Menu
homeMicrosoft

Mega file download. Cloud storage MEGA

Mega cloud is a fairly popular storage for various files, photographs, videos and documents. Each user who creates an account on the site is provided with 50 GB free space in the repository absolutely free. In the future, this volume can be increased by additional fee, for example, you can purchase 4 TB for $30 per month.

Now I want to make a review about the Mega cloud and talk about its main advantages. Many users call this cloud storage the most favorable in terms of price and available free space. They also often hold various promotions, for example, you can buy a package for one year and get two months absolutely free, which will save you quite a significant amount.

Main advantages

Now I will tell my readers about the main advantages of Mega storage:

  • The service is multilingual, so users will not have any problems associated with ignorance foreign language. Before you start working with cloud storage, you can select the desired language;
  • sufficiently large disk space, which is provided absolutely free immediately after registration;
  • You can upload files of any size and extension, as there are no restrictions for this;
  • transfer files to your friends using encrypted access. Encryption occurs in the browser using a special algorithm, so users are reliably protected from unauthorized access to personal files.

Registration

In order to start using Mega cloud storage, you need to register on the official website. This requires:

Important! When filling out the form, you can provide any information. However, the email address must be real, otherwise you will not be able to start using cloud storage.

Beginning of work

After registration has been completed, Mega file storage ready to go. To get started you need:

  1. Select the amount of free space, for example, 50 GB, which is provided for free, and click on the “Finish” button.
  2. Click on the “Upload file” button and select the required file from your computer to upload it to the cloud.

All folders, photos and documents that will be uploaded to the storage can be viewed from any computer or other device.

Entrance

In order to enter Mega file storage from your computer you will need:


With this I would like to finish my article about Mega, reviews of which you can find on the Internet. Separately, I would like to add that those who use the browser can install a special MEGA extension, which can significantly increase the speed of downloading files to the cloud. Also, after installing the add-on, you can batch download files in an unlimited amount. Without installing any applications, it is best to use a browser.

Mega.co- cloud storage that offers its users 50 GB free of charge disk space for data storage. This offer sounds tempting, doesn't it?

For many, such a significant increase in hard drive not prevent. All data stored in the Mega.co cloud storage is stored in encrypted form.

After the largest file hosting service Megaupload was closed by decision of the US authorities in 2012, its founder Kim Dotcom launched a new cloud service for storing files on the Internet.

The founder of Megaupload fled from prosecution by US law enforcement officials in New Zealand. Exactly one year after the closure of the popular file sharing service, which was used by more than 160 million users from all over the world, it was launched new project- Mega cloud file storage.

Nowadays you can find quite a lot of similar file storages on the Internet, for example, Google Drive, Microsoft SkyDrive, Yandex.Disk, Dropbox and others.

In this image, in comparison, you can see the amount of free space provided by some popular cloud services.

The main difference between Mega.co cloud storage and similar resources is that currently cloud storage offers registered users 50 GB of disk space for free to store their files. In Mega co nz there are no restrictions on the size of files uploaded to the storage.

The MEGA service name stands for “MEGA Encrypted Global Access”.

Cloud storage allows you to upload files to the server, store them there, and also exchange files with other users. During the download process, files are encrypted in the browser using AES algorithm, which ensures their protection from unauthorized access.

Physically, the files are stored in the cloud storage in encrypted form; the administration of the cloud service does not have access to them.

File sharing Mega service has support for many languages, including Russian.

To start using cloud storage, you need to register in it using the link Mega.co.nz.

Registration in Mega.co

After logging into the website https://mega.co.nz/ via a secure connection, on the main page of the service in the top panel you need to select the Russian language for more convenient use storages.

Then you need to click on the “Registration” button on the top panel of the service window. You should enter your data in the appropriate fields (not necessarily real, some login will do), enter the address of your Email(real) and then choose a password to log into the cloud file storage.

After checking the box next to the item indicating your consent to the provision of services of this service, you will need to click on the “Register” button to complete the registration procedure in the Mega co cloud storage.

After this, you will need to log into your email account specified during registration and open the letter from Tim MEGA. and then follow the link to complete the registration process for the repository. You will need to enter the data specified during registration and log into the cloud file storage.

How to use Mega.co

After starting the storage, the “File Manager” menu window opens in front of you. At the very top there is a menu bar, and below there is an area for working with downloaded folders and files. On the right is a column for managing and displaying the storage structure.

Browser users Mozilla Firefox It is suggested to install the MEGA EXTENSION add-on. Developers recommend using a browser without installing add-ons Google Chrome. Since I have the main one Firefox browser, then I installed the recommended browser extension, but I did not notice any differences in the operation of the cloud storage.

The difference in using the service specifically in the Google Chrome browser is that, unlike other browsers, using Google Chrome, you can upload not only files, but also entire folders to the Mega.co cloud storage.

This is what the storage control panel looks like in the Mozilla Firefox browser. There is a “New download” button on the panel. Using the “New Upload” button, files are uploaded to cloud storage.

In the Google Chrome browser, there are two buttons on the panel “Upload file” and “Upload folder”. Using the “Upload file” button, you can upload the file to cloud storage from your computer. After clicking on the “Upload folder” button, an Explorer window opens in which you need to select a folder to upload to the file storage.

In order to get around this, users of other browsers can create a folder in Mega with the exact same name as the folder on the computer that needs to be uploaded to the storage. Then you need to open the folder on your computer and upload its contents to the newly created folder in the file storage. This way, the desired folder will be completely loaded into Mega.

In the My Account menu bar, you can view your status, the amount of storage space used, and also configure data transfer.

Here you can change the number of parallel connections for downloading and the number of parallel connections for downloading. If you need it, then you can impose a limit on the download speed.

