Tutorial [JAVA]Recover your secret MEGA master key.

rofl cake

rofl cake

Well-Known Member
May 25, 2015
204
451
108
I didn't create the code, however I was allowed to post this by the original creator of the source.
LINK
Frequently asked questions
What is MEGApwn?
MEGApwn is a bookmarklet that runs in your web browser and displays your supposedly secret MEGA master key, showing that it is not actually encrypted and can be retrieved by MEGA or anyone else with access to your computer without you knowing.
What is a bookmarklet?
A bookmarklet is a bookmark stored in a web browser that contains JavaScript commands to extend the browser's functionality. You can read more about bookmarklets on Wikipedia.
Can MEGA read my files?
Yes. Your web browser trusts whatever it receives from MEGA, which means they can grab your master key whenever you visit their site and then use it to decrypt and read your files. You'd never know.
Can other people read my files?
Yes. Any warrant or subpoena issued to MEGA for your files simply has to ask for your master key, which MEGA can retrieve, and prohibit MEGA from telling you about it. Also any browser extension you have installed can access this information without your knowledge.
Click to expand...

Source:
PHP: 
function megaPWN() {[/B]
[B]  var format = function(a) {
    var padded = "";
    var hex = s2hex(b2s(a));
    for (var i = 0; i < hex.length; i+= 8) {
      padded += hex.substr(i, 8);
      padded += ' ';
    }
    return padded;
  };

  var masterAESKey = JSON.parse(window.localStorage.k);

  var rsaPrivateKeyComponents = JSON.parse(window.localStorage.privk);
  var rsaD = rsaPrivateKeyComponents[2];
  var rsaP = rsaPrivateKeyComponents[0];
  var rsaQ = rsaPrivateKeyComponents[1];
  var rsaU = rsaPrivateKeyComponents[3];

  var lesson = "Your MEGA master key is: " + format(masterAESKey);
  lesson += "<br>";
  lesson += "Your RSA private key exponent starts with: d=" + format(rsaD).substr(0, 107);
  lesson += "<br>";
  lesson += "MEGA and anyone else with access to your computer can see this, and use it to decrypt any file you upload.";

  Ext.Msg.show({
    title: "megaPWN",
    msg: lesson
  });

}
megaPWN();

 
You must log in or register to reply here.
Top