Paywall Hack / Issue

The "decryption" isn't working any more since 25.04.2020.

• no more JS
• same cleartext, different ciphertext:

clear:
Die etwas älteren unter den Alemannia-Fans werden sich noch an die Jahreshauptversammlungen erinnern,

cipher:
Die eatws teäenlr tuern end lmnaaeiAnn-saF nrwede hics noch na ied avmaeJslthrrnnepaumguseh rennrn,ie
Die weats tenälre untre den na-anmeFanilsA dwnere sihc ocnh an die lhunJgaesvtpasaruenmhrme ,irennnre
ieD wtesa rteälne trune dne emaanFlsani-An rndewe cish chno an ide ehnuhraautvsJegrmpansmel ennri,enr

Looks like exploding or moving strings/chars but no simmilarities have been found yet.

!!! Design Changes and Site Relaunch on 10.09.18 !!!

The decryptions isn't working any more since 10.09.18 after a design relaunch.
Paywall has changed in general.

see https://www.aachener-zeitung.de/digital/neue-webseite-mit-neuem-design-bei-az-und-an_aid-32816053

Update 10.09.18
Bookmarklet and extension working again. Make sure to use version >=0.3

• Click on image to go to decrypted version of article if using direct links to paywall.

Usage change:

1. visit website (e.g. https://www.aachener-zeitung.de)
2. Use bookmarklet to prepare az-web links
3. No paywall.

Download Chrome Extension:
https://chrome.google.com/webstore/detail/azan-decrypt/lmffohencfjcmgodmepkjajnfgbokcli?hl=de

mobile version
Mobile version of website just hides the "real" content.

• Added bookmarklet for use in mobile browser.

The following information are no longer valid because of design changes. (still here for the sake of completeness)

www.aachener-zeitung.de
www.aachener-nachrichten.de

0. information

The websites are offering a mixture of free and payed articles hidden by paywall. (http://www.aachener-zeitung.de/zva/pc/) The websites use AESUtils and CryptoJS to hide articles.

The provider leaks sensitive data like password, IV and salt which are used for encryption and can be used to decrypt the articles. This issue does not leak any personal data of (registered) users.

free article: http://www.aachener-zeitung.de/lokales/juelich/zukunft-von-haus-overbach-ist-langfristig-gesichert-1.1610013 hidden article: http://www.aachener-zeitung.de/lokales/juelich/feierabendmarkt-in-juelich-mit-bilderbuchstart-1.1622101

1. timeline

• 04.05.2017 20:53: informed "AZ - Lokales" via facebook pages about the possibility to read all hidden content (https://www.facebook.com/azlokalesaachen/)
• 04.05.2017 21:04: response with information that the issue will be forwarded
• 08/2017: release scripts & chrome extension

2. PoC

var iv = "F27D5C9927726BCEFE7510B1BDD3D137";
var salt = "3FF2EC019C627B945225DEBAD71A01B6985FE84C95A70EB132882F88C0A59A55";
var keySize = 128;
var iterationCount = 100;
var passPhrase = "Zeitungsverlag Aachen GmbH";

3. responsible disclosure
responsible disclosure until 04.08.2017