Skip to content
This repository has been archived by the owner on Dec 16, 2020. It is now read-only.

Commit

Permalink
update to 9.14.2.0
Browse files Browse the repository at this point in the history
  • Loading branch information
teknogeek committed Aug 31, 2015
1 parent b6e1bc4 commit fc02c6b
Show file tree
Hide file tree
Showing 2 changed files with 96 additions and 57 deletions.
150 changes: 94 additions & 56 deletions src/snapchat.php
Original file line number Diff line number Diff line change
Expand Up @@ -276,6 +276,42 @@ public function getAuthToken()
return $return;
}

public function getClientAuthToken($username, $password, $timestamp)
{
$data = array(
"username" => $username,
"password" => $password,
"timestamp" => $timestamp
);

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://client-auth.casper.io/");
curl_setopt($ch, CURLINFO_HEADER_OUT, TRUE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_HEADER, FALSE);
curl_setopt($ch, CURLOPT_ENCODING, "gzip");
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
$return = curl_exec($ch);

if(curl_getinfo($ch, CURLINFO_HTTP_CODE) != 200)
{
$return["error"] = 1;
$return["data"] = "HTTP Status Code != 200";

return $return;
}
curl_close($ch);
$return = json_decode($return, true);
if(!$return || $return["status"] != 200 || !isset($return["signature"]))
{
$return["error"] = 1;
$return["data"] = "Invalid JSON / Incorrect status / No signature returned.";
}

return $return;
}

private function getGCMToken()
{
$ch = curl_init();
Expand Down Expand Up @@ -347,70 +383,72 @@ public function login($password, $force = FALSE)

if(($do == 1) || (!(array_key_exists($this->username,$this->totArray[0]))) || (!(array_key_exists($this->username,$this->totArray[1]))))
{
$dtoken = $this->getDeviceToken();
$dtoken = $this->getDeviceToken();

if($dtoken['error'] == 1)
{
$return['message'] = "Failed to get new Device token set.";
return $return;
}
if($dtoken['error'] == 1)
{
$return['message'] = "Failed to get new Device token set.";
return $return;
}

$timestamp = parent::timestamp();
$req_token = parent::hash(parent::STATIC_TOKEN, $timestamp);
$string = $this->username . "|" . $password . "|" . $timestamp . "|" . $req_token;
$timestamp = parent::timestamp();
$req_token = parent::hash(parent::STATIC_TOKEN, $timestamp);
$string = $this->username . "|" . $password . "|" . $timestamp . "|" . $req_token;

$auth = $this->getAuthToken();
$this->totArray[1][$this->username] = array($auth, time()+(55*60));
file_put_contents(__DIR__ . DIRECTORY_SEPARATOR . self::DATA_FOLDER . DIRECTORY_SEPARATOR . "auth-$this->username.dat", serialize($this->totArray));
if($auth['error'] == 1)
{
return $auth;
}
parent::setGAuth($auth);
$attestation = $this->getAttestation($password, $timestamp);
$auth = $this->getAuthToken();
$this->totArray[1][$this->username] = array($auth, time()+(55*60));
file_put_contents(__DIR__ . DIRECTORY_SEPARATOR . self::DATA_FOLDER . DIRECTORY_SEPARATOR . "auth-$this->username.dat", serialize($this->totArray));
if($auth['error'] == 1)
{
return $auth;
}
parent::setGAuth($auth);
$attestation = $this->getAttestation($password, $timestamp);
$clientAuthToken = $this->getClientAuthToken($this->username, $password, $timestamp);

$result = parent::post(
'/loq/login',
array(
'username' => $this->username,
'password' => $password,
'height' => 1280,
'width' => 720,
'max_video_height' => 640,
'max_video_width' => 480,
'dsig' => substr(hash_hmac('sha256', $string, $dtoken['data']->dtoken1v), 0, 20),
'dtoken1i' => $dtoken['data']->dtoken1i,
'ptoken' => "ie",
'timestamp' => $timestamp,
'attestation' => $attestation,
'sflag' => 1,
'application_id' => 'com.snapchat.android',
'req_token' => $req_token,
),
array(
parent::STATIC_TOKEN,
$timestamp,
$auth['auth']
),
$multipart = false,
$debug = $this->debug
);
$result = parent::post(
'/loq/login',
array(
'username' => $this->username,
'password' => $password,
'height' => 1280,
'width' => 720,
'max_video_height' => 640,
'max_video_width' => 480,
'dsig' => substr(hash_hmac('sha256', $string, $dtoken['data']->dtoken1v), 0, 20),
'dtoken1i' => $dtoken['data']->dtoken1i,
'ptoken' => "ie",
'timestamp' => $timestamp,
'attestation' => $attestation,
'sflag' => 1,
'application_id' => 'com.snapchat.android',
'req_token' => $req_token,
),
array(
parent::STATIC_TOKEN,
$timestamp,
$auth['auth'],
$clientAuthToken["signature"]
),
$multipart = false,
$debug = $this->debug
);


if($result['error'] == 1)
{
return $result;
}
if($result['error'] == 1)
{
return $result;
}

if(isset($result['data']->updates_response->logged) && $result['data']->updates_response->logged)
{
$this->auth_token = $result['data']->updates_response->auth_token;
$this->device();
$this->totArray[0][$this->username] = $this->auth_token;
file_put_contents(__DIR__ . DIRECTORY_SEPARATOR . self::DATA_FOLDER . DIRECTORY_SEPARATOR . "auth-$this->username.dat", serialize($this->totArray));
}
if(isset($result['data']->updates_response->logged) && $result['data']->updates_response->logged)
{
$this->auth_token = $result['data']->updates_response->auth_token;
$this->device();
$this->totArray[0][$this->username] = $this->auth_token;
file_put_contents(__DIR__ . DIRECTORY_SEPARATOR . self::DATA_FOLDER . DIRECTORY_SEPARATOR . "auth-$this->username.dat", serialize($this->totArray));
}

return $result;
return $result;
}
else
{
Expand Down
3 changes: 2 additions & 1 deletion src/snapchat_agent.php
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ abstract class SnapchatAgent {
* Before updating this value, confirm
* that the library requests everything in the same way as the app.
*/
const USER_AGENT = 'Snapchat/9.10.0.0 (HTC One; Android 4.4.2#302626.7#19; gzip)';
const USER_AGENT = 'Snapchat/9.14.2.0 (HTC One; Android 4.4.2#302626.7#19; gzip)';

/*
* The API URL. We're using the /bq endpoint, the one that the iPhone
Expand Down Expand Up @@ -362,6 +362,7 @@ public function post($endpoint, $data, $params, $multipart = FALSE, $debug = FAL
{
$headers = array_merge(self::$CURL_HEADERS, array(
"X-Snapchat-Client-Auth-Token: Bearer {$params[2]}",
"X-Snapchat-Client-Auth: {$params[3]}",
"Accept-Encoding: gzip"));
}
else
Expand Down

6 comments on commit fc02c6b

@bsuvsmluhs787
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

wonder how to get aaround it

@teknogeek
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@bsuvsmluhs787 ...get around what?

@matthazinski
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any idea what http://client-auth.casper.io is doing and why it can't be implemented client-side? I'd rather not send my credentials in the clear to a third party if it can be avoided.

@Chiggins
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@matthazinski A different commit adds HTTPS - 71190fd

@teknogeek
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes i know exactly what it's doing

@teknogeek
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it is an endpoint written by Liam Cottle that uses some very complicated stuff to generate a signed client
token for the API to use on login. we have been trying very hard to pull the code that it is using, but it is a native function so it is very complicated and hard to do.

Please sign in to comment.