After clicking on the "Membership Pro" menu button, you can choose to choose paid package to store a larger volume of your files from 500 GB to 4 TB.

If you click on the “Menu” menu button, you can read more about the rules for using Mega.co cloud storage.

You can create a new folder by clicking on the “New Folder” button. In the newly created folder, you can upload files, as well as create other new folders in this folder. After clicking on the folder right click mouse, in the context menu you can select the appropriate commands for further actions with a folder.

To upload files to the Mega.co file storage, you need to click on the “Upload file” button in the Google Chrome browser, and click on the “New download” button in other browsers. In the Explorer window that opens, select a file or several files to upload to cloud storage.

The file download speed is unlimited unless you limit it in the service settings, and it depends on the speed of your computer's Internet connection. You can move files uploaded to cloud storage into folders, rename them, share them, get links to them, copy or delete them.

You can monitor the process of uploading and downloading files at the bottom of the service window.

Working with files in MEGA occurs through the web interface. Clients for computers and other devices have not yet been released.

Sharing folders in Mega.co

Folders stored in the Mega nz cloud service can be shared. To do this, right-click on the folder and click on “Sharing” in the context menu. This will open the Sharing window, where you can give the new user permissions to share this folder.

You will need to enter the user's email address and select permissions for the new user to share the folder hosted on your cloud storage. You can grant another user the following rights: “Read Only”, “Read and Write”, “Full Control”.

On email address the user will receive a letter with a link that he will need to follow to gain access to the corresponding folder located in the Mega cloud file storage. The folders that are shared differ slightly in appearance from other cloud storage folders.

How to get a link in Mega. co

In order to provide other users with a link to download a file located in cloud storage Mega data, you need to right-click on the file and select “Get link” in the context menu.

In another case, only the user who received the link to the file will be able to download the encrypted file. special code security. Without a security code, it will be impossible to download a file from a link of this type.

In this image, two items “File Link” and “File Key” are activated. In this case, when you click on a link of this type, any user on the Internet who has access to this link will be able to download this file.

The user can save the file to his own storage Mega.co if you click on the "Import" button. In this case, the file will be imported from one storage to another, without downloading the file to your computer. It will be possible to import files if the user has his own storage on the Mega.co service.

After clicking on the link, in a new window the user will have to enter the security key received from you to download the file, or to save it in their file storage. After entering the key, the user will need to click on the “Download” button and activate the “I agree to MEGA terms of service” item.

In order to receive a security key for a downloaded file, after copying the link to the file, you need to activate the “File Key” button; other buttons must be inactive at this time. You will need to provide the file key to the other user along with a link to download the file.

After clicking on the link received from you, in the Mega.co cloud service window, the user will have to enter the security key received from you. After entering the file key, you will need to agree to MEGA's terms of service and then click on the "Download" button.

When you click on the "Import" button, the file will be saved in the user's cloud storage, if this user has his own account in the Mega co cloud storage.

Next, the “Download Complete” window will open, in which the user is prompted to save the file manually to complete the download. To do this, in the “Download Complete” window, click on the “Save File” button, and in the Explorer window that opens, you need to select the location to save the downloaded file, give the file a name, and then click on the “Save” button.

After this, the file will be saved on your computer.

The other items “File name” and “File size” in the “Links” window are not particularly important for downloading files and contain reference information about the downloaded file.

Because files hosted on a cloud storage service are encrypted, you will not be able to view, play or listen to them while they are in the cloud storage. For complete removal files from the cloud storage will need to be emptied from the Trash.

Cloud storage Mega co allows you to store data with a total volume of 50 GB on its servers for free. The files are stored in the cloud data storage in encrypted form, and most importantly, all this data storage space is provided free of charge.

After the launch of the somewhat scandalous MEGA service, conversations about its security began to boil a bit and died down. Today the service lives its own life and no one has even broken it. For some reason, the term “User Controlled Encryption” (UCE, or User Controlled Cryptography), which MEGA boasts, was missed from all the conversations. What I mean by "missed" is the fact that we haven't covered all the possibilities that a cryptography engine running in JavaScript on the client side gives us.

Of course, the MEGA service itself simply means that the encryption keys are not stored on the server, but all their cryptography is performed in the context of the browser. Moreover, after the launch of the service, there was a lot of talk about the fact that it uses weak cryptographic algorithms and that in general everything is bad and we will all die, and our files will be read by the FSB. This gave me the idea to expand the concept of “UCE” and really take control of cryptography, namely, replace or supplement some of the service’s security mechanisms.

In this article, I'll break down some of the magic that happens in two megabytes of MEGA JavaScript code and show how you can override some methods to stop worrying and love cryptography. As a result, we will receive a cloud file storage service with two-factor authentication and hardware encryption is critical important information.

MEGA, UCE and all, all, all

So, let's start by looking at the technologies on which the client part of the service is built, how new users are registered, registered users are authenticated, passwords are changed, and files are uploaded/downloaded.

JavaScript

As you may already know, the entire client side of the service is based on JavaScript, in the code home page SHA-256 checksums are specified for all scripts and pages that are loaded by the browser. The download itself occurs as follows: checksums are checked for all files, after which they are combined into one BLOB, which is given to the browser. The source code of the js files shows that they were written different people and sometimes there are funny gems, such as the consequences of copy-paste, meaningless conditions and simply strange variables.

In the process of studying source code I also noticed that the site is being updated quite actively, the developers are correcting minor errors and optimizing the already written code, which is good news. The code itself is written very straightforwardly and without unnecessary prototyping: the site uses three hundred global variables and more than 8,000 functions. It was very easy to understand the site architecture and change its code.

Among third-party frameworks, MEGA uses jQuery (you can’t live without it now), Ext JS and SJCL. The latter implements a cryptographic core with AES encryption. SJCL also provides an interesting format for storing keys and other byte arrays: instead of simply storing bytes in a regular array, they are “compressed” into a format called a32. Its essence is that the contents of any byte array are packed into 32-bit numbers and written into an array of shorter length. That is, every 4 bytes of the array are converted into one commonplace int. The site code contains functions that perform all kinds of transformations on an improvised set (a32 array, string, base64 string).

Key information

Before moving on to the description of the registration and authentication processes, it is worth considering the information that is subject to encryption, namely:
  • Master key account , which is created randomly at the time of user registration and has a length of 128 bits. And in principle, the length of all keys used for symmetric encryption, is equal to 128 bits.
  • RSA private key: Created at the time of registration based on mouse movements and keyboard input. In this article, I will not focus on asymmetric cryptography, since it is used for sharing downloaded files, and my task was to change the process of authentication and encryption of user data.
  • Individual file keys and the files themselves, uploaded to the service. The keys are generated randomly when a file is downloaded; this key itself is used to encrypt the file data, and a key created based on the file’s individual key and its checksum.

Closer to the code

Now I propose to analyze the registration and authentication processes, see how the master key is created and how it is encrypted.
I tried to depict these processes on paper and in order to let you understand the essence of the madness, I even took this photo:

New User Registration

The registration process itself is quite confusing; after the user fills out the questionnaire, a mighty bunch of functions are called, but we are interested in the api_createuser function:

// creating a new user and his master key function api_createuser(ctx, invitecode, invitename, uh) ( var i; var ssc = Array(4); // session self challenge, will be used to verify password var req, res; if (!ctx.passwordkey) ( ctx.passwordkey = Array(4); for (i = 4; i--;) ctx.passwordkey[i] = rand(0x100000000); ) if (!u_k) api_create_u_k(); // generating a random master key u_k for (i = 4; i--;) ssc[i] = rand(0x100000000); // generating a random authentication sequence if (d) console.log("api_createuser - masterkey: " + u_k + " passwordkey: " + ctx.passwordkey); // encrypt the master key on the current password and send it to the server (field k) // the ts field is the concatenation of ssc with its encrypted value req = ( a: "up" , k: a32_to_base64(encrypt_key(new sjcl.cipher.aes(ctx.passwordkey), u_k)), ts: base64urlencode(a32_to_str(ssc) + a32_to_str(encrypt_key(new sjcl.cipher.aes(u_k), ssc))) ); if (invitecode) ( req.uh = uh; req.ic = invitecode; req.name = invitename; ) if (d) console.log("Storing key: " + req.k); api_req(, ctx); )
In this function we are interested in the following things:

  • u_k is the master key itself, a global variable. An array of 4 32-bit numbers, which is created by the api_create_uk function
  • ssc is simply a random array that is encrypted with the master key, concatenated with its public value, and sent to the server. Later it will be used to check the correctness of the master key during authentication
  • sjcl - cryptographic library implementing AES
  • rand() - local implementation of a pseudorandom number generator based on RC4
  • encrypt_key() is the cornerstone function of the service's symmetric cryptography. Accepts an sjcl object initialized with a key and an array that needs to be encrypted. The function code is given below and, hopefully, does not need explanation.
// encrypt/decrypt 4- or 8-element 32-bit integer array function encrypt_key(cipher, a) ( if (a.length == 4) return cipher.encrypt(a); var x = ; for (var i = 0;< a.length; i += 4) x = x.concat(cipher.encrypt(, a, a, a])); return x; }
As a result, after registration the following is sent to the server:
  • Master key encrypted with the key derived from the account password
  • String like ssc||encrypt_AES-128(u_k, ssc)

User Login

Now you can smoothly move on to the authentication process. Briefly, it is done like this:
  1. User enters login/password
  2. If the first stage of authentication is passed, then an encrypted master key and an authentication sequence (ssc) created during registration are received from the server
  3. The master key is decrypted using the user-entered password
  4. The authentication sequence is decrypted on the master key and compared with its open value - thus checking the correctness of the master key and password.
The api_getsid2 callback function is responsible for all of the above:

// decrypt the master key after the user logs in function api_getsid2(res, ctx) ( var t, k; var r = false; if (typeof res == "object") ( // initialize sjcl-aes with the current account password var aes = new sjcl.cipher.aes(ctx.passwordkey); // if we received a master key in the server response... if (typeof res.k == "string") ( k = base64_to_a32(res.k); if (k.length == 4) ( // ... then decrypt it k = decrypt_key(aes, k); // and re-initialize sjcl-aes using the master key aes = new sjcl.cipher.aes( k); // if we received ssc from the registration process if (typeof res.tsid == "string") ( t = base64urldecode(res.tsid); // encrypt the first half of the string and compare it with the value from the server // if they matched - it means that all logins and passwords match and you can let the user in if (a32_to_str(encrypt_key(aes, str_to_a32(t.substr(0, 16)))) == t.substr(-16)) r = ) // discussed below private key RSA pairs, we are not interested in this yet else if (typeof res.csid == "string") ( var t = mpi2b(base64urldecode(res.csid)); var privk = a32_to_str(decrypt_key(aes, base64_to_a32(res.privk ))); var rsa_privk = Array(4); // decompose private key for (var i = 0; i< 4; i++) { var l = ((privk.charCodeAt(0) * 256 + privk.charCodeAt(1) + 7) >> 3) + 2; rsa_privk[i] = mpi2b(privk.substr(0, l)); if (typeof rsa_privk[i] == "number") break; privk = privk.substr(l); ) // check format if (i == 4 && privk.length< 16) { // TODO: check remaining padding for added early wrong password detection likelihood r = ; } } } } } ctx.result(ctx, r); }
As a bonus to registration/authentication, you can take a look at the password change process.

