oleksa4262 commented 2 weeks ago

For the last two days whenever I try to log in it says "An error occurred. Please try again later. (500). Is something wrong with otp?

oleksa4262 commented 1 week ago

Also the latest commit (5 posts loading at a time) breaks the app sometimes by not loading more posts when you scroll to the end.

vantinio commented 1 week ago

+1. Also receiving Error 500 using a German (+49) phone number.

sveaalessxa commented 1 week ago

+1. Also receiving Error 500 using a German (+49) phone number.

I have the same problem

macedonga commented 1 week ago

It looks like BeReal changed something :-( I tried looking at the latest bereal apk with jadx (since i cant use frida to intercept requests) and it looks like there is a "tokens" array to add to the request? I'll have to look more into that.

svenborgmann commented 1 week ago

It looks like BeReal changed something :-( I tried looking at the latest bereal apk with jadx (since i cant use frida to intercept requests) and it looks like there is a "tokens" array to add to the request? I'll have to look more into that.

@macedonga Hello. Can you please revert what you were doing the last 2 hours because everything worked fine - until you posted your comment - with a version using the old May 02 code with only the sig token changed as per Sep 03. Now I am getting the 500 error as well. Can't be a coincidence the old code stopped working the minute you posted some comment ...

EDIT: I mean of course the changes you made to the sig.beunblurred.co

macedonga commented 1 week ago

Reverted. I have no idea what is going on with BeReal... Maybe the device ID got banned? It's probably not that since toofake is not working either though...

NOctu1412 commented 1 week ago

Reverted. I have no idea what is going on with BeReal... Maybe the device ID got banned? It's probably not that since toofake is not working either though...

Also getting these, in fact, even on the bereal app I cannot re-login.

kerdofficial commented 1 week ago

It looks like BeReal changed something :-( I tried looking at the latest bereal apk with jadx (since i cant use frida to intercept requests) and it looks like there is a "tokens" array to add to the request? I'll have to look more into that.

From what I've found, the Vonage request now requires a phoneNumber and deviceId, as it did previously, along with a new "tokens" array that you mentioned. This array contains two elements: token and identifier, which are utilized to create the AntibotToken. However, I couldn't figure out how their values get generated yet.

NOctu1412 commented 1 week ago

It looks like BeReal changed something :-( I tried looking at the latest bereal apk with jadx (since i cant use frida to intercept requests) and it looks like there is a "tokens" array to add to the request? I'll have to look more into that.

From what I've found, the Vonage request now requires a phoneNumber and deviceId, as it did previously, along with a new "tokens" array that you mentioned. This array contains two elements: token and identifier, which are utilized to create the AntibotToken. However, I couldn't figure out how their values get generated yet.

I'm interested in helping for this, the problem is I can't find the bereal source code in the apk. I have been doing only request intercepting for a while. How do you guys do that ?

kerdofficial commented 1 week ago

It looks like BeReal changed something :-( I tried looking at the latest bereal apk with jadx (since i cant use frida to intercept requests) and it looks like there is a "tokens" array to add to the request? I'll have to look more into that.

From what I've found, the Vonage request now requires a phoneNumber and deviceId, as it did previously, along with a new "tokens" array that you mentioned. This array contains two elements: token and identifier, which are utilized to create the AntibotToken. However, I couldn't figure out how their values get generated yet.

I'm interested in helping for this, the problem is I can't find the bereal source code in the apk. I have been doing only request intercepting for a while. How do you guys do that ?

I've also used jadx, as @macedonga mentioned. It’s pretty straightforward: after downloading jadx, you can drag the APK into it, and it’ll automatically decompile the source code for you.

NOctu1412 commented 1 week ago

Yeah I do know that but I don't find where the code is. I try to search for some strings but I can't manage to find some interesting piece of code.

kerdofficial commented 1 week ago

Search for 'tokens='. This is how I found the first piece, the parameters for the send-code request. From there, just find connections between classes, and try putting the whole picture together. I'm also new to reverse-engineering by source code (this is the first time I do it lmao), so that's probably why I didn't find the solution to the problem, but this was my method to getting where I'm currently at with this.

macedonga commented 1 week ago

Alright, I managed to understand that to fetch the antibot token, the app makes a HEAD request to what i think is the endpoint https://mobile.bereal.com/api/antibot_android.txt with some specific headers that make the api not return a 404 status code (at least i think that's how the app gets that token(s))...

