lucasad
Support new snapchat protocol
I'm getting 400: Bad request when trying to login to snapchat. Any chance this can be fixed?
Have you tried changing User Agents? Also, you should try changing the login path and host, they may have removed the old one.
With the example I can not login. I tried to simply remove "user agent" it does not work. an idea?
I believe they may have changed the protocol, if anyone wants to reverse engineer it again and get it working, feel free to submit a PR
It could be as easy as using mitm proxy to observe the various api calls made by the android/ios app.
using Fiddler 4
requete for login: POST https://feelinsonice-hrd.appspot.com/loq/login HTTP/1.1 Accept-Language: fr;q=1, en;q=0.9 Accept-Locale: fr_FR User-Agent: Snapchat/9.5.0.4 Beta (GT-I9505G; Android 5.0.1#150315#21; gzip) X-Snapchat-Client-Auth-Token: Bearer e............gwTqL_tU3_X5GU1P_KicAoaG55cq8Rxk Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Content-Length: 532 Host: feelinsonice-hrd.appspot.com Connection: Keep-Alive Accept-Encoding: gzip
application_id=com.snapchat.android&dsig=26df682e838c60b63af1&dtoken1i=00001%3AGDdGzMF4S7iqPFds%2BO7%2Bwy7g3C4J5sZOlZw8%2F81gBYqkdpZTr%2B%2FlU5ubiZFFOyJV&height=1920&max_video_height=1920&max_video_width=1080&password=PASSWORD&ptoken=APA91b....YXIlBtNG0dNMys-hIg&req_token=93060754c291....c59b46514d1c513bb×tamp=1428830007247&username=USERNAME&width=1080
but url is different : http://img11.hostingpics.net/pics/391410reddd.png
411ccbf87d851fdb9ad7bba2dfdab0b2bc73458f is an attempt to fix this. At least I'm not getting 400s any more. Can anyone try it out to see if it works for them?
128 + console.log(data); and my response is : {"message":"Oh no! Your login temporarily failed, so please try again later. If your login continues to fail, please visit https://support.snapchat.com/a/failed -login :)","status":-103,"logged":false}
another adjustment must be changed
Snapchat via the application in the request header, there is the variable X-Snapchat-Client-Auth-Token, which does not exist in the node-Snapchat
@Copois Is there any way you could get the base64 encoded version of the X-Snapchat-Client-Auth-Token (or some other enconding)?
X-Snapchat-Client-Auth-Token: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjczNzY1ZWM3ZWQxYjYwMjBlZGJmOTY2ZmQ5ODcyZWU2ODY5Y2VmNDcifQ.eyJpc3MiOiJhY2NvdW50cy5nb29nbGUuY29tIiwic3ViIjoiMTEyNzI3MTk4MTQxMDYxMjc4ODg0IiwiYXpwIjoiNjk0ODkzOTc5MzI5LXFnMGkwdTg4dDBobThrNmsxbWJyYm5zdWoxMDFoNzN2LmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwiZW1haWwiOiJjb3BvaXMucEBnbWFpbC5jb20iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiYXVkIjoiNjk0ODkzOTc5MzI5LWw1OWYzcGhsNDJldDljbHBvbzI5NmQ4cmFxb2xqbDZwLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwiaWF0IjoxNDI5MjA1ODExLCJleHAiOjE0MjkyMDk0MTF9.el4HYviIrlm6Xci37j9s-CDS61MwDPkb80Jpoi3-cS4LLGohyefQiRdzA19AFAOleQeVyd07kims7q7MuU2U_t43dSskK6eSdT3KPO88XU8K23HeLlkU0oN_tnYcmh5xhCoN6GzTBDkPGAAVmNDQYHWrcetyoKHXtXdxJOd-4jA
You also want the contents of the body?
