Checksum incorrect

[sfjuocekr]

It looks like M$ changed something on their end :(

[mariusknaust]

Thanks for opening the the issue.

Indeed, it looks like they changed at least the id. If someone does have a windows box at hand, it would be welcomed to sniff the updated URL.

[capt-pyro]

hey could you verify if this is the new URL

https://arc.msn.com/v3/Delivery/Cache?pid=209567&fmt=json&rafb=0&ua=WindowsShellClient%2F0&disphorzres=9999&dispvertres=9999&lo=80217&pl=en-US&lc=en-US&ctry=us&time=2017-12-31T23:59:59Z

Update:

I was able to trim the URL down to just

https://arc.msn.com/v3/Delivery/Cache?pid=279978&fmt=json&ua=WindowsShellClient%2F0&pl=en-US&lc=en-US&ctry=US

The new additional part is "%2F0&pl=en-US"

[mariusknaust]

This is looking good, thanks for the input!

Looks like only the product version %2F0 (/0) in the user agent field is required now.

[sfjuocekr]

I've made the changes, but I still get the "checksum incorrect" more often than not.

Also when this happens a "null" file is created, I think this should be catched and skipped.

[mariusknaust]

I think this is a new issue, it was working for the past two month and now I receive it as well.

Again, when somebody with a windows box can provide more insights, that would be great. Maybe @capt-pyro knows more?

[sfjuocekr]

I guess it is going to be VM time then, where do I find the URL?

[mariusknaust]

It’s not easy, if I remember correctly from the first time I did it. You need to sniff the network communication of a trusted MITM attack (as it is encrypted) and trigger a image reload (which is a challenge itself) at the same time.

Another possibility would be to play around with the URL @capt-pyro posted in one of the comments above.