notmarek / BeFake

BeReal Python API wrapper
131 stars 29 forks source link

Unable to login #64

Closed ney-web closed 1 year ago

ney-web commented 1 year ago

When I want to connect and I put my code received by sms, it gives me this error:

WARNING: Concurrent verifications to the same number are not allowed
If you already received a code before, ignore the warning and enter it.
Enter otp: 744339
Traceback (most recent call last):
  File "C:\Users\ney\Desktop\BeFake-master\befake.py", line 6, in <module>
    cli(obj={})
  File "C:\Users\ney\AppData\Local\Programs\Python\Python311\Lib\site-packages\click\core.py", line 1130, in __call__
    return self.main(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\ney\AppData\Local\Programs\Python\Python311\Lib\site-packages\click\core.py", line 1055, in main
    rv = self.invoke(ctx)
         ^^^^^^^^^^^^^^^^
  File "C:\Users\ney\AppData\Local\Programs\Python\Python311\Lib\site-packages\click\core.py", line 1657, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\ney\AppData\Local\Programs\Python\Python311\Lib\site-packages\click\core.py", line 1404, in invoke
    return ctx.invoke(self.callback, **ctx.params)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\ney\AppData\Local\Programs\Python\Python311\Lib\site-packages\click\core.py", line 760, in invoke
    return __callback(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\ney\Desktop\BeFake-master\BeFake\__main__.py", line 49, in login
    bf.verify_otp(otp)
  File "C:\Users\ney\Desktop\BeFake-master\BeFake\BeFake.py", line 137, in verify_otp
    "token": vonageRes["token"],
             ~~~~~~~~~^^^^^^^^^
KeyError: 'token'
valerierx commented 1 year ago

Looks like you have hit the rate limit of the vonage backend. I didn't implement proper error handling on send_otp, so it could be an incorrect code.

ney-web commented 1 year ago

You don’t have a solution because I’ve been trying to make the repo work for 2/3 days

valerierx commented 1 year ago

You don’t have a solution because I’ve been trying to make the repo work for 2/3 days

Can you put a print(vonageRes) before line 135 in the BeFake.py file and send me its output, for me the login works fine using auth.bereal.team and vonage.

ney-web commented 1 year ago

When I do the login command first, it gives me this:

Traceback (most recent call last):
  File "C:\Users\ney\Desktop\BeFake-master\befake.py", line 6, in <module>
    cli(obj={})
  File "C:\Users\ney\AppData\Local\Programs\Python\Python311\Lib\site-packages\click\core.py", line 1130, in __call__
    return self.main(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\ney\AppData\Local\Programs\Python\Python311\Lib\site-packages\click\core.py", line 1055, in main
    rv = self.invoke(ctx)
         ^^^^^^^^^^^^^^^^
  File "C:\Users\ney\AppData\Local\Programs\Python\Python311\Lib\site-packages\click\core.py", line 1657, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\ney\AppData\Local\Programs\Python\Python311\Lib\site-packages\click\core.py", line 1404, in invoke
    return ctx.invoke(self.callback, **ctx.params)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\ney\AppData\Local\Programs\Python\Python311\Lib\site-packages\click\core.py", line 760, in invoke
    return __callback(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\ney\Desktop\BeFake-master\BeFake\__main__.py", line 47, in login
    bf.send_otp(phone_number)
  File "C:\Users\ney\Desktop\BeFake-master\BeFake\BeFake.py", line 114, in send_otp
    print("WARNING: " + vonageRes.json()["errorText"])
                        ~~~~~~~~~~~~~~~~^^^^^^^^^^^^^
KeyError: 'errorText'

I have to do the command a second time for it to work.

Then after entering the code and putting the print where you told me I get this error:

WARNING: Concurrent verifications to the same number are not allowed
If you already received a code before, ignore the warning and enter it.
Enter otp: 460058
{'error': 'Error', 'statusCode': 500, 'message': 'Error', 'timestamp': '2023-04-05T08:53:59.001Z', 'requestId': '436913e7850580186ca1d85d69d8963f'}

Then it's followed by the error I showed you yesterday

valerierx commented 1 year ago

Okay. I'm gonna need another print(vonageRes.json()) before line 114.