// change the user password function changepw(currentpw, newpw, ctx) ( var pw_aes = new sjcl.cipher.aes(prepare_key_pw(newpw)); api_req([( a: "up", currk: a32_to_base64(encrypt_key(new sjcl. cipher.aes(prepare_key_pw(currentpw)), u_k)), k: a32_to_base64(encrypt_key(pw_aes, u_k)), uh: stringhash(u_attr["email"].toLowerCase(), pw_aes) )], ctx);
The code for this function is self-explanatory: we encrypt the master key with two keys obtained from the old and new passwords, and then send these values ​​to the server. If the current password is correct, it is replaced with a new one. Here I wanted to draw more attention to the prepare_key_pw function, which was implicitly present in all previous operations. Its task is to convert the string password into an a32 array, and then perform the key derivation operation as follows:

// convert user-supplied password array function prepare_key(a) ( var i, j, r; var aes = ; var pkey = ; for (j = 0; j< a.length; j += 4) { key = ; for (i = 0; i < 4; i++) if (i + j < a.length) key[i] = a; aes.push(new sjcl.cipher.aes(key)); } for (r = 65536; r--;) for (j = 0; j < aes.length; j++) pkey = aes[j].encrypt(pkey); return pkey; }
This feature has caused a lot of criticism because it is based on a home-grown algorithm. While writing this article, the creators of the service managed to change its code a little, but I didn’t notice any significant changes. Its essence is that the transmitted password is encrypted 65536 times using a constant key in order to obtain a key indistinguishable from a random one. Why the creators of the service did not use existing algorithms (for example, PBKDF2) remains a mystery.

Uploading and encrypting files

Briefly, this whole process can be represented like this:

I warn you, delving into this picture for a long time is dangerous for the brain, so below I will tell you how it all happens.

As I already said, when downloading, each file creates its own random array key of 6 32-bit numbers. The first four elements of this array are used to encrypt the contents of the file, and the last two are used as the initial values ​​of the counter that is used to calculate the checksum of the file. This array is stored in the global variable ul_key. Its contents are entered into the JSON-serialized string ul_KeyNonce .

The decryption itself occurs with using the Web Worker (if the browser supports this technology) or simply inside the main page code. When the file is ready to be sent, to encrypt its attributes (on this moment attributes only mean the file name) is created new key filekey based on ul_key and file checksum. This key is then encrypted with the master key and sent to the server along with the file attributes. The initupload3 and api_completeupload2 functions are responsible for all these actions. The filekey is created in the ul_chunkcomplete function, below I will give a part of it.

// start uploading a file: creating its individual key and initializing the encryption mechanism function initupload3() ( // ... cut =) // creating a random individual key for the file // ul_key is used in page code, // ul_keyNonce is passed to the Web Worker and is used there // to encrypt the file and calculate its checksum ul_key = Array(6); for (i = 6; i--;) ul_key[i] = rand(0x100000000); ul_keyNonce = JSON.stringify(ul_key); ul_macs = ; // ... next is processing the download queue, it is of no interest... // initializing sjcl-aes for a file based on ul_key ul_aes = new sjcl.cipher.aes(); // ... // starting the file upload process: // reading it from disk, encrypting and sending onUploadStart(ul_queue_num); ul_dispatch_chain(); ) // creating a key to encrypt file attributes function ul_chunkcomplete(slot,pos,response) ( // ... var t = ; // ul_macs - an array with the file checksum obtained inside the worker for (p in ul_macs) t .push(p); // filling and sorting a temporary array, if anyone knows why, please explain t.sort(function(a,b) ( return parseInt(a)-parseInt(b) )); = 0;< t.length; i++) t[i] = ul_macs]; // внутри condenseMacs производится зашифрование // и "уплотнение" контрольной суммы файла в массив из 4х элементов var mac = condenseMacs(t,ul_key); ul_settimeout(-1); // на основе контрольной суммы и ключа файла создается ключ для шифрования атрибутов // он же в зашифрованном виде позже будет отправлен на сервер var filekey = ; // ... } // завершение загрузки файла: зашифрование атрибутов и ключа файла и отправка их на сервер function api_completeupload2(ctx, ut) { var p; if (ctx.path && ctx.path != ctx.n && (p = ctx.path.indexOf("/")) >0) ( var pc = ctx.path.substr(0, p); ctx.path = ctx.path.substr(p + 1); fm_requestfolderid(ut, pc, ctx); ) else ( // encrypt the file name to key derived from ul_key and checksum // ctx.k == filekey a = ( n: ctx.n ); if (d) console.log(ctx.k); var ea = enc_attr(a, ctx.k) ; if (d) console.log(ea); // transfer of attributes and file key encrypted on the master key var req = ( a: "p", t: ut, n: [( h: ctx.t, t: 0, a: ab_to_base64(ea), // attributes k: a32_to_base64(encrypt_key(u_k_aes, ctx.k)), // == AES_encrypt(u_k, filekey) fa: ctx.fa )] ); // a target has been supplied: encrypt to all relevant shares var sn = fm_getsharenodes(ut); if (sn.length) ( req.cr = crypto_makecr(, sn, false); req.cr = ctx.t; ) ) api_req(, ctx.ctx);

Downloading and decrypting files

Obviously, these processes should simply be the reverse of encrypting the file. The only thing that may be of interest is obtaining the value of the ul_key key from the encrypted filekey value that came from the server.

At the time the file is downloaded, the browser context already contains an object that stores the decrypted file keys. Therefore, it first makes sense to consider the process that occurs immediately after user authentication, namely, downloading the file manager. After the user has been allowed into the service, he naturally wants to gain access to his files (assuming that he already had them there). To do this, we need to first decrypt the file keys, and then their attributes. This matter is dealt with by another pack of functions, of which we are interested in loadfm_callback and process_f_f .