with X-Snapchat-Client-Auth-Token I have an answer, i see
edit : the answers have changed, I look edit2: login ok
X-Snapchat-Client-Auth-Token is not fixed a new is Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjczNzY1ZWM3ZWQxYjYwMjBlZGJmOTY2ZmQ5ODcyZWU2ODY5Y2VmNDcifQ.eyJpc3MiOiJhY2NvdW50cy5nb29nbGUuY29tIiwic3ViIjoiMTEyNzI3MTk4MTQxMDYxMjc4ODg0IiwiYXpwIjoiNjk0ODkzOTc5MzI5LXFnMGkwdTg4dDBobThrNmsxbWJyYm5zdWoxMDFoNzN2LmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwiZW1haWwiOiJjb3BvaXMucEBnbWFpbC5jb20iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiYXVkIjoiNjk0ODkzOTc5MzI5LWw1OWYzcGhsNDJldDljbHBvbzI5NmQ4cmFxb2xqbDZwLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwiaWF0IjoxNDI5MjExMDc5LCJleHAiOjE0MjkyMTQ2Nzl9.dPzb5IWcqXvNit6I3f1yx6dAL_3A_1imLs5yQr3Ht_xQoNK7kdtJRFdgqsqp_xCPtfNAcLoMSjlojIgHH2IZXIoEmJDUWb9Gd8Iu6H0lyKzvv5AAcxxNnSHcpJn12esnUss67jsOPawfKgq1uYM1qFJ01vqyqqxVoUIth4GGNQU'
I do not know how it is generated. I look tomorrow. JSON structure is complicated i must see if getBlob = function(username, auth_token, id, cb) if correct because statusCode 401
for generate token https://github.com/mgp25/Snap-API/blob/master/src/snapchat.php line123
Okay, so we'll need to create our own version of https://tekno.pw/snapchat_password.php
https://github.com/mgp25/Snap-API/issues/42#issuecomment-87467213 we could do that for now
If I'm understanding it right, the token is generated through Google Play services, I wonder how the iOS implementation works
i don't know how generate the token X-Snapchat-Client-Auth-Token
https://tekno.pw/snapchat_password.php is not valid too short
I have an iPhone, here's the data I saw when sending a login request:
Apr 22 18:42:32 Thomas-Finchs-iPhone Snapchat[12228] <Warning>: POST PATH: /loq/login
Apr 22 18:42:32 Thomas-Finchs-iPhone Snapchat[12228] <Warning>: PARAMETERS: {
dsig = 5CEB2D86DB6B34CED947;
dtoken1i = "45df8a82-3001-443e-86a0-fabc89f9351a";
height = 1136;
password = [redacted];
ptoken = <19733f53 caf1da07 b53433a6 826c2e95 45b8cb21 99522edb 09b9b272 f75e002d>;
"req_token" = 9303a45587a173686e8132ecf1a9afd4cfee4d8019d15a8b29b4b214dbc51edb;
timestamp = 1429742552480;
username = thomasfinch;
width = 640;
}
I also have a decrypted copy of the app binary that I can disassemble, I'll try to figure out how the token is generated by the app.
I'm having some trouble getting at the methods that generate the tokens, Hopper disassembler is reading them incorrectly and hooking them with a jailbreak tweak crashes the app for some reason. I did get the user agent string though, if that's any use: Snapchat/9.6.0.1 (iPhone6,1; iOS 8.1.2; gzip). I'll keep working on it.
@thomasfinch, Thank you. Can you update your progressing or share the decrypted copy of the snapchat binary with me?
I'd like to see the dumped file, so I can also try this one. When I success analyse new login module, I will share it here.
I'm not sure about the legality of sharing the file, but it's fairly simple to obtain if you have a jailbroken device using dumpdecrypted. I wasn't able to get much useful information from it (although somebody more experienced than me probably could), but I did find a PHP library that supports the new API and switched to using that for my project. It would be a waste of time to reverse engineer the binary since the PHP library could just be replicated in Node.
This might be interesting to look at: https://github.com/mgp25/Snap-API/wiki/API-v2-Research