Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Possibly found the reason why networks are getting blocked. #82

Open
Snowlav opened this issue Jan 11, 2015 · 16 comments
Open

Possibly found the reason why networks are getting blocked. #82

Snowlav opened this issue Jan 11, 2015 · 16 comments

Comments

@Snowlav
Copy link

Snowlav commented Jan 11, 2015

I've been researching the blog of snapchat for a bit and I noticed that recently they have updated some guidelines.

Here's one of them:
Device Information: We collect information about your device, including the hardware model, operating system and version, unique device identifiers (including MAC address and IMEI), browser type and language, mobile device phone number, and mobile network information. We also collect certain device information that will help us diagnose problems in the (hopefully rare) event you experience any crash or other problem while using our Services. So, for example, if we detect a crash or other problematic event, we may collect the list of apps on your device and other information about your device’s performance at the time of the event for troubleshooting purposes.

Now lets take a look at why and with what message snapchat blocks a network.
"Suspicious activity"

Meaning it's something inside the code that triggers something repeatedly.
Triggering once? fine
Twice? fine
An established amount by snapchat times? Fucked.

Now lets look at this line of text in the article:
unique device identifiers (including MAC address and IMEI)

What I think is that snapchat registers not only a lot of people logging in from the same network (which should in theory be fine, think about public wifi etc)
But they also detect EVERYONE logging in from the same device!

-Either due to the above stated IMEI and MAC (do these even exist with a web server?, if not a lack of them might flag it)
-The exact same user agent that everyone from your network logs in with.
(see this line in the article: including the hardware model, operating system and version,)

Is anyone here able to test this theory out with me?
I think this will have a big chance to solve the network blocking.

@DanMossa
Copy link

I'd be more than happy to help test this out but I'm not super skilled in the technical department.
Would you like me to test this out by changing around
CURLOPT_USERAGENT => 'Snapchat/8.0.1.3 (Nexus 5; Android 21; gzip)',
?

EDIT: I changed it to CURLOPT_USERAGENT => 'Snapchat/6.0.0 (iPhone; iOS 7.0.2; gzip)', and I still got the same error =/

EDIT2: I set the UserAgent back to the Android one and ran it off localhost on wamp and it worked perfectly fine. So for me, it's my website's IP that has been banned.

@anchorit3
Copy link

anchorit3 commented Jan 12, 2015

Previously I runed the API on VPS server - Worked one month and the IP address has been blocked,
and then runed the API on localhost, worked a few days and again the IP has been blocked.
I updated the CURL data

CURLOPT_HTTPHEADER => array(
    'Accept-Language: en-GB;q=1, en;q=0.9',
    'Accept-Locale: en'
),

and

CURLOPT_USERAGENT => 'Snapchat/8.1.1 (Nexus 5; Android 21; gzip)',

and again blocked.
Now I do not know what to do to fix it.
Maybe this problem is because I don't use authToken to again login but with this is next problem because AuthToken does not work or I do not know how to use it.

I've never seen somebody checking MAC and IMEI.
Every Network Device have a MAC and IMEI
but I don't know is it possible to check this in PHP.

@Snowlav
Copy link
Author

Snowlav commented Jan 12, 2015

If the network was already blocked, then ofcourse changing the headers and useragent would not help, you have to wait until the block is lifted and keep randomizing it in the hope it won't get blocked again.

It's not something we check, it's something server side checks.

@JorgenPhi
Copy link
Owner

Wouldn't randomizing the device each request be more suspicious than
keeping the same device between requests? We need to make it so the library
as a whole doesn't utilize the same device headers.

If the network was already blocked, then ofcourse changing the headers and
useragent would not help, you have to wait until the block is lifted and
keep randomizing it in the hope it won't get blocked again.

It's not something we check, it's something server side checks.


Reply to this email directly or view it on GitHub
#82 (comment).

@Snowlav
Copy link
Author

Snowlav commented Jan 12, 2015

I should have explained myself better, I am looking from a standpoint where multiple people are using the app/code from the same network / ip.

You are right, when it's only you using it, try a different header than the one in the libary.
But keep them the same in between requests.

