing the DMCA people can just use a bot to follow the bee line, yep, I guess using a replacer tool is much more effective like "Stream Defence" that's been promoted here.

They don't even have to do that. I'm pretty sure they crawl using full blown web browsers (puppeteer, selenium) so they don't even have to do anything. Just load the page like a user would and check the iframe or final request/redirect.

 

[luci787]

Might be some1 is selling plugin/script , as I have found some other sites too using the same process. I have asked the Admin too , No reply

 

[momomesh]

it would be a miracle if he'd reply you with the source.

 

[Hyperz]

Might be some1 is selling plugin/script , as I have found some other sites too using the same process. I have asked the Admin too , No reply

Like I said before, there is no reason to ever use something like this. It doesn't do anything except wasting server resources.

 

[javgg.eu]

Hi @Hyperz
can you please try to find the iframe for this one?
they are using blob as iframe source, quite difficult to find the var blob the script created.

Here's an example:

<iframe src="blob:https://www2.javhdporn.net/92e08d75-5220-4663-8b11-1c39bc79e8fe" id="playeriframe" frameborder="0" width="640" height="360" scrolling="no" allowfullscreen="" __idm_frm__="774" __idm_id__="484617217"></iframe>

source:

https://www2.javhdporn.net/video/390jac-059/

 

[Hyperz]

Blob just means it's using HLS (DRM). It's setting the source/iframe here:

jQuery(".responsive-player").css("background","url(https://img.javhdporn.net/wp-content/uploads/2020/09/390jac-059.jpg");   
jQuery(".responsive-player").css("background-size","cover");   
jQuery(".responsive-player").append('<div class="play-button button"></div>');
jQuery('.play-button').click(function(){
    jQuery('.play-button').remove();       
    jQuery(".wps-iframe-loader").show();
    playerimg = false;
    console.log(element);
    jQuery(".responsive-player").append('<iframe src="" id="playeriframe" frameborder="0" width="640" height="360" scrolling="no" allowfullscreen></iframe>');
    if (playerimg) {
        displayblob('KhjhtBA+5hObXJZ3xWLZTIvqEYVWHbKyJzeX78iuW58vf7E8lxdc8sr+qzSiHlbASizQKAkVJC4=', '161214');
        if (window.location.host.indexOf('localhost') == -1) {
            gtag('event', 'load-dev', {'event_category' : 'Load-iframe'});
        }
    } else {
        displayblob('BymKthIh+Um1XJo0/W3RT7PbZppvKMj3JDeH7efaIJUUTug6lkxZ8/LbknOYa13dTjPUJQoDSCpK6FcF3oJuLHo4NlyJNcH74H60TbmgN5sm9unbZraACJhypMIvgIXl9SZWFgZjt1aDT1pJSsoNEPaHO67YtB06AmYek4RqmPfgzfnOfr2TA8f92Jzr7wW6e2CsGzwRmVysdtdg6MP5JWiYB46I7DxRMshCbPU5CZ7FZSBuFBJiM0sp5+m/QBcL5gupVg==', '161214');
    }
    if (window.location.host.indexOf('localhost') == -1) {
                                        gtag('event', 'load-bv', {'event_category' : 'Load-iframe'});
                                }
});
jQuery("#playeriframe").on("load", function() {
    jQuery(".wps-iframe-loader").hide();
});

So you can see displayblob where it derives either the iframe code or source URL:

