Closed RedHaze closed 9 years ago
Apologies for 2 month long wait.
I kind of stopped working on this API a while ago. I just don't want to bother reverse-engineering iOS apps to figure out the endpoints/user agents again (unless I have an Android APK app file, which is Java and that's a language I'm familiar with).
If anyone has an Yik Yak android app file, I would greatly appreciate in taking a look.
API URL moved to https://www.yikyakapp.com/api/ after an update. Here is a list of all the strings in the app: http://pastebin.com/7cVDLy08
I tried to find out how to post messages to yik yak but when using wireshark, all the connections where encrypted so yeah :(...
Also you can use this: http://apps.evozi.com/apk-downloader/ to download the latest version of YikYak
Desktop/Hack-Yak-master/' && '/usr/local/bin/python' '/Users/me/Desktop/Hack-Yak-master/yikyakapi.py' && echo Exit status: $? && exit 1
Traceback (most recent call last):
File "/Users/me/Desktop/Hack-Yak-master/yikyakapi.py", line 136, in
Getting this error :(
also, is there any way to find out where someone else posted a yak?
I am currently too busy to continue working on the API.
Also as far as I last tested the app, there was not. Also you need to provide a few arguments.
https://github.com/SuperSpyTX/Hack-Yak/blob/master/yikyakapi.py#L13
thanks :)
I'm down to help you continue this if you want, but I'm curious, have the end-points changed? I'm still getting a 404. Also, what kind of request needs to be generated? I am just using a REST client and sending a standard GET request.
Are there headers I am missing? Do I need to send an actual JSON payload? Is a GET request what I want to use?
I have the same problem as mts4243369. I notice it's using https now. Do I have to use an adittional header? I don't know the which values I have to use for proxy IP and proxy port.
I dont mind helping....been disassembling the past few days, then just found this. I myself have never touched python, im more of a C# and java kind.. opening ettercap now, will post back when i get something.
put together a pretty basic api to serialize the messages for myself in C#, email me if you want it. I'm having trouble figuring out the hash and the salt, starting to feel like whipping out hash cat and throwing a few dozen guesses in there. Also, I'm on android, not sure if that's going to make too much of a difference as for the stored files. Unfortunately i'm not rooted, but that wasnt too much of a problem: disassemble apk, add debuggable to manifest, reassemble, install, and use run-as com.yik.yak, then copy with cp -R /data/data/com.yik.yak/* /storage/extSdCard/Android/data/com.yik.yak.
some xml files based on the users info, some cache, and what looks like the packets sent and received (ettercap crapped out on me, but this might be enough for the packets)
The user ID is stored here it looks like: inside /data/data/com.yik.yak/shared_prefs/YikYak.xml :
<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<map>
<string name="karma">100</string>
<long name="longitude" value="-0000000000000000000" />
<long name="latitude" value="0000000000000000000" />
<string name="yakkerId">00000000000000000000000000000000</string>
</map>
Modifying this turned out to be an exercise in futility, as with modifying:
inside /data/data/com.yik.yak/files/gaClientId.xml (just an ID): ffffffff-ffff-ffff-ffff-fffffffffffff
inside /data/data/com.yik.yak/files/mat_id.xml :
<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<map>
<string name="mat_id">ffffffff-ffff-ffff-ffff-ffffffffffff</string>
</map>
YikYak.xml is deleted, it will get restored with the same id (your device id, pretty sure. but i didnt check what mine was). When modified, none of your actions are carried out. You can view whatever you want, but you cannot post or vote. That's all for now, it's 4AM and i'm going to bed.
Good job jrizz! I'm interested on you C# based API. How can I contact you? I don't have your email.
Does anyone know the new api url?
Sorry guys, havent gotten to it lately. @dan003400 Here, this should help you out.
@juanfausd sorry, jrizzardi1@gmail.com Honestly, looking back rn, there's not an incredible amount to it (yet), but i can send you it anyway. It honestly just builds a usable link, and then displays the json into a tree view.
Thanks!
