not-authorized guide

[CodersBrothers]

First of all, i dont have the solution. I saw all issues 3 times. This is the big problem of all users.

@shirioko always respond the same, like a robot, maybe he know how, maybe the code its detectable, or maybe all we are stupids... i dont know, but i know that this is not explained step by step, how your account can't be never block.

Some users only send one message, others many messages (like spam, but for ignorance) because any he explained how do it good.

I propose create a guide to resolve this we all details that a developer need take care.

[shirioko]

Nope. https://github.com/venomous0x/WhatsAPI#note-july-30th-2013

PS sure I may know a fair amount about how the blocking mechanism works, but you won't be reading about it here. For the same reason as explained in the readme.

But I of course have no way of stopping you from creating a guide on your own so go ahead :) It might reduce the amount of "hurr durr I'm blocked halp fix pls" issues opened across my repositories. I'm just going to steer clear from this bulk messaging stuff.

[CodersBrothers]

First: We dont want send SPAM. Second: No ramdom users Third: Any person say that the guide will need create you. Last: Whatsapp not its beautiful, its horrible, its like a a ton of horse shit, and he dont provide a API.

A lot of people make this because not know how use, this API: For example, i connect this service with a birthday calendar service that I build, im trying use whatsapi to inform all contacts that its the birthday of person. As whatsapp its a shit, we need test how inform my contacts. We want build a guide for constructive applications.

[assegaf]

wait a minute, cant believe we use shits of horse all this time .. hmmmm

[CodersBrothers]

Ok, one minute: whatsapp its insecure, not innovation (its the same at bigbang), its closed, its unestable,... infinitte, its a shit.

But we dont stay here for criticize, we are here for build applications with whatsapp. Now: how we can use correctly? This its the topic.

[widplay]

LOL! I like! Lets GO!!

I think that the problem is when you speak so fast with a lot of people. For example if you speak with only one number in a new account, you can send links, text, images so so so speed, days without stop. When you speak with more than X users whatsapp block account.

[brittson]

@shirioko if you know how it works , i think you could share with others , otherwise what is the point of having an Opensource API ? I really respect your hard work regarding the API and I am sure everyone does but sadly i cant agree with you on this.

[shirioko]

@assegaf :laughing:

@CodersBrothers WhatsApp is the first platform which doesn't message me about Hot Females In My Area, Best Smartphone Deals, RussianWebCamGirls or CandyCrushSaga. So in that way it's beautiful.

Insecure? Maybe two years ago when they had no encryption and you had to log in using your IMEI code. I still hear some reports of exploits on Android, but I'm on Windows Phone so I don't care

No innovation? Don't mistake a trendsetter for something outdated. WhatsApp was the first modern generation messaging service, years before WeChat and Telegram even existed. WhatsApp was the first of them to implement phone numbers as usernames so you didn't spend weeks searching and adding your friends.

It's closed? Plenty of protocols are closed: BBM, Facebook chat (FB XMPP API is pretty much useless today), Steam Messenger, Kakao Talk, iMessage, SnapChat, Google Hangouts (again, their old XMPP API is useless and will probably be ditched during Google's spring cleanup)

Unstable? Yes it has a few hours of downtime once in a few months. That's a problem you'll face when handling 700.000.000 photos and >10.000.000.000 messages per day for free.

So I wouldn't call it shit. It's still the most popular mobile chat service.

@brittson I intended this API for personal use and not for commercial use

[brittson]

@shirioko Well i am not talking about commercial use also , i tried last update , i send 11 messages to 11 different numbers during 24 hours period ,and now my number is block , so i think 11 messages is no where close to any commercial services, you please try this , may be i am doing something wrong but a clear idea will of course help, i used .net api and the console program (program.cs) it comes with.

[assegaf]

I think there is no prove of someone somewhere using this abusively like sending 11 msg to 11 different number in 1 minute and safe, even shirioko cant guarantee its will safe. even I ever used simulator like Android Developer Simulator, and register there and sending <20 message different number and still blocked, so its whatsapp Rules. not this Api fault.

