search

kevincornish / HeckGuide

HeckGuide website repo, written in django. Backend connects to the kingdoms of heckfire api via a supplied token and will crawl allies & each world's map and store results in a postgres database
https://heckguide.com
MIT License
7 stars 11 forks source link

Issue Obtaining Oath Token #21

Open benjaminmesser opened 2 years ago

benjaminmesser commented 2 years ago

It seems that you obtain a token by first giving username/password credientals. Were you given these credentials by ATA? If not, how did you obtain this username/password combination? Without it, it seems one cannot obtain a token to do any API calls.

kevincornish commented 2 years ago

Login details are your ATA id account details. That will generate your oauth login token.

Or decompile the APK, remove the SSL pinning and middle man the api login manually

Xahusee commented 2 years ago

Sorry to keep being a bother, one more question:

I have experiencing using Kingdoms at War’s API and have never seen this type of issue logging in.

{'exception': 'Invalid request', 'data': None, 'code': 'kraken_authentication_bad_request'}

Any idea why it would be saying this? I have tried making a new ata id to make sure I wasn’t putting in wrong login information.

benjaminmesser commented 2 years ago

@kevincornish

I receive the exact same message.

{'exception': 'Invalid request', 'data': None, 'code': 'kraken_authentication_bad_request'}

I've tried connecting via cURL requests and through Python requests and I am only able to get that message while giving my account details through the header information you specified in api.py.

What is the issue with the following snippet? (with email and password substituded for my ATA login details)

import requests
data = {
    "grant_type": "password",
    "client_version": "1.93",
    "channel_id": 16,
    "client_id": "ata.kraken.heckfire",
    "client_secret": "n0ts0s3cr3t",
    "scope": "[]",
    "version": "2922",
    "include_tech_tree": "False",
    "username": "email",
    "password": "password"
}
url = "https://api.kingdomsofheckfire.com/game/auth/oauth/"
req = requests.post(url, data=data)
print(req.json())
ttlage commented 2 years ago

i have the same issue, can someone give us a clue? :)

JoshuaAFerguson commented 2 years ago

You are missing the client information bundle in the request. I haven't been able to get authentication to work without it.

"client_information" : {"bundle_id":"ata.kraken.heckfire","unity_uuid”:”[Retrieve via packet intercept]”os_name":"Android","android_id":"Retrieve via packet intercept]","android_advertising":"Retrieve via packet intercept]","ether_map":{},"os_version":"Android OS 9 / API-28 (PSR1.180720.122/6736742)","device_model":"AOSP on IA Emulator","hardware_version":"Google AOSP on IA Emulator","limit_ad_tracking":False,"screen_width":1440,"screen_height":2880,"os_build":"Build/PSR1.180720.122","af_id":"Retrieve via packet intercept]","locale":"en-US"}
ttlage commented 2 years ago

You are missing the client information bundle in the request. I haven't been able to get authentication to work without it.

"client_information" : {"bundle_id":"ata.kraken.heckfire","unity_uuid”:”[Retrieve via packet intercept]”os_name":"Android","android_id":"Retrieve via packet intercept]","android_advertising":"Retrieve via packet intercept]","ether_map":{},"os_version":"Android OS 9 / API-28 (PSR1.180720.122/6736742)","device_model":"AOSP on IA Emulator","hardware_version":"Google AOSP on IA Emulator","limit_ad_tracking":False,"screen_width":1440,"screen_height":2880,"os_build":"Build/PSR1.180720.122","af_id":"Retrieve via packet intercept]","locale":"en-US"}

@JoshuaAFerguson, there is a typo in between the unity_uuid and os_name. I think it should be like this:

client_information = {
            "bundle_id": "ata.kraken.heckfire",
            "unity_uuid": "[Retrieve via packet intercept]",
            "os_name": "Android",
            "android_id":"something",
            "android_advertising":"[Retrieve via packet intercept]",
            "ether_map": {},
            "os_version": "Android OS 9 / API-28 (PSR1.180720.122/6736742)",
            "device_mode": "AOSP on IA Emulator",
            "hardware_version": "Google AOSP on IA Emulator",
            "limit_ad_tracking": "False",
            "screen_width":1440,
            "screen_height":2880,
            "os_build":"Build/PSR1.180720.122",
            "af_id":"[Retrieve via packet intercept]",
            "locale":"en-US"
        },

however, I had no success with it :( , I've passed all the properties of the object that you provided and put it into the data one but I'm still receiving:

{
    "exception": "Invalid request",
    "data": null,
    "code": "kraken_authentication_bad_request"
}

the properties with [Retrieve via packet intercept]should receive a specific value?

thank you :)

benjaminmesser commented 2 years ago

@JoshuaAFerguson

You are missing the client information bundle in the request. I haven't been able to get authentication to work without it.

"client_information" : {"bundle_id":"ata.kraken.heckfire","unity_uuid”:”[Retrieve via packet intercept]”os_name":"Android","android_id":"Retrieve via packet intercept]","android_advertising":"Retrieve via packet intercept]","ether_map":{},"os_version":"Android OS 9 / API-28 (PSR1.180720.122/6736742)","device_model":"AOSP on IA Emulator","hardware_version":"Google AOSP on IA Emulator","limit_ad_tracking":False,"screen_width":1440,"screen_height":2880,"os_build":"Build/PSR1.180720.122","af_id":"Retrieve via packet intercept]","locale":"en-US"}

I'm having a similar issue to @ttlage. If you were to motify the snippet I gave above by simply adding in client_information as you gave it, then even after fixing the typos you are just given a seperate JSON-related error.

Could you modify the below code snippet so it can work?

import requests
data = {
    "grant_type": "password",
    "client_version": "1.93",
    "channel_id": 16,
    "client_id": "ata.kraken.heckfire",
    "client_secret": "n0ts0s3cr3t",
    "scope": "[]",
    "version": "2922",
    "include_tech_tree": "False",
    "username": "email",
    "password": "password"
}
url = "https://api.kingdomsofheckfire.com/game/auth/oauth/"
req = requests.post(url, data=data)
print(req.json())

Or, if it's easier, could you send a code snippet for how you are able to connect to the API? Even a cURL request would be helpful.

ttlage commented 2 years ago

hi @JoshuaAFerguson , could you share some code or explain to us how you are able to connect? I've tried in some different ways but with no success :(

benjaminmesser commented 2 years ago

@kevincornish Do you have any advice as to what we can be doing differently?

ttlage commented 2 years ago

no luck so far, do you guys?

ZorathMT commented 2 years ago

Just cant seem to get it to work... I guess they have changed things since this was made... anyone actually got authentication to work ?

ttlage commented 1 year ago

no :( i've tried the mitm but I'm doing something wrong for sure

ttlage commented 1 year ago

@kevincornish any luck?