Sent from my iPhone
On Sep 28, 2014, at 10:36 PM, jrizz notifications@github.com wrote:
Sorry guys, havent gotten to it lately. @dan003400 Here, this should help you out.
API Link http://yikyakapp.com/api/ Get Messages https://yikyakapp.com/api/getMessages?lat=00.0000000&long=-00.000000&&userID=00000000000000000000000000000000 Down Vote Message https://yikyakapp.com/api/downvoteMessage?lat=00.0000000&long=-00.0000000&messageID=R/FFFFFFFFFFFFFFFFFFFFFFFFFFFFF&userID=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF&salt=0000000000&hash=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF Like Message https://yikyakapp.com/api/likeMessage?lat=00.0000000&long=-00.0000000&messageID=R/FFFFFFFFFFFFFFFFFFFFFFFFFFFFF&userID=00000000000000000000000000000000&salt=0000000000&hash=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF SendMessage Didn't get to check how the message handle or text is sent here. Honestly didn't care too much, except it could lead us to other helpful "discoveries" . Same goes for post comment.. https://yikyakapp.com/api/sendMessage?salt=0000000000&hash=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Get Comments https://yikyakapp.com/api/getComments?lat=00.0000000&long=-00.000000&messageID=R/FFFFFFFFFFFFFFFFFFFFFFFFFFFFF&userID=00000000000000000000000000000000&salt=0000000000&hash=hFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF Like Comment https://yikyakapp.com/api/likeComment?commentID=R/FFFFFFFFFFFFFFFFFFFFFFFFFFFFF&lat=00.0000000&long=-00.0000000&userID=00000000000000000000000000000000&salt=0000000000&hash=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF Down vote Comment https://yikyakapp.com/api/downvoteComment?commentID=R/FFFFFFFFFFFFFFFFFFFFFFFFFFFF&lat=00.0000000&long=-00.0000000&userID=00000000000000000000000000000000&salt=0000000000&hash=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF Post comment https://yikyakapp.com/api/postComment?salt=0000000000&hash=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF @juanfausd sorry, jrizzardi1@gmail.com Honestly, looking back rn, there's not an incredible amount to it (yet), but i can send you it anyway. It honestly just builds a usable link, and then displays the json into a tree view.
— Reply to this email directly or view it on GitHub.
Sounds good! Haven't you found a way to retrieve messages based on date ranges? i.e. retrive messages that are after a certain date and before a certain date. Thanks jrizz :)
@dan003400 Yep! Np! @juanfausd Hmm not yet. I'll check it out a little bit.It would make sense for them to have it. My main focus is cracking the encryption so actions can be performed
Really good job jrizz! I'll be working to see if there's a way to retrieve all comments of a certain posterID and also see if there is a way to retrieve a message specifying it's id. Thanks!
@juanfausd hmmm.....I can imaging there being one for the poster id, actually. I'm in class right now, and I wont be by a computer until tonight. If you're on android, yik yak logs the url for each action. So perhaps a good way to start would be turning on the debugger with a filter and see what it spits back at you when you look at "my yaks"
@juanfausd Got it with mobile logcat:
Really good! Thanks @jrizz !
@juanfausd Yup! It also looks like you don't need the hash or salt there! Pretty sure it's like that for all the gets, but I could be wrong
Yes, I guess the same. I noticed that in getComments method it's not needed.
You all might want to check out this code: http://pastebin.com/8Lip47Wx/. It all works except for things that actually cause changes ie posting and voting. Register_id_new responds 401, so it seems like they changed something server side. If any of you can figure out how to solve that, it will probably all work,
@jas32096 Awesome! Thanks! I can't believe the salt is just a dt! And I thought it was custom because looking through the code I saw what looked JUST like one! A whole bunch of god and replace, followed by multiplying hex digits! Awesome! I'll check it out when I get back on my computer!
This is weird; I'm sometimes actually getting a 200 response from register_id_new now, but it's still not posting.
@jas32096 I'm not a python guy and am still trying to figure out running it....LOL! I'm having trouble with "import requests" keep trying to install it, and it then that just spits out another error....
