epic-games: docker: captcha before it claims the game

[Darkkingwill]

Hello. im getting a captcha right before it claims the game. Its says one more step. Im using an unraid docker if that helps

[Nackophilz]

I've just tested the new version, and I get the Captcha alert when the game is claimed, but still the captcha, which I don't get when I test outside docker ... Strange !

[vogler]

I don't entirely understand your sentence 😄 I guess you're confirming, just that you're logged in and get the captcha right before claiming. Yea, it's something specific to the docker image.

[Nackophilz]

Yes, I'm sorry if I wasn't very clear ^^ Translating French literally into English isn't very easy, sometimes I mix up sentences or words ^^

But yes, I can confirm that it's linked to the Docker image.

[EnumC]

I just did some additional testing. If I set the xvfb size to 1920x1080, I no longer get captchas. I got captchas on: 1280x1280, 1202x701, 1701x1018. 1280x1280 gave me a medium difficulty captcha, while the other resolutions gave me hard captchas. I did the 1920x1080 last and I didn't solve any of the previous challenges.

Also, I think setting the xvfb size to a different value than the browser window size may help. But it worked without that on my end.

docker compose for the trial that worked:

services:
  free-games-claimer:
    container_name: fgc # is printed in front of every output line
    image: ghcr.io/vogler/free-games-claimer:latest
    stdin_open: true # docker run -i
    tty: true        # docker run -t
    build: .
    #command: "/bin/bash"
    command: bash -c "node epic-games; node prime-gaming; node gog"
    ports:
      - "x:6080" # noVNC (browser-based VNC client)
    volumes:
      - '/x/fgc:/fgc/data'
    environment:
      - TZ=America/Los_Angeles
      - 'EG_OTPKEY=xxx'
      #- PG_REDEEM=1
      - 'NOTIFY=discord://xxx'
      - WIDTH=1920
      - HEIGHT=1080

Service log:

Version: https://github.com/vogler/free-games-claimer/tree/38975e811bac5133a0895ae450de7a7a5a3f2b9d
Build: Thu, 31 Aug 2023 21:09:15 +0000
Xvfb display server created screen with resolution 1920x1080
VNC is running on port 5900 (no password!)
noVNC (VNC via browser) is running on http://localhost:6080
2023-08-31 15:29:16.023 started checking epic-games
Signed in as x
Free games: [ 'https://store.epicgames.com/en-US/p/cave-story-plus' ]
  This game contains mature content recommended only for ages 18+
Current free game: Cave Story+
  Not in library yet! Click GET.
  Claimed successfully!

[KairuByte]

Can confirm, 1920x1080 works as expected, no captcha. I can only assume they are now checking for standard screen resolutions >= "standard gamer size". Did you happen to try 1280x720?

[nodiaque]

Yes, I'm sorry if I wasn't very clear ^^ Translating French literally into English isn't very easy, sometimes I mix up sentences or words ^^

But yes, I can confirm that it's linked to the Docker image.

If needed, say in French and I'll translate ;)

Just tried using the HEIGHT and WIDTH value of 1920 and 1080, still got capcha when redeeming the game (not at login this time)

[andre-paulo98]

Changed height and width and changed it to be at a random time, and it seems to be working now for me as well

[Nackophilz]

Oh !

Resolution to 1920x1080 solved the issue for me (for now) ^^

[yoshimo]

random delay might not be necessary as it works fine with a higher resolution. Being less obvious though is a plus if they get more aggressive.

[DGMayor]

Just wanted to follow up/chime in that the resolution changed fixed it for me as well.

[permster]

Setting the resolution alone didn't resolve the login captcha for me. I ended up solving the captcha manually over vnc and now it no longer prompts at login for subsequent runs.

[vogler]

I changed the default resolution to 1920x1080. At least for the login captcha it didn't matter for me before. Solving the login captcha via VNC now works again for me (at 1280x1280) - maybe they changed something in-between. (Also upgraded node 19 -> 20, but that shouldn't matter.)

[Darkkingwill]

@vogler thank you for the update, that seemed to fix it

[Nackophilz]

Hmm , I'm back to having Captchas despite the new resolution :/

[KairuByte]

Same issue here, at least once.

[guipace]

Same here! On Unraid.

[DGMayor]

confirmed back as well on synology

[kboxvegas]

Back again in Unraid.

[Slothoncrack]

Same on raspberry pi, docker

[AytoMaximo]

+1

[0nnyx]

Problem still present with a docker pull from today.

Free games: [
  'https://store.epicgames.com/en-US/p/out-of-line-209cbb',
  'https://store.epicgames.com/en-US/p/forest-quartet-5d03e3'
]
Current free game: Out of Line
  Not in library yet! Click GET.
  Got hcaptcha challenge! Lost trust due to too many login attempts? You can solve the captcha in the browser or get a new IP address.
page.waitForSelector: Timeout 180000ms exceeded.
=========================== logs ===========================
waiting for locator('text=Thanks for your order!') to be visible
============================================================
    at file:///fgc/epic-games.js:229:20 {
  name: 'TimeoutError'
}
  Failed to claim! To avoid captchas try to get a new IP address.
Current free game: The Forest Quartet
  Not in library yet! Click GET.
  Got hcaptcha challenge! Lost trust due to too many login attempts? You can solve the captcha in the browser or get a new IP address.
page.waitForSelector: Timeout 180000ms exceeded.
=========================== logs ===========================
waiting for locator('text=Thanks for your order!') to be visible
============================================================
    at file:///fgc/epic-games.js:229:20 {
  name: 'TimeoutError'
}
  Failed to claim! To avoid captchas try to get a new IP address.

