Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Is there a way to create an account via this API? #73

Open
DanMossa opened this issue Jan 5, 2015 · 28 comments
Open

Is there a way to create an account via this API? #73

DanMossa opened this issue Jan 5, 2015 · 28 comments

Comments

@DanMossa
Copy link

DanMossa commented Jan 5, 2015

Was just wondering if there's an API to create a SnapChat account.

@hako
Copy link
Collaborator

hako commented Jan 5, 2015

There is, I've opened a pull request to #57 this requires the captcha to be passed though not phone number verification. Here is an example

@DanMossa
Copy link
Author

DanMossa commented Jan 5, 2015

@hako Sorry but I'm super retarded. So at the moment, it's not complete, correct? Cause I used the code you gave and a few errors came up.

@hako
Copy link
Collaborator

hako commented Jan 5, 2015

What were the errors came up? also my fork does not have the header fix yet and it still needs some refactoring. If you apply the fix, the registration still works.

  1. git clone https://github.com/hako/php-snapchat and switch to the snaptcha branch
    • git checkout snaptcha
  2. apply the header fix to snapchat_agent.php or download the patch here
  3. download the example
  4. change the $email and $username to whatever you want to register.
  5. run php [example file].php

You should get a zip file full of images where you have to unzip and select which ones is are the ghosts.

Enter 1 for a ghost 0 for no ghost until it's 9 digits long.

And you should be registered.

It's not the best of examples, but i'll eventually clean everything up when I'm able to get some spare time.

@liamjack
Copy link

liamjack commented Jan 5, 2015

@hako : After how many new accounts do you start getting the snaptcha on registration ? Is the snaptcha only required on registration or can they make it required for login aswell ?

@hako
Copy link
Collaborator

hako commented Jan 5, 2015

The snaptcha is only required on registration. I don't know if there is an exact limit of accounts you can create yet.

@Snowlav
Copy link

Snowlav commented Jan 5, 2015

As of this moment there is no limit for registration of accounts per IP / Device ID

@Snowlav
Copy link

Snowlav commented Jan 5, 2015

Does anyone know if the snaptcha images are generated on the spot, or are they pre-designed and loaded from a database of some sort?

@liamjack
Copy link

liamjack commented Jan 5, 2015

Thanks to @hako and his image of Snaptcha we can see the following :
Snaptcha

Here's another from Techcrunch :
Snaptcha 2

These are not computer generated (take a look at the positioning, the fact that the ghost is behind an umbrella, positioned correctly at the end of a fishing rod... This is "art"), some "graphic artist" spent a lot of time doing these, which means there is a limited amount. Collect them all, md5 the image file, store in a database with a simple boolean called ghost : 0 = No ghost, 1 = Ghost. Your Snaptcha completion is now automatic.

This will work until Snapchat randomizes a few pixels, meaning that the md5 will change radically even though you have 99.9% the same image, so then an upgrade to "image recognition" will be required.

Worst case scenario you have to use Amazon's Mechanical Turk to have some humans tell you if a ghost is in the image or not, depends on your motivation and your budget.

@Snowlav
Copy link

Snowlav commented Jan 5, 2015

I don't know if it's relevant but the current images snapchat uses for their captcha are different.

They seem pc generated to me and are even manually hard to solve at times haha.

@liamjack
Copy link

liamjack commented Jan 5, 2015

@Snowlav : Oh sorry then, I haven't had one recently :P Ok, well now we need to make a ghost detection script. Should be simple enough though seeing that the ghost is always the same sprite, it's just rotated, enlarged / reduced, a bit of PHP code should be able to handle this right ?

@liamjack
Copy link

liamjack commented Jan 5, 2015

I have forced a captcha upon myself for research reasons, and indeed these are very computer generated.

Snaptcha 1
Snaptcha 2

Here are some screenshots of 19 different captchas (because there seems to be no rate limiting on captchas, you can fail continuosly and Snapchat will keep on feeding you with a new load of captcha images until you get it right) : https://imgur.com/a/jRwlS

And here are all the decompressed ZIP files that were received with each request containing 21 captcha sets, each composed of 9 computer generated 180x180 PNG images, thats a grand total of 189 different images : http://files.lab.cuonic.com/ZDg5MWFjM

As you can see some of these are humanly impossible, I had to retry 3 times on a genuine attempt to get it right, so good luck getting a bot to identify the ghost !

@Snowlav
Copy link

Snowlav commented Jan 6, 2015

In a lot of pics the ghost is the only white things, is it possible to look for a certain area size of a white color-range?

@liamjack
Copy link

liamjack commented Jan 6, 2015

@Snowlav The problem is there is also a duck, other white objects, and the size varies, the shape of the ghost isn't consistent, it can be deformed.

@Snowlav
Copy link

Snowlav commented Jan 6, 2015

Hmm yes that's correct.. How long would it take if you gave snapchat a random string, and kept feeding it until it corresponds to the answer.
Since there is no rate limit on failing.

@liamjack
Copy link

liamjack commented Jan 6, 2015

Good question, the problem is that the string gives 512 different possibilities, but the answer changes every time, so it could take ages.

@Snowlav
Copy link

Snowlav commented Jan 6, 2015

is there a way of "checking" your input before snapchat actually "processes" it?
For example, check the server response of a string, but snapchat does nothing with the server response.
Might sound retarded haha, just wondering.

@liamjack
Copy link

liamjack commented Jan 6, 2015

Well no otherwise it would mean that they have a gigantic security vulnerability being able to try all the possibilities before actually posting off. 👻

@Snowlav
Copy link

Snowlav commented Jan 6, 2015

sounds like snapchat to me 😆

@liamjack
Copy link

liamjack commented Jan 6, 2015

They're getting better ;)

@Snowlav
Copy link

Snowlav commented Jan 6, 2015

Unfortunately ! haha, they are throwing up challenges for us now.
Do you see any possibility in defeating the snaptcha ?

@liamjack
Copy link

liamjack commented Jan 6, 2015

Get loads of them and find a way of mass analyzing the images where
there is a ghost to find something that will enable an algorithm to
detect the ghost images

Something like this : https://en.wikipedia.org/wiki/Pattern_recognition

@Snowlav
Copy link

Snowlav commented Jan 6, 2015

sounds like a fun project, I guess I could try to code something to just scrape those packages of pics.

@liamjack
Copy link

liamjack commented Jan 6, 2015

Scrape a load of captcha image zips, manually comb out the Ghost images, then analyze. Simple :P

@Snowlav
Copy link

Snowlav commented Jan 6, 2015

do you have skype / g hangouts ?

@liamjack
Copy link

liamjack commented Jan 6, 2015

XMPP : cuonic [@] rows [.] io

On 06/01/2015 12:51, Snowlav wrote:

do you have skype / g hangouts ?


Reply to this email directly or view it on GitHub
#73 (comment).

@Snowlav
Copy link

Snowlav commented Jan 6, 2015

XMPP .. never used that, what client would you recommend for windows?

@liamjack
Copy link

liamjack commented Jan 6, 2015

Pidgin : https://pidgin.im/download/

On 06/01/2015 12:59, Snowlav wrote:

XMPP .. never used that, what client would you recommend for windows?


Reply to this email directly or view it on GitHub
#73 (comment).

@Snowlav
Copy link

Snowlav commented Jan 6, 2015

I'm snowlav [@] rows [.] io
When I talk it says "no permission" under your name

@mgp25 mgp25 mentioned this issue Jan 26, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants