fix: allanime openssl aes-256-ctr decryption

[justchokingaround]

Pull Request Template

Type of change

• Bug fix
• Feature
• Documentation update

Description

ramble here

Checklist

• any anime playing
• bumped version

---

• next, prev and replay work
• -c history and continue work
• -d downloads work
• -s syncplay works
• -q quality works
• -v vlc works
• -e (select episode) aka -r (range selection) works
• -S select index works
• --skip ani-skip works
• --skip-title ani-skip title argument works
• --no-detach no detach works
• --exit-after-play auto exit after playing works
• --nextep-countdown countdown to next ep works
• --dub and regular (sub) mode both work
• all providers return links (not necessarily on a single anime, use debug mode to confirm)

---

• -h help info is up to date
• Readme is up to date
• Man page is up to date

Additional Testcases

• The safe bet: One Piece
• Episode 0: Saenai Heroine no Sodatekata ♭
• Unicode: Saenai Heroine no Sodatekata ♭
• Non-whole episodes: Tensei shitara slime datta ken (ep. 24.5, ep. 24.9)
• All Providers: Youkoso Jitsuryoku Shijou Shugi no Kyoushitsu e (TV) (3 m3u8, 3 mp4, 1 fast4speed, 1 sharepoint)
• The examples of the help text

[justchokingaround]

key is not likely to change soon, as it's hardcoded in the frontend bundle: cdn.allanime.day/all/manga/a10191a.js

[CoolnsX]

LGTM, however we need to mention additional dependency as well. I will refactor it in next patch as I am out of station.

[Derisis13]

key is not likely to change soon, as it's hardcoded in the frontend bundle: cdn.allanime.day/all/manga/a10191a.js

Does the IV change though? If both are fixed (which'd be atupid, but we've seen worse), we can simplify the whole process to a single xor

[justchokingaround]

key is not likely to change soon, as it's hardcoded in the frontend bundle: cdn.allanime.day/all/manga/a10191a.js

Does the IV change though? If both are fixed (which'd be atupid, but we've seen worse), we can simplify the whole process to a single xor

the IV is not fixed, it's the first 12 bytes of each encrypted blob, generated per-request

[port19x]

Since this is verified as working by @Luuvydev and two randoms approving this PR, I'd prefer if this was merged today.
I'm not in the discord and don't plan to rejoin at this time, so I'll leave the timing up to your discretion and internal communication.

[Derisis13]

Nice work on the reverse-engineering!

Please elaborate on my comments and see my suggestion on how to do the decryption more concisely and without temp files. Once these are over, I'll do some testing (I have some catching up to do). Any test cases that reliably need the decoding? (I'd also like list them in the PR template, because this is bound to stay)

[Derisis13]

I really don't like the whole operation of splitting a string (or binary blob) by writing to a file and dd-ing from it. Firstly, dd can read from STDIN (it does that by default), which I'd prefer for speed's sake (I think it has been demonstrated that people run this script on the crappiest hardware).
Second, the ct_len variable seems one billion per cent redundant, not setting count to anything copies the entire content of the input from skip to EOF.

My proposed solution to save some lines:

blob_raw=$(printf '%s' "$blob" | openssl enc -d -base64 -A)
ctr="$(printf '%s' "$blob_raw" | dd bs=1 count=12 2>/dev/null | od -A n -t x1 | tr -d ' \n')00000002"
ciphertext="$(printf %s "$blob_raw" | dd bs=1 skip=12 2>/dev/null)"
plaintext="$(printf '%s' "$ciphertext" | openssl enc -d -aes-256-ctr -K "$key" -iv "$ctr" -nosalt -nopad 2>/dev/null)"

seems much simpler for me and also significantly less steps (250% less lines!!! /j) and no file IO. I haven't tested it though, so it's probably wrong somewhere...

[justchokingaround]

shell variables can't hold raw binary data since $() strips null bytes, which corrupts the iv extraction. i kept one temp file for the decoded blob so that dd can read the binary from disk

[Derisis13]

Oh wow... Well that's something worthy of a short comment

[justchokingaround]

Nice work on the reverse-engineering!

Please elaborate on my comments and see my suggestion on how to do the decryption more concisely and without temp files. Once these are over, I'll do some testing (I have some catching up to do). Any test cases that reliably need the decoding? (I'd also like list them in the PR template, because this is bound to stay)

i just use lain, but anw the decryption applies to all animes anw, so use whatever you want, it doesn't matter

[Derisis13]

Just tried it on termux: openssl is weird. They separated it into two packages: openssl and openssl-tool. The CLI utility is in openssl-tool. This needs to be documented in the readme, and maybe as a case in dep_ch if we want to minimize the obvious question of "I installed openssl but script asks for openssl"

[justchokingaround]

Just tried it on termux: openssl is weird. They separated it into two packages: openssl and openssl-tool. The CLI utility is in openssl-tool. This needs to be documented in the readme, and maybe as a case in dep_ch if we want to minimize the obvious question of "I installed openssl but script asks for openssl"

done

[Derisis13]

You're clear for merging