If only I could bypass the google pairip tampering protection library thing i could just hook frida to the bereal process to unpin the ssl certificate like in the good old days :-(

NOctu1412 commented 1 week ago

Alright, I managed to understand that to fetch the antibot token, the app makes a HEAD request to what i think is the endpoint https://mobile.bereal.com/api/antibot_android.txt with some specific headers that make the api not return a 404 status code (at least i think that's how the app gets that token(s))...

If only I could bypass the google pairip tampering protection library thing i could just hook frida to the bereal process to unpin the ssl certificate like in the good old days :-(

This is still working for me using lsposed

NOctu1412 commented 1 week ago

Alright, I managed to understand that to fetch the antibot token, the app makes a HEAD request to what i think is the endpoint https://mobile.bereal.com/api/antibot_android.txt with some specific headers that make the api not return a 404 status code (at least i think that's how the app gets that token(s))...

If only I could bypass the google pairip tampering protection library thing i could just hook frida to the bereal process to unpin the ssl certificate like in the good old days :-(

The correct url is https://cdn.bereal.network/killswitch/antibot_android.txt, the problem is that even when connecting with the real bereal app, it gets me a 404 error.

macedonga commented 1 week ago

The correct url is https://cdn.bereal.network/killswitch/antibot_android.txt, the problem is that even when connecting with the real bereal app, it gets me a 404 error.

Oh, hmmmmmmm, thanks! How did you manage to find that url?

NOctu1412 commented 1 week ago

The correct url is https://cdn.bereal.network/killswitch/antibot_android.txt, the problem is that even when connecting with the real bereal app, it gets me a 404 error.

Oh, hmmmmmmm, thanks! How did you manage to find that url?

It was in some encrypted strings in the apk, also got the confirmation while analysing traffic using http-toolkit

Here are all the encrypted strings I got if that can help maybe mobile.bereal.com
https://mobile.bereal.com/api/
auth.bereal.com
auth.bereal.com
https://auth.bereal.com/api/
https://auth.bereal.com/
https://ogma.bereal.com/
https://observability.bereal.com/events
H7F4R4AN6dzb6R/pVhnZahJ0iPmepdqdODTjYqt05eQ=
8defa8aa2651e48ca11adff7c783613a
client-1pLB1sRQ5LOFXMtAQJHjUeF1v1R8e4tV
CCB0863E-D45D-42E9-A6C8-9E8544E8B17E
https://cdn.bereal.network/killswitch/
sha256/H7F4R4AN6dzb6R/pVhnZahJ0iPmepdqdODTjYqt05eQ=
android
F5A71DA-32C7-425C-A3E3-375B4DACA406
gs://storage.bere.al

NOctu1412 commented 1 week ago

Just found out that the 404 on the antibot_android.txt page is normal. 404 on antibot_android.txt = no need to show captcha using arkoselabs no 404 on antibot_android.txt = will show captcha using arkoselabs also, the tokens sent are just the result of the tests done by arkoselabs (they are runned at some time, before login)

NOctu1412 commented 1 week ago

This is the token they use for arkoselabs: CCB0863E-D45D-42E9-A6C8-9E8544E8B17E

For example this request: POST https://client-api.arkoselabs.com/fc/gt2/public_key/CCB0863E-D45D-42E9-A6C8-9E8544E8B17E

For wich the body is (url encoded format):

bda: a crazy long jwt token public_key: CCB0863E-D45D-42E9-A6C8-9E8544E8B17E site: file:// userbrowser: (my user agent) capi_version: 2.11.0 capi_mode: inline style_theme: default rnd: random float between 0 and 1 data[blob]: empty

Then it returns: { "token": "THE TOKEN|r=eu-west-1|meta=3|metabgclr=transparent|metaiconclr=%23757575|guitextcolor=%23000000|pk=CCB0863E-D45D-42E9-A6C8-9E8544E8B17E|at=40|sup=1|rid=18|ag=101|cdn_url=https%3A%2F%2Fclient-api.arkoselabs.com%2Fcdn%2Ffc|lurl=https%3A%2F%2Faudio-eu-west-1.arkoselabs.com|surl=https%3A%2F%2Fclient-api.arkoselabs.com|smurl=https%3A%2F%2Fclient-api.arkoselabs.com%2Fcdn%2Ffc%2Fassets%2Fstyle-manager", "challenge_url": "", "challenge_url_cdn": "https://client-api.arkoselabs.com/cdn/fc/assets/ec-game-core/bootstrap/1.25.0/standard/game_core_bootstrap.js", "challenge_url_cdn_sri": "sha384-yD6pmTuZgiTFBDDTRM/3MtyiyYGVyZbEGtnMOSGSPoMXL7cS2KweeBGs64MPbqCW", "noscript": "Disable", "inject_script_integrity": null, "inject_script_url": null, "mbio": true, "tbio": true, "kbio": true, "styles": [ { "name": "base", "theme": "", "iframeWidth": null, "iframeHeight": null, "style": { "id": "bb6d3290-5cd3-4ef1-9087-3c20da455944", "sriHash": "sha384-mg8Ut1ul6odO4eCMXaofxPRV/iXoU1RHKFpX2R1NUwYAKCH/jyD1Ws6ygec/SuPU" }, "assets": {} } ], "iframe_width": null, "iframe_height": null, "disable_default_styling": false, "string_table": { "meta.api_timeout_error": "La connexion à un serveur de vérification a été interrompue. Veuillez recharger le défi pour réessayer.", "meta.compat_mode_error_string": "Pour des raisons de sécurité, votre appareil ou votre navigateur ne peut se connecter à un serveur de vérification. Afin de vérifier que vous êtes une personne réelle, veuillez mettre à jour votre appareil ou votre navigateur.", "meta.custom_compat_mode_error_string": "", "meta.generic_error": "Une erreur s’est produite. Veuillez recharger le défi pour réessayer.", "meta.loading_info": "En cours d’opération, veuillez patienter...", "meta.reload_challenge": "Recharger le défi", "meta.visual_challenge_frame_title": "Défi visuel" }, "compatibility_mode_enabled": true, "force_standard_mode": false }

Then it will make this GET request: https://client-api.arkoselabs.com/fc/a/?callback=__jsonp_1729716033069&category=loaded&action=game%20loaded&session_token=THE TOKEN&data[public_key]=CCB0863E-D45D-42E9-A6C8-9E8544E8B17E&data[site]=file%3A%2F%2F

which will return: __jsonp_1729716033069({ "logged": true })

NOctu1412 commented 1 week ago

Okay guys, big news, I managed to send myself an otp code, and now a second one :)

NOctu1412 commented 1 week ago

And just got my access and refresh token, perfect !

edmondyv commented 1 week ago

And just got my access and refresh token, perfect !

Great job ! Hopefully macedonga will be able to replicate it

NOctu1412 commented 1 week ago

And just got my access and refresh token, perfect !

Great job ! Hopefully macedonga will be able to replicate it

I'll try to setup the code for beunblurred and make a pull request.

NOctu1412 commented 1 week ago

Btw, does somebody know how does macedonga generate the bereal-signature ? I've been using his sig.beunblurred.co for a while but I want to generate it myself :/

NOctu1412 commented 1 week ago

Too lazy to setup the project but here is my code from my project:

