search

szdc / tiktok-api

Unofficial API wrapper for TikTok
MIT License
1.26k stars 279 forks source link

Signing service #167

Closed iamtorsten closed 4 years ago

iamtorsten commented 4 years ago

Hi,

is there a solution for an open source or paid sources implementation of the signing service for anti spam?

I will pay.

Telegram: https://t.me/mrklintscher

ghost commented 4 years ago

Whoever reads it: don't be silly and provide source code unless you want TikTok to add more security measures and fuck up your sleep for the next few weeks/months. This code shouldn't be shared or it will end up just like IG did.

eduadoospy commented 4 years ago

srry bro i cant open it

Em seg., 22 de jun. de 2020 às 08:07, justshipit notifications@github.com escreveu:

Whoever reads it: don't be silly and provide source code unless you want TikTok to add more security measures and fuck up your sleep for the next few weeks/months. This code shouldn't be shared or it will end up just like IG did.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/szdc/tiktok-api/issues/167#issuecomment-647448169, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMHYYX55GMY53OYLZOCVOLLRX43PPANCNFSM4NYGP7RA .

baughmann commented 4 years ago

@shipsource Could we talk offline about this? I don't necessarily want an outright answer, but I would very much like to learn more about what exactly the anti-spam parameters are and what purpose they serve.

ghost commented 4 years ago

srry bro i cant open it

You need to click "Unsubscribe" link and that should be it.

@shipsource Could we talk offline about this? I don't necessarily want an outright answer, but I would very much like to learn more about what exactly the anti-spam parameters are and what purpose they serve.

I think the purpose is obvious: to prevent people from tampering with it. TikTok engineers ain't stupid.

baughmann commented 4 years ago

@shipsource Golly, thanks, mister.

baughmann commented 4 years ago

Well for anyone who wants some useful information to point you in the right direction, the answer probably lies in REing TikTik's web app. It's much harder to bury secrets in a compiled C library on the client side of a JS app.

TikTok puts 250kb of data in browser storage before even signing in, including interesting looking stuff like:

ssid: "<GUID>"
timestamp: #####
user_unique_id: "######"
web_id: "######"
react-rxjs commented 4 years ago

If you pay, I'll give you some very useful help https://github.com/react-rxjs/tiktok-xlog-service

baughmann commented 4 years ago

@react-rxjs Why do you have that username when you have nothing to do with RxJS

liamengland1 commented 4 years ago

@baughmann what exactly are you looking for?

baughmann commented 4 years ago

@llacb47 Just a generic explanation of what the specific values are and what they're used for (i.e. "X is calculated based on datetime and user agent and is combined with Y to compute Z"), or really anything that can help me in figuring it out.

iamtorsten commented 4 years ago

Self done here https://github.com/mrklintscher/TikTokPrivateAPI