search

JorgenPhi / php-snapchat

A PHP library for the Snapchat API - With Commit History
MIT License
260 stars 73 forks source link

Research: #30

Closed JorgenPhi closed 4 years ago

JorgenPhi commented 10 years ago

Hey everybody! I was making great progress analyzing the new API, but my IP address was recently blocked so I figured now would be a good time to fill you all in.

(This was taken from version 5.0.2 on android && is likely missing endpoints. Snapchat refused my SSL certificate for about 25% of the connections.)

/loq is the new major endpoint. It contains: /login - (nearly identical to /bq/login) /all_updates /conversation /conversations /conversation_post_messages /send - (nearly identical to /ph/send)

/bq contains these new endpoints: /chat_typing /upload_chat_media

Now, the "chat media" has a different encryption algorithm than snaps, and I have not found a way to decrypt them. Any help on this would be useful.

Use this issue to document any findings in the new API so we can build an updated library. :)

Thanks.

martynball commented 10 years ago

Nothing to do with the above post but any chance you could take a look at the current issues to help us all resolve them. I'm currently having problems with the following error: Fatal error: Call to a member function get() on a non-object in /www-root/lib/snapchat.php on line 234

JorgenPhi commented 10 years ago

I would love to help you out with that, but unfortunately, I just recently had all my IP addresses in my possession banned by snapchat. I'll definitely take a look at it as soon as I can. It might also be related to using the old endpoints, which would be another reason to update the library. :) On Jul 10, 2014 9:26 PM, "martynball" notifications@github.com wrote:

Nothing to do with the above post but any chance you could take a look at the current issues to help us all resolve them. I'm currently having problems with the following error: Fatal error: Call to a member function get() on a non-object in /www-root/lib/snapchat.php on line 234

— Reply to this email directly or view it on GitHub https://github.com/JorgenPhi/php-snapchat/issues/30#issuecomment-48685019 .

dprogramming commented 10 years ago

Yeah, we should update this library, because it's missing some new features and there are indeed a lot of endpoints that have changed. Most of the old endpoints still work, but I believe that it would be much better to update this all... About the IP block: it's always possible to use a (free) VPN service, of course you have to use this on the server...

dprogramming commented 10 years ago

I think that we should go through the whole API and look at every single function and see how it has changed and what we have to change, like endpoints for example. And then we should add the newer features.

JorgenPhi commented 10 years ago

@dprogramming , have you been able to see all requests? I can't get stories to populate while using fiddler. All that happens is the app issues a connect request and then cancels the request...

dprogramming commented 10 years ago

@JorgenPhi , what do you exactly mean? Do you mean that you can get the results but only when fiddler is disabled/closed and when fiddler is running it works?

JorgenPhi commented 10 years ago

I get results for about about %20 of the requests... Stories will never load claiming "connection issues", while snaps and chat messages load fine. On Jul 11, 2014 4:29 PM, "D!-Programming" notifications@github.com wrote:

@JorgenPhi https://github.com/JorgenPhi , what do you exactly mean? Do you mean that you can get the results but only when fiddler is disabled/closed and when fiddler is running it works?

— Reply to this email directly or view it on GitHub https://github.com/JorgenPhi/php-snapchat/issues/30#issuecomment-48779174 .

dprogramming commented 10 years ago

But only when using fiddler?

JorgenPhi commented 10 years ago

Yeah, any proxy. When I turn the proxy off, the app works perfectly fine. But it is keeping me from experimenting with stories. On Jul 11, 2014 4:33 PM, "D!-Programming" notifications@github.com wrote:

But only when using fiddler?

— Reply to this email directly or view it on GitHub https://github.com/JorgenPhi/php-snapchat/issues/30#issuecomment-48779582 .

dprogramming commented 10 years ago

Yeah I noticed it too that not everything worked when using fiddler... But currently I don't really know why this occurs. It's pretty strange that some things sometimes work and sometimes not. Do you have an idea what the problem can be @JorgenPhi ?

JorgenPhi commented 10 years ago

The underlying cause is the app is rejecting our SSL certificate ... But I don't know what all we can do about that problem. On Jul 11, 2014 4:37 PM, "D!-Programming" notifications@github.com wrote:

Yeah I noticed it too that not everything worked when using fiddler... But currently I don't really know why this occurs. It's pretty strange that some things sometimes work and sometimes not. Do you have an idea what the problem can be @JorgenPhi https://github.com/JorgenPhi ?

— Reply to this email directly or view it on GitHub https://github.com/JorgenPhi/php-snapchat/issues/30#issuecomment-48780055 .

dprogramming commented 10 years ago

I was thinking in that direction too, but I wasn't sure if that was possible because it's only with some particular functions... I'm also not sure what we can do about it neither why they block the fiddler certificate...