Send OTP and Check OTP

private static string ArkoseKey = "CCB0863E-D45D-42E9-A6C8-9E8544E8B17E";
private static string BeRealClientSecret = "F5A71DA-32C7-425C-A3E3-375B4DACA406";

private long UnixTimeStamp() {
    return DateTimeOffset.UtcNow.ToUnixTimeMilliseconds();
}

static string GenerateRandomDouble(int decimalPlaces) {
    if (decimalPlaces < 1) {
        throw new ArgumentOutOfRangeException(nameof(decimalPlaces), "Decimal places must be between 1 and 17.");
    }
    Random random = new Random();
    StringBuilder sb = new StringBuilder("0.");
    for (int i = 0; i < decimalPlaces; i++) {
        int digit = random.Next(10);
        sb.Append(digit);
    }
    return sb.ToString();
}

public async Task<string> GetArkoseToken() {
    // get public key //
    var publicKeyPayload = new Dictionary<string, string> {
        { "bda", (the bda key, don't know if I can share it bcz I don't know myself what it contains) },
        { "public_key", ArkoseKey },
        { "site", "file://" },
        { "userbrowser", "Mozilla/5.0 (Linux; ... Build/UP1A.231105.003; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/129.0.6668.100 Mobile Safari/537.36" },
        { "capi_version", "2.11.0" },
        { "capi_mode", "inline" },
        { "style_theme", "default" },
        { "rnd", GenerateRandomDouble(17) },
        { "data[blob]", "" }
    };
    var publicKeyContent = new FormUrlEncodedContent(publicKeyPayload);
    var publicKeyRequest = new HttpRequestMessage(HttpMethod.Post, "https://client-api.arkoselabs.com/fc/gt2/public_key/" + ArkoseKey);
    publicKeyRequest.Content = publicKeyContent;

    var publicKeyResponse = await _httpClient.SendAsync(publicKeyRequest);
    if (!publicKeyResponse.IsSuccessStatusCode) {
        throw new Exception("Internal server error while getting public key response");
    }

    var publicKeyResponseContent = JsonConvert.DeserializeObject<dynamic>(await publicKeyResponse.Content.ReadAsStringAsync());
    string unformattedToken = publicKeyResponseContent!.token;
    string token = unformattedToken.Substring(0, 28);

    // callback to confirm token //
    var callbackName = "__jsonp_" + UnixTimeStamp();
    Debug.WriteLine("callback: " + callbackName);

    var baseUri = new Uri("https://client-api.arkoselabs.com/fc/a/");
    var queryParameters = HttpUtility.ParseQueryString(string.Empty);
    queryParameters["callback"] = callbackName;
    queryParameters["category"] = "loaded";
    queryParameters["action"] = "game loaded";
    queryParameters["session_token"] = token;
    queryParameters["data[public_key]"] = ArkoseKey;
    queryParameters["data[site]"] = "file://";

    var uriBuilder = new UriBuilder(baseUri)
    {
        Query = queryParameters.ToString()
    };

    var callbackRequest = new HttpRequestMessage(HttpMethod.Get, uriBuilder.ToString());
    var callbackResponse = await _httpClient.SendAsync(callbackRequest);
    if (!callbackResponse.IsSuccessStatusCode) {
        throw new Exception("Error while sending callback request");
    }

    return token;
}

public async Task BeRealSendOtp(string phoneNumber, bool useL7 = true) {
    string arkoseToken = await GetArkoseToken();

    var payload = new {
        client_id = "android",
        client_secret = BeRealClientSecret,
        device_id = "2312889cb6b5f15f",
        phone_number = phoneNumber,
        tokens = new[] {
            new {
                token = arkoseToken,
                identifier = "AR" // identifier type for arkose tokens only
            }
        }
    };

    var content = new StringContent(JsonConvert.SerializeObject(payload), Encoding.UTF8, "application/json");
    var request = new HttpRequestMessage(HttpMethod.Post, "https://auth" + (useL7 ? "-l7" : "") + ".bereal.com/token/phone");

    request.Content = content;
    request.Headers.Add("User-Agent", "BeReal/3.10.1 (com.bereal.ft; build:2348592; Android 14) 4.12.0/OkHttp");
    request.Headers.Add("bereal-app-version-code", "14549");
    request.Headers.Add("bereal-signature", await FetchSignatureAsync());
    request.Headers.Add("bereal-platform", "android");
    request.Headers.Add("bereal-os-version", "14");
    request.Headers.Add("bereal-device-id", "2312889cb6b5f15f");
    request.Headers.Add("bereal-app-version-code", "2348592");
    request.Headers.Add("bereal-app-version", "3.10.1");
    request.Headers.Add("Accept-Encoding", "gzip");
    request.Headers.Add("bereal-timezone", "Europe/Paris");

    var response = await _httpClient.SendAsync(request);
    if (!response.IsSuccessStatusCode) {
        throw new Exception("Internal server error while sending otp: " + response.StatusCode);
    }
}

public async Task BeRealCheckOtp(string accountName, string phoneNumber, string otp, bool useL7 = true) {
    var payload = new {
        client_id = "android",
        client_secret = BeRealClientSecret,
        code = otp,
        device_id = "2312889cb6b5f15f",
        phone_number = phoneNumber
    };

    var content = new StringContent(JsonConvert.SerializeObject(payload), Encoding.UTF8, "application/json");
    var request = new HttpRequestMessage(HttpMethod.Post, "https://auth" + (useL7 ? "-l7" : "") + ".bereal.com/token/phone");

    request.Content = content;
    request.Headers.Add("User-Agent", "BeReal/3.10.1 (com.bereal.ft; build:2348592; Android 14) 4.12.0/OkHttp");
    request.Headers.Add("bereal-app-version-code", "14549");
    request.Headers.Add("bereal-signature", await FetchSignatureAsync());
    request.Headers.Add("bereal-platform", "android");
    request.Headers.Add("bereal-os-version", "14");
    request.Headers.Add("bereal-device-id", "2312889cb6b5f15f");
    request.Headers.Add("bereal-app-version-code", "2348592");
    request.Headers.Add("bereal-app-version", "3.10.1");
    request.Headers.Add("Accept-Encoding", "gzip");
    request.Headers.Add("bereal-timezone", "Europe/Paris");

    var response = await _httpClient.SendAsync(request);
    if (!response.IsSuccessStatusCode) {
        throw new Exception("Internal server error while sending otp: " + response.StatusCode);
    }
    var responseContent = JsonConvert.DeserializeObject<dynamic>(await response.Content.ReadAsStringAsync());

    string berealAccessToken = responseContent!.access_token;
    string refreshToken = responseContent!.refresh_token;
    long expiresIn = responseContent!.expires_in;
    long expires = GetCurrentDate() + expiresIn;

    // ....
}

To refresh the token:

var payload = new {
    client_id = "android",
    client_secret = BeRealClientSecret,
    grant_type = "refresh_token",
    refresh_token = account.BeRealRefreshToken
};

var content = new StringContent(JsonConvert.SerializeObject(payload), Encoding.UTF8, "application/json");
var request = new HttpRequestMessage(HttpMethod.Post, "https://auth" + (useL7 ? "-l7" : "") + ".bereal.com/token?grant_type=refresh_token");

request.Content = content;
request.Headers.Add("User-Agent", "BeReal/3.10.1 (com.bereal.ft; build:2348592; Android 14) 4.12.0/OkHttp");
request.Headers.Add("bereal-app-version-code", "14549");
request.Headers.Add("bereal-signature", await FetchSignatureAsync());
request.Headers.Add("bereal-platform", "android");
request.Headers.Add("bereal-os-version", "14");
request.Headers.Add("bereal-device-id", "2312889cb6b5f15f");
request.Headers.Add("bereal-app-version-code", "2348592");
request.Headers.Add("bereal-app-version", "3.10.1");
request.Headers.Add("Accept-Encoding", "gzip");
request.Headers.Add("bereal-timezone", "Europe/Paris");

var response = await _httpClient.SendAsync(request);
if (!response.IsSuccessStatusCode) {
    throw new Exception("Internal server error while sending otp: " + response.StatusCode);
}
var responseContent = JsonConvert.DeserializeObject<dynamic>(await response.Content.ReadAsStringAsync());
account.BeRealRefreshToken = responseContent.refresh_token;
account.BeRealAccessToken = responseContent.access_token;

This new login method doesn't use Vonage or Firebase but this is the only one I found working.

NOctu1412 commented 1 week ago

Mmh, refreshing doesn't even work properly, I'll try to use the vonage api tomorrow

macedonga commented 1 week ago

That's awesome @NOctu1412! As soon as I get home I'll push the edits! Thanks!

xer0xde commented 1 week ago

Too lazy to setup the project but here is my code from my project:

Send OTP and Check OTP


private static string ArkoseKey = "CCB0863E-D45D-42E9-A6C8-9E8544E8B17E";

private static string BeRealClientSecret = "F5A71DA-32C7-425C-A3E3-375B4DACA406";

private long UnixTimeStamp() {

    return DateTimeOffset.UtcNow.ToUnixTimeMilliseconds();

}

static string GenerateRandomDouble(int decimalPlaces) {

    if (decimalPlaces < 1) {

        throw new ArgumentOutOfRangeException(nameof(decimalPlaces), "Decimal places must be between 1 and 17.");

    }

    Random random = new Random();

    StringBuilder sb = new StringBuilder("0.");

    for (int i = 0; i < decimalPlaces; i++) {

        int digit = random.Next(10);

        sb.Append(digit);

    }

    return sb.ToString();

}

public async Task<string> GetArkoseToken() {

    // get public key //

    var publicKeyPayload = new Dictionary<string, string> {

        { "bda", (the bda key, don't know if I can share it bcz I don't know myself what it contains) },

        { "public_key", ArkoseKey },

        { "site", "file://" },

        { "userbrowser", "Mozilla/5.0 (Linux; ... Build/UP1A.231105.003; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/129.0.6668.100 Mobile Safari/537.36" },

        { "capi_version", "2.11.0" },

        { "capi_mode", "inline" },

        { "style_theme", "default" },

        { "rnd", GenerateRandomDouble(17) },

        { "data[blob]", "" }

    };

    var publicKeyContent = new FormUrlEncodedContent(publicKeyPayload);

    var publicKeyRequest = new HttpRequestMessage(HttpMethod.Post, "https://client-api.arkoselabs.com/fc/gt2/public_key/" + ArkoseKey);

    publicKeyRequest.Content = publicKeyContent;

    var publicKeyResponse = await _httpClient.SendAsync(publicKeyRequest);

    if (!publicKeyResponse.IsSuccessStatusCode) {

        throw new Exception("Internal server error while getting public key response");

    }

    var publicKeyResponseContent = JsonConvert.DeserializeObject<dynamic>(await publicKeyResponse.Content.ReadAsStringAsync());

    string unformattedToken = publicKeyResponseContent!.token;

    string token = unformattedToken.Substring(0, 28);

    // callback to confirm token //

    var callbackName = "__jsonp_" + UnixTimeStamp();

    Debug.WriteLine("callback: " + callbackName);

    var baseUri = new Uri("https://client-api.arkoselabs.com/fc/a/");

    var queryParameters = HttpUtility.ParseQueryString(string.Empty);

    queryParameters["callback"] = callbackName;

    queryParameters["category"] = "loaded";

    queryParameters["action"] = "game loaded";

    queryParameters["session_token"] = token;

    queryParameters["data[public_key]"] = ArkoseKey;

    queryParameters["data[site]"] = "file://";

    var uriBuilder = new UriBuilder(baseUri)

    {

        Query = queryParameters.ToString()

    };

    var callbackRequest = new HttpRequestMessage(HttpMethod.Get, uriBuilder.ToString());

    var callbackResponse = await _httpClient.SendAsync(callbackRequest);

    if (!callbackResponse.IsSuccessStatusCode) {

        throw new Exception("Error while sending callback request");

    }

    return token;