[brittson]

I am talking about 24 hours not 1 minute @assegaf

[brittson]

Also i am not talking about any fault of anything , i am just curious about how blocking works

[CodersBrothers]

@shirioko whatsapp secure? today?? LOL, few days ago... http://nakedsecurity.sophos.com/2014/04/19/dont-share-your-location-with-your-friends-on-whatsapp/ And there are a loooot of more problems.

Ok, we are agree that its unestable and closed.

The problem is when people like @brittson or me or others and others users not use bad the service and account its blocked. Maybe the code not works like native whatsapp and detect. If your accounts not are blocked you will can say how you make, or you can criticize users.

[shirioko]

Alright, you want a hint? Revert this commit before registering your number https://github.com/venomous0x/WhatsAPI/commit/86e7e0c7596a3f22105775a2f7f4730b61135fff

Newer versions (i.e. newer than in Play Store) from their website seem to be borked sometimes, I couldn't event get their latest version to send SMS or voice code last night.

[brittson]

so its dependent on tokens ?

[shirioko]

Blocking thresholds may vary per version

[brittson]

but how they determine which is spam and which is not ? as in my case i used it like i use on my mobile ? so whats the difference

[shirioko]

Both numbers should be in each other's contact list

[brittson]

do i need to change the password/or save from .dat file everytime i login or i can use the same password everytime ?

[brittson]

also i found an issue , when i change wart's whatsapi.dll with whatsapi.dll from github its always says could not dissect and i am talking about both updated ones

[CodersBrothers]

Both numbers should be in each other's contact list?? But how we can add the contact from whatsapi?

I go to try change the version to 2.8.4

So, we can use the first version of whatsapp to use a low thresholds? xD

[CodersBrothers]

So, the problem its here? this varchars are very suspicious:

token.php

function generateRequestToken($country, $phone) {
    $signature = "MIIDMjCCAvCgAwIBAgIETCU2pDALBgcqhkjOOAQDBQAwfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC1NhbnRhIENsYXJhMRYwFAYDVQQKEw1XaGF0c0FwcCBJbmMuMRQwEgYDVQQLEwtFbmdpbmVlcmluZzEUMBIGA1UEAxMLQnJpYW4gQWN0b24wHhcNMTAwNjI1MjMwNzE2WhcNNDQwMjE1MjMwNzE2WjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLU2FudGEgQ2xhcmExFjAUBgNVBAoTDVdoYXRzQXBwIEluYy4xFDASBgNVBAsTC0VuZ2luZWVyaW5nMRQwEgYDVQQDEwtCcmlhbiBBY3RvbjCCAbgwggEsBgcqhkjOOAQBMIIBHwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58aophUPBPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvMspK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlXTAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCjrh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQBTDv+z0kqA4GFAAKBgQDRGYtLgWh7zyRtQainJfCpiaUbzjJuhMgo4fVWZIvXHaSHBU1t5w//S0lDK2hiqkj8KpMWGywVov9eZxZy37V26dEqr/c2m5qZ0E+ynSu7sqUD7kGx/zeIcGT0H+KAVgkGNQCo5Uc0koLRWYHNtYoIvt5R3X6YZylbPftF/8ayWTALBgcqhkjOOAQDBQADLwAwLAIUAKYCp0d6z4QQdyN74JDfQ2WCyi8CFDUM4CaNB+ceVXdKtOrNTQcc0e+t";
    $classesMd5 = "+XW/7rCZDX9T7YrGQqTmcg==";

    $key2 = base64_decode("/UIGKU1FVQa+ATM2A0za7G2KI9S/CwPYjgAbc67v7ep42eO/WeTLx1lb1cHwxpsEgF4+PmYpLd2YpGUdX/A2JQitsHzDwgcdBpUf7psX1BU=");
    $data = base64_decode($signature) . base64_decode($classesMd5) . $phone;

