Jdownloader CNL2

September 10, 2023

The last few days i started surfing this side of the web again. To my surprise Jdownloader is still a thing. As i dont want to install this for a few uses, here is the incantation you have to do to decrypt its CnL2 format.

echo "DATA" | openssl enc -aes-128-cbc -nosalt -d -iv "KEY" -K "KEY" -nopad -a

KEY is the result of calling the jk input value, DATA is the value of the crypted field.

Here is a bookmarklet to replace the form with the command to run. Or the code if you want to run it yourself.

I tried using the SubtleCrypto API to decrypt entirely in the browser, but i couldnt figure out how. I even try asking ChatGPT.

    const form = new FormData($form);
    const data = [eval(`(function(){${form.get("jk")} return f()})()`), form.get("crypted")];
    const cmd = `echo "${data[1]}" | openssl enc -aes-128-cbc -nosalt -d -iv "${data[0]}" -K "${data[0]}" -nopad -a`;
    $pre = document.createElement("pre");
    $pre.innerHTML = cmd;
    $form.parentNode.replaceChild($pre, $form)

There are a some browser extensions that also do this. But thats too much hassle for a few times.

Leave your comment on the github issue, sending me an email or DMing me on twitter