}

public async Task BeRealSendOtp(string phoneNumber, bool useL7 = true) {

    string arkoseToken = await GetArkoseToken();

    var payload = new {

        client_id = "android",

        client_secret = BeRealClientSecret,

        device_id = "2312889cb6b5f15f",

        phone_number = phoneNumber,

        tokens = new[] {

            new {

                token = arkoseToken,

                identifier = "AR" // identifier type for arkose tokens only

            }

        }

    };

    var content = new StringContent(JsonConvert.SerializeObject(payload), Encoding.UTF8, "application/json");

    var request = new HttpRequestMessage(HttpMethod.Post, "https://auth" + (useL7 ? "-l7" : "") + ".bereal.com/token/phone");

    request.Content = content;

    request.Headers.Add("User-Agent", "BeReal/3.10.1 (com.bereal.ft; build:2348592; Android 14) 4.12.0/OkHttp");

    request.Headers.Add("bereal-app-version-code", "14549");

    request.Headers.Add("bereal-signature", await FetchSignatureAsync());

    request.Headers.Add("bereal-platform", "android");

    request.Headers.Add("bereal-os-version", "14");

    request.Headers.Add("bereal-device-id", "2312889cb6b5f15f");

    request.Headers.Add("bereal-app-version-code", "2348592");

    request.Headers.Add("bereal-app-version", "3.10.1");

    request.Headers.Add("Accept-Encoding", "gzip");

    request.Headers.Add("bereal-timezone", "Europe/Paris");

    var response = await _httpClient.SendAsync(request);

    if (!response.IsSuccessStatusCode) {

        throw new Exception("Internal server error while sending otp: " + response.StatusCode);

    }

}

public async Task BeRealCheckOtp(string accountName, string phoneNumber, string otp, bool useL7 = true) {

    var payload = new {

        client_id = "android",

        client_secret = BeRealClientSecret,

        code = otp,

        device_id = "2312889cb6b5f15f",

        phone_number = phoneNumber

    };

    var content = new StringContent(JsonConvert.SerializeObject(payload), Encoding.UTF8, "application/json");

    var request = new HttpRequestMessage(HttpMethod.Post, "https://auth" + (useL7 ? "-l7" : "") + ".bereal.com/token/phone");

    request.Content = content;

    request.Headers.Add("User-Agent", "BeReal/3.10.1 (com.bereal.ft; build:2348592; Android 14) 4.12.0/OkHttp");

    request.Headers.Add("bereal-app-version-code", "14549");

    request.Headers.Add("bereal-signature", await FetchSignatureAsync());

    request.Headers.Add("bereal-platform", "android");

    request.Headers.Add("bereal-os-version", "14");

    request.Headers.Add("bereal-device-id", "2312889cb6b5f15f");

    request.Headers.Add("bereal-app-version-code", "2348592");

    request.Headers.Add("bereal-app-version", "3.10.1");

    request.Headers.Add("Accept-Encoding", "gzip");

    request.Headers.Add("bereal-timezone", "Europe/Paris");

    var response = await _httpClient.SendAsync(request);

    if (!response.IsSuccessStatusCode) {

        throw new Exception("Internal server error while sending otp: " + response.StatusCode);

    }

    var responseContent = JsonConvert.DeserializeObject<dynamic>(await response.Content.ReadAsStringAsync());

    string berealAccessToken = responseContent!.access_token;

    string refreshToken = responseContent!.refresh_token;

    long expiresIn = responseContent!.expires_in;

    long expires = GetCurrentDate() + expiresIn;

    // ....

}

To refresh the token:


var payload = new {

    client_id = "android",

    client_secret = BeRealClientSecret,

    grant_type = "refresh_token",

    refresh_token = account.BeRealRefreshToken

};

var content = new StringContent(JsonConvert.SerializeObject(payload), Encoding.UTF8, "application/json");

var request = new HttpRequestMessage(HttpMethod.Post, "https://auth" + (useL7 ? "-l7" : "") + ".bereal.com/token");

request.Content = content;

request.Headers.Add("User-Agent", "BeReal/3.10.1 (com.bereal.ft; build:2348592; Android 14) 4.12.0/OkHttp");

request.Headers.Add("bereal-app-version-code", "14549");

request.Headers.Add("bereal-signature", await FetchSignatureAsync());

request.Headers.Add("bereal-platform", "android");

request.Headers.Add("bereal-os-version", "14");

request.Headers.Add("bereal-device-id", "2312889cb6b5f15f");

request.Headers.Add("bereal-app-version-code", "2348592");

request.Headers.Add("bereal-app-version", "3.10.1");

request.Headers.Add("Accept-Encoding", "gzip");

request.Headers.Add("bereal-timezone", "Europe/Paris");

var response = await _httpClient.SendAsync(request);

if (!response.IsSuccessStatusCode) {

    throw new Exception("Internal server error while sending otp: " + response.StatusCode);

}

var responseContent = JsonConvert.DeserializeObject<dynamic>(await response.Content.ReadAsStringAsync());

account.BeRealRefreshToken = responseContent.refresh_token;

account.BeRealAccessToken = responseContent.access_token;

This new login method doesn't use Vonage or Firebase but this is the only one I found working.