JorgenPhi commented 10 years ago

It has to reside in having stories handled seperately from snaps.... Not too sure where to go from here.

On Jul 11, 2014 4:42 PM, "D!-Programming" notifications@github.com wrote:

I was thinking in that direction too, but I wasn't sure if that was possible because it's only with some particular functions... I'm also not sure what we can do about it neither why they block the fiddler certificate...

— Reply to this email directly or view it on GitHub.

dprogramming commented 10 years ago

@JorgenPhi Maybe this can help http://www.enhanceie.com/Fiddler/help/httpsdecryption.asp (second question) it is possible that it will work if the certificate error is suppressed by Windows. Didn't try it yet, just thinking...

JorgenPhi commented 10 years ago

I'm not sure what is the underlying issue except that it resides in snapchat's app... I'm decompiling it to get a better look at what it is doing. Feel free to try anything ti see if you can get it to work. On Jul 11, 2014 4:49 PM, "D!-Programming" notifications@github.com wrote:

@JorgenPhi https://github.com/JorgenPhi Maybe this can help http://www.enhanceie.com/Fiddler/help/httpsdecryption.asp (second question) it is possible that it will work if the certificate error is suppressed by Windows. Didn't try it yet, just thinking...

— Reply to this email directly or view it on GitHub https://github.com/JorgenPhi/php-snapchat/issues/30#issuecomment-48781326 .

dprogramming commented 10 years ago

Sure, I'll look at it tomorrow, it's night over here so... ☺

JorgenPhi commented 10 years ago

Sounds good. Ill keep messing with it tonight. On Jul 11, 2014 4:53 PM, "D!-Programming" notifications@github.com wrote:

Sure, I'll look at it tomorrow, it's night over here so... ☺

— Reply to this email directly or view it on GitHub https://github.com/JorgenPhi/php-snapchat/issues/30#issuecomment-48781751 .

dprogramming commented 10 years ago

Great!

dprogramming commented 10 years ago

Hi, I've had a very busy day today, I'm not been able to mess around with it, maybe I've time later tonight, else tomorrow. Did you already discover something @JorgenPhi?

JorgenPhi commented 10 years ago

Not really, but don't feel pressured to do anything on a schedule. Any information given at any time will help. :) On Jul 12, 2014 1:52 PM, "D!-Programming" notifications@github.com wrote:

Hi, I've had a very busy day today, I'm not been able to mess around with it, maybe I've time later tonight, else tomorrow. Did you already discover something @JorgenPhi https://github.com/JorgenPhi?

— Reply to this email directly or view it on GitHub https://github.com/JorgenPhi/php-snapchat/issues/30#issuecomment-48820717 .

dprogramming commented 10 years ago

Great ☺

gabrielsoldani commented 10 years ago

I've also been working on analyzing the requests from the 5.0.27.3 APK (the most recent version for my phone).

Things I've found out so far:

For now I think it's important for the API to accurately match the behavior of the 4.1.07 APK. It is the latest version for devices running Android < 4.0, so it is still officially supported, and does not support the new conversation features, so I'm fairly confident it can be supported without changing current public function signatures. I've been doing this in this branch. Since it doensn't look like the APK for Android < 4.0 isn't being updated and they don't seem like they'll be dropping support for it in the near future, this is a good target version for a stable release.

KyleBoyer commented 9 years ago

I seem to be having the problem of snaps not uploading... Has anyone else had this problem? Know of a fix? The upload function keeps returning FALSE.

hako commented 9 years ago

Where is the problem happening, Is this on your server? or on your local computer?

KyleBoyer commented 9 years ago

It is happening in my home computer that I have set up as a server using xampp.

Sent from my iPhone 5S

On Dec 19, 2014, at 1:16 PM, Wesley Hill notifications@github.com wrote:

Where is the problem happening, Is this on your server? or on your local computer?

— Reply to this email directly or view it on GitHub.

hako commented 9 years ago

I just tried it out on my own computer, It seems to be working fine for me, can you post a snippet of code for me to investigate?

