canaria3406 / hoyolab-auto-sign

A lightweight, secure, and free script that automatically collect Hoyolab daily check in rewards. Supports Genshin Impact, Honkai Impact 3rd, and Honkai: Star Rail.
MIT License
428 stars 57 forks source link

Not working for Genshin #16

Open alohadude3 opened 1 year ago

alohadude3 commented 1 year ago

The script seems to be no longer working for Genshin (Still works for Honkai and Star Rail).

TheTychoStar commented 1 year ago

Same here. Started about 3 days ago. Discord push message says "sign OK" but actually it did not sign. If I try to sign in manually with hoyolab, an image verification pops up.

thanminh24 commented 1 year ago

I think that it might be some kind of anti-bot thing because when I use an alt to sign in manually there is no verification. So the solution might be to try manual for a couple of days I guess

TheTychoStar commented 1 year ago

I guess so. In this case the bot should return an error message to indicate the failure of signing in. However, it send an "OK" message to the discord server. This should be fixed I believe. Mihoyo added intensive anti-bot verification on the CN server which made auto sign-in nearly impossible. Hopefully, this won't happen to the international server.

cd36th commented 1 year ago

Might be a bit hard to fix the "OK" message, as this is what HoYoLAB is returning from the API request. HoYoLAB is telling us that the check-in worked when it didn't.

Chillrend commented 1 year ago

Can we maybe add user-agent, and x-http-referrer reader to the scripts and. The end-server are probably checking for user agents and referrer like mentioned here: https://github.com/canaria3406/hoyolab-auto-sign/issues/11#issuecomment-1588510392

My account started to require captchas this day after succesfully checking in with the script for 12 days

I will try to add the code to the header below to my scripts, and will report the result here tomorrow:

const header = {
    Cookie: token,
    'x-rpc-app_version': '2.34.1',
    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36',
    'x-rpc-client_type': '4',
    'Referer': 'https://webstatic.mihoyo.com/',
    'Origin': 'https://webstatic.mihoyo.com'
  };
cd36th commented 1 year ago

this change to header worked for me

Chillrend commented 1 year ago

this change to header worked for me

My account still requires captcha even after putting those header in the script.

The verification process probably done randomly or after certain days passed after checking-in without a user-agent/referrer, just a speculation though, cannot confirm anything...

Probably we want to push in the header changes to main anyway, just to make the script more like a human action to hoyoverse server logs.

cd36th commented 1 year ago

yeah i agree, do u wanna do the pull request? i dont wanna take credit for ur work lmao

Chillrend commented 1 year ago

I've opened one at https://github.com/canaria3406/hoyolab-auto-sign/pull/17 please have a look

Chillrend commented 1 year ago

Today, the script successfully checked in my genshin account without captcha verification.

Will report here again if the captcha came back.

canaria3406 commented 1 year ago
{
    "retcode": 0,
    "message": "OK",
    "data": {
        "code": "ok",
        "first_bind": false,
        "gt_result": {
            "risk_code": 5001,
            "gt": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
            "challenge": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
            "success": 1,
            "is_risk": true
        }
    }
}

This is an example of API response.
Based on current testing results: If the script fails because of captcha, it returns risk_code=5001 or 5003, success = 1, is_risk=true.
If the script executes successfully, it returns risk_code=0, success=0, is_risk=false.

I am temporarily using is_risk=true or false to determine whether captcha is acting, but need more tests.
(Also, thanks for submitting #17)

alohadude3 commented 1 year ago

A commit in a similar python project seems to include some challenge parameters in the header: https://github.com/thesadru/genshin.py/commit/2d6f7d19485edb33c1529d50babd89dde64353c8 Though I'm not sure where you would get the actual solved challenge parameter from.

djdoolky76 commented 1 year ago

seems to be working once again by doing nothing. although the captcha in the browser still showed up when you claim check in manually

TheProJeckt commented 1 year ago

It´s broken for me again :( (Broke today)

(Telegramm) Check-in completed for (me) Genshin: Auto check-in failed due to CAPTCHA blocking. Please stop this script immediately and perform manual check-in for at least one week before attempting to use this script again.

After I manually collected it, it´s giving me the same message.

Jimbo-Coder commented 1 year ago

Not working for me today, and using updated HTTP Headers from the Pull request #17 . I just started using this a few days ago so I have never ran the code without the HTTP headers.

HSR is functional, Genshin is encountering the CAPTCHA even after manually collecting.

Edit: Update on Functionality. After 1 day of manually collecting the rewards by preforming the CAPTCHA/Check in on my phone for Genshin, the script worked for both Genshin and HSR the next day. I Will update this comment.

I don't fully understand tokens/http headers, but it seems like if the exact same HTTP check in request 2 days in a row (perhaps also same time of day) occurs, then the CAPTCHA is triggered for Checkin.

Chillrend commented 1 year ago

Mine also started breaking today.

I can see some repo (like one mentioned above) might able to successfully bypass the geetest captcha, but i would not want to do it. Pretty sure it's borderline against their ToS.

Will report here again if i find another solution.

ChristopherKlay commented 1 year ago

Pretty sure it's borderline against their ToS.

The entire script already is.

Deses commented 1 year ago

I needed to change const bannedCheck = hoyolabResponse.data?.gt_result?.is_risk; to const bannedCheck = hoyolabResponse.data.data?.gt_result?.is_risk; (add one more data) because the first one returns undefined, there are two data nodes and we need to get the deepest one.

...
    [Symbol(kUniqueHeaders)]: null
  },
  data: {
    retcode: 0,
    message: 'OK',
    data: { code: 'ok', first_bind: false, gt_result: [Object] }
  }
}