Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New Version #89

Open
gidbot-old opened this issue Jan 29, 2015 · 188 comments
Open

New Version #89

gidbot-old opened this issue Jan 29, 2015 · 188 comments

Comments

@gidbot-old
Copy link

In snapchat_agent the version needs to be changed to '9.0.1'

Additionally, has anyone been able to post stories since the update?

@Snowlav
Copy link

Snowlav commented Jan 29, 2015

I'm on the 9.0.2.1 beta and a lot has changed, though posting stories shouldn't give any issues.
how are you uploading stories?

@gidbot-old
Copy link
Author

$snapchat = new Snapchat('uname', 'password');
$id = $snapchat->upload(
Snapchat::MEDIA_IMAGE,
file_get_contents('/path/to/image.png')
);
$snapchat->send($id, array('uname'));

@liamcottle
Copy link

If you are using the 9.0+ user agent, you need to make sure you have
implemented the new Login parameters.

Check out my working 9.0.2.0 login request here:

http://github.com/liamcottle/snaplib
On 30/01/2015 1:07 pm, "gbrosenthal" [email protected] wrote:

In snapchat_agent the version needs to be changed to '9.0.1'

Additionally, has anyone been able to post stories since the update?


Reply to this email directly or view it on GitHub
#89.

@gidbot-old
Copy link
Author

Logging in isnt the issue. Im able to get users etc... so i know im authenticated

@liamjack
Copy link

Make sure you send all the following data correctly. This hasn't changed at all compared to 8.1.1

User-Agent: Snapchat/9.0.2.0 (Nexus 4; Android 17; gzip)

/bq/retry_post_story

Description

Used to post a story

Request

  • my_story - (Boolean)
  • time - Time to display the snap (Float)
  • group_ids- (Array)
  • media_id - [USERNAME]~[RANDOM UUID] (String)
  • story_timestamp - (Timestamp)
  • zipped - 0 or 1 (Int)
  • caption_text_display - (String)
  • client_id - Same as media_id (String)
  • type - Media type (Int)
  • data - Encoded snap data
  • req_token
  • timestamp
  • username

Response

  • json - (Array)
    • story - (Array)
      • caption_text_display - (String)
      • client_id : Same as media_id (String)
      • id - [USERNAME]~[TIMESTAMP] (String)
      • mature_content - (Boolean)
      • media_id - [USERNAME]~[RANDOM UUID] (String)
      • media_iv - Base64 encoded encryption IV for the snap data (String)
      • media_key - Base64 encoded decryption key for the snap data (String)
      • media_type - Media type (Int)
      • media_url - A URL to fetch the story data, generally https://feelinsonice-hrd.appspot.com/bq/story_blob?story_id=[media_id] (String)
      • thumbnail_iv - Base64 encoded encryption IV for the thumbnail image (String)
      • thumbnail_url - A URL to fetch the thumbnail image, generally https://feelinsonice-hrd.appspot.com/bq/story_thumbnail?story_id=[media_id] (String)
      • time - Number of seconds to display snap (Float)
      • time_left - Time left before expiration of the story (Timestamp)
      • timestamp - Time posted (Timestamp)
      • username - Username of the user who posted the story (String)
      • zipped - (Boolean)

@gidbot-old
Copy link
Author

Sorry, just realized that my example was sending to single users. But i havent been able to do that either haha.

@gidbot-old
Copy link
Author

But it also looks like a lot of those variables are not set by this library. Ie not in 'function setStory' in the snapchat class, nor 'function post' in the snapchat_agent one

@liamjack
Copy link

The library is not exactly up to date, if you want it to work you need to know what the actual application sends to the API, and then you have to add / remove parameters to each request in the library.

Here is some API documentation : https://github.com/JorgenPhi/php-snapchat/wiki/API-v2-Research

@Snowlav
Copy link

Snowlav commented Jan 30, 2015

I'm getting real tired of snapchat and their api updates, I'll tell you that much

@liamjack
Copy link

Well the API updates are a good thing, it brings new features to the application for us to use and abuse. We just need to keep up with constantly analyzing the application's API calls.

@Snowlav
Copy link

Snowlav commented Jan 30, 2015

The latter is hard though, I do not mind it actually, but snapchat is not only adding user features but I have the feeling they are also making it harder for us to abuse every update.

@Scape373
Copy link

Any fix for this yet?
I can login and update snaps and save snaps, but cannot upload or set a story. It just uploads a blank gray thumbnail and disappears when i try to click on it
This literally worked yesterday with no change. I tried updating my user agent to 9.0.2, and 9.0.1 and still doesn't work.. What am i missing?

