Login fails with 2FA enabled

[gave92]

Description of the problem

Logging in fails when 2FA is enabled.

Code to reproduce

import fbchat
session = fbchat.Session.login("USER", "PW", on_2fa_callback=lambda: input("2FA Code: "))

Traceback

Traceback (most recent call last):
  File "C:\Users\Marco\Downloads\Software\Pycharm Community\helpers\pydev\pydevd.py", line 1591, in <module>
    globals = debugger.run(setup['file'], None, None, is_module)
  File "C:\Users\Marco\Downloads\Software\Pycharm Community\helpers\pydev\pydevd.py", line 1018, in run
    pydev_imports.execfile(file, globals, locals)  # execute the script
  File "C:\Users\Marco\Downloads\Software\Pycharm Community\helpers\pydev\_pydev_imps\_pydev_execfile.py", line 18, in execfile
    exec(compile(contents+"\n", file, 'exec'), glob, loc)
  File "C:/Users/Marco/Downloads/Programmazione/Python/fbchat/examples/echobot.py", line 3, in <module>
    session = fbchat.Session.login("rvonhtt_valtchanovson_1580757596@tfbnw.net", "5hvwf7l9l7g", on_2fa_callback=lambda: input("2FA Code: "))
  File "C:\Users\Marco\Downloads\Programmazione\Python\fbchat\fbchat\_session.py", line 302, in login
    url = two_factor_helper(session, r, on_2fa_callback)
  File "C:\Users\Marco\Downloads\Programmazione\Python\fbchat\fbchat\_session.py", line 153, in two_factor_helper
    raise _exception.ParseError("Could not fill out form properly (2)", data=data)
fbchat.ParseError: Could not fill out form properly (2). Please report this, along with the data below!
{'jazoest': '21035', 'fb_dtsg': 'QSgTmtu3VGI=', 'submit[Continue]': 'Continua', 'nh': '96259b22190441abcb8f790daecd2d347ba05d2f', 'no_fido': 'true', 'approvals_code': '[missing]'}

Environment information

• fbchat version v2.0.0a3

Findings

Changing this line https://github.com/carpedm20/fbchat/blob/078bf9fc16ff00368378545c7c94f10766febd54/fbchat/_session.py#L135 To

while "approvals_code" in data:

helps a bit, I get prompted for the 2FA code and it goes through

"Starting Facebook checkup flow"
"Verifying login attempt"
"Saving device again"

but then..

Traceback (most recent call last):
  File "C:\Users\Marco\Downloads\Software\Pycharm Community\helpers\pydev\pydevd.py", line 1591, in <module>
    globals = debugger.run(setup['file'], None, None, is_module)
  File "C:\Users\Marco\Downloads\Software\Pycharm Community\helpers\pydev\pydevd.py", line 1018, in run
    pydev_imports.execfile(file, globals, locals)  # execute the script
  File "C:\Users\Marco\Downloads\Software\Pycharm Community\helpers\pydev\_pydev_imps\_pydev_execfile.py", line 18, in execfile
    exec(compile(contents+"\n", file, 'exec'), glob, loc)
  File "C:/Users/Marco/Downloads/Programmazione/Python/fbchat/examples/echobot.py", line 3, in <module>
    session = fbchat.Session.login("rvonhtt_valtchanovson_1580757596@tfbnw.net", "5hvwf7l9l7g", on_2fa_callback=lambda: input("2FA Code: "))
  File "C:\Users\Marco\Downloads\Programmazione\Python\fbchat\fbchat\_session.py", line 312, in login
    raise _exception.NotLoggedIn("Failed logging in: {}, {}".format(url, error))
fbchat.NotLoggedIn: Failed logging in: https://www.messenger.com/login/checkpoint_interstitial/?next=https%3A%2F%2Fwww.facebook.com%2Fcheckpoint%2Fstart%2F%3Fip%3D93.146.44.170%26cookie%3D%257B%2522u%2522%253A100047011382953%252C%2522t%2522%253A1589023597%252C%2522step%2522%253A0%252C%2522n%2522%253A%25225uqsBPWPcmc%253D%2522%252C%2522inst%2522%253A233449648089412%252C%2522f%2522%253A193593390684083%252C%2522st%2522%253A%2522p%2522%252C%2522aid%2522%253Anull%252C%2522ca%2522%253Anull%252C%2522la%2522%253A%2522%2522%252C%2522ta%2522%253A%25221589023598.ch.s%253Aat%253Aat%253As%253Apw.tDBFAiB7MkNnoOB_QTqyLKut7F9o3l4bFG4x8Rs0PLViOy_9CgIhAPkrTKgoD1QSfWoiY529mzXjQ_YYddcA23ctrL8pimY-%2522%252C%2522sat%2522%253Anull%252C%2522s%2522%253A%2522AWWAxa7bHrWtmm0v%2522%252C%2522cs%2522%253A%255B%255D%252C%2522mdcp%2522%253Atrue%252C%2522mdcr%2522%253A%2522x%2522%257D%26next%3Dhttps%253A%252F%252Fwww.messenger.com%252F%26hash%3DAWW7ugVcyD7Ltwvi, None

I get the checkpoint url again like I'm stuck in a loop :(

[madsmtm]

Thanks for the report, the first bit is indeed a typo, I've fixed it in 3c0f411be7878ca41e2e920fc22a0ba87ce0e09b. I'll look into the other issue in a bit

[gave92]

Just saw the comment about 2fa "Only tested using SMS, might not work with authentication applications." I was indeed using google authenticator 😅 Edit: just tried with SMS.. same issue

[gave92]

Issue still exists with version 2.0.0a4. The account I'm using is a facebook whitehat/test account, does that make a difference?

[madsmtm]

Yeah, still working on this, sorry for the long delays.

The bit about the test account might make a difference, I don't know 🤷.

I'll try to record what I've figured out so far:

• If you attempt to login using a browser, with JavaScript disabled (and using the pre-generated hidden HTML form on https://www.messenger.com/login), the loop triggers as well.
• Ergo, something is done by JavaScript that we don't yet do!
• In https://github.com/carpedm20/fbchat/issues/582 I implemented adding an act cookie, but that doesn't seem to be enough.
• The user agent doesn't matter, I tried setting a custom user agent in my browser, and I could login there
• Sometimes, when logging in even via. browser, you'll get put through part of the verification flow twice! (aka. you hit https://www.messenger.com/login/checkpoint_interstitial twice) - but Facebook never asks for a 2FA code repeatedly (which it does if we try to run the 2fa logic repeatedly)