You are crazy. How did you manage to find that?

NOctu1412 commented 1 week ago

@xer0xde Reversed the apk and used a little bit of requests intercepting, but yeah, as I said this is not using the firebase api. The refresh token is some shit of bereal, I don't really like that, I'm trying to do something else.

NOctu1412 commented 1 week ago

Ok so first, here is the updated refreshing code that works now:

var payload = new {
    client_id = "android",
    client_secret = BeRealClientSecret,
    grant_type = "refresh_token",
    refresh_token = account.BeRealRefreshToken
};

Debug.WriteLine("Refreshing: " + account.BeRealRefreshToken);
Debug.WriteLine(JsonConvert.SerializeObject(payload));

var content = new StringContent(JsonConvert.SerializeObject(payload), Encoding.UTF8, "application/json");
var request = new HttpRequestMessage(HttpMethod.Post, "https://auth" + (useL7 ? "-l7" : "") + ".bereal.com/token?grant_type=refresh_token");

request.Content = content;
request.Headers.Add("User-Agent", "BeReal/3.10.1 (com.bereal.ft; build:2348592; Android 14) 4.12.0/OkHttp");
request.Headers.Add("bereal-signature", await FetchSignatureAsync());
request.Headers.Add("bereal-platform", "android");
request.Headers.Add("bereal-os-version", "14");
request.Headers.Add("bereal-device-id", "2312889cb6b5f15f");
request.Headers.Add("bereal-app-version-code", "2348592");
request.Headers.Add("bereal-app-version", "3.10.1");
request.Headers.Add("Accept-Encoding", "gzip");
request.Headers.Add("bereal-timezone", "Europe/Paris");

var response = await _httpClient.SendAsync(request);
if (!response.IsSuccessStatusCode) {
    Debug.WriteLine(await response.Content.ReadAsStringAsync());
    throw new Exception("Internal server error while refreshing bereal type account otp: " + response.StatusCode);
}
var responseContent = JsonConvert.DeserializeObject<dynamic>(await response.Content.ReadAsStringAsync());
account.BeRealRefreshToken = responseContent.refresh_token;
account.BeRealAccessToken = responseContent.access_token;
long expiresIn = responseContent.expires_in;
account.Expires = GetCurrentDate() + expiresIn;

macedonga commented 1 week ago

Login and token refresh is now working, thanks @NOctu1412!

P.S.: that arkose bda token is b64 encoded json data, that has a ct, iv and s field, so I imagine is AES encrypted data (i'll probably have to update that key once in a while, hopefully i'll find a way to generate that, maybe looking at https://client-api.arkoselabs.com/v2/api.js?)

NOctu1412 commented 1 week ago

@macedonga Okay nice, I am now analysing the new endpoints for the vonage api. The problem is that your signature generator (sig.beunblurred.co) is not working properly and I have no idea why.

NOctu1412 commented 1 week ago

In fact, there are still two ways to auth I believe. They way I gave you and another that still uses vonage. Here is the schema it follows:

https://auth-l7.bereal.com/api/vonage/data-exchange:

{
  "phoneNumber": ""
}

Then it returns some encrypted data which is passed in the arkose publicKey request in the data[blob] field, which will return an token to login using vonage. But I can't manage to replay the data exchange request using your sig.beunblurred.co generator but with the signature that I am getting in the http interceptor it works. I can't find how bereal is generating these. Could you explain me how are they doing ? Or at least where is it located in the apk ?

oleksa4262 commented 1 week ago

Login still doesn't work with +380