KyleBoyer commented 9 years ago

auth.php

<?PHP
include_once "dependencies/snapchat.php";
$snapchat = new Snapchat('username',null,'auth_token_hereasdfasdfasdfa');
if (!$snapchat->username) {
$snapchat = new Snapchat('username','password');
}
?>

snapchat.php-Upload function:

public function upload($type, $data) {
        // Make sure we're logged in and have a valid access token.
        if (!$this->auth_token || !$this->username) {
            return FALSE;
        }

        // To make cURL happy, we write the data to a file first.
        $temp = tempnam(sys_get_temp_dir(), 'Snap');
        file_put_contents($temp, static::encryptECB($data));

        if (version_compare(PHP_VERSION, '5.5.0', '>=')) {
            $cfile = curl_file_create($temp, 'application/octet-stream', 'data');
        }
        else {
            $cfile = '@' . $temp . ';filename=data;type=application/octet-stream';
        }

        $media_id = $this->generateMediaID();
        $timestamp = static::timestamp();
        $result = static::post(
            '/bq/upload',
            array(
                'media_id' => $media_id,
                'username' => $this->username,
                'data' => $cfile,
                'type' => $type,
                'timestamp' => $timestamp,
                'req_token' => static::hash($this->auth_token, $timestamp),
            ),
            TRUE,
            TRUE
        );

        unlink($temp);

        return is_null($result) ? $media_id : FALSE;
    }

Test.php:

<?PHP
include_once "dependencies/lg.php";
include_once "dependencies/snapchat.php";
include_once "auth.php";
$snaps = $snapchat->getSnaps();
//echo "<pre>";
//print_r($snaps);
//echo "</pre>";
foreach ($snaps as &$snap) {
    $snapid = $snap->{'id'};
    $mediaid = $snap->{'media_id'};
    $mediatype = $snap->{'media_type'};
    $snaptime = $snap->{'time'};
    $sender = strtolower($snap->{'sender'});
    $recipient = $snap->{'recipient'};
    $status = $snap->{'status'};
    $screenshot_count = $snap->{'screenshot_count'};
    $sent = $snap->{'sent'};
    $opened = $snap->{'opened'};
    $broadcast = $snap->{'broadcast'};
    if ($sender != 'username' && ($mediatype == 0 || $mediatype == 4)){
        $snapdata = $snapchat->getMedia($snapid);
        if ($snapdata != "") {
                echo '<br><img alt="Embedded Image" src="data:image/png;base64,' . base64_encode($snapdata) . '" />';
                $sendid = $snapchat->upload(Snapchat::MEDIA_IMAGE, $snapdata);
                echo "<br>Send ID: " . ($sendid) . ".";
                $sendstory = $snapchat->setStory($sendid, Snapchat::MEDIA_IMAGE, 10, md5($sender . date("m.d.y")));
                echo $sendstory ? "<br>true2" : "<br>false2";
                $snapchat->markSnapViewed($snapid);
            echo "<br>Added image:" . $snapid . ".";
        }else{
            echo "No data downloaded...";
        }
    }
    if ($sender != 'username' && $mediatype > 0 && $mediatype != 3 && $mediatype != 4){
        $snapdata = $snapchat->getMedia($snapid);
        if ($snapdata != "") {
                echo "Video Here: <video controls><source type=\"video/mp4\" src=\"data:video/mp4;base64," . base64_encode($snapdata) . "\"></video>";
            $sendid = $snapchat->upload(Snapchat::MEDIA_VIDEO, $snapdata);
            $sendstory = $snapchat->setStory($sendid,Snapchat::MEDIA_VIDEO, 3, md5($sender . date("m.d.y")));
            $snapchat->markSnapViewed($snapid);
            echo "<br>Added video" . $snapid . ".";
        }else{
            echo "No data downloaded...";
        }
    }
}
?>
hako commented 9 years ago

From running your code and with a few minor tweaks with the dependency directory (switched to composer) a video loaded on my screen (what looks like the snapchat video) and this line:

$media_id = $this->generateMediaID();

Is causing some errors, not sure why other than the generateMediaID() function does not exist in snapchat.php or it has something todo with the lg.php dependency?

I don't know the latter since I don't have the file. But the first one is fairly simple.

gabrielsoldani commented 9 years ago

It looks like KyleBoyer is using my 4.1.07 branch.

This is what generateMediaID looks like:

    /**
     * Generates a media ID for the current user.
     *
     * @return string
     *   The generated media ID.
     */
    private function generateMediaID() {
        return strtoupper($this->username) . '~' .
            sprintf('%04X%04X-%04X-%04X-%04X-%04X%04X%04X',
                mt_rand(0, 0xFFFF), mt_rand(0, 0xFFFF), mt_rand(0, 0xFFFF),
                mt_rand(0, 0x0FFF) | 0x4000, mt_rand(0, 0x3FFF) | 0x8000,
                mt_rand(0, 0xFFFF), mt_rand(0, 0xFFFF), mt_rand(0, 0xFFFF)
            );
    }

Also $this->post is different.