function displayblob(_0x8ed052, _0x7e857f = a0_0x1f17('0x3d')) {
    var _0x14d1f2 = {
        'WoKlb': function (_0x2bb21e) {
            return _0x2bb21e();
        },
        'kIDZW': a0_0x1f17('0x14'),
        'IriNZ': function (_0xf03835, _0x280ecd) {
            return _0xf03835(_0x280ecd);
        },
        'HmqBA': function (_0x3a0445, _0x480707) {
            return _0x3a0445 + _0x480707;
        },
        'kZNaO': '_0x583715',
        'jEcBo': function (_0x457515, _0x5d426d) {
            return _0x457515 < _0x5d426d;
        },
        'zUUVn': function (_0x5ea7ea, _0x4b15a6) {
            return _0x5ea7ea === _0x4b15a6;
        },
        'FxbuE': 'jkZYC',
        'AGBkS': a0_0x1f17('0x37'),
        'gWSTD': function (_0x5457d8, _0xdbcf39) {
            return _0x5457d8 + _0xdbcf39;
        },
        'jqrYL': function (_0x3238ed, _0xa21abf) {
            return _0x3238ed % _0xa21abf;
        },
        'HYtJF': a0_0x1f17('0x1d'),
        'VZWir': function (_0x44e232, _0x3a978f) {
            return _0x44e232 % _0x3a978f;
        },
        'npuAr': function (_0x44c246, _0x414805) {
            return _0x44c246 + _0x414805;
        },
        'jssjX': function (_0x302d51, _0x5b5616) {
            return _0x302d51 % _0x5b5616;
        },
        'RAIwz': function (_0x344e87, _0x12aa23) {
            return _0x344e87 !== _0x12aa23;
        },
        'MauvI': a0_0x1f17('0x32'),
        'KdvKb': a0_0x1f17('0x3'),
        'eWyjO': a0_0x1f17('0xa'),
        'ZMNUl': a0_0x1f17('0x15'),
        'fzxGc': a0_0x1f17('0x9'),
        'eQArp': '<script type=\"text/javascript\">location.href=\"',
        'BFDzU': a0_0x1f17('0x19')
    };

    function _0x5ab9f1(_0x2916b3, _0x4ddc36) {
        var _0x4d9578 = {
            'HdWvf': _0x14d1f2[a0_0x1f17('0x2e')]
        };
        var _0x2269fb = _0x14d1f2['IriNZ'](btoa, _0x14d1f2[a0_0x1f17('0x1c')](_0x2916b3, _0x14d1f2['kZNaO']))['split']('')[a0_0x1f17('0x47')]()[a0_0x1f17('0x43')]('');
        var _0x57cf15 = [],
            _0x5decc2 = 0x0,
            _0x13a34a, _0x298cb0 = '';
        for (var _0x37c59f = 0x0; _0x14d1f2[a0_0x1f17('0x41')](_0x37c59f, 0x100); _0x37c59f++) {
            if (_0x14d1f2[a0_0x1f17('0x49')](_0x14d1f2['FxbuE'], _0x14d1f2[a0_0x1f17('0x2f')])) {
                var _0x4e9484 = function () {
                    var _0x45c0d4 = _0x4e9484['constructor'](WfulYB['HdWvf'])()[a0_0x1f17('0x3f')](a0_0x1f17('0x7'));
                    return !_0x45c0d4[a0_0x1f17('0x17')](a0_0x21ab66);
                };
                return ssuuHS[a0_0x1f17('0x21')](_0x4e9484);
            } else {
                _0x57cf15[_0x37c59f] = _0x37c59f;
            }
        }
        for (_0x37c59f = 0x0; _0x14d1f2[a0_0x1f17('0x41')](_0x37c59f, 0x100); _0x37c59f++) {
            _0x5decc2 = _0x14d1f2['gWSTD'](_0x5decc2 + _0x57cf15[_0x37c59f], _0x2269fb[a0_0x1f17('0x11')](_0x14d1f2['jqrYL'](_0x37c59f, _0x2269fb['length']))) % 0x100;
            _0x13a34a = _0x57cf15[_0x37c59f];
            _0x57cf15[_0x37c59f] = _0x57cf15[_0x5decc2];
            _0x57cf15[_0x5decc2] = _0x13a34a;
        }
        _0x37c59f = 0x0;
        _0x5decc2 = 0x0;
        var _0x39c8ac = _0x14d1f2['IriNZ'](atob, _0x4ddc36);
        for (var _0x32806b = 0x0; _0x14d1f2[a0_0x1f17('0x41')](_0x32806b, _0x39c8ac[a0_0x1f17('0xb')]); _0x32806b++) {
            var _0x1007b1 = _0x14d1f2['HYtJF']['split']('|');
            var _0x42b67a = 0x0;
            while (!![]) {
                switch (_0x1007b1[_0x42b67a++]) {
                case '0':
                    _0x57cf15[_0x5decc2] = _0x13a34a;
                    continue;
                case '1':
                    _0x37c59f = _0x14d1f2['VZWir'](_0x14d1f2[a0_0x1f17('0x2c')](_0x37c59f, 0x1), 0x100);
                    continue;
                case '2':
                    _0x13a34a = _0x57cf15[_0x37c59f];
                    continue;
                case '3':
                    _0x57cf15[_0x37c59f] = _0x57cf15[_0x5decc2];
                    continue;
                case '4':
                    _0x5decc2 = _0x14d1f2[a0_0x1f17('0x2d')](_0x5decc2, _0x57cf15[_0x37c59f]) % 0x100;
                    continue;
                case '5':
                    _0x298cb0 += String[a0_0x1f17('0xf')](_0x39c8ac[a0_0x1f17('0x11')](_0x32806b) ^ _0x57cf15[_0x14d1f2['jssjX'](_0x14d1f2[a0_0x1f17('0x2d')](_0x57cf15[_0x37c59f], _0x57cf15[_0x5decc2]), 0x100)]);
                    continue;
                }
                break;
            }
        }
        return atob(_0x298cb0);
    }