Focusing on apps that multiple people use, I think the server side of snapchat detects a X amount of users logging in from one device.
I remember a while back when I ran some tests, before snapchat became this strict, that I would have problems performing functions from multiple accounts at the same time.
Every single account in a row was fine, but at the same time usually got the account locked and/or the network blocked.

@DanMossa
Copy link

@Snowlav I understand what you're saying. But is there a way to use a proxy with this so that I can bypass the block? Because it's been 4 days now.

@JorgenPhi
Copy link
Owner

Yeah find a proxy and pass it along with the cURL requests.
On Jan 12, 2015 10:06 PM, "Dgameman1" [email protected] wrote:

@Snowlav https://github.com/Snowlav I understand what you're saying.
But is there a way to use a proxy with this so that I can bypass the block?
Because it's been 4 days now.


Reply to this email directly or view it on GitHub
#82 (comment)
.

@DanMossa
Copy link

public static $CURL_OPTIONS = array(
CURLOPT_CONNECTTIMEOUT => 5,
CURLOPT_RETURNTRANSFER => TRUE,
CURLOPT_TIMEOUT => 10,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_USERAGENT => 'Snapchat/8.1.1 Beta (Nexus 4; Android 17; gzip)',
);

So I would add
CURLOPT_PROXY => PROXY:PORT,right?

And that's the only thing I need to do to use a proxy @JorgenPhi ?

@anchorit3
Copy link

@Snowlav We can try add to library list User Agents from Android devices (10 or more) and iOS and when somebody trying sign in we can randomizing useragent for this username and save for example in sqlite.

But this problem isn't my because I only use 2 accounts for accepting invite to friends, receive snaps and send Snap with authentication code to manage content on website. In my position i think problem is with receive many Snaps in one moment but I'm not sure.

@Dgameman1 for proxy port u mast use

CURLOPT_PROXY => PROXYIP,
CURLOPT_PROXYPORT => PORT

//edit
More info about CURL Proxy:
http://curl.haxx.se/libcurl/c/CURLOPT_PROXY.html

@Snowlav
Copy link
Author

Snowlav commented Jan 13, 2015

@anchorit3 good thinking about the user agent, but what about they IMEI and MAC address they gather?

@anchorit3
Copy link

@Snowlav I think Snapchat does not have access to IMEI and MAC device from received data but it's possible that I'm wrong.

//edit
I observed when network is blocked and I change in snapchat_agent.php endpoint from https://feelinsonice-hrd.appspot.com/bq to https://feelinsonice-hrd.appspot.com/ph get from API good data.

@liamjack
Copy link

Snapchat doesn't send the device MAC or IMEI at any point, from what I have seen from looking through all the requests.

@Snowlav
Copy link
Author

Snowlav commented Jan 13, 2015

Hmm I guess I got thrown off by their statement saying they did.

It made sense given the fact I always face this problem once more than 3 accounts are active on the platform / doing the same thing.

@DanMossa
Copy link

@anchorit3 Thank you. But now the issue is I get an error saying...

array(3) {
  ["error"]=>
  int(1)
  ["message"]=>
  string(22) "API Connection failed."
  ["result"]=>
  string(44) "Connection timed out after 5005 milliseconds"
}

and I even went ahead and changed the timeout CURLOPT_TIMEOUT => 200,

@anchorit3
Copy link

@Dgameman1 I add CURLOPT_PROXYTYPE and checked this on my localhost and this worked

$proxyip = '127.0.0.1'; // proxy IP
$proxyport = 8080; // proxy PORT
(...)
CURLOPT_PROXYPORT => $proxyport,
CURLOPT_PROXY, $proxyip,
CURLOPT_PROXYTYPE => 'HTTP'

I use one proxy server from this list:
http://proxylist.hidemyass.com/

@LinoSuarez
Copy link
Contributor

"If you believe you received the notification in error, it may be because you are using an old version of Snapchat. Please make sure you have the most recent version of the app downloaded.

If you have stopped using third-party applications, changed your password already, and updated to the most recent version of Snapchat, there is no need to contact us. However, if you are still having trouble with your account, please let us know below." from https://support.snapchat.com/co/third-party-cf

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

6 participants