Smart123s commented 1 year ago

I faced similar issues, had to reinstall the package with:

pip uninstall befake
sudo pip uninstall befake
pip install -U git+https://github.com/notmarek/BeFake

Results after the reinstall:

pi@raspberrypi:~ $ befake login +36000000000
Traceback (most recent call last):
  File "/home/pi/.local/bin/befake", line 8, in <module>
    sys.exit(cli())
  File "/home/pi/.local/lib/python3.9/site-packages/click/core.py", line 1130, in __call__
    return self.main(*args, **kwargs)
  File "/home/pi/.local/lib/python3.9/site-packages/click/core.py", line 1055, in main
    rv = self.invoke(ctx)
  File "/home/pi/.local/lib/python3.9/site-packages/click/core.py", line 1657, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/home/pi/.local/lib/python3.9/site-packages/click/core.py", line 1404, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/home/pi/.local/lib/python3.9/site-packages/click/core.py", line 760, in invoke
    return __callback(*args, **kwargs)
  File "/home/pi/.local/lib/python3.9/site-packages/BeFake/__main__.py", line 47, in login
    bf.send_otp(phone_number)
  File "/home/pi/.local/lib/python3.9/site-packages/BeFake/BeFake.py", line 114, in send_otp
    print("WARNING: " + vonageRes.json()["errorText"])
KeyError: 'errorText'
pi@raspberrypi:~ $ befake login +36000000000
WARNING: Concurrent verifications to the same number are not allowed
If you already received a code before, ignore the warning and enter it.
Enter otp: 000000
Login successful.
You can now try to use the other commands ;)

idk if it helps anything, just wanted to let you know

valerierx commented 1 year ago

Yeah, make sure you are always on the latest master before reporting an issue

Smart123s commented 1 year ago

Yeah, make sure you are always on the latest master before reporting an issue

The command crashed on the first run even on the latest version, so I'd hardly call the bug invalid. On the first run, the command crashed, but I received a code. Running the command again pormpted me for the code.

valerierx commented 1 year ago

I'm gonna try rewriting the whole OTP related code later.

ney-web commented 1 year ago

Okay. I'm gonna need another print(vonageRes.json()) before line 114.

I have the same error

{'status': '10', 'vonageRequestId': '3e705cfe7ddc429f8212756c69516021', 'errorText': 'Concurrent verifications to the same number are not allowed'}
WARNING: Concurrent verifications to the same number are not allowed
If you already received a code before, ignore the warning and enter it.
Enter otp: 960144
ney-web commented 1 year ago

I closed the issue by mistake sorry

notmarek commented 1 year ago

I closed the issue by mistake sorry

Are you able to login from your phone?

ney-web commented 1 year ago

I manage to connect from the bereal client, on https://toofake.vercel.app/ also, I don't know why it doesn't work

ohld commented 1 year ago

I think I just faced the similar issue:

image

And my vonageRes is:

{
    "statusCode":400,
    "errorKey":null,
    "fields":null,
    "timestamp":"2023-04-06T16:18:00.029Z",
    "requestId":"bddc8a7181d6f9a6544668b437afdef1"
}
ohld commented 1 year ago

offtopic but I think the library should have docs on how to work with bf = BeFake() object without all CLI stuff. This will simplify the debugging and experimenting.

This is my code to reproduce the issue:

# git clone the repo
from BeFake.BeFake import BeFake
import string, random

phone_number = "+??"
bf = BeFake()
vonageRes = bf.client.post(
    "https://auth.bereal.team/api/vonage/request-code",
    headers={
        "user-agent": "BeReal/8586 CFNetwork/1240.0.4 Darwin/20.6.0",
    },
    data={
        "phoneNumber": phone_number,
        "deviceId": random.choices(string.ascii_lowercase + string.digits, k=16),
    },
)

print(vonageRes.json())
{
    'statusCode': 400,
    'errorKey': None,
    'fields': None,
    'timestamp': '2023-04-06T16:24:44.890Z',
    'requestId': 'f745f267ba27b8617651239006a3dc1b'
}
valerierx commented 1 year ago

For some reason, BeReal changed the "status" value from an integer to a string. This has been fixed by 9773858eae67c1ed6fc8dd14ab9bba0a4f033bed

For all the 400 errors, I suspect that it has to do with hitting the rate limit after multiple requests have been made to the service. I'll be closing this soon if the 400 issue can't be reproduced consistently

ney-web commented 1 year ago

Now its working but when i enter the otp code i got this error :

Enter otp: 650783
Error: Error
Make sure you entered the right code
Traceback (most recent call last):
  File "C:\Users\ney\Desktop\BeFake-master\befake.py", line 6, in <module>
    cli(obj={})
  File "C:\Users\ney\AppData\Local\Programs\Python\Python311\Lib\site-packages\click\core.py", line 1130, in __call__
    return self.main(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\ney\AppData\Local\Programs\Python\Python311\Lib\site-packages\click\core.py", line 1055, in main
    rv = self.invoke(ctx)
         ^^^^^^^^^^^^^^^^
  File "C:\Users\ney\AppData\Local\Programs\Python\Python311\Lib\site-packages\click\core.py", line 1657, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\ney\AppData\Local\Programs\Python\Python311\Lib\site-packages\click\core.py", line 1404, in invoke
    return ctx.invoke(self.callback, **ctx.params)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\ney\AppData\Local\Programs\Python\Python311\Lib\site-packages\click\core.py", line 760, in invoke
    return __callback(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\ney\Desktop\BeFake-master\BeFake\__main__.py", line 52, in login
    bf.verify_otp_vonage(otp)
  File "C:\Users\ney\Desktop\BeFake-master\BeFake\BeFake.py", line 165, in verify_otp_vonage
    "token": vonageRes["token"],
             ~~~~~~~~~^^^^^^^^^
KeyError: 'token'
valerierx commented 1 year ago

Error: Error 🤨 Weird, normally it should give out a bad request error, maybe try ./befake login --backend firebase if vonage dosen't seem to work in your country. 500 is an internal server error, so this might have nothing to do with BeFake.

ney-web commented 1 year ago

I a use a french number but im in irish

valerierx commented 1 year ago

Weird, I also use a french number but it works perfectly for me. Have you already used that number on the BeReal app?

ney-web commented 1 year ago

Yes I have an account with this number

valerierx commented 1 year ago

Yes I have an account with this number

Did you try logging in using the firebase backend? If it dosen't work either I'm afraid I won't have a solution right now. I'm gonna try to reproduce on another bereal account, but this might take someone with a jailbroken iPhone to resolve.

Edit: Okay, I took a look at s-alads repo, and it appears that they use a THIRD login backend 😂. I'll implement it right away, tell me if it works!

ney-web commented 1 year ago

I got this error :(


Traceback (most recent call last):
  File "C:\Users\ney\Desktop\BeFake-master\befake.py", line 6, in <module>
    cli(obj={})
  File "C:\Users\ney\AppData\Local\Programs\Python\Python311\Lib\site-packages\click\core.py", line 1130, in __call__
    return self.main(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\ney\AppData\Local\Programs\Python\Python311\Lib\site-packages\click\core.py", line 1055, in main
    rv = self.invoke(ctx)
         ^^^^^^^^^^^^^^^^
  File "C:\Users\ney\AppData\Local\Programs\Python\Python311\Lib\site-packages\click\core.py", line 1657, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\ney\AppData\Local\Programs\Python\Python311\Lib\site-packages\click\core.py", line 1404, in invoke
    return ctx.invoke(self.callback, **ctx.params)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\ney\AppData\Local\Programs\Python\Python311\Lib\site-packages\click\core.py", line 760, in invoke
    return __callback(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\ney\Desktop\BeFake-master\BeFake\__main__.py", line 56, in login
    bf.send_otp_firebase(phone_number)
  File "C:\Users\Elève\Desktop\BeFake-master\BeFake\BeFake.py", line 110, in send_otp_firebase
    self.otp_session = res["sessionInfo"]
                       ~~~^^^^^^^^^^^^^^^
KeyError: 'sessionInfo'```
ArtrenH commented 1 year ago

For me,the issue with the sessionInfo usually happens, when the BeReal-Servers are overloaded e.g. when many people are currently uploading. (I never tried to debug this, I normally just ignore it and some minutes later it works)

ohld commented 1 year ago

Thanks for the updates. I tried to run my snippet above and got the same 400 response code while asking for OTP. Request fails on the first query - so I assume this is not a rate limit.

I think it would be great if @VxlerieUwU & @notmarek can sniff login endpoints one more time to see if there any new headers or POST params.

My snippet that produces 400:

!git clone https://github.com/notmarek/BeFake/

import random, string
from BeFake.BeFake import BeFake

phone_number = "+9999999999"
device_id = random.choices(string.ascii_lowercase + string.digits, k=16)
bf = BeFake(deviceId=device_id)
vonageRes = bf.client.post(
    "https://auth.bereal.team/api/vonage/request-code",
    headers={
        "user-agent": "BeReal/8586 CFNetwork/1240.0.4 Darwin/20.6.0",
    },
    data={
        "phoneNumber": phone_number,
        "deviceId": device_id,
    },
)

print(vonageRes)
{
    'statusCode': 400,
    'errorKey': None,
    'fields': None,
    'timestamp': '2023-04-09T10:54:26.954Z',
    'requestId': '504fdccab2a46b66c88c76b6f4a6dc06'
}
ohld commented 1 year ago

Also when I tried to login using CLI I still got key error issue on line 124:

git clone https://github.com/notmarek/BeFake
cd BeFake
python befake.py login +9999999999

stacktrace:

  File "/Users/?/Documents/researches/bereal/BeFake/BeFake/__main__.py", line 50, in login
    bf.send_otp_vonage(phone_number)
  File "/Users/?/Documents/researches/bereal/BeFake/BeFake/BeFake.py", line 124, in send_otp_vonage
    if vonageRes.json()["status"] != '0':
KeyError: 'status'
valerierx commented 1 year ago

I've discovered a new reCAPTCHA firebase auth backend, it needs to handle the intent:// URI tho.

valerierx commented 1 year ago

New login backend has been implemented, make sure to update to the newest master 811dd2ccf24510bf3402065b500d8fb4f270e1f6 . ./befake.py login -b recaptcha +0000000123 should work (I really hope it does)

valerierx commented 1 year ago

There's also a fourth possibility: using rvaiduns login provider at https://us-central1-befake-623af.cloudfunctions.net/login. They seem to have a working way of getting valid iosReceipts.

I don't think this project is gonna allow third party services to provide sessionInfo tokens here. Beware that you are giving your phone number information and potentially a BeReal refresh token to an unknown party, it does represent a security risk.

Implementing a manual way of importing sessionInfo tokens or refresh tokens directly from any source (MITM, BeReal config file on rooted phones, unknown/WIP login endpoints, etc) would prevent people from getting stuck with no working solutions to log into BeReal.

ohld commented 1 year ago

Thanks! I finally managed to login! Here is my step-by-step guide (thanks to @VxlerieUwU for wiki pages and helper repos).

  1. Git clone and run login script with your mobile number:
    git clone https://github.com/notmarek/BeFake
    cd BeFake && ./befake.py login -b recaptcha +99999999999
  2. Copy the shown URL.
  3. Open browser (e.g. Chrome). Open a new tab on any random website (e.g. google.com). Right-click -> "inspect" (make sure you have browser dev tools enabled). Open "Console" tab.
  4. Open the URL from step 2. In console you will see a warning with a string which starts with intent://. Quickly copy the text because my browser clears the console log in couple seconds. Otherwise - just try again with the new URL from step 2.
  5. Run this python shitcode snippet to extract ReCaptcha token from the intent url (I simplified @VxlerieUwU helper script and removed all dependencies):
from urllib import parse

# copy your intent string here
intent = """intent://firebase.auth/#Intent;scheme=recaptcha;package.........."""
intent_arguments = intent.split(";")

for item in intent_arguments:
    if item.startswith("S.link="):
        raw_recaptcha_token_value = item[len("S.link="):]
        query = parse.parse_qs(parse.urlsplit(parse.unquote(raw_recaptcha_token_value)).query)
        recaptcha_token = query["recaptchaToken"][0]
        print(f"Recaptcha Token:\n{recaptcha_token}")
        break
  1. Copy-paste the ReCaptcha token back to login script (from step 1). Enter the SMS code. DONE.
valerierx commented 1 year ago

Thanks! I'll add the code to the repo if you don't mind.