$final1 = "http://-snip-watermark.php?filename=$value";
$id = $snapchat->upload(
Snapchat::MEDIA_IMAGE,
file_get_contents($final1));
$snapchat->setStory($id,5);

const VERSION = 'Snapchat/9.0.1.0';
CURLOPT_USERAGENT => 'Snapchat/9.0.1.0 (Nexus 4; Android 17; gzip)',

@gidbot-old
Copy link
Author

I've been able to upload (get a 200 Response), but I havent been able to send single snaps or set my story. If anyone has been able to get this library working in the last couple days, please share.

@Snowlav
Copy link

Snowlav commented Jan 30, 2015

Are you uploading a JPG image ?
What responses do you get?

Can you elaborate "I can login and update snaps and save snaps, but cannot upload or set a story. It just uploads a blank gray thumbnail and disappears when i try to click on it"
Do you mean on the application?

@Snowlav
Copy link

Snowlav commented Jan 30, 2015

Remember this lib is outdated guys, if you are mixing new headers with old endpoints, or old endpoints with new endpoints etc, it will not work.
Which endpoint are you guys using to login and which are you using to set story.

In the new versions of snapchat you no longer need to use upload and send but simply post to story.

We need more information than that is given right now.

@JorgenPhi
Copy link
Owner

Speaking of outdated, if anyone wants access to accept pull changes and
write to the repo directly, let me know. I don't have the time to keep this
relevant.
On Jan 30, 2015 2:14 PM, "Snowlav" [email protected] wrote:

Remember this lib is outdated guys, if you are mixing new headers with old
endpoints, or old endpoints with new endpoints etc, it will not work.
Which endpoint are you guys using to login and which are you using to set
story.

In the new versions of snapchat you no longer need to use upload and send
but simply post to story.

We need more information than that is given right now.


Reply to this email directly or view it on GitHub
#89 (comment)
.

@Scape373
Copy link

So what you are saying is my code should look more like this now?:

It's still not working.. :(

Gets contents of folder
uploads the images in the folder

$directory = 'saved';
$scanned = array_diff(scandir($directory), array('..', '.'));
foreach($scanned as $value){
//Watermark
$snapchat->setStory($value,5);
var_dump($value);
}

$value comes out as a string:
string '6.jpg' (length=5)

@liamjack
Copy link

Logging in with 9.0.2.0's API is pratically impossible for the Android version. They have started checking device tokens, so you need to fetch a valid device token before logging in, and there is a new "Authorization" header containing a Google OAuth2 token....

@Snowlav
Copy link

Snowlav commented Jan 31, 2015

@cuonic isn't the google oath2 token optional, and by device token do you mean a device ID ?
These can be generated pretty easy right ?

@liamjack
Copy link

It's no longer option, if you don't provide the "ptoken" on login you
get "401 UNAUTHORIZED", if you create one randomly you get "Oh no! Your
login temporarily failed, so please try again later. If your login
continues to fail, please visit
https://support.snapchat.com/a/failed-login :)"

The message doesn't change when adding or removing the Authorization header

On 31/01/2015 18:49, Snowlav wrote:

@cuonic https://github.com/cuonic isn't the google oath2 token
optional, and by device token do you mean a device ID ?
These can be generated pretty easy right ?


Reply to this email directly or view it on GitHub
#89 (comment).

@Snowlav
Copy link

Snowlav commented Jan 31, 2015

hmm so we would need to fetch valid info first using fiddlr or something alike, and once logged in store auth token, that is if we are using the 9.0.2.0 api.
Is this correct, or not possible?

@liamjack
Copy link

Yeah, but that's not really a solution, you shouldn't have to run the
official application along side just to get tokens, we need to emulate this.

On 31/01/2015 18:56, Snowlav wrote:

hmm so we would need to fetch valid info first using fiddlr or
something alike, and once logged in store auth token, that is if we
are using the 9.0.2.0 api.
Is this correct, or not possible?


Reply to this email directly or view it on GitHub
#89 (comment).

@Snowlav
Copy link

Snowlav commented Jan 31, 2015

I like this challenge

@Snowlav
Copy link

Snowlav commented Jan 31, 2015

But I question if it's feasible

@Snowlav
Copy link

Snowlav commented Jan 31, 2015

is it possible to bring out an api lib for a previous no longer supported by snapchat version, without getting our accounts banned?