Briefly, the process of obtaining file attributes can be described by the following algorithm:

  1. Wait for the file manager to load (loadfm_callback), where you can get JSON with a description of all downloaded files
  2. Create an array farray in which to put an array with information about files
  3. Run (recursively) the process_f_f function for each file
  4. For each file that has a key, decrypt that key and attributes (crypto_processkey function) and save them back into an array with file information
  5. After that, save the decrypted values ​​to the FileStore variable (end of recursion in process_f_f)
Below I will provide code excerpts illustrating this algorithm

// callback for loading the file manager function loadfm_callback(json, res) ( // ... // processing JSON with information about files json = json; if (d) console.log(json); if (d) console.log (json); if (json.u) process_u(json.u, false); if (json.ok) process_ok(json.ok); if (json.s) ( for (i in json.s) ( if ( u_sharekeys.h]) ( sharingData.push(( id: json.s[i].h + "_" + json.s[i].u, userid: json.s[i].u, folderid: json. s[i].h, rights: json.s[i].r, date: json.s[i].ts )); sharednodes.h] = true; ) ) ) // ... nothing special further. .. // entering information about the files into another global array farray = new Object farray.f = json.f // starting its processing, the callback was declared above // ​​in this function and simply modifies the layout process_f(fi, false , callback); recursive function, in which keys and file attributes are decrypted // called from process_f function process_f_f(fid) ( // condition for ending the recursion - we have processed all the files in the farray array if (!farray.f.i]) ( if (farray.ap) FileStore. suspendEvents(); // write data to FileStore FileStore.loadData(farray.mdata, true); if (farray.ap) FileStore.resumeEvents(); if (d) console.log("call reqmissingkeys:"); ); if (farray.callback) farray.callback.fn(farray.callback); var f = farray.f.i]; if (f.sk) u_sharekeys(f.h, f .sk); // if the file matches the type and has a key, then process it if ((f.t !== 2) && (f.t !== 3) && (f.t !== 4) && (f.k)) ( crypto_processkey (u_handle, u_k_aes, f); // description of this function below u_nodekeys = f.key; if ((typeof f.name !== "undefined") && (f.p == InboxID)) InboxCount++ ) else ( if (f.a) ) ( if (!missingkeys) ( missingkeys = true; newmissingkeys = true; ) ) f.k = ""; f.name = ""; ) if (f.t == 2) RootID = f.h; else if (f.t == 3) InboxID = f.h; else if (f.t == 4) TrashbinID = f.h; else if ((f.t< 2) || (f.t == 5)) { // тут идет обработка расшаренных файлов } else { // подготовка массива для записи в FileStore farray.mdata.push({ id: f.h.replace(/[^a-z^A-Z^0-9^_^-]/g, ""), name: f.name, size: f.s, type: filetype(f.name, f.t), icon: fileicon(f.name, icontype), parentid: f.p, folder: f.t, owner: f.u, date: f.ts, attrs: f.attrs, key: f.key, r: f.r, su: f.su, fa: f.fa, }); if (f.p == TrashbinID) trashbinfull = true; if (((f.t) && (farray.ap)) || (f.p == InboxID)) refreshtree = true; } farray.i++; // проверка таймаута (видимо, чтобы загрузка файл-менеджера не выглядела слишком долгой) timeoutcount++; if (!(timeoutcount & 63)) { // если у нас больше 63 файлов - дальше грузим их асинхронно setTimeout("process_f_f(" + fid + ")", 1); timeoutcount2++; } // иначе - запускаем обработку next file else process_f_f(fid); ) // processing the file key and its attributes function crypto_processkey(me, master_aes, file) ( var id, key, k, n; if (!file.k) ( if (!keycache) return; file.k = keycache; ) id = me; // do I own the file? (user key is guaranteed to be first in .k) // the key is written in the form " :/" var p = file.k.indexOf(id + ":"); // first check if the file is shared if (p) ( // I don"t - do I have a suitable sharekey? for (id in u_sharekeys) ( p = file.k.indexOf(id + ":"); if (p >= 0 && (!p || file.k.charAt(p - 1) == "/")) break; p = -1; ) ) // and then we can move on to decryption if (p >= 0) ( delete keycache; // slash is probably a sign of shares var pp = file.k.indexOf("/", p); if (pp< 0) pp = file.k.length; p += id.length + 1; key = file.k.substr(p, pp - p); // we have found a suitable key: decrypt! if (key.length < 46) { // short keys: AES k = base64_to_a32(key); // check for permitted key lengths (4 == folder, 8 == file) if (k.length == 4 || k.length == 8) { // ключ расшифровывается либо на мастер-ключе, либо на общем ключе шары k = decrypt_key(id == me ? master_aes: new sjcl.cipher.aes(u_sharekeys), k); } else { if (d) console.log("Received invalid key length (" + k.length + "): " + file.h); return; } } else { // long keys: RSA if (u_privk) { var t = mpi2b(base64urldecode(key)); if (t) k = str_to_a32(crypto_rsadecrypt(t, u_privk).substr(0, file.t ? 16: 32)); else { if (d) console.log("Corrupt key for node " + file.h); return; } } else { if (d) console.log("Received RSA key, but have no public key published: " + file.h); return; } } // декодируем атрибуты файла var ab = base64_to_ab(file.a); // и расшифровываем их с помощью только что полученного ключа var o = dec_attr(ab, k); if (typeof o == "object") { if (typeof o.n == "string") { if (file.h) { u_nodekeys = k; if (key.length >= 46) rsa2aes = a32_to_str(encrypt_key(u_k_aes, k)); ) // if we have correctly decrypted the key and attributes, we save them to a file object file.key = k; file.name = o.n; ) ) ) else ( if (d) console.log("Received no suitable key: " + file.h); if (!missingkeys) ( new missingkeys = true; missingkeys = true; ) keycache = file.k; ) )
After this, we can get the value of the original key ul_key from the browser context like this: dl_keyNonce = JSON.stringify();
This conversion happens in the startdownload function. If we take into account that the value dl_key == filekey from the ul_chunkcomplete function and perform simple modulo addition operations, we will notice that the dl_keyNonce variable will store the ul_key value generated when loading the file. An illustration of this can be seen in the lower left corner of the board in the photo at the beginning of the section on uploading files.

