From 511d78941ccb78c905909de145a8a2beaf2e46d7 Mon Sep 17 00:00:00 2001
From: zefie <zefie@zefie.net>
Date: Sun, 10 Aug 2025 20:10:10 -0400
Subject: [PATCH] proper diskmap hashing

---
 .../includes/ServiceVault/wtv-disk/sync.js    |  2 +-
 zefie_wtvp_minisrv/includes/classes/WTVSec.js | 25 ++++++++++++++++++-
 2 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/zefie_wtvp_minisrv/includes/ServiceVault/wtv-disk/sync.js b/zefie_wtvp_minisrv/includes/ServiceVault/wtv-disk/sync.js
index 60b25c48..6ef77fb3 100644
--- a/zefie_wtvp_minisrv/includes/ServiceVault/wtv-disk/sync.js
+++ b/zefie_wtvp_minisrv/includes/ServiceVault/wtv-disk/sync.js
@@ -234,7 +234,7 @@ if (request_headers['wtv-request-type'] == 'download') {
                 if (wtvshared.getFileExt(diskmap_data_file).toLowerCase() == "gz") {
                     var diskmap_data_filename = path.basename(diskmap_data_file);
                     var gunzipped = zlib.gunzipSync(diskmap_file_data);
-                    diskmap_group_data.files[k].checksum = CryptoJS.MD5(CryptoJS.lib.WordArray.create(gunzipped)).toString(CryptoJS.enc.Hex).toLowerCase();
+                    diskmap_group_data.files[k].checksum = CryptoJS.MD5(CryptoJS.lib.WordArray.create(diskmap_file_data)).toString(CryptoJS.enc.Hex).toLowerCase();
                     var gzip_fn_end = diskmap_file_data.indexOf("\0", 10);
                     if (!diskmap_group_data.files[k].dont_extract_filename) {
                         diskmap_group_data.files[k].original_filename = diskmap_group_data.files[k].file.replace(diskmap_group_data.base,"").replace(diskmap_data_filename, diskmap_file_data.toString('utf8', 10, gzip_fn_end));
diff --git a/zefie_wtvp_minisrv/includes/classes/WTVSec.js b/zefie_wtvp_minisrv/includes/classes/WTVSec.js
index c505c17e..698f97bd 100644
--- a/zefie_wtvp_minisrv/includes/classes/WTVSec.js
+++ b/zefie_wtvp_minisrv/includes/classes/WTVSec.js
@@ -346,7 +346,30 @@ class WTVSec {
      * @notice This function is an alias for Encrypt, as WTVSec uses the same method for both encryption and decryption.
      */
     Decrypt(keynum, data) {
-        return this.Encrypt(keynum, data)
+        // Decryption must use the paired RC4 session for the opposite direction
+        // Sessions:
+        //   0 = encrypt with key1, 1 = decrypt with key1
+        //   2 = encrypt with key2, 3 = decrypt with key2
+        let session_id;
+        if (keynum === 0) {
+            session_id = 1;
+        } else if (keynum === 1) {
+            session_id = 3;
+        } else {
+            throw new Error("Invalid key option (0 or 1 only)");
+        }
+
+        if (!this.RC4Session[session_id]) {
+            this.SecureOn(session_id);
+        }
+
+        if (data.words) {
+            data = this.wtvshared.wordArrayToBuffer(data);
+        } else if (data instanceof ArrayBuffer || typeof data === 'string') {
+            data = Buffer.from(data);
+        }
+
+        return this.RC4Session[session_id].updateFromBuffer(data);
     }
 }