@liamjack
Copy link

Well using 8.1.1's API for the moment will probably work for a while,
but then they will kill it.

On 31/01/2015 19:05, Snowlav wrote:

is it possible to bring out an api for a previous no longer supported
by snapchat version, without getting our accounts banned?


Reply to this email directly or view it on GitHub
#89 (comment).

@Snowlav
Copy link

Snowlav commented Jan 31, 2015

Any other options? Long term solutions?

@hako
Copy link
Collaborator

hako commented Jan 31, 2015

I've seen the OAuth thing before it became mandatory in the beta, AFAIK it looks like signing up does not have to use OAuth though. And the ptoken is new to me.

@Snowlav We can only look inside the APK I guess, unless there are other solutions.

@Snowlav
Copy link

Snowlav commented Jan 31, 2015

@hako inside the APK you mean modding the apk or reverse engineering it in the hopes of finding a solution?

@liamcottle
Copy link

ptoken is the Google Cloud Messaging Registration ID, it's the same value that you post to /ph/device in the device_token param. It's used by the snapchat server to send notifications to your device via GCM.

As for logging in, I have noticed they have made the header Authorization mandatory. Also, it must be a valid one...

If you pass a blank value in the Authorization header, you'll get a 401, the snapchat server checks the Google servers (I guess) to check if the Bearer value is legit, if not 401...

I have made a successful login by using an already created bearer for the Authorization header from a snapchat app login request.

So, if we can make valid value for the Authorization header, we can get in.

@JorgenPhi
Copy link
Owner

All blobs are unencrypted?

parties internally
On Feb 12, 2015 10:23 AM, "Liam Cottle" [email protected] wrote:

lol! They've changed the user agent again...

New format: Snapchat/9.1.0.0 (SM-G900I; Android 4.4.2#G900IDVU1ANK1#19;
gzip)

... and, even more interesting, is this user agent returns ALL snap blobs
unencrypted... I guess they realised the whole encrypting and decrypting
snaps was pointless if we all know the encryption/decryption keys...


Reply to this email directly or view it on GitHub
#89 (comment)
.

@liamcottle
Copy link

I don't think story blobs are unencrypted, though I highly doubt they'd unencrypt those...

However, I just checked the old user agent, and that returns unencrypted blobs as well...

So they must be working on the API right now or something, because they were all encrypted about 20 minutes ago, and now they're not, so the server must pre-decrypt them all now..

... and I guess the new update to the snapchat app will stop encrypting them.

@liamcottle
Copy link

I was working on some things, and all of a sudden decryption was failing... so looked at blob data, not even encrypted...

@LinoSuarez
Copy link
Contributor

Some time ago they says they where going to release an API maybe something
of that is going on

On Thursday, February 12, 2015, Liam Cottle [email protected]
wrote:

I don't think story blobs are unencrypted, though I highly doubt they'd
unencrypt those...

However, I just checked the old user agent, and that returns unencrypted
blobs as well...

So they must be working on the API right now or something, because they
were all encrypted about 20 minutes ago, and now they're not, so the server
must pre-decrypt them all now..

... and I guess the new update to the snapchat app will stop encrypting
them.


Reply to this email directly or view it on GitHub
#89 (comment)
.

@liamcottle
Copy link

Could be... But I highly doubt they're going to even release an API...

Just all talk to keep us waiting... Because the whole point of snapchat is to send media that will be gone shortly after, and if they released a public API to download snaps, then it would make their whole system pointless.

@liamcottle
Copy link

Looking into it a bit more, I reckon snapchat is sending ping requests to their server via their chat socket... and flagging accounts that's don't ping... Could be something to look into?

@KyleBoyer
Copy link

Also when sending data, through charles proxy it looks like there is an extra parameter under data as seen here: http://s10.postimg.org/66bhe8ovd/namedata.png
Notice: filename="data"

---Edit:
Just found a way to do this, however I get back an UNAUTHORIZED header...
Code:

if (!$multipart) {
            $data = http_build_query($data);
        }else{
            $datas = "--".$boundary."\r\n" . 'Content-Disposition: form-data; name="req_token"' . "\r\n\r\n" . self::hash($params[0], $params[1]) . "\r\n";
            foreach ($data as $key => $value){
                if($key == "req_token") continue;
                if($key != 'data'){
                    $datas .= "--".$boundary."\r\n" . 'Content-Disposition: form-data; name="' . $key . '"' . "\r\n\r\n" . $value . "\r\n";
                }else{
                    $datas .= "--".$boundary."\r\n" . 'Content-Disposition: form-data; name="data"; filename="data"'."\r\n" . 'Content-Type: application/octet-stream'."\r\n\r\n" . $value . "\r\n";
                }
            }
            $data = $datas . "--".$boundary."--";
        }