"Overloading" of cryptographic operations

Despite the fact that the principles described above for protecting files and keys are very secure, some may not like the fact that we still depend on the implementation of the algorithms that the service provides. In this case, we can develop our own browser extension, which will override some of the service’s functions, implementing additional encryption in them. Namely, I decided to implement the protection key information(master key and file keys) using hardware encryption on irretrievable key according to the GOST 28147-89 algorithm. A bonus to this will also be the inclusion of two-factor authentication on the service.
So, let's consider this use-case:
  • The user registers on the service
  • Then it installs the extension
  • With its help, hardware encryption of the master key is performed using a key that cannot be extracted from the token.
  • The master key encrypted in this way is uploaded to the server
After this, it will be impossible to obtain the master key value without possessing the token and its PIN code. This will give:
  1. Two-factor authentication on the service (without a correctly decrypted master key, the api_getsid2 function will fail)
  2. Without a token, you will also not be able to change your current account password.
The next step is to encrypt using the file encryption key token (also known as ul_key) and the file attribute key (filekey), which is stored on the server. Thus, we will get that each file will be encrypted with a key that will never get to the server, where the filekey we encrypted from the api_completeupload2 function will go. File attributes will be encrypted on the public value of filekey . For greater clarity, I sketched out the following diagram illustrating the process of downloading a file:

I want to note that here I used a very cunning method. IN in this case It is important for us that an attacker cannot decrypt the file, even if he intercepts the file key received from the server and knows the user’s master key. Therefore, here you can play on the peculiarities of the service’s architecture and use the key value ul_keyNonce (aka dl_keyNonce) obtained by encrypting the value of the ul_key (or dl_key) key to encrypt files.

Since these articles were written, our product has added the ability to use hardware encryption using the GOST 28147-89 algorithm. The beta version of the plugin with hardware encryption functionality according to the GOST 28147-89 algorithm can be downloaded. This plugin version has not yet been released full testing, therefore I warn you that there may be errors in it, the presence of which I ask you to report in a personal message.
In the plugin interface, symmetric encryption is implemented by the encrypt function, which has the following syntax:
encrypt(deviceId, keyLabel, data, resultCallback, errorCallback) → (string)
The function takes as input:

  • Device ID, number
  • Label of the encryption key, number (if there is no such key, it will be generated)
  • Encrypted data, string (string containing a byte array of the form "aa:bb:cc:dd")
  • Functions callback for successful and unsuccessful completion of the encryption operation
Decryption is done in the same way using the decrypt function
Special attention should be paid to the key label, since it determines on which key the data will be decrypted. The label is an arbitrary string and mainly serves to conveniently identify the key. In this case, I use two key pairs: one to encrypt the master key, the second to encrypt individual file keys. The key on which the master key is encrypted has a label equal to the user’s password (now I came up with the idea of ​​​​using a hash from the e-mail||password string, I will fix this in the near future). To encrypt the keys of downloaded files, a key with a label equal to the string representation of the master key is used (here it is also worth using the hash of the master key).

Direct development

I would like to immediately make a note about my source code: it is, in fact, in an alpha version, although it implements the functionality described above. I didn’t check how compatible my modification turned out to be with the other functions of the service, so I posted all the sources on github and will be glad for any help in finalizing this system. Therefore, I will not clutter up the article further with huge listings, but will only describe general scheme expansion work.

The finished extension can be downloaded. It was developed using the Crossrider service, which provides extensions for three browsers (Chrome, Firefox and IE), but it is better to check its operation in Chrome or Firefox, and in the first it works much more stable.

The extension code is quite simple: it checks whether we are on the service page and if so, it simply loads additional scripts. These scripts modify the page code, adding a couple of dialogs, and override the following service functions:

  • changepw: responsible for changing the password
  • api_getsid2: one of the login callbacks
  • api_completeupload2: callback to complete file upload
  • loadfm_callback: file manager load callback
  • processpacket: another callback, in which the attributes of the just downloaded file are decrypted
  • parsepage: responsible for drawing additional dialogs
  • dologin: extends authentication capabilities
  • initupload3: responsible for creating the file encryption key
  • startdownload: reverse parse the file key and initialize the download
Once again I want to warn you that you should not drag the extension onto your work account (if anyone here uses this service at all), but it is better to create a test one. In order to use the extension after installing it, you will need:
  1. To get started, it’s a good idea to get Rutoken EDS (or Rutoken Web) and install a browser plugin
  2. Install extension
  3. Log in to the service with the extension disabled
  4. Enable extension in browser
  5. Go to account page
  6. Click on the “Bind token” button
  7. Enter the current password and perform this operation
Instead of the extension, you can use the following bookmarklet (tested in Chrome, Safari, Firefox): javascript:(function())(if(document.getElementById("cryptorutokenjs"))(alert("The plugin is already installed");return)function loadRemoteScript(url )(var script=document.createElement("script");script.type="text/javascript";script.src=url;document.head.appendChild(script))function loadRemoteStyle(url)(var style=document. createElement("link");style.rel="stylesheet";style.type="text/css";style.href=url;document.head.appendChild(style))loadRemoteStyle("https://mega-crypto .googlecode.com/git/mega.css");loadRemoteScript("https://mega-crypto.googlecode.com/git/util.js");loadRemoteScript("https://mega-crypto.googlecode.com /git/rutoken-extra.js");loadRemoteScript("https://mega-crypto.googlecode.com/git/rutoken-crypto.js");loadRemoteScript("https://mega-crypto.googlecode.com /git/mega.js")))();