    function _0x437bce(_0xec5e9e) {
        if (_0x14d1f2[a0_0x1f17('0xe')](_0x14d1f2[a0_0x1f17('0x45')], a0_0x1f17('0x24'))) {
            _0xec5e9e = new Blob([''], {
                'type': _0x14d1f2[a0_0x1f17('0x13')]
            });
            return URL['createObjectURL'](_0xec5e9e);
        } else {
            if (fn) {
                var _0x3a6ff1 = fn['apply'](context, arguments);
                fn = null;
                return _0x3a6ff1;
            }
        }
    }
    wrapperURL = _0x14d1f2['IriNZ'](_0x437bce, window[a0_0x1f17('0x28')][a0_0x1f17('0x40')]);
    document[a0_0x1f17('0x5')](_0x14d1f2[a0_0x1f17('0x12')])[a0_0x1f17('0x3c')] = wrapperURL;
    wrapper = document[a0_0x1f17('0x5')](_0x14d1f2[a0_0x1f17('0x12')])[_0x14d1f2['ZMNUl']][_0x14d1f2[a0_0x1f17('0x3a')]];
    val = '<style>html{opacity: 0;}>}</style>';
    txt1 = _0x14d1f2['eQArp'];
    txt2 = _0x14d1f2[a0_0x1f17('0x2')];
    val += _0x14d1f2[a0_0x1f17('0x2d')](txt1 + _0x5ab9f1(_0x7e857f, _0x8ed052), txt2);
    wrapper['open']();
    wrapper[a0_0x1f17('0x44')](val);
    wrapper[a0_0x1f17('0x36')]();
}

Reverse engineering it should be p straight forward, albeit tedious and time consuming. It's of no use to me personally so I'm not gonna spend a couple of hours on it. At any rate, the real iframe URL for that specific page is https://video.javhdporn.net/player.php?playerid=Pbc2VydmVyPXN0cmVhbXNiJnVybD1odHRwcyUzQSUyRiUyRnN0cmVhbXNiLm5ldCUyRmVtYmVkLXZmNWZxZ2pyN2hmci5odG1s&b=10. The playlist for the video (HLS stream) on there is video.javhdporn.net/stream/?vid=vmDZtFsMQXF1NpLoDISCNz4i3LCDVxapLsB1Z01jj-LDZSXJhdQ1eoS2xiEtcKb9Zk0bI_2BBUA8ZeyuOa2Ipzc6C75ox7qrTDFFU9uwx3wG0A2Kregp8PV5Qri0wMqynPNH0HgSpbakh6FR7Bnxgo1tUGJuoUwBbjCFDu2dS4Kcgza6EoYnVfiChyWOmg. You can use something like ffmpeg to turn in back into an MP4.

 

[javgg.eu]

thank you!
thats a lot of code just to hide the iframe source

 

[Hyperz]

It looks like a lot more code than it really is because it's using control flow obfuscation. For example the lookup table at the start of the function is just a map for values and wrapping basic operations like checking equality, greater/lesser than, addition, division, remainder, etc. You just have to go through it line by line and replace/rename until you end up with de-obfuscated/readable code.

 

[xd12345]

i bet jav.guru saw this thread and update his code, lol
it output

໒( . ͡° ͟ʖ ͡° . )७┌∩┐

Post automatically merged: Feb 16, 2021

anyway
you just need f12 -> network then you'd have your sources.
as for javhdporn is a bit tricky but there's still workaround all you need to do is stop it from loading the black.html or bypass the debugger tool.