the 3 anti-spam parameters no longer used by tiktok?

[cuckforlife]

Hey I did an MITM on my tiktok (Android) to check the API calls, I can't see the anti-spam parameters : as cp mas

They changed the security?

Issue is... every time I login with loginWithEmail, they ask to resolve the captcha. After I solve it it's good (I have included my 2captcha library). But it's annoying to wait 20 seconds to solve the captcha every time I want to run my script.

Edit : I have solved the captcha issue by editing the tiktok-api with my own custom parameters (phone model, etc). But now after only 4-5 logins they don't allow me anymore, say "You are visiting our service too frequently.". I tried to wait for 2 hours, still blocked. Very annoying. I didn't even call other tiktok-api functions. They are very strict, this github hasn't been active recently so I don't know if tiktok were that strict before.

[steffanjensen]

can you share the fix repo with 2captcha ?

[fagenorn]

You need to make sure you edit device_id and install_id too. However, these variables are generated by TikTok based on various parameters.

The endpoint you need to call before logging in (to register a device) is https://log2.musical.ly/service/2/device_register/

The most important part of registering a new device is the body of the request. It doesn't seem like the headers or query params matter much (since if I left them out, I was still able to register a new device).

As for the body of the request, it is encrypted using a native module (libttEncrypt.so) and then gzipped.

[cuckforlife]

Thanks @fagenorn. When is the device_register API called so I can study it? I can't see it on the github doc. API is called first time I login on the app on a given phone?

[cuckforlife]

can you share the fix repo with 2captcha ?

Sure. Actually I never found a javascript 2captcha library on github so I coded my own. I'll put it public.

https://github.com/cuckforlife/2captcha.js

[fagenorn]

Thanks @fagenorn. When is the device_register API called so I can study it? I can't see it on the github doc. API is called first time I login on the app on a given phone?

The request is made when you start the app for the first time at the beginning (together with some logging requests).

After that, the device id and install id are stored locally and reused for future requests.

[SebastienWae]

Edit : I have solved the captcha issue by editing the tiktok-api with my own custom parameters (phone model, etc). But now after only 4-5 logins they don't allow me anymore, say "You are visiting our service too frequently.". I tried to wait for 2 hours, still blocked. Very annoying. I didn't even call other tiktok-api functions. They are very strict, this github hasn't been active recently so I don't know if tiktok were that strict before.

That's actually the generic error they give when the request signature is invalid. From what I found you can use the same signature as much as you want for a few minutes after it was created, then you'll be able to use 5-6 times and it will become invalid.

So make sure the one you are using is not too old and if you are changing the body don't forget to recreate the X-SS-STUB header and pass the new one in the signature method so the x-gorgon header is valid.

[umeshdepale]

If I Try Send Heart Then I Heart not be send why?? can anyone help me I use php TikTok API.

[maestrocoder]

@SebastienWae - can you confirm the code in the repo still works? we got everything from the mitmproxy including the deviceid from the device_register call except the fp: . where do we get the device_fingerprint?

@cuckforlife - can you please share how you solved the captcha issue by editing the tiktok-api with my own custom parameters (phone model, etc)? I am getting blocked by captcha error_code: 1105

[SebastienWae]

@maestrocoder - this repo use an older version of the API some parameters might be different than the one use by the current app. For the captcha, there is no way around if you want to register an account but it's very easy to solve it, if you get hit by a captcha on login then try to change you parameters or IP it happens but it's very rare.

[Nisthar]

@SebastienWae is this library still working?

[SebastienWae]

@Nisthar No idea I havnt used it in a while but check my repo if you want to generate "X-Gorgon" and "X-Khronos" for the current version of the API.

[ghost]

@Nisthar No idea I havnt used it in a while but check my repo if you want to generate "X-Gorgon" and "X-Khronos" for the current version of the API.

can't find your repo, link please?

[F-W-D]

Is someone able to confirm whether we need the anti-spam parameters still? Also if this repository still works properly?

I have coding experience working with requests, but I have no NPM or Node.js experience and limited Android experience. I really want to access the API and I've spent a few days now trying to figure it out. If I'm beating a dead horse can someone please put me out of my misery?

[p4rnicke]

@SebastienWae your repo is gone. Can you share some info? khronos is just the unix timestamp as I see. We can pay for you.

[Miladinho]

@SebastienWae your repo is gone. Can you share some info? khronos is just the unix timestamp as I see. We can pay for you.

How much will you pay?

[zek]

@Miladinho can you share your email address with me?

[felipebelletti]

@SebastienWae I'm having issues while using your frida script to generate the gorgon and khronos hashes Can you help me?

[iamtorsten]

Every login attemp return:

{'data': {'captcha': '', 'desc_url': '', 'description': 'You are visiting our service too frequently.', 'error_code': 7}, 'message': 'error'}

@SebastienWae do you have any idea?

[liamengland1]

Login/registration attempts with email don't work, need to use phone number.

[iamtorsten]

I tried it but error is still the same.

[iamtorsten]

@llacb47 i reversed it.

[szdc]

Closing as this project is no longer maintained.