search

emericg / OpenSubtitlesDownload

Automatically find and download the right subtitles for your favorite videos!
https://emeric.io/OpenSubtitlesDownload
GNU General Public License v3.0
607 stars 66 forks source link

Not working since Opensubtitle got HACKED! #85

Closed persian85 closed 2 years ago

persian85 commented 2 years ago

It seems this script is not working since OpenSubtitle website got HACKED. So is there any needed updates on this script to work again or it is on website side?

lamnatos commented 2 years ago

I'm seeing the same thing. According to their relevant blog post, because of the hack they've changed their hashing algorithm from md5 to hash_hmac and sha256.

I think OSD.py uses the md5 method to log in (line 653) which has been deprecated post-hack so it'll need to be changed.

MicheleGiuliettiDev commented 2 years ago

Hi, I tried to change the hashing algorithm but it doesn't work. Or I made a mistake or they need to change something in the API

emericg commented 2 years ago

Hi, thanks for reporting this guys I hadn't noticed. Apparently first you need to reset your password, precisely like explained in the blog post, then instead of replacing the md5 hashing in the code you need to remove it:

session = osd_server.LogIn(osd_username, hashlib.md5(osd_password[0:32].encode('utf-8')).hexdigest(), osd_language, 'opensubtitles-download 5.1') to session = osd_server.LogIn(osd_username, osd_password[0:32], osd_language, 'opensubtitles-download 5.1')

persian85 commented 2 years ago

Hi, thanks for reporting this guys I hadn't noticed. Apparently first you need to reset your password, precisely like explained in the blog post, then instead of replacing the md5 hashing in the code you need to remove it:

session = osd_server.LogIn(osd_username, hashlib.md5(osd_password[0:32].encode('utf-8')).hexdigest(), osd_language, 'opensubtitles-download 5.1') to session = osd_server.LogIn(osd_username, osd_password[0:32], osd_language, 'opensubtitles-download 5.1')

Thank you it worked.

emericg commented 2 years ago

Don't close this one just yet, or it will be reopened today by someone else :)

MicheleGiuliettiDev commented 2 years ago

Great

emericg commented 2 years ago

Ok it seems that you can continue using the script as it was (with md5 in the login), as long as you reset your password, then logout and login again (so the website correctly generate a md5 hash for your new password, in case you reset your password before that new hash generation was set up).

I've updated the 'login error page' that is available as a link in the app when a login fails, and I may write a new sticky issue so everyone can have a bit of clarity regarding this issue.

FriendlyTroll commented 2 years ago

EDIT: Forget it, I'm an idiot, I had 2 copies of this script and changed the wrong one. Everything works as described above.

I still get 401 when using the script even though I reset my password on both opensubtitles.org and opensubtitles.com, and logged back in.

I also tried removing the hashlib code above. I have a VIP membership if that makes a difference? Does anyone have any idea what else I could try?