404 on google auth page (generateGAUTH.sh)

[eth101]

Not sure if google removed the page or something on my end. Can anyone else verify functionality?

[Hackrylix]

I have the same issue. Maybe google didn't like the use of this url ^^

[parkour86]

I got the same error. Just thought I was doing something wrong.

[eth101]

Possibly a fake 404 maybe it's looking at the user-agent string or something in the headers?

[eth101]

Got it working! Doesn't like the accounts.db from my old galaxy player, but works just fine on my sgs3. I guess it has to do with how they are stored? (*edit) Used sqLiteManager to compare and the rows and columns look the same, wonder why it's 404 on one and works fine with the other(Data under password is different though. Gingerbread on the player, ICS on the sgs3).

[kosborn]

Very odd. I'll have to get a 2.x device next week to test, and to see what it's doing differently... Until then, I can't do much about it.

[Hackrylix]

Hi,

Some news about this bug ? I'm still getting a 404 error :( Can you please have a look on the url, I think this path is closed... Google have to change their 404 error page to Gandalf saying : "You shall no pass..." lol

Thanks

[kosborn]

I still will not be able to reproduce this unless someone gives me the schema of:

• Their accounts.db row that breaks it

or

• Modify generateAUTH.sh line #24 to:

echo curl --data "accountType=&Email=&has_permission=1&Token=$PASS&service=weblogin%3Acontinue%3Dhttps%253A//www.google.com/dashboard/&source=&androidId=&app=&client_sig=&device_country=&operatorCountry=&lang=&RefreshServices=" -k "https://android.clients.google.com/auth" 

However, supplying me real data is a bad idea, since that's your Google Auth token. I'd suggest running it on your own, and then reporting back anything weird. I'll push some debug flags into generateAUTH.sh to let you know of any weird things happening.

[ghost]

I think I figured out some errors in this thing. First off, it just flat out wouldn't work for me and just threw me your $PATH error. After digging and removing your error checking it gave me the sqlite3 error as follows

SQLite header and source version mismatch 2011-11-01 00:52:41 c7c6050ef060877ebe77b41d959e9df13f8c9b5e 2012-03-20 11:35:50 00bb9c9ce4f465e6ac321ced2a9d0062dc364669

but returned me with the 404 error that everyone talked about.

So I made sure to get sqlite3 working and just moved my sqlite3 from /usr/bin to /usr/local/bin and after that it let me generate the proper link. So I think what has been happening is either people's sqlite are issues or they had the same mismatch as I did.

Tested on 2.2 and 4.1.2 CyanogenMod

[kosborn]

generateAUTH was never actually meant to be ran from the phone.

Can you guys give me the output of sqlite3 --version?

If all else fails, I'll just throw in another statically compiled arm binary...

(Apologies for closing an re-opening the issue, fat fingered the keyboard.)

[ghost]

3.7.9 2011-11-01 00:52:41 c7c6050ef060877ebe77b41d959e9df13f8c9b5e

The issue was this, the version that was used in your script located in /usr/local/bin was not the same in /usr/bin. I think it would work regardless of the version, but the one I use did work. And yea, I wasn't using it from my phone, there really isn't a need, especially if this is a framework in a pentesting environment.

[ghost]

So, I logged onto a new computer and started working on this project again; however, generateAUTH 404'd me again. I had fixed the sqlite3 issue, but still the damned 404. The only things that changed were the network I was on, the computer and I logged into another google account with my phone. This network uses openDNS which I thought was an issue so I tethered to my phone and ruled that one out. Secondly, different computer, same os and environment, well check that later. So I opened up the accounts.db file and just pulled out the password from my gmail account and stuck it directly in the curl request, it worked perfectly. So, I have made some changes and added some glorious loops to do some checking because the sql limit had some issues there probably is a sql fix but meh.

[kosborn]

Cool. Could probably expand on this in the future, to make it a bit smarter, but for the time being, it's primarily in here as a PoC. Thanks @SyNtax-eror

[nrobsok]

I'm testing on a Gingerbread device, and confirm that I am getting an error 404 message returned, the exact output is: root@box:~/p2p-adb# ./generateGAUTH.sh ./loot/jacked_1366733589.tar tar file, unpacking

Not Found

Error 404

I'm know this has been closed for a while, but I'm willing to sacrifice a gmail account and provide you with the account.db that is generating the error as well. The schema looks the same as much as I can tell (which isn't much), but the token value is definitely different (~171characters long, instead of the ~68characters I'm seeing in the ICS accounts.db).

Let me know if you're still interested in supporting gingerbread, and where to send the accounts.db.