What Is JAV.GURU Using as Their Server Button

[momomesh]

hi guys,

I came across JAV.GURU, they're prominent Japanese adult site,
I found that they're using some kind of code to mask their embed links from DMCA bots,

anyone know what plugin are they using or is it a custom code?
if you can provide me with the service kindly post or pm me please~

Thanks

 

[Hyperz]

i bet jav.guru saw this thread and update his code, lol
it output

໒( . ͡° ͟ʖ ͡° . )७┌∩┐

It's still the same if you follow my steps. That link is probably just dead. Make sure you set a referer header because they check if the request came from jav.guru.

 

[xd12345]

It's still the same if you follow my steps. That link is probably just dead. Make sure you set a referer header because they check if the request came from jav.guru.

i'll check it later.
but doing f12 then network is much easier the source will show up there. btw, do you know how to bypass the debugger tool? javhdporn seem good to prevent people doing dev tools in their site.

 

[Hyperz]

For one link yes, but if you want to do lots of them then your best bet is to implement it in code.

btw, do you know how to bypass the debugger tool?

Try disabling breakpoints in the debugger.

 

[xd12345]

those things wont work, it redirects the iframe into black.html if you do those things.

 

[Hyperz]

I can't test right now because video.javhdporn.net keeps throwing 502's at the moment, but I don't recall having any issues debugging it in Firefox with breakpoints disabled.

 

[xd12345]

@Hyperz

I just tried it on Mozilla and its working, I also got the iframe link with it.
Thanks! You're awesome.

 

[darkestblue]

super easy per script, no headers needed
example is powershell

#powershell
function split_between($text,$from,$till) {
     return ((($text -split $from )[1]) -split $till)[0]
}


function base64_encode($str)
{
    return [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($str))
}

$link = "https://jav.guru/134363/ebod-802-when-will-these-crushes-be-requited-4-platonic-friends-2-girls-2-guys-watch-a-porno-together-and-get-so-horny-that-they-finally-break-the-ice-with-an-orgy-yukine-amasawa-rino-aisaka/"

$a = Invoke-RestMethod $link

$link2 = split_between $a 'iframe_url":"' '"'

$link2 = base64_encode $link2

$a2 = Invoke-RestMethod $link2

$OLID = split_between $a2 "var OLID = '" "'"
#reverse the $OLID (123->321)
$OLID =  $OLID[-1..-$OLID.Length] -join ''

$link3 = 'https://jav.guru/search' + (split_between $a2 'src="https://jav.guru/search' "'") + $OLID


$a3 = Invoke-WebRequest $link3

#the stream hoster embed url
write-host $a3.BaseResponse.RequestMessage.RequestUri

 

[xd12345]

@darkestblue
hyperz already did that on previous post, why don't u try javhdporn which is harder to do?

 

[darkestblue]

@darkestblue
hyperz already did that on previous post, why don't u try javhdporn which is harder to do?

have fun do it per hand one by one like a caveman xD

 

[xd12345]

have fun do it per hand one by one like a caveman xD

I think this is some sort an insult and I hardly understand, try to reconstruct it again.

And I think I should've praise you with your script, since you write to get some praise. I'll do it next time if you do javhdporn.

 

[darkestblue]

I think this is some sort an insult and I hardly understand, try to reconstruct it again.

And I think I should've praise you with your script, since you write to get some praise. I'll do it next time if you do javhdporn.

why you dont try it yourself

 

[xd12345]

You see, I can't and I'm not as good as you or Hyperz.
I also don't scrape links from those 2 site, I join the conversation to satiate my curiosity,
if hiding the source file is really worth it. And as you can see I can just f12>network it.

Can you tell me why would you say "super easy per script, no headers needed"? I'm pretty sure you're already aware that hyperz provided the tutorial on how to decode it?

 

[darkestblue]

You see, I can't and I'm not as good as you or Hyperz.
I also don't scrape links from those 2 site, I join the conversation to satiate my curiosity,
if hiding the source file is really worth it. And as you can see I can just f12>network it.

Can you tell me why would you say "super easy per script, no headers needed"? I'm pretty sure you're already aware that hyperz provided the tutorial on how to decode it?

i am aware that you dont know what you are talking about xD
over and out

 

[xd12345]

can you elaborate?

 

[Hyperz]

It might have been the other site that checks referer. Regardless, you should always add a referer header if you don't want your code to randomly break. And again, using string splitting bad practice for the same reason. Might as well write a regex at that point.

i am aware that you dont know what you are talking about xD
over and out

No need to get all pretentious.