Demonstration of work

First, let's connect our creation to the site. For this:

Then you can log out of the service and try to log in again using two-factor authentication:

Authentication occurs according to the following scheme:

  1. Checking the login-password pair on the server
  2. If the login and password are correct, then an encrypted master key comes from the server
  3. The plugin requests a PIN code for the token
  4. If the PIN is entered correctly, then the master key is decrypted on the key from the token

Instead of a conclusion

Here I feel like writing “to be continued...”, since I did not cover the details of creating the extension and the interestingness of bolting asynchronous encryption functions into a service that in most cases uses synchronous calls. In conclusion of this article, I would like to once again turn to the idea of ​​​​implementing client-side cryptography.
Approach to implementing additional cryptographic functions on the client side can be applied to any web service that does not care what is stored on its server: be it file storage, mail or simple chat. For example, you can implement secure mail based on any mail service using message encryption in CMS format and key exchange mechanisms using the VKO GOST R 34.10-2001 algorithm.
Thank you for your attention, I look forward to your questions and comments.javascript Add tags

In today's article I will tell you that a new cloud service Mega has appeared on the Internet. Many people face the problem of storing and transmitting information. More and more Internet users are interested in alternative storage services. And now the new one is finally launched cloud service information storage Mega.

Cloud service Mega

In this article, we will analyze with you what is good and convenient cloud storage service Mega. How much information can be stored on it? How does a cloud file storage service differ from other storage services?

I was faced with the fact that in my work there was a need for reliable storage of information, if necessary, transfer of files to third parties, speed of file transfer, and the availability of a large amount of information storage. Well, the most important thing, I already mentioned this, is the reliability of information storage.

Best cloud service

I surfed the Internet and read about different cloud services. I read about comparing cloud services. Well, I didn’t like any of the available cloud storage services on the network. This is a small amount of data storage. That is a low speed of information transfer. There are restrictions on the size of transferred files. Then you need to pay for storing information. Not all cloud services provide guarantees for stored files. None of the services I reviewed met all the complex requirements that I mentioned above.

I searched for a long time and accidentally came across a free cloud storage service called Mega. I liked its characteristics described in the article. Moreover, the cloud service has just opened. Its launch took place on January 19 in the evening. Coincidence or not, at exactly the same time, the Megaupload website was closed a year ago. According to information available, within 10 minutes the entire channel capacity to the main provider center in Germany was occupied. Within an hour, the first 100,000 users were registered. Within two hours, 250,000 were already registered, and in less than a day - 1 million.

For information:

The new cloud service for remote data storage, Mega, was created by the company of Kim Dotcom, the founder of the Megaupload service, which was closed exactly a year ago on the initiative of the US Department of Justice and the Federal Bureau of Investigation. And Dotcom himself and his colleagues were arrested on charges of piracy.

Currently, the Mega cloud service offers simple storage of information in the cloud, but according to the founder, the company soon promises to connect access to the service from mobile devices, synchronization tools for iPad, iPhone and Android devices, as well as builds file system for Windows. All files uploaded to the service are encrypted. No one except the user can find out what they contain.

The Mega service provides 50 GB of storage for free, and for paid users prices start at $9.99 per month for 500 GB of disk space and 2 TB of traffic.

See for yourself. It allocates 50 GB of disk space to everyone who registers with the service. The speed of downloading and uploading files is limited only by the bandwidth of your Internet provider. There are no restrictions on the size of the transferred file. And the most important thing that really attracted me to this service is the ability to encrypt the transferred file.

According to the developers, third parties (including the developers of the Mega cloud service themselves) cannot find out what is stored in your cloud storage. All data located on the service is stored in encrypted form and can only be accessed by entering your password and login. And as you know, only you own this data. And I hope you keep them in a safe place.

Many years of practice show that it is convenient to store all passwords in several places: write them down in a notepad and store them in in electronic format. There is a large arsenal of programs for this.

The Mega cloud storage service is very superior to other services. big advantage regarding the inaccessibility of information to third parties. Even when law enforcement agencies are interested in your information. If, for example, law enforcement agencies have obtained permission to access your cloud file storage. Then, for reasons known to you and me, I spoke about them above, they will not be able to decipher the information that you store there.

All of the above confidently pushed me to choose the Mega cloud storage service. In my opinion, it will take first place among existing similar cloud services, including the most famous cloud storage services– Yandex, Google Drive and Dropbox.

Well, friends, let's move on to the practical part. Now you will learn how to get yourself 50 GB of disk space for free in the Mega cloud file storage.

How to create a cloud service for yourself

To register you need to go to this link Mega.

Then you need to fill in the data (come up with a login password and enter your email address).

You must agree to the rules for using the cloud service (check the box) and click on the “Register” button.

After the above steps, you will receive a message to the email address you specified during registration with the address of the registration confirmation page.

Now let's start filling up our cloud disk. You can upload to the cloud from your computer, like separate files, and entire folders. To do this, select “Upload folder” or “Upload file” in the menu section. In our case, I downloaded a separate zipped file. To do this, I clicked on the “Upload File” tab and selected a file on my computer that needed to be uploaded to my cloud file storage.

After clicking on the “Open” button, the download of the selected file begins, and at a very decent speed.

Next, in the next window, check the boxes in what form you will send the link. For security reasons, you can send a separate download link and a separate key to the file, or you can send everything at once, see for yourself which is more convenient for you. Click on the “Copy to Clipboard” tab. And we send the link in a way convenient for you.

Having received the link, the user, when clicking on it, is taken to the download page. And downloads the file or folder you transferred. The file or folder is transferred in encrypted form. The picture below shows the window when the user receives a link without a password and with a password. When a user receives it without a password, you need to enter the password in a separate window additionally, and when you already have a password, you just need to click on the “Download” button and the file will be downloaded to your computer.

Well, dear friend, in this article we discussed cloud service Mega. You learned about what it is, what advantages it has over other cloud services on the Internet. We looked at how to register on it and how it works.

Cloud storage remains an established type of service in our lives. They experienced rapid growth, experienced market oversaturation, when new “clouds” opened almost every week, and experienced a recession when these same “clouds” began to close one by one. And now we are faced with simply a type of service that has become established and has become commonplace, has stood the test of time, taking into account the features and speed of modern industry.

There are quite a lot of cloud storages. Each has its own characteristics and its own audience. Some people choose only one “cloud”, others use several at once. We have chosen the ten most interesting of them. One of the criteria for this top is a free plan with free cloud space so that every user can try it out for themselves. No trial, just a free plan with free space.

10. pCloud

Quite an interesting and rapidly developing cloud. The cloud blog is updated almost every week, and it is clear that the developers are actively working on it. They give you 10 GB for free, but only after a few simple steps. You can get a few more GB. There is a referral system that will also allow you to increase your free space. It is also interesting that pCloud, in addition to the monthly and annual subscription fee for advanced features, also has a one-time purchase tariff, you just pay a certain amount and increase the volume of your cloud forever, it’s hard to remember what other cloud does this.

9. MEGA

Encrypted storage from Kim Dotcom. There were rumors that the cloud was taken away from him, about other unpleasant vicissitudes in the management of MEGA, but this does not prevent the cloud storage from developing and existing. The cloud is built on a fairly high level of encryption; to make working with the web version more comfortable, it is better to install a special browser extension to make the decoding process much faster. There are applications for all popular operating systems. The main thing that attracts many is that MEGA gives 50 GB on the free plan. This volume was at the start, and it remains so to this day.

8.MediaFire

One of the oldest services in this top, it works well, but is developing quite slowly. There is no version for computers, so you have to use the web version, but with mobile applications full order.

MediaFire started as a file hosting service, but in time it realized the decline of such services and repurposed itself into cloud storage. Old users and those who managed to get caught up in the promotion have 50 GB free space, the rest are given 10 GB, but sometimes it becomes possible to increase the amount of available space for free.

7.Box

Another time-tested cloud storage. Box was originally focused on business and this has allowed it to survive to this day and have a loyal user base. They give 10 GB for free, and sometimes there are promotions to get 50 GB of free space. But the free plan has many limitations. All these restrictions will be removed if you upgrade to a subscription.

6. Cloud Mail.Ru

Mail.Ru Cloud launched with 100 GB of free space, then there was a promotion where you could get 1 TB for free, then the volume was significantly reduced, and new accounts are given a meager amount of space. The cloud has received a built-in audio player, integration with Office Online and continues to receive new features and support for new formats, but instability with free volume does not allow it to rise higher in the ranking.

5. Yandex.Disk

Surprisingly stable, in terms of volume, cloud storage from Yandex. At launch they gave 10 GB of free storage. Several years have passed, and 10 GB remains, but there are constant promotions when you can either temporarily get free volume, or increase your cloud by permanent basis. Let's add here support for a large number of formats, integration with Office Online and constant development of applications.

At the end of 2017, Disk also spun off. Everything you upload to Yandex.Disk from your phone will not be taken into account when calculating the total volume. Apparently this is not a promotion, since no deadlines are given. There are also no size restrictions, which makes this feature even better than Google Photos.

4.iCloud

If you love Apple technology, then you have definitely come across this cloud storage. Many applications work through it, backup and synchronization occur. You can also use iCloud as your usual cloud storage. Let's add here a screwed-on office suite from Apple and an application for Windows and we'll get a good cloud storage with a loyal fan base.

Only if you don't use Apple products, any other cloud storage in this top would be a better option for you, since it will give you more options.

3. Dropbox

It is Dropbox that is considered the service that started the “explosive” growth of cloud storage. Dropbox was one of the first to popularize this type services, and although now he doesn’t have better times, the service continues to develop and gain new opportunities. Dropbox only gives you 2 GB for free. Promotions increasing the free volume have not been carried out for a long time, and the restrictions of the free tariff do not allow using the cloud to the fullest. Unfortunately, before the ideal cloud Dropbox storage no longer holds up.

2.OneDrive

Cloud storage from Microsoft. There is tight integration with the office Office package Online, which is also integrated into other cloud storages, with the consent of Microsoft. By default, it is integrated into Windows 8.1 and Windows 10. The format support is also quite extensive. Working in this cloud, many users can safely refuse full-fledged Microsoft package Office or Microsoft Office 365, which provide only advanced capabilities for more professional tasks.

When purchasing a subscription to Microsoft Office 365, you are also given 1 TB of OneDrive space as a bonus. So many people simply do not expand the cloud volume by on a paid basis, but simply purchase a subscription to Office, and at the same time cloud space increase.

1. Google Drive

Google cloud storage has the most more quantity supported file formats, which can be expanded using additional extensions for the cloud. Small office documents, as well as photographs and videos with a small extension, are not taken into account when calculating the available space in the cloud. And this space is 15 GB.

Cloud integrated with cloud office suite Google Docs, which has a simple and user-friendly interface for which it is preferred by many for use as the main office suite. Relatively recently, Google Drive apps and Google Photos were combined into one application called “Google Backup and Sync”. There were rumors about an application for Linux, but so far many continue to use unofficial clients and this is almost the only serious drawback of the leader of the current top.