    $opad = str_repeat(chr(0x5C), 64);
    $ipad = str_repeat(chr(0x36), 64);
    for ($i = 0; $i < 64; $i++) {
        $opad[$i] = $opad[$i] ^ $key2[$i];
        $ipad[$i] = $ipad[$i] ^ $key2[$i];
    }

    $output = hash("sha1", $opad . hash("sha1", $ipad . $data, true), true);

    return base64_encode($output);
}

Or in the version?:

whatsprot.class.php

const WHATSAPP_VER = '2.11.209';                // The WhatsApp version.
    const WHATSAPP_USER_AGENT = 'WhatsApp/2.11.209 Android/4.3 Device/GalaxyS3';// User agent used in request/registration code.

[CodersBrothers]

Ok, both have a union, if i change the to "2.8.4" version my account return not-authorized when i connect (I not request a new password, i dont create account, i used a created account)

I think that i need $signature string or $classesMD5 string for this version if i want use this version. There are a file that have a history of this strings by version?

$signature seems always the same string.

"The piano has been drinking" xD

[blueslmj]

mark

[CodersBrothers]

My new signature and classesMd5 xD

$signature = "mega";
$classesMd5 = "LOOOL";

Result? Works! whatsapi connect correctly... whats happends? this its needed?

[shirioko]

I'm laughing and crying at the same time. I thought my instructions were clear enough? Revert the commit and register number.

[CodersBrothers]

why? ok, this is only for when we want get the password i think

[shirioko]

Because you're changing unrelated strings for no reason without understanding how the code works and then claim to have fixed something :+)

[CodersBrothers]

no, i claim the same of all users here, understand your code, but we cant understand the logic behind if no there are some documentantation or details in each parts, or links to study. We can only try/error.

We only want understand, maybe contribute, but always create. Sorry if you dont like or make laugh.

[CodersBrothers]

For spanish language people, some others details of whatsapp protocol http://www.uv.es/~montanan/redes/trabajos/WhatsApp.pdf

[shirioko]

That document is >1 year old and not very accurate/useful anymore. It's still talking about using IMEI code to log in.

PS I'd keep my eye on those suspicious looking varchars in https://github.com/venomous0x/WhatsAPI/issues/716#issuecomment-41664694, they may be up to something :o

[CodersBrothers]

what are you saying? that this codes are the key when we generate the passwords? I think that this not its the problem. That the problem is why whatsapp think that we are sending spam to regulate.

[shirioko]

Aw come on Google Translate, I know you can do better than that!

I'm saying that you should take a look at how the registration works and when the token and all those "suspicious looking varchars" are actually used. https://github.com/shirioko/WhatsAPI/wiki/WhatsApp-Registration-Flow

[CodersBrothers]

I tested this. I have a group in my personal account with 50 friends. I send a message saying that please add my new test whatsapp and say me something. When each contact say something my script response with a ":D". Only this, 2 chars, only one time each contact. If the contacts quantity arrived per minute its low, nothing happens... but its is high the account was blocked.

If this its true and not its needed that the other person response, this method could be remove others users account like a attack?? some estrange... i go to make other test without response of the script (I have 2000 phone sims of my work to make tests :D)

[brittson]

actually its funny that websites like http://www.whatsbulk.com/ can spam to thousands people from same number ( they have claimed ) , its very unlikely that whatsapp have different set of rule to help these guys @CodersBrothers

[dp3rez]

Hello, y'all...Nice work!

I been having problems registering new Whatsapp numbers. My whatsapp keeps saying 'An sms was not sent' and then 'You were not called, try again'

Another thing (I don't know if that's the reason) is that the number I am trying to register is a virtual USA Google Voice number. Any help will be welcomed. dperez0109@gmaiil.com

[mgp25]

@dp3rez try using WART some services does not work with whatsapp.

[dp3rez]

I tried using WART. Didn't work.

[mgp25]

@dp3rez WART is working fine. In the phone number field, you have to put your phone number with the country code. Set the debug to true (check it) and post the debug here.

Some virtual phone number services does not work, just fyi

[kirbson]

CodersBrothers how can i contact you ?? Thanks...