 

[NinjaStream]

Blob just means it's using HLS (DRM). It's setting the source/iframe here:

jQuery(".responsive-player").css("background","url(https://img.javhdporn.net/wp-content/uploads/2020/09/390jac-059.jpg");  
jQuery(".responsive-player").css("background-size","cover");  
jQuery(".responsive-player").append('<div class="play-button button"></div>');
jQuery('.play-button').click(function(){
    jQuery('.play-button').remove();      
    jQuery(".wps-iframe-loader").show();
    playerimg = false;
    console.log(element);
    jQuery(".responsive-player").append('<iframe src="" id="playeriframe" frameborder="0" width="640" height="360" scrolling="no" allowfullscreen></iframe>');
    if (playerimg) {
        displayblob('KhjhtBA+5hObXJZ3xWLZTIvqEYVWHbKyJzeX78iuW58vf7E8lxdc8sr+qzSiHlbASizQKAkVJC4=', '161214');
        if (window.location.host.indexOf('localhost') == -1) {
            gtag('event', 'load-dev', {'event_category' : 'Load-iframe'});
        }
    } else {
        displayblob('BymKthIh+Um1XJo0/W3RT7PbZppvKMj3JDeH7efaIJUUTug6lkxZ8/LbknOYa13dTjPUJQoDSCpK6FcF3oJuLHo4NlyJNcH74H60TbmgN5sm9unbZraACJhypMIvgIXl9SZWFgZjt1aDT1pJSsoNEPaHO67YtB06AmYek4RqmPfgzfnOfr2TA8f92Jzr7wW6e2CsGzwRmVysdtdg6MP5JWiYB46I7DxRMshCbPU5CZ7FZSBuFBJiM0sp5+m/QBcL5gupVg==', '161214');
    }
    if (window.location.host.indexOf('localhost') == -1) {
                                        gtag('event', 'load-bv', {'event_category' : 'Load-iframe'});
                                }
});
jQuery("#playeriframe").on("load", function() {
    jQuery(".wps-iframe-loader").hide();
});

So you can see displayblob where it derives either the iframe code or source URL:

function displayblob(_0x8ed052, _0x7e857f = a0_0x1f17('0x3d')) {
    var _0x14d1f2 = {
        'WoKlb': function (_0x2bb21e) {
            return _0x2bb21e();
        },
        'kIDZW': a0_0x1f17('0x14'),
        'IriNZ': function (_0xf03835, _0x280ecd) {
            return _0xf03835(_0x280ecd);
        },
        'HmqBA': function (_0x3a0445, _0x480707) {
            return _0x3a0445 + _0x480707;
        },
        'kZNaO': '_0x583715',
        'jEcBo': function (_0x457515, _0x5d426d) {
            return _0x457515 < _0x5d426d;
        },
        'zUUVn': function (_0x5ea7ea, _0x4b15a6) {
            return _0x5ea7ea === _0x4b15a6;
        },
        'FxbuE': 'jkZYC',
        'AGBkS': a0_0x1f17('0x37'),
        'gWSTD': function (_0x5457d8, _0xdbcf39) {
            return _0x5457d8 + _0xdbcf39;
        },
        'jqrYL': function (_0x3238ed, _0xa21abf) {
            return _0x3238ed % _0xa21abf;
        },
        'HYtJF': a0_0x1f17('0x1d'),
        'VZWir': function (_0x44e232, _0x3a978f) {
            return _0x44e232 % _0x3a978f;
        },
        'npuAr': function (_0x44c246, _0x414805) {
            return _0x44c246 + _0x414805;
        },
        'jssjX': function (_0x302d51, _0x5b5616) {
            return _0x302d51 % _0x5b5616;
        },
        'RAIwz': function (_0x344e87, _0x12aa23) {
            return _0x344e87 !== _0x12aa23;
        },
        'MauvI': a0_0x1f17('0x32'),
        'KdvKb': a0_0x1f17('0x3'),
        'eWyjO': a0_0x1f17('0xa'),
        'ZMNUl': a0_0x1f17('0x15'),
        'fzxGc': a0_0x1f17('0x9'),
        'eQArp': '<script type=\"text/javascript\">location.href=\"',
        'BFDzU': a0_0x1f17('0x19')
    };

    function _0x5ab9f1(_0x2916b3, _0x4ddc36) {
        var _0x4d9578 = {
            'HdWvf': _0x14d1f2[a0_0x1f17('0x2e')]
        };
        var _0x2269fb = _0x14d1f2['IriNZ'](btoa, _0x14d1f2[a0_0x1f17('0x1c')](_0x2916b3, _0x14d1f2['kZNaO']))['split']('')[a0_0x1f17('0x47')]()[a0_0x1f17('0x43')]('');
        var _0x57cf15 = [],
            _0x5decc2 = 0x0,
            _0x13a34a, _0x298cb0 = '';
        for (var _0x37c59f = 0x0; _0x14d1f2[a0_0x1f17('0x41')](_0x37c59f, 0x100); _0x37c59f++) {
            if (_0x14d1f2[a0_0x1f17('0x49')](_0x14d1f2['FxbuE'], _0x14d1f2[a0_0x1f17('0x2f')])) {
                var _0x4e9484 = function () {
                    var _0x45c0d4 = _0x4e9484['constructor'](WfulYB['HdWvf'])()[a0_0x1f17('0x3f')](a0_0x1f17('0x7'));
                    return !_0x45c0d4[a0_0x1f17('0x17')](a0_0x21ab66);
                };
                return ssuuHS[a0_0x1f17('0x21')](_0x4e9484);
            } else {
                _0x57cf15[_0x37c59f] = _0x37c59f;
            }
        }
        for (_0x37c59f = 0x0; _0x14d1f2[a0_0x1f17('0x41')](_0x37c59f, 0x100); _0x37c59f++) {
            _0x5decc2 = _0x14d1f2['gWSTD'](_0x5decc2 + _0x57cf15[_0x37c59f], _0x2269fb[a0_0x1f17('0x11')](_0x14d1f2['jqrYL'](_0x37c59f, _0x2269fb['length']))) % 0x100;
            _0x13a34a = _0x57cf15[_0x37c59f];
            _0x57cf15[_0x37c59f] = _0x57cf15[_0x5decc2];
            _0x57cf15[_0x5decc2] = _0x13a34a;
        }
        _0x37c59f = 0x0;
        _0x5decc2 = 0x0;
        var _0x39c8ac = _0x14d1f2['IriNZ'](atob, _0x4ddc36);
        for (var _0x32806b = 0x0; _0x14d1f2[a0_0x1f17('0x41')](_0x32806b, _0x39c8ac[a0_0x1f17('0xb')]); _0x32806b++) {
            var _0x1007b1 = _0x14d1f2['HYtJF']['split']('|');
            var _0x42b67a = 0x0;
            while (!![]) {
                switch (_0x1007b1[_0x42b67a++]) {
                case '0':
                    _0x57cf15[_0x5decc2] = _0x13a34a;
                    continue;
                case '1':
                    _0x37c59f = _0x14d1f2['VZWir'](_0x14d1f2[a0_0x1f17('0x2c')](_0x37c59f, 0x1), 0x100);
                    continue;
                case '2':
                    _0x13a34a = _0x57cf15[_0x37c59f];
                    continue;
                case '3':
                    _0x57cf15[_0x37c59f] = _0x57cf15[_0x5decc2];
                    continue;
                case '4':
                    _0x5decc2 = _0x14d1f2[a0_0x1f17('0x2d')](_0x5decc2, _0x57cf15[_0x37c59f]) % 0x100;
                    continue;
                case '5':
                    _0x298cb0 += String[a0_0x1f17('0xf')](_0x39c8ac[a0_0x1f17('0x11')](_0x32806b) ^ _0x57cf15[_0x14d1f2['jssjX'](_0x14d1f2[a0_0x1f17('0x2d')](_0x57cf15[_0x37c59f], _0x57cf15[_0x5decc2]), 0x100)]);
                    continue;
                }
                break;
            }
        }
        return atob(_0x298cb0);
    }

    function _0x437bce(_0xec5e9e) {
        if (_0x14d1f2[a0_0x1f17('0xe')](_0x14d1f2[a0_0x1f17('0x45')], a0_0x1f17('0x24'))) {
            _0xec5e9e = new Blob([''], {
                'type': _0x14d1f2[a0_0x1f17('0x13')]
            });
            return URL['createObjectURL'](_0xec5e9e);
        } else {
            if (fn) {
                var _0x3a6ff1 = fn['apply'](context, arguments);
                fn = null;
                return _0x3a6ff1;
            }
        }
    }
    wrapperURL = _0x14d1f2['IriNZ'](_0x437bce, window[a0_0x1f17('0x28')][a0_0x1f17('0x40')]);
    document[a0_0x1f17('0x5')](_0x14d1f2[a0_0x1f17('0x12')])[a0_0x1f17('0x3c')] = wrapperURL;
    wrapper = document[a0_0x1f17('0x5')](_0x14d1f2[a0_0x1f17('0x12')])[_0x14d1f2['ZMNUl']][_0x14d1f2[a0_0x1f17('0x3a')]];
    val = '<style>html{opacity: 0;}>}</style>';
    txt1 = _0x14d1f2['eQArp'];
    txt2 = _0x14d1f2[a0_0x1f17('0x2')];
    val += _0x14d1f2[a0_0x1f17('0x2d')](txt1 + _0x5ab9f1(_0x7e857f, _0x8ed052), txt2);
    wrapper['open']();
    wrapper[a0_0x1f17('0x44')](val);
    wrapper[a0_0x1f17('0x36')]();
}

Reverse engineering it should be p straight forward, albeit tedious and time consuming. It's of no use to me personally so I'm not gonna spend a couple of hours on it. At any rate, the real iframe URL for that specific page is https://video.javhdporn.net/player.php?playerid=Pbc2VydmVyPXN0cmVhbXNiJnVybD1odHRwcyUzQSUyRiUyRnN0cmVhbXNiLm5ldCUyRmVtYmVkLXZmNWZxZ2pyN2hmci5odG1s&b=10. The playlist for the video (HLS stream) on there is video.javhdporn.net/stream/?vid=vmDZtFsMQXF1NpLoDISCNz4i3LCDVxapLsB1Z01jj-LDZSXJhdQ1eoS2xiEtcKb9Zk0bI_2BBUA8ZeyuOa2Ipzc6C75ox7qrTDFFU9uwx3wG0A2Kregp8PV5Qri0wMqynPNH0HgSpbakh6FR7Bnxgo1tUGJuoUwBbjCFDu2dS4Kcgza6EoYnVfiChyWOmg. You can use something like ffmpeg to turn in back into an MP4.

I remember that site. They used to extract our direct link and then play it without using our own player. I had to contact the video file's owner and add extra protection to our url.

 

[luci787]

super easy per script, no headers needed
example is powershell

#powershell
function split_between($text,$from,$till) {
     return ((($text -split $from )[1]) -split $till)[0]
}


function base64_encode($str)
{
    return [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($str))
}

$link = "https://jav.guru/134363/ebod-802-when-will-these-crushes-be-requited-4-platonic-friends-2-girls-2-guys-watch-a-porno-together-and-get-so-horny-that-they-finally-break-the-ice-with-an-orgy-yukine-amasawa-rino-aisaka/"

$a = Invoke-RestMethod $link

$link2 = split_between $a 'iframe_url":"' '"'

$link2 = base64_encode $link2

$a2 = Invoke-RestMethod $link2

$OLID = split_between $a2 "var OLID = '" "'"
#reverse the $OLID (123->321)
$OLID =  $OLID[-1..-$OLID.Length] -join ''

$link3 = 'https://jav.guru/search' + (split_between $a2 'src="https://jav.guru/search' "'") + $OLID


$a3 = Invoke-WebRequest $link3

#the stream hoster embed url
write-host $a3.BaseResponse.RequestMessage.RequestUri

Is it possible to do it bulk?
And write the result to txt file (the stream hoster embed url)

Say link2 is already known and kept in txt file (BULK)
Take the input from txt file, and base64 decode, reverse, then link3 - embed link output

$link2 = base64_encode $link2

$a2 = Invoke-RestMethod $link2

$OLID = split_between $a2 "var OLID = '" "'"
#reverse the $OLID (123->321)
$OLID = $OLID[-1..-$OLID.Length] -join ''

$link3 = 'https://jav.guru/search' + (split_between $a2 'src="https://jav.guru/search' "'") + $OLID


$a3 = Invoke-WebRequest $link3

#the stream hoster embed url
write-host $a3.BaseResponse.RequestMessage.RequestUri

 

[darkestblue]

it would something like this, but it will not work with the old code because jav.guru added new protection. maybe i take a look if i get bored the next time

$file_in = "C:\Users\Admin\Desktop\temp\test_in.txt"
$file_out = "C:\Users\Admin\Desktop\temp\test_out.txt"

Get-Content -Path $file_in | % {
    $link2 = $_

    #do work
    #do work
    #do work

    $a3.BaseResponse.RequestMessage.RequestUri | Add-Content -Path $file_out
}

 

[momomesh]

Thanks for all the details guys, are the codes above in PHP?

 

[momomesh]

WOW went off for awhile and came back, this thread is GOLD now!