As I mentioned in this comment, the branch was supposed to send requests as accurate as possible to those of the 4.1.07 APK. I don't know if this version of the protocol is still supported since all devices I have are running at least KitKat now, and I haven't messed with the API since August. I'll look into it when I have more time, but I think hako's branch is working, so use it :smiley:

KyleBoyer commented 9 years ago

Just removed my lg.php dependency(it's just used to analytical log data), and the generateMediaID works for me, but something else is causing the upload function to fail. If you want to test it on my server, email me at kyleboyerplus gmail com

Sent from my iPhone 5S

On Dec 20, 2014, at 11:16 AM, Wesley Hill notifications@github.com wrote:

From running your code and with a few minor tweaks with the dependency directory (switched to composer) a video loaded on my screen (what looks like the snapchat video) and this line:

$media_id = $this->generateMediaID();

Is causing some errors, not sure why other than the generateMediaID() function does not exist in snapchat.php or it has something todo with the lg.php dependency?

I don't know the latter since I don't have the file. But the first one is fairly simple.

— Reply to this email directly or view it on GitHub.

KyleBoyer commented 9 years ago

Doing a little more research on my problem... It seems that my Upload function is returning false, ONLY for my one account. From the authentic Snapchat app, uploading/sending from this account works fine, however using this API, causes it to fail when uploading. I'm wondering how Snapchat(I'm assuming they're filtering it out somehow) has caught on to specifically this API/Account. When I test with my personal account, everything works great. Anyone else had this problem? How'd you fix/bypass it?

liamjack commented 9 years ago

Been decompiling the latest Snapchat Beta APK... Found some endpoint info with some more goodies, these are in a java class called "SnapchatServer" which is weird :

The ECB encryption code remains hard coded : M02cnQ51Ji97vwT4 (Used to encrypt chat "media")

There are references to usage of a HTTP Header : X-Snapchat-Actions

Some strange messages : "PASSWORD IS FILTERED IN LOGS!!!"

The application also sends off some statistics (loading time, request time, latency and other) back to the API.

Old endpoints don't seem to change such as :

There is a reference to this : content://com.snapchat.android.content.SnapchatProvider/HttpMetrics probably related to the statistics cited above. And something called GeoFence with GPS coordinates programmed in to see if you are within a certain area.

I understand from the following snippet that they're trying to discover our gender somehow : 

public static final byte FEMALE = 0;
public static final byte MALE = 1;
public static final byte UNKNOWN = -1;

Something new to post dummy requests to : 

public static String PATH = "/post_events";
public static String POST_EVENTS_ENDPOINT = "https://sc-analytics.appspot.com";

Also special "Snapcash" endpoint : /cash

Other things that haven't exactly changed : 

private static final String PATTERN = "0001110111101110001111010101111011010001001110011000110001000110";
private static final String SECRET = "iEk21fuwZApXlz93750dmW22pw389dPwOk";
private static final String STATIC_TOKEN = "m198sOkJEn37DjqZ32lpRu76xmw288xSQ9";
private static final String TAG = "RequestAuthorization";

Anyway, there's shitloads of information to be found in the decompiled APK. All you need is an Android phone, the Android SDK, a USB cable between your PC and your Phone, ADB, Snapchat installed on your phone, an APK decompiler and then just Notepad++ to browse through the source code. Happy hunting :)

KyleBoyer commented 9 years ago

Will there be an updated API with these new endpoints? My problem still remains that my test account, always returns false when uploading an image, however my personal account does it with ease.

liamjack commented 9 years ago

But your problem has nothing to do with research for new API endpoints, you're in the wrong place, create an issue specific to your problem.

On 30/12/2014 17:42, KyleBoyer wrote:

Will there be an updated API with these new endpoints? My problem still remains that my test account, always returns false when uploading an image, however my personal account does it with ease.

— Reply to this email directly or view it on GitHub https://github.com/JorgenPhi/php-snapchat/issues/30#issuecomment-68372403.

KyleBoyer commented 9 years ago

But your problem has nothing to do with research for new API endpoints, you're in the wrong place, create an issue specific to your problem.

With the tests/research I've done on my own problem, it appears to be a problem regarding how everything is posted. Which is directly related to where it is posted(the endpoints). I actually was mistaken saying that my personal accounts works. I'm hoping with an updated script with the new endpoints, everything should function again. Also, I eliminated the fact that it could be my IP by testing on other PHP hosts.

liamjack commented 9 years ago

@KyleBoyer No it's not a problem how everything is posted, upload works the same way as before.

I've started documenting the actual requests over here : https://github.com/JorgenPhi/php-snapchat/wiki/API-v2-Research

Need some help completing the list and checking out other use cases (US user, SnapCash, Group stories, Group discussions...)