@realmuster
Copy link

@LinoSuarez can you please accept my friend request on skype? ;)

@jvkassi
Copy link

jvkassi commented Mar 6, 2015

@JorgenPhi add me too. bellamy-fan

@iguanaman
Copy link

@LinoSuarez sent you a skype request with details, thanks

@andresarocho
Copy link

@LinoSuarez Can you please add volcom526

@adriancooney
Copy link

@LinoSuarez add me too? cooney.adrian. Cheers for the good work guys!

btw, http://slack.com is where it's at nowadays for chat! A group for this would go down a treat.

@jalandro
Copy link

See Gitter for chat group at github. https://gitter.im/

@JorgenPhi
Please consider making a team with @cuonic and @mgp25 (They have great forks).

@niober
Copy link

niober commented Jul 22, 2015

Okey I think you will be really interested in what I have to say here. I have ALMOST solved the whole snapchat downgrade problem. I can tell you all about how but first in need someone's help here. Now I have successfully installed snapchat 6.1.1 on my jailbroken iPhone 4 ios 7.1.2. When I open snapchat 6.1.1 there is no crash and I can successfully watch my friends story's and also load story's. The problem is that I can't upload story's, I can't load snaps that I got and I can't send snaps either. So If someone know how to fix that problem then I think we have solved the whole problem;)

@KiranPanesar
Copy link

@niober This is using the Android API?

@vivijimmy
Copy link

@cuonic Hey, in your code 'Authorization: AidLogin 3976909495270287464:285036945524349568', I know the 3976909495270287464 should be the Android_id, but what is that 285036945524349568? Thanks!

@liamjack
Copy link

liamjack commented Sep 1, 2015

I obtained it by sniffing the GCM registration request, but according to this document (Page 4) the format is android-id:device-token.

@vivijimmy
Copy link

@cuonic Hmm, I used uploadDeviceConfig and got the device token something like 1440513696098*����blahblah, which seems not the number after the android_id. I read the same document too and I knew it said that number was device token. Were you using uploadDeviceConfig? Or "checkin" API?

@liamjack
Copy link

liamjack commented Sep 1, 2015

That's more a timestamp than a device token. I didn't use either of them endpoints, where is uploadDeviceConfig from ?

@vivijimmy
Copy link

@cuonic I tried to sniff all the data out and in for Google Play application and I found it could only send this Authorization: AidLogin android_id:unknown_number. In all the data comes back from Google Play I can not find out the same number as the unknown_number after android_id here. I think it should be something Google Play application generated but really curious about what that is... Tried to search all over the Internet but it is very little mentioned.

@liamjack
Copy link

liamjack commented Sep 1, 2015

I'm looking into it now, the second item is actually called CheckinTask_securityToken

@vivijimmy
Copy link

@cuonic Great! Many thanks bro! Wow. This CheckinTask_securityToken seems to be written into the CheckinService.xml by Google Play Service. I will find out which writes this and keep you updated.

@liamjack
Copy link

liamjack commented Sep 1, 2015

the android_id and security_token are provided to the device on their first checkin request (https://android.clients.google.com/checkin). Here is an example of what is sent to the endpoint: https://github.com/nviennot/android-checkin. I'm creating a tool that performs all the required requests in Python at the moment, but this is unrelated to Snapchat so contact me via email.

@whats0n0
Copy link

Has anyone figured out how the iOS authentication works yet or is it being discussed anywhere?

@mgp25
Copy link

mgp25 commented Sep 21, 2015

@DevHex use this: https://github.com/mgp25/SC-API

Wiki available with all documentation

Regards

@whats0n0
Copy link

Yeah I've seen it and it's great, but I want to find out how the X-Snapchat-Client-Auth-Token is generated on iOS without the need of a Google account.

@mgp25
Copy link

mgp25 commented Sep 21, 2015

@DevHex you will need to reverse iOS app, use IDA or hopper

@nguyenngoccuong
Copy link

Is there any solution to generate X-Snapchat-Client-Auth-Token and X-Snapchat-Client-Token, please help me, thanks, my skype: siverrally

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests