Source of index.php
<?php
$Pdo = new PDO("mysql:host=10.0.0.43;dbname=tlkvc", "tlkvc", "n5FlonroZ0r9xqSR");
$Pdo->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$i = 0;
$Stmt = $Pdo->query("SELECT count(*) AS `count` FROM `serials` LIMIT 1");
if($Stmt->rowCount() == 1) {
$Result = $Stmt->fetch();
$i = $Result['count'];
}
$b = 0;
$Stmt = $Pdo->query("SELECT count(*) AS `count` FROM `serials` WHERE `status` = 0 LIMIT 1");
if($Stmt->rowCount() == 1) {
$Result = $Stmt->fetch();
$b = $Result['count'];
}
$u = 0;
$Stmt = $Pdo->query("SELECT count(*) AS `count` FROM `serials` WHERE `status` = 1 LIMIT 1");
if($Stmt->rowCount() == 1) {
$Result = $Stmt->fetch();
$u = $Result['count'];
}
?>
<html>
<head>
<title>XBLAPI KV Checker</title>
<link rel="shortcut icon" href="../_assets/img/favicon.png">
<link href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC" crossorigin="anonymous">
<!--<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"
integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u"
crossorigin="anonymous">-->
<link rel="stylesheet" href="https://unpkg.com/dropzone@5/dist/min/dropzone.min.css" type="text/css" />
<script src="https://code.jquery.com/jquery-3.1.1.min.js"
integrity="sha256-hVVnYaiADRTO2PzUGmuLJr8BLUSjGIZsDYGmIJLv2b8="
crossorigin="anonymous"></script>
<script src="https://cdn.jsdelivr.net/npm/[email protected]/dist/js/bootstrap.bundle.min.js" integrity="sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM" crossorigin="anonymous"></script>
<!--<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"
integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa"
crossorigin="anonymous"></script>-->
<script src="https://unpkg.com/dropzone@5/dist/min/dropzone.min.js"></script>
<script type="text/javascript" src="noty/packaged/jquery.noty.packaged.min.js"></script>
<script src="FileSaver.min.js"></script>
<script src="jszip.min.js"></script>
<style>
body, html {
margin: 0;
width: 100%;
height: 100%;
background: #E8E9EC;
}
#dropnmixtapes {
width: 100%;
height: 20em;
overflow-y: scroll;
border: 2px dashed #0087F7;
border-radius: 5px;
background: white;
}
.dz-default {
margin-top: 140px;
margin-left: 220px;
}
.counter {
position:fixed;
top: 10px;
left: 10px;
}
.footer {
position:fixed;
width: 100%;
bottom: 0;
height: 40px;
text-align: center;
background: #fff;
z-index:9999;
}
</style>
</head>
<body>
<div class="container h-100 d-flex justify-content-center align-items-center">
<div class="container">
<div class="row justify-content-center header-buttons">
<div class="col-md-8 mb-1 text-end">
<btn class="btn btn-info" onclick="downloadZip();">Download Zip</btn>
<btn class="btn btn-danger" onclick="Dropzone.forElement('#dropnmixtapes').removeAllFiles(true);unbanned = {};banned = {};$(this).parent().hide();">Clear Uploads</btn>
</div>
</div>
<div class="row justify-content-center">
<div class="col-md-8">
<form action="checkkv.php" id="dropnmixtapes" class="dropzone">
<div class="fallback">
<input name="file" type="file" multiple />
</div>
</form>
</div>
</div>
</div>
</div>
<div class="footer">
<h4>2017 - <?php echo date('Y'); ?> © XBLAPI | <a href="source.php">View Source</a></h4>
</div>
<div class="counter">
<h3>
<?php echo $i; ?> KV(s) Checked.
<br>
<?php echo $u; ?> Unbanned.
<br>
<?php echo $b; ?> Banned.
</h3>
</div>
<script>
$(function(){
$('#header-buttons').hide();
});
var unbanned = {}, banned = {}, failed = {};
function downloadZip(){
let zip = new JSZip();
let unbannedFolder = zip.folder("unbanned");
for (const [key, value] of Object.entries(unbanned)){
let serialFolder = unbannedFolder.folder(key);
serialFolder.file("KV-" + key + ".bin", atob(value), {binary: true});
}
let bannedFolder = zip.folder("banned");
for (const [key, value] of Object.entries(banned)){
let serialFolder = bannedFolder.folder(key);
serialFolder.file("KV-" + key + ".bin", atob(value), {binary: true});
}
let failedFolder = zip.folder("failed");
for (const [key, value] of Object.entries(failed)){
let serialFolder = failedFolder.folder(key);
serialFolder.file("KV-" + key + ".bin", atob(value), {binary: true});
}
zip.generateAsync({type:"blob"}).then(function(content) {
saveAs(content, "kvs.zip");
});
}
Dropzone.options.dropnmixtapes = {
paramName: "file", // The name that will be used to transfer the file
maxFilesize: 1, // MB
parallelUploads: 2,
success: function(file, message) {
$('#header-buttons').show();
let json = {};
if(!message.startsWith("{")){
json.error = 1;
json.message = message;
} else {
json = jQuery.parseJSON(message);
}
let elem = $(file['previewElement']).find('.dz-details').find('.dz-filename').children(":first");
let x = 'error';
