Error loading feed

[ghost]

When i logIn into toofake appear a message SOMETHING WENT WRONG: ""

And in console appear this: { "message": "Request failed with status code 400", "name": "AxiosError", "stack": "AxiosError: Request failed with status code 400\n ", "config": { "transitional": { "silentJSONParsing": true, "forcedJSONParsing": true, "clarifyTimeoutError": false }, "adapter": [ "xhr", "http" ], "transformRequest": [ null ], "transformResponse": [ null ], "timeout": 0, "xsrfCookieName": "XSRF-TOKEN", "xsrfHeaderName": "X-XSRF-TOKEN", "maxContentLength": -1, "maxBodyLength": -1, "env": {}, "headers": { "Accept": "application/json, text/plain, /", "Content-Type": "application/json" }, "url": "/api/all", "method": "post", "data": "" }, "code": "ERR_BAD_REQUEST", "status": 400 }

[Jornvz]

Same for me

[retoheusser]

Looks like BeReal changed something again... @juansebgon you should probably not paste your own token here 😉 Everybody can access your account with that.

[ghost]

Don't worry @retoheusser is a fake beReal that i use for this im trying to see how it work but today it start fail, hope someone will solve it soon

[n7icoo]

same

[s-alad]

they invalidated signatures

[ghost]

But you can still post @s-alad

[s-alad]

It's only for some API endpoints

[retoheusser]

Issue is fixed here: https://github.com/rvaidun/befake/issues/199#issuecomment-2010302831

[h4rqq]

So, is it possible to implement the supposed fix?

[retoheusser]

Yes, definitely. Only a signature update is required.

[Jornvz]

When do you Think the site Will be back up?

[retoheusser]

https://github.com/s-alad/toofake/pull/94 you're welcome :)

[h4rqq]

@retoheusser getting bad request and session expired errors in your web any fix?

[retoheusser]

@h4rqq Loading the feed works for me in the preview. It's probably your own session that has expired. Try logging in again.

[h4rqq]

It seems I can't log in even with a different phone number, maybe it only works with certain countries?

[retoheusser]

Yes i think that's an issue that has been previously mentioned. I use a Swiss phone number and was never able to login through this client. But in isolation, the feed works for me.

[h4rqq]

Well, it seems BeReal changed something again log in is available but feed is not working

[retoheusser]

Yes, signature changed again. Looks like signatures are now valid for exactly 1 week (the signature contains a timestamp). It's a week ago since it needed to be exchanged last time. It's time that a brillant reverse engineer finds out how the signature is produced and could disclose the algorithm :)

[h4rqq]

The process of discovering the algorithm behind the signature generation, imo, would take weeks to accomplish and reverse engineer the signature once a week will end up being tedious to do. I think we are getting closer and closer to a dead end.

[FH-DEV1]

I don't understand, can't we generate signature really easily using the technic mentioned in https://github.com/rvaidun/befake/issues/199#issuecomment-2010302831?

[h4rqq]

I don't understand, can't we generate signature really easily using the technic mentioned in https://github.com/rvaidun/befake/issues/199#issuecomment-2010302831?

Nah bro, they prob already invalidated that method

[FH-DEV1]

actually I just tested and it still works. It seems like I can't do a pull request but here is the new signature (no need to change device-id). "bereal-signature": "MToxNzExNTc0ODYyOoqIZ5a9FAreOBIuDRzjdonbo6QGGOQDNCQzQ5vC1UI4"

[h4rqq]

This is really nice man, let's hope this technique stays up a little longer, despite it being public ha

[retoheusser]

What technique and method to generate a signature are you referring to? I'm not talking about changing the signature (that would need to be done every week), but about generating it (from the device id, timezone and probably some key). If we can generate signatures inside the project, we don't need to reverse engineer this every week.

[wilmxre]

@retoheusser how can i contact you privately? i have something that could help, but i don't want it to be public

[xlordbyron]

How can I update the signature?

[s-alad]

I will update soon

[Ltlpig03]

Is this working for anyone yet?

[h4rqq]

Is this working for anyone yet?

Make a fork of toofake then go throught the code and find the following files: client/pages/api/ All.ts Comment.ts Feed.ts Friends.ts client/pages/api/add/ post.ts Edit those files by replacing the set of numbers and letters after "bereal-signature" with the following string: "MToxNzExNTc0ODYyOoqIZ5a9FAreOBIuDRzjdonbo6QGGOQDNCQzQ5vC1UI4" once you have done that save the changes and build your fork with Vercel, render, etc. (remind that most of the hosters with free plans shut down inactive servers). Finally go to your server address and tada, now you can normally use toofake without depending on someone else to keep it up-to-date.

[Ltlpig03]

Thanks for the info but i don’t know what any of that means. I just joined github to ask the question. I wish i knew what you said means so i could do it and make it work.

Sent from my iPhone

On Mar 28, 2024, at 8:50 PM, h4rqq @.***> wrote:



Is this working for anyone yet?

Make a fork of toofake then go throught the code and find the following files: client/pages/api/ All.ts Comment.ts Feed.ts Friends.ts client/pages/api/add/ post.ts Edit those files by replacing the set of numbers and letters after "bereal-signature" with the following string: "MToxNzExNTc0ODYyOoqIZ5a9FAreOBIuDRzjdonbo6QGGOQDNCQzQ5vC1UI4" once you have done that save the changes and build your fork with Vercel, render, etc. (remind that most of the hosters with free plans shut down inactive servers). Finally go to your server address and tada, now you can normally use toofake without depending on someone else to keep it up-to-date.

— Reply to this email directly, view it on GitHubhttps://github.com/s-alad/toofake/issues/93#issuecomment-2026459905, or unsubscribehttps://github.com/notifications/unsubscribe-auth/BHL4DKEFKL7HX77FD2IZXWTY2TCGBAVCNFSM6AAAAABE7SHXT6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMRWGQ2TSOJQGU. You are receiving this because you commented.Message ID: @.***>

[h4rqq]

I left you some "not to well explained but acceptable" instructions it is up to you if you want to find your own solution or just wait until someone else do it.

[s-alad]

updated