mgp25 / SC-API

Snapchat’s private API
MIT License
334 stars 103 forks source link

getAttestation Exception Status Code != 200 #202

Closed ghost closed 9 years ago

ghost commented 9 years ago

Fatal error: Uncaught exception 'Exception' with message 'getAttestation Exception: HTTP Status Code != 200' in C:\xampp\htdocs\src\snapchat.php:217 Stack trace: #0 C:\xampp\htdocs\src\snapchat.php(470): Snapchat->getAttestation('password', 1442423971273) #1 C:\xampp\htdocs\config\config.php(54): Snapchat->login('password') #2 C:\xampp\htdocs\index.php(3): require_once('C:\\xampp\\htdocs...') #3 {main} thrown in C:\xampp\htdocs\src\snapchat.php on line 217

This is the error returned by my program. It was working perfectly last night, nothing was changed and today it simply isnt working and I cant figure out why. I see this is a common issue because people have opened topics before, Im curious as to how you fixed it.

Here is a test dump: http://pastebin.com/68kcYXNK

mgp25 commented 9 years ago

201

ghost commented 9 years ago

Completely useless answer, thanks. I'm glad to hear other users are having the same issue and it's not being addressed.

From what I read, time fixed their issue whereas mine still exists. That thread had nothing useful.

mgp25 commented 9 years ago

@TGEJesse if you don't read you will never get the answer

Hiya,

My API gateway server was undergoing an upscale. This is because of the increased traffic.

It's all back up and running again.

Cheers,
Liam Cottle

Useless answer, sigh...

ghost commented 9 years ago

I dont think the issue is with casper. If so, the issue hasn't been fixed because were still getting the error when he said its back up (17 hours ago).

I see now where casper is used, but I dont think that is the issue.

Some of the other apis are not found:

https://www.googleapis.com/androidcheck/v1/attestations/attest?alt=JSON&key=AIzaSyDqVnJBjE5ymo--oBJt3On7HQx9xNm1RHA

and

https://www.googleapis.com/androidantiabuse/v1/x/create?alt=PROTO&key=AIzaSyBofcZsgLSS7BOnBjZPEkk4rYwzOIz-lTI

teknogeek commented 9 years ago

are you trying to piss people off? you are doing a really great fucking job if so, congratulations. YES WE DO USE LIAM'S SERVER.

NOW...do you know how you could have figured that out all on your own without me telling you here?? Oh ok well let me tell you!

you ready?

are you sure?

well really idk if you're ready....

alright if you insist

Fucking Read

With your goddamn eyeballs

In your goddamn head

The mother fucking code

That is right in front of you

but then I can only assume that you would say "BUT HOW DO I DO THAT????"

WELL TODAY IS YOUR LUCKY FUCKING DAY, I'LL FUCKING SHOW YOU RIGHT NOW

STEP 1: READ YOUR SHITTY STACKTRACE

Fatal error: Uncaught exception 'Exception' with message 'getAttestation Exception: HTTP Status Code != 200' in C:\xampp\htdocs\src\snapchat.php:217 Stack trace: #0 C:\xampp\htdocs\src\snapchat.php(470): Snapchat->getAttestation('password', 1442423971273) #1 C:\xampp\htdocs\config\config.php(54): Snapchat->login('password') #2 C:\xampp\htdocs\index.php(3): require_once('C:\xampp\htdocs...') #3 {main} thrown in C:\xampp\htdocs\src\snapchat.php on line 217

COOL. STEP 2: GO TO THE FUCKING LINE C:\xampp\htdocs\src\snapchat.php:217

WOW SO EASY. STEP 3: READ THE FUCKING CODE

public function getAttestation($password, $timestamp)
{
    $binary = file_get_contents("https://api.casper.io/droidguard/create/binary");
    $binaryJSON = json_decode($binary);
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, "https://www.googleapis.com/androidantiabuse/v1/x/create?alt=PROTO&key=AIzaSyBofcZsgLSS7BOnBjZPEkk4rYwzOIz-lTI");
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
    curl_setopt($ch, CURLOPT_ENCODING, "gzip");
    curl_setopt($ch, CURLOPT_USERAGENT, "DroidGuard/7329000 (A116 _Quad KOT49H); gzip");
    curl_setopt($ch, CURLOPT_POST, TRUE);
    curl_setopt($ch, CURLOPT_POSTFIELDS, base64_decode($binaryJSON->binary));
    curl_setopt($ch, CURLOPT_HTTPHEADER, array("Accept:", "Expect:", "content-type: application/x-protobuf"));
    $return = curl_exec($ch);
    if(curl_getinfo($ch, CURLINFO_HTTP_CODE) != 200)
    {
        throw new Exception("attestationCreate Exception: HTTP Status Code != 200");
    }
    curl_close($ch);
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, "https://api.casper.io/droidguard/attest/binary");
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
    curl_setopt($ch, CURLOPT_POST, TRUE);
    curl_setopt($ch, CURLOPT_POSTFIELDS, array(
        "bytecode_proto" => base64_encode($return),
        "nonce" => base64_encode(hash("sha256", $this->username."|{$password}|{$timestamp}|/loq/login", true)),
        "apk_digest" => "5O40Rllov9V8PpwD5zPmmp+GQi7UMIWz2A0LWZA7UX0="
    ));
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
    $return = curl_exec($ch);
    if(curl_getinfo($ch, CURLINFO_HTTP_CODE) != 200)
    {
        throw new Exception("getAttestation Exception: HTTP Status Code != 200");
    }
    curl_close($ch);
    $return = json_decode($return);
    if(!$return || !isset($return->binary))
    {
        throw new Exception("getAttestation Exception: Invalid JSON / No signedAttestation returned");
    }
    $postData = base64_decode($return->binary);
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, "https://www.googleapis.com/androidcheck/v1/attestations/attest?alt=JSON&key=AIzaSyDqVnJBjE5ymo--oBJt3On7HQx9xNm1RHA");
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
    curl_setopt($ch, CURLOPT_HEADER, FALSE);
    curl_setopt($ch, CURLOPT_POST, TRUE);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $postData);
    curl_setopt($ch, CURLOPT_HTTPHEADER, array(
        'Accept:',
        'Expect:',
        'User-Agent: SafetyNet/7899000 (WIKO JZO54K); gzip',
        'Content-Type: application/x-protobuf',
        'Content-Length: ' . strlen($postData),
        'Connection: Keep-Alive'
    ));
    curl_setopt($ch, CURLOPT_ENCODING, "gzip");
    $return = curl_exec($ch);
    if(curl_getinfo($ch, CURLINFO_HTTP_CODE) != 200)
    {
        throw new Exception("getAttestation Exception: HTTP Status Code != 200");
    }
    curl_close($ch);
    $return = json_decode($return);
    if(!$return || !isset($return->signedAttestation))
    {
        throw new Exception("getAttestation Exception: Invalid JSON / No signedAttestation returned");
    }
    return $return->signedAttestation;
}

OK NOW WHAT. STEP 4: LOOK AT THE FUCKING LINE GIVING PROBLEMS AND SCROLL UP

if(curl_getinfo($ch, CURLINFO_HTTP_CODE) != 200)
{
    throw new Exception("getAttestation Exception: HTTP Status Code != 200");
}

OH HEY THERE'S THE ERROR. STEP 5: LOOK AT THE CAUSE OF THE ERROR

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://www.googleapis.com/androidcheck/v1/attestations/attest?alt=JSON&key=AIzaSyDqVnJBjE5ymo--oBJt3On7HQx9xNm1RHA");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_HEADER, FALSE);
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postData);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
    'Accept:',
    'Expect:',
    'User-Agent: SafetyNet/7899000 (WIKO JZO54K); gzip',
    'Content-Type: application/x-protobuf',
    'Content-Length: ' . strlen($postData),
    'Connection: Keep-Alive'
));
curl_setopt($ch, CURLOPT_ENCODING, "gzip");
$return = curl_exec($ch);

if(curl_getinfo($ch, CURLINFO_HTTP_CODE) != 200)
{
    throw new Exception("getAttestation Exception: HTTP Status Code != 200");
}

OH HEY THERE'S A REQUEST. STEP 6: USE YOUR FUCKING BRAIN TO PROBLEM SOLVE THOUGHT PROCESS:

  1. OH HEY LOOK A REQUEST
  2. OH HEY IT'S TO GOOGLE ATTESTATION
  3. OH HEY IF THERE'S NOT A 200 RESPONSE CODE IT THROWS AN EXCEPTION
  4. OH WAIT. THAT MEANS. THAT IM SENDING SOMETHING. THAT IS NOT RIGHT. TO GOOGLE. SO I SUPPOSE. THAT MEANS. THAT THE PROBLEM. WOULD BE WITH ATTESTATION. AND IF IM NOT MAKING THAT DATA MYSELF. THEN IT MUST BE EITHER LIAM'S SERVER DATA. OR THE DATA THAT IM GIVING TO LIAM'S SERVER. OR THE AUTH API IS DOWN LIKE WE ALREADY FUCKING SAID.

STEP 7: COOL COOL NOW THAT WE HAVE THAT FIGURED OUT, LET'S CONCLUDE

OH WAIT. THAT MEANS. THAT IM SENDING SOMETHING. THAT IS NOT RIGHT. TO GOOGLE. SO I SUPPOSE. THAT MEANS. THAT THE PROBLEM. WOULD BE WITH ATTESTATION. AND IF IM NOT MAKING THAT DATA MYSELF. THEN IT MUST BE EITHER LIAM'S SERVER DATA. OR THE DATA THAT IM GIVING TO LIAM'S SERVER. OR THE AUTH API IS DOWN LIKE WE ALREADY FUCKING SAID.

TADAAAAAAAAAAAAAAAAAAAAAA

nayanbhana commented 9 years ago

rip in peaches

heliumsoft commented 9 years ago

Hi, mgp25

I got this issue . how did you get Apk_digest ? Snapchat team updated as version 9.15.0.

if you have any solution , let me know it

Happy working .

liamcottle commented 9 years ago

Guys, plz chill. The issue is with my servers. Google made some server side changes, and I am yet to fix this issue on my servers.

You'll all need to wait until I fix this problem.

Until then, anyone using the Casper API for attestations, such as this PHP Lib, will not be able to login.

Thnkz :)

plopinou commented 9 years ago

Hello, sorry to add a new comment to a resolved issue, but even after a fresh git pull and deleting every .dat files in the src/authData directory, I'm still not able to get the attestation and get the error :

Fatal error: Uncaught exception 'Exception' with message 'getAttestation Exception: HTTP Status Code != 200' in /_MY_PATH_/SC-API/src/snapchat.php:181

... which corresponds to the curl call on https://api.casper.io/droidguard/attest/binary Is liamcottle still in the vicinity ? Just in case, I made sure that both my snapchat and gmail passwords only contain alphanumerical chars. I also tested it from another PC and another IP, but it didn't change anything.

Edit : is that the good topic to post in, or should I move this message to the #201 issue ?

emiliobasualdo commented 9 years ago

@plopinou same here

plopinou commented 9 years ago

It's working today, so I suppose Liam did something on his end. Thanks :)