if(json.error === 0){
if(json.unbanned === 1){
x = 'success';
unbanned[json.serial] = json.kv;
} else {
x = 'warning';
banned[json.serial] = json.kv;
}
} else {
if(json.filename && json.kv){
failed[json.serial] = json.kv;
}
elem.append("<br>" + json.message);
}
$(file['previewElement']).find('.dz-image').css('background', x === 'success' ? '#60A917' : x === 'error' ? "#CE352C" : "#FA6800");
elem.css('cursor', 'pointer');
elem.on('click', function(){
let bytes = atob(json.kv);
let byteNumbers = new Array(bytes.length);
for (let i = 0; i < bytes.length; i++) {
byteNumbers[i] = bytes.charCodeAt(i);
}
let blob = new Blob([new Uint8Array(byteNumbers)], {type: "octet/stream"})
saveAs(blob, json.filename);
});
let n = noty({
text: json.message,
type: x,
layout: 'topRight',
theme: 'metroui',
dismissQueue: true,
maxVisible: 8,
timeout: 1200,
progressBar: true,
animation: {
open: {height: 'toggle'},
close: {height: 'toggle'},
easing: 'swing',
speed: 250 // opening & closing animation speed
}
});
},
error: function(file, message) {
$(file['previewElement']).find('.dz-image').css('background', "#FA6800");
}
};
</script>
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-72583063-5"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'UA-72583063-5');
</script>
</body>
</html>
1
Source of checkkv.php
<?php
require_once __DIR__ . '/../vendor/autoload.php';
use App\KVLogic;
$Arg0 = null;
$Arg1 = null;
$Arg2 = null;
$Arg3 = null;
$Filename = "received";
$Contents = null;
$StatusMessage = array("Banned", "Unbanned", "Failed @ XMACS", "Failed @ AP1", "Failed @ AP2", "Failed @ TGS");
$Response = [];
$Response['error'] = 1;
if(isset($_FILES["file"])) {
$Response['filename'] = $_FILES["file"]["name"];
$fileType = pathinfo($_FILES["file"]["name"], PATHINFO_EXTENSION);
if($fileType != "bin"){
$Response['message'] = "File '".$_FILES["file"]["name"]."' does not end with '.bin'";
echo json_encode($Response);
return;
}
if ($_FILES["file"]["size"] != 16384) { //16KB
$Response['message'] = "File size to not equal to 16,384 bytes '" . $_FILES["file"]["name"] . "'";
echo json_encode($Response);
return;
}
//read file
$handle = fopen($_FILES['file']['tmp_name'], "r");
$Contents = fread($handle, filesize($_FILES['file']['tmp_name']));
fclose($handle);
$Response['kv'] = base64_encode($Contents);
if (!is_numeric(substr($Contents, 0xB0, 0xC))) { // Console Serial
$Response['message'] = "Invalid Serial Number. Is this a KV? '" . $_FILES["file"]["name"] . "'";
echo json_encode($Response);
return;
}
if (substr($Contents, 0x9CF, 0x1) !== "X" || !is_numeric(substr($Contents, 0x9D0, 0x6))) { // Console ID
$Response['message'] = "Invalid Console ID. Is this a KV? '" . $_FILES["file"]["name"] . "'";
echo json_encode($Response);
return;
}
$Arg0 = array_values(unpack('H*', substr($Contents, 0xB0, 0xC)))[0];
$Arg1 = array_values(unpack('H*', substr($Contents, 0x29C, 0x4)))[0];
$Arg2 = array_values(unpack('H*', substr($Contents, 0x2A8, 0x1C0)))[0];
$Arg3 = array_values(unpack('H*', substr($Contents, 0x9C8, 0x1A8)))[0];
$Filename = $_FILES["file"]["name"];
} else if (isset($_GET['a'], $_GET['b'], $_GET['c'], $_GET['d'])){
$Arg0 = filter_input(INPUT_GET, 'a', FILTER_SANITIZE_STRING);
$Arg1 = filter_input(INPUT_GET, 'b', FILTER_SANITIZE_STRING);
$Arg2 = filter_input(INPUT_GET, 'c', FILTER_SANITIZE_STRING);
$Arg3 = filter_input(INPUT_GET, 'd', FILTER_SANITIZE_STRING);
} else {
$Response['message'] = "Invalid Request.";
echo json_encode($Response);
return;
}
if(!preg_match("/[A-Fa-f0-9]{24}/", $Arg0) ||
!preg_match("/[A-Fa-f0-9]{8}/", $Arg1) ||
!preg_match("/[A-Fa-f0-9]{896}/", $Arg2) ||
!preg_match("/[A-Fa-f0-9]{848}/", $Arg3)){
$Response['message'] = "Invalid KV '" . $Filename . "'";
echo json_encode($Response);
return;
}
$Serial = pack("H*", $Arg0);
$Response['serial'] = $Serial;
$KVLogic = new KVLogic();
$Result = $KVLogic->CheckWithData($Arg0, $Arg1, $Arg2, $Arg3);
//$Result = exec('java -jar "/TLKVC/TLKVC-1.1.jar" "'.$Arg0. ' ' .$Arg1. ' ' .$Arg2. ' ' .$Arg3. '"');
if($Result > 1 || $Result < 0){
$Response['message'] = "KV '" . $Filename . "' " . ($Result > 1 ? $StatusMessage[$Result] : "Failed. (" . $Result . ")");
echo json_encode($Response);
return;
}
$Pdo = new PDO("mysql:host=10.0.0.43;dbname=tlkvc", "tlkvc", "n5FlonroZ0r9xqSR");
$Pdo->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$Response['error'] = 0;
$Response['unbanned'] = $Result;
$Response['message'] = "KV '" . $Filename . "' is " . $StatusMessage[$Result] . ".";
$Pdo->exec("INSERT INTO `serials` (serial, status) VALUES('" . $Serial . "', " . $Result . ") ON DUPLICATE KEY UPDATE `status`=" . $Result . ";");
echo json_encode($Response);
1