@jrizz Don't know why your your having trouble with that; it was already installed on my computer. Try easy_install requests in terminal.
@jas32096 great, no errors. I had to install 3.4, as opposed to 2.7. Now how do i execute query....?
@jrizz hmm that's also weird; I'm using 2.7.
@jrizz the code shouldn't even work with 3.X; did you run 2to3 on it or something?
@jas32096 nope. just ran the install, used pip and installed requests, and it worked.
@jas32096 well, worked to the point where i dont get any errors. Still figuring out how to use everything XD
@jrizz i'm still shocked that it's running in python3, because the way that the code calls print is not usable in 3.X i.e. print "text" as opposed to print("test")
@jrizz how are you running it? Are you importing from the python interpreter. If you want python3 you have to run python3 in terminal not python.
@jas32096 shoot, forgot to mention i modified everything with print! now i'm starting to get it though. Package.class.method(params) so like rn: YikYak.Yakker.gen_id(0)
@jrizz What i've be doing is something like
$ python
Python 2.7.6 (v2.7.6:3a1db0d2747e, Nov 10 2013, 00:42:54)
[GCC 4.2.1 (Apple Inc. build 5666) (dot 3)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> from pyak import *
>>> yakker = Yakker(location=Location(u'40.013842' , u'-83.031085'))
@jrizz Just tried running it in python3 after running a 2to3 and installing some modules. Your gonna make life a lot harder for yourself if your try to make it work with python3.
@jas32096 yup, just tried what you put it before and there's way too much for me to bother learning to change..back to 2.7........
@jas32096 now pip wont install. I'm moving back to c sharp lol
@jas32096 can you send me the message that is supposed to be hashed? I know it says it says to append it directly, but i just can't get any luck with it, no matter what i do. I'm really starting to get the feeling the key is dynamic somehow..
@jrizz did you try easy_install? It should be included with python 2.7. I had no trouble getting the code to run.
@jas32096 yup
@jrizz Okay; this should be it. msg = u'/api/registerUser?lat=40.6072&long=-75.3790&userID=9BB293FAB7DB257BBF72D7350C47FD171412037586'
@jas32096 thanks! what's the outcome though when that is hashed? I just need something as a "control" lol
@jrizz hash = 'ZYqDihjVsVmD5eVhlGdm8AnWYYo='
and also the salt = '1412037586'
@jas32096 Thank you. Lets see how this works now...
@jas32096 I cant believe I'm actually having trouble with this. I truly can't find what I'm doing wrong..I'm not even within my code anymore. Sitting here: http://www.freeformatter.com/hmac-generator.html MESSAGE: /api/registerUser?lat=40.6072&long=-75.3790&userID=9BB293FAB7DB257BBF72D7350C47FD171412037586
KEY: 35FD04E8-B7B1-45C4-9886-94A75F4A2BB4
Algorithm: I've used both sha1 and md5, still different result.
Encoder, I'm on http://www.base64encode.org/ IDK what i'm doing now -_-
@jrizz I think the problem is the site that you using is outputting hex. Which the code does not do.
#Calculate the signature
h = hmac.new(key, msg, sha1)
hash = base64.b64encode(h.digest()) # h.digest for our example is 'e\x8a\x83\x8a\x18\xd5\xb1Y\x83\xe5\xe5a\x94gf\xf0\t\xd6a\x8a'
@jrizz Yah thats the problem. If you do base64.b64encode(h.hexdigest()) you get NjU4YTgzOGExOGQ1YjE1OTgzZTVlNTYxOTQ2NzY2ZjAwOWQ2NjE4YQ== and h.hexdigest() is the same thing that your site is outputting.
@jas32096 hmm alright, i made a new python script, and got it from there. ugh, finally (thanks!) I dont see why i wont be able to migrate it over to c#. give me a few now..
Using the parameters given, postMessage.php always returns a "2." Perhaps a new parameter was introduced?
Reproduce by using your python script and uncommenting lines 153-156.