Hcaptcha x Talon Services

claabs / epicgames-freegames-node

Automatically login and find available free games the Epic Games Store. Sends you a prepopulated checkout link so you can complete the checkout after logging in. Supports multiple accounts, login sessions, and scheduled runs.

https://hub.docker.com/r/charlocharlie/epicgames-freegames

MIT License

1.33k stars 89 forks source link

Hcaptcha x Talon Services #221

Closed HyperionCSharp closed 2 years ago

HyperionCSharp commented 2 years ago

So I've been studying the Epic Games login for a little over 2 years now and ever since Hcaptcha was implemented it's been impossible to get the solved captcha token even using image solvers to send back true and false ids!!

I would love to learn more on Talon and Hcaptcha and how I could find a way to generate the needed final captcha token repeatedly but I saw they use E0 and P0 but the difference is weird. I don't know if epic uses JWT for the final solved captcha token or not. But I want to learn to solve using the needed requests to login.

Would love any information regarding both Talon and Hcaptcha

Thanks

claabs commented 2 years ago

Reverse engineering Talon was the approach I used previously in V3. I kept the branch around in case any researchers wanted to take a look: https://github.com/claabs/epicgames-freegames-node/tree/v3

A couple of the important files:

talon-harness: I was able to grab a copy of it before Epic started obfuscating it. This contains the fingerprint generating function, and the xal encoder. You can extract the fingerprint object around the same location the hash key is extracted with a break point around the atob().
talon-sdk: some of the API interactions with Talon

Eventually, my method of forwarding the captcha and Talon stopped working and I couldn't find a fix, which is when I took the browser automation approach for V4.

HyperionCSharp commented 2 years ago

To solve hcaptcha now what would a person have to do to actually get the finalized captcha token and at the same time keep the login api knowing which is talon and what's hcaptcha. I've tried to solve using the E0 then got image urls back I would then solve the images and get the true false ids back then request the checkcaptcha api but would still get a failed response. Why????

Thanks for replying btw hcaptcha fascinates me!!

bigmanaqq commented 1 year ago

Reverse engineering Talon was the approach I used previously in V3. I kept the branch around in case any researchers wanted to take a look: https://github.com/claabs/epicgames-freegames-node/tree/v3

A couple of the important files:

talon-harness: I was able to grab a copy of it before Epic started obfuscating it. This contains the fingerprint generating function, and the xal encoder. You can extract the fingerprint object around the same location the hash key is extracted with a break point around the atob().

talon-sdk: some of the API interactions with Talon

Eventually, my method of forwarding the captcha and Talon stopped working and I couldn't find a fix, which is when I took the browser automation approach for V4.

Would you be able to message me on telegram so we can discuss something? i have a big ask and wondering if you can solve

Revadike commented 1 year ago

@bigmanaqq message me on discord: Revadike#3529