export method returns link with undecrypted files

[11philip22]

Hi, When calling the export method i get a link to undecrypted files I personally think this is because of the copyright popup who you need to accept. I tried solving this issue myself. But couldn't make a lot of progress because of my nonexistent Javascript knowledge. When looking at the page source i saw this function.

    var initCopyrightsDialog = function(nodesToProcess, isEmbed) {

        "use strict";

        if (M.isInvalidUserStatus()) {
            return;
        }

        $.itemExportEmbed = isEmbed;
        $.itemExport = nodesToProcess;

        var openGetLinkDialog = function() {

            var exportLink = new mega.Share.ExportLink({
                'showExportLinkDialog': true,
                'updateUI': true,
                'nodesToProcess': nodesToProcess
            });

            exportLink.getExportLink();
        };

        // If they've already agreed to the copyright warning (cws = copyright warning shown)
        if (fmconfig.cws || folderlink) {
            // Go straight to Get Link dialog
            openGetLinkDialog();
            return false;
        }

        // Cache selector
        var $copyrightDialog = $('.copyrights-dialog');

        // Otherwise show the copyright warning dialog
        M.safeShowDialog('copyrights', function() {

            $.copyrightsDialog = 'copyrights';

            return $copyrightDialog;
        });

        // Init click handler for 'I agree' / 'I disagree' buttons
        $('.default-white-button', $copyrightDialog).rebind('click.acceptAction', function() {

            closeDialog();

            // User disagrees with copyright warning
            if (!$(this).hasClass('cancel')) {
                // User agrees, store flag so they don't see it again
                mega.config.set('cws', 1);

                // Go straight to Get Link dialog
                openGetLinkDialog();
            }
        });

        // Init click handler for 'Close' button
        $('.fm-dialog-close', $copyrightDialog).rebind('click.closeDialog', closeDialog);
    };

which in mega.config sets cws to 1. I wanted to check out what this exactly meant but i could not find any mega class when looking at the full javascript source to check out the implications of this. I decided to take a look with burp and these look like the requests being done when clicking the "Accept" button.

import requests

session = requests.session()

burp0_url = "https://g.api.mega.co.nz:443/wsc/udcofqreCMUJw9iK0TK2Jg?sid=iA3RkBhXcmNDTRObzWszfnBZckoxRDM5QWNzyb09v4argnRxWe0WrvN_pg&sn=Y8_jSESeNe8"
burp0_headers = {"User-Agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:87.0) Gecko/20100101 Firefox/87.0", "Accept": "*/*", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Referer": "https://mega.nz/", "Origin": "https://mega.nz", "DNT": "1", "Connection": "close"}
session.post(burp0_url, headers=burp0_headers)

burp1_url = "https://g.api.mega.co.nz:443/cs?id=-1476993095&sid=iA3RkBhXcmNDTRObzWszfnBZckoxRDM5QWNzyb09v4argnRxWe0WrvN_pg&domain=meganz&v=2&lang=en"
burp1_headers = {"User-Agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:87.0) Gecko/20100101 Firefox/87.0", "Accept": "*/*", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Referer": "https://mega.nz/", "Content-Type": "text/plain;charset=UTF-8", "Origin": "https://mega.nz", "DNT": "1", "Connection": "close"}
burp1_json=[{"a": "uga", "u": "pYrJ1D39Acs", "ua": "*!fmconfig", "v": 1}]
session.post(burp1_url, headers=burp1_headers, json=burp1_json)

burp2_url = "https://g.api.mega.co.nz:443/wsc/udcofqreCMUJw9iK0TK2Jg?sid=iA3RkBhXcmNDTRObzWszfnBZckoxRDM5QWNzyb09v4argnRxWe0WrvN_pg&sn=Yjq32AsqtMc"
burp2_headers = {"User-Agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:87.0) Gecko/20100101 Firefox/87.0", "Accept": "*/*", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Referer": "https://mega.nz/", "Origin": "https://mega.nz", "DNT": "1", "Connection": "close"}
session.post(burp2_url, headers=burp2_headers)

burp3_url = "https://g.api.mega.co.nz:443/cs?id=-1476993096&sid=iA3RkBhXcmNDTRObzWszfnBZckoxRDM5QWNzyb09v4argnRxWe0WrvN_pg&domain=meganz&v=2&lang=en"
burp3_headers = {"User-Agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:87.0) Gecko/20100101 Firefox/87.0", "Accept": "*/*", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Referer": "https://mega.nz/", "Content-Type": "text/plain;charset=UTF-8", "Origin": "https://mega.nz", "DNT": "1", "Connection": "close"}
burp3_json=[{"a": "l", "i": "JqNQeaXUJy", "n": "uAxVha5b"}]
session.post(burp3_url, headers=burp3_headers, json=burp3_json)

burp4_url = "https://g.api.mega.co.nz:443/wsc/udcofqreCMUJw9iK0TK2Jg?sid=iA3RkBhXcmNDTRObzWszfnBZckoxRDM5QWNzyb09v4argnRxWe0WrvN_pg&sn=kYcLw7B39aA"
burp4_headers = {"User-Agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:87.0) Gecko/20100101 Firefox/87.0", "Accept": "*/*", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Referer": "https://mega.nz/", "Origin": "https://mega.nz", "DNT": "1", "Connection": "close"}
session.post(burp4_url, headers=burp4_headers)

burp5_url = "https://g.api.mega.co.nz:443/cs?id=-1476993097&sid=iA3RkBhXcmNDTRObzWszfnBZckoxRDM5QWNzyb09v4argnRxWe0WrvN_pg&domain=meganz&v=2&lang=en"
burp5_headers = {"User-Agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:87.0) Gecko/20100101 Firefox/87.0", "Accept": "*/*", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Referer": "https://mega.nz/", "Content-Type": "text/plain;charset=UTF-8", "Origin": "https://mega.nz", "DNT": "1", "Connection": "close"}
burp5_json=[{"a": "s2", "cr": [["uAxVha5b"], ["uAxVha5b"], [0, 0, "bmJJTPRkNC1tys9XEoNNCg"]], "ha": "G4CHddwgS6l65JYB8YWsTA", "i": "JqNQeaXUJy", "n": "uAxVha5b", "ok": "EESDcAijOu1WkrV9HRO5lg", "s": [{"r": 0, "u": "EXP"}]}, {"*!fmconfig": "ELf0a2Py-cv0KR87o0oDFFJfKH_hXELL28VgNeWwnd08riNeF3uhi9bddJyVEzXCAY9FI7rWLSvM9654O6Uu8p8tC9_SRRw", "a": "up", "i": "JqNQeaXUJy"}]
session.post(burp5_url, headers=burp5_headers, json=burp5_json)

burp6_url = "https://g.api.mega.co.nz:443/cs?id=-1476993098&sid=iA3RkBhXcmNDTRObzWszfnBZckoxRDM5QWNzyb09v4argnRxWe0WrvN_pg&domain=meganz&v=2&lang=en"
burp6_headers = {"User-Agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:87.0) Gecko/20100101 Firefox/87.0", "Accept": "*/*", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Referer": "https://mega.nz/", "Content-Type": "text/plain;charset=UTF-8", "Origin": "https://mega.nz", "DNT": "1", "Connection": "close"}
burp6_json=[{"a": "log", "e": 99635}]
session.post(burp6_url, headers=burp6_headers, json=burp6_json)

burp7_url = "https://g.api.mega.co.nz:443/wsc/udcofqreCMUJw9iK0TK2Jg?sid=iA3RkBhXcmNDTRObzWszfnBZckoxRDM5QWNzyb09v4argnRxWe0WrvN_pg&sn=kYcLw7B39aA"
burp7_headers = {"User-Agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:87.0) Gecko/20100101 Firefox/87.0", "Accept": "*/*", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Referer": "https://mega.nz/", "Origin": "https://mega.nz", "DNT": "1", "Connection": "close"}
session.post(burp7_url, headers=burp7_headers)

(Its a dummy account dont worry about the cookies) But i couldn't make much sense of the api keys since the documentation is no longer available. So i am really hoping you can help me with this.

[11philip22]

I think i have found the cause for this issue. The files become decrypted after a user has logged in. Either by logging in in the browser or using mega-cmd's login command. Sadly the login method of mega.py doesn't solve this.