Userscripts.org

any chance of a fix?

naah, its again dead.
i think those sharecash assholes fixed it

yeah, i cant dl any sharecash link anymore.. please timendum, fixed it :(

Sharecash is spamming 4chan nonstop-24/7 right now. We need some long-term protection against this bullshit. Could you also look into adding automatic updates? There should be plenty of templates for that on this site.

Ok I know HOW to fix it, just not how to implement it in JavaScript.

The scrubs just encoded the download link in a massive string of hex that looks like "\x68\x69\x73\x74\x6F\x72\x79\x6C"... We need a JavaScript program that can parse this shit and convert it to ASCII. Anyone know how to do it?

i figured out how to decode the hex and figured i'd share since my ip is now blocked by sharecash. :(

you need to download and install malzilla to follow along
http://malzilla.sourceforge.net/

click on the download link in sharecash

on the popup click right-click or ctrl-click the frame and select 'This Frame', and then 'View Frame Source'. (on the whitespace just above the questions)
this should get you the source including the hex characters

download and run malzilla

click the tab for shellcode analyzer

do the following for each hex string (there are multiple separated by commas)

copy the string (not the surrounding quotes)
right click the top text box in malzillas' shellcode analyzer
choose paste as hex

you should now have a decrypted string

if you find the longest string of hex... that should be the one that contains the link to download the actual file... you may have to access that link quickly because there seems to be a time variable that stops the link from working after a certain amount of time.

good luck and let me know if it works. next we need to figure out how to do this though an anonomizer so my blocked ip wont matter any more :) any takers!??

I'm working on it. I've already got the hardest part over with: converting the hex to ASCII via JavaScript. I just used a ton of string replacements to cover each and every character used. Painstaking and inefficient, but foolproof. I don't even really know JavaScript, just some C. Plus I don't know exactly how sharecash works either. I hope someone can make use of this and take over from here:

http://pastebin.com/m2106121

this may help

http://www.java2s.com/Code/JavaScript/Security/...

heres the function:

var asciiString = DoAsciiHex('\x68\x69\x73\x74\x6F\x72\x79\x6C','H2A')

as a side note, does anyone know how to use sctest.exe? this is what malzilla uses i believe... havn't had time to figure out malzillas' source code yet

thanks bugmenot

well done, timendum. the new script works even better than the previous one. no need to stop greasemonkey in order to prevent the "Click here to continue" link from disappearing :-)

I just keep getting a white screen everytime i click on the sharecash link

thanks timendum.

i was able to reset my modems ip and it works for me now. elegant solution.

It doesn't work for me. Perhaps because I don't get any offers or something. What should I do to make it work. :(

hi! my friend
it's do'nt work too
at last night good That work
Help me pleaze
Thanks.

Yup... Its broken again :(

yes, stopped working. i'm going to try hotspot shield. no, it doesn't work either. it seems that the only way left is to remove cookies, click about 10 to 30 times on CLICK HERE TO DOWNLOAD and hope for the only site available in my area, then remove cookies again and start another long-term download job :-)

dang! the Complete the Quick Survey to Continue message now disappears even in Opera. unless something miraculous happens, i will have to stop using that bloody share site.

I'm pretty sure that sharecash itself is broken. I always get "Unable to process" or "Not available in your country" with or without this script enabled, with cookies on or off, behind proxies or not, in both FF and IE. It's been acting funny the past couple days, and I don't know what's going on, but I can't say I'm disappointed; I'd much rather they just let their slipshod spam site die off than force us to engage in a drawn-out patching war in an effort to defend ourselves against their spam.

Proxies keep giving me "Unable to process" regardless of the script. When I go direct, "Complete... to Continue" gets lost in Firefox, Opera, Chrome and Dolphin. It is preserved in Avant browser, but it never changes into the real download link, no matter how many times I try. Of course, most offers are unavailable and some are expired. Now there is no way for me to download from them, even if I were willing to fill some surveys.

Anyone know if the problem started before the update of Greasemonkey?

99% sure the problem has nothing to do with Greasemonkey or this script. Though it's not stopping the spambots, unfortunately.

I know it worked for me about two days ago, then updated, and it hasn't worked since. However, I have noticed this: 'you MUST click two offers on the 'Final Offers' page. You will then be taken straight to the download!' Did they always get you to click on two offers?

not working for me. and bugmenot, just report the spambots to a sharecash admin, they will take care of it

GoGoHabs69:
Not familiar with sharecash I take it? We've already tried to get them to take down the spambots. Over and over and over again. They just don't care. Sharecash isn't a legit business; they're a bunch of kids trying to make a quick buck via blackhat spamming. The use of spambots is a standard practice among their regular users.