When doing manually the two hcaptcha challenges to get the 1st game, Epic still requests 2 hcaptcha challenges for the 2nd game.

[KairuByte]

Watching things with VNC and moving the mouse around may be enough to unflag the session. I was observing with my iPhone, and trying to move to see when the captcha appears, but no captcha popped.

Perhaps simulating random mouse movement would be enough to unflag the sessions?

[vogler]

Perhaps simulating random mouse movement would be enough to unflag the sessions?

I'll try it out. I guess there's some trust score that includes stuff like mouse movement, IP, OS, browser fingerprint etc. The interesting part is that it changed while the image didn't and that it still works perfectly fine without docker. Since the user-agent is the same in both cases, it must be something about the browser or environment (screen, GPU, fonts etc.) that they started to take into account.

Here's some background: https://seon.io/resources/browser-fingerprinting/ And here you can check some fingerprint data: https://amiunique.org/fingerprint

Playwright now also has support for Debian besides Ubuntu. Maybe it works with that.

[ZoXx]

same problem with captcha on unraid.

[DevXen]

This is weird.. for the past few weeks I've been having the captcha issue with epic games. Yesterday they both failed like they have been..I didn't do anything and today one failed but one succeeded. I didn't do anything. I was sleeping.

[DevXen]

And today was even stranger. Didn't do anything. Didn't update the docker container or anything and it claimed the one it didn't yesterday.

[KairuByte]

I'd assume they are playing with the trust level requirements in an attempt to pin down bots while inconveniencing as few humans as possible.

[Stratotech78]

On Sunday I restarted my container and the claim worked. The Thursday before it did not work with the cron job. It really seems like the trust level requirements are adjusted.

[seffyroff]

I get it every time, I've been playing with this code, could be a more robust solution.

[AlexanderEDavis]

I've filled in the google sheet. Tried it on a Synology NAS and on a RPi 4 with 4GB RAM. Both experience the exact same Captchas at the same points

[Comamndershephard]

I'm on unraid latest pull, and have been getting the captcha just before claim, then if I run it manually they claim fine, that's without using the vnc viewer , as one user suggested maybe the mouse movement but as mine runs the same time every morning what if its detecting the same account logging in at the same time

[vonwerderc]

I got a captcha for one of the epic free games this week but not for the other. Really weird. I set my resolution to 1920x1080 and it worked for a few weeks.

[lostb1t]

might be interesting to test out some captcha bots like https://github.com/JacobLinCool/recaptcha-solver#readme

[vogler]

@lostb1t I tried a few, but at the time they didn't work that well. See https://github.com/vogler/free-games-claimer/issues/2#issuecomment-1027858090 Also, Playwright currently doesn't support browser extensions for Firefox. Going back to Chrome will likely give you a captcha when running natively as well, not just when running via docker. At least that was the case for headless mode: https://github.com/vogler/free-games-claimer/issues/39

[cj0r]

Confirming same issues on an Unraid docker install. I logged into VNC manually and solved the captchas so maybe logging in enough manually to correct will temporarily trick their trust policies but it'd be nice for something more automated to be developed to help. Regardless, happy with the amount of road I got out of this script up to now. Fingers crossed

[vogler]

Regardless, happy with the amount of road I got out of this script up to now. Fingers crossed

As mentioned above, as a workaround, you can just run it without docker to avoid the captcha. I understand that people with Unraid etc. will want to manage everything with containers, but I assume it shouldn't be too hard to just ssh into it, install nodejs and clone the repo to run the scripts (at least for now).

[lostb1t]

im guessing they are checking specific platform features.

Simulating a real device with https://github.com/apify/fingerprint-suite might be a solution

[vogler]

@lostb1t I'm already using https://github.com/berstend/puppeteer-extra/tree/master/packages/puppeteer-extra-plugin-stealth which according to https://github.com/apify/fingerprint-suite#performance passes more tests, but I'll try this one as well.

[lostb1t]

@lostb1t I'm already using https://github.com/berstend/puppeteer-extra/tree/master/packages/puppeteer-extra-plugin-stealth which according to https://github.com/apify/fingerprint-suite#performance passes more tests, but I'll try this one as well.

oh nice, also seeing they have https://github.com/berstend/puppeteer-extra/blob/master/packages/puppeteer-extra-plugin-recaptcha/readme.md

i might give that a go this week see if that does anything

[DevXen]

Just wanted to chime in and say it worked for me last night. Without the captcha (this time at least.) And thank you for all you are doing on this program and the work you are putting into it. I appreciate it.

On Thu, Nov 2, 2023, 9:56 AM lostb1t @.***> wrote:

@lostb1t https://github.com/lostb1t I'm already using https://github.com/berstend/puppeteer-extra/tree/master/packages/puppeteer-extra-plugin-stealth which according to https://github.com/apify/fingerprint-suite#performance passes more tests, but I'll try this one as well.

oh nice, also seeing they have https://github.com/berstend/puppeteer-extra/blob/master/packages/puppeteer-extra-plugin-recaptcha/readme.md

i might give that a go this week see if that does anything

— Reply to this email directly, view it on GitHub https://github.com/vogler/free-games-claimer/issues/183#issuecomment-1791009745, or unsubscribe https://github.com/notifications/unsubscribe-auth/AARN2AITUZPS7GMOHAYKOM3YCO7DZAVCNFSM6AAAAAA3UZON72VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTOOJRGAYDSNZUGU . You are receiving this because you were mentioned.Message ID: @.***>

[OddSquirrel]

The recent version also worked for me after getting captcha challenges for months previously. 👍

[necromancyr]

I'm having this come up now - