Read this in russian.
Python port of this library: vodka2/vkaudiotoken-python
This library obtains VK token, that works for VK audio API, so you can search artists, songs, albums, query audio URIs, add audios to "My audios" etc. The library supports Kate Mobile, Boom and VK Official clients. (Thanks to YTKABOBR for reversing the Boom client)
Actually there two versions of VK API, one for Kate Mobile and one for the official client. Boom client uses VK API somewhat similar to Kate one, but it has some limitations, not all methods are supported. Moreover it requires messages permission (do they scan our messages?) and sometimes returns 500 errors. On the other hand it supports another API in addition to VK API and may be used as a fallback.
composer require vodka2/vk-audio-token... or simply copy the cloned repository somewhere and include src/autoloader.php. The library requires no dependencies.
The simplest example:
<?php
use Vodka2\VKAudioToken\TokenFacade;
$login = "+71234567890";
$pass = "12345";
// print token and User-Agent
// setting User-Agent is mandatory when querying the API!
var_export(TokenFacade::getKateToken($login, $pass));More advanced examples are in the examples directory. Start with example_simple.php.
The simplest example:
<?php
define('TOKEN', 'token from previous example');
define('USER_AGENT', 'User-Agent from previous example');
$ch = curl_init();
curl_setopt($ch, CURLOPT_HTTPHEADER, array('User-Agent: '.USER_AGENT));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt(
$ch,
CURLOPT_URL,
"https://api.vk.com/method/audio.getById?access_token=".TOKEN.
"&audios=".urlencode("371745461_456289486").
"&v=5.95"
);
echo json_encode(json_decode(curl_exec($ch)), JSON_PRETTY_PRINT)."\n\n";More examples that show how to use obtained VK tokens with different API methods are in the usage subdirectory. More detailed VK API description is available at https://vodka2.github.io/vk-audio-token/ (Currently in progress)
There is also more advanced CLI tool, that emulates Kate Mobile:
Usage: src/cli/vk-audio-token.php [options] vk_login vk_pass
src/cli/vk-audio-token.php [options] non_refreshed_kate_token
Options:
-s file - save GMS ID and token to the file
-l file - load GMS ID and token from file
-g gms_id:gms_token - use specified GMS ID and token
-d file - use droidguard string from file
instead of hardcoded one
-m - make microG checkin (default)
-o - old checkin with droidguard string
that may expire
with droidguard string is made
-t code - use two factor authentication
pass GET_CODE to get code or
pass code received in SMS
-h - print this helpdocker build -t vk-audio-tokens src/
docker run -t vk-audio-tokens:latest php src/cli/vk-audio-token.php -m vk_login vk_pass
docker run -t vk-audio-tokens:latest php src/examples/usage/example_kate.php tokenTwo factor authorization with SMS is supported for Kate and VK Official clients, however VK server sometimes does not send an SMS. If you don't receive it, you can use TwoFAHelper class to force resending. See example_twofahelper.php
For the Boom client the library uses implicit flow authorization and makes requests to the VK website. VK server may make a call, send an SMS or send private message to your VK account. You can also authenticate the client yourself and only pass the token and user id.
It is also possible to create separate passwords in VK account settings and use them instead of your account password.
GMS credentials are also obtained while obtaining tokens. There are two ways to obtain GMS credentials.
The first way is to get them from a rooted Android device. The token is in /data/data/com.google.android.gsf/shared_prefs/CheckinService.xml file and ID is in /data/data/com.google.android.gms/shared_prefs/Checkin.xml file. You can install GMS Credentials application to see them.
The second way is to perform Android Checkin yourself. Class AndroidCheckin is designed for this task. This class provides two options: checkin with droidguard string and checkin as in microG project. Note that the obtained credentials may expire.
For the first option you need a string that is generated by com.google.ccc.abuse.droidguard (the.apk). One such string is in example_droidguard_str.php file, it may expire. When using the second option one extra request is made and PHP needs to have sockets enabled.
It is also possible to intercept Android Checkin request (it is made on first boot) and see the returned GMS ID and token.
WMR — P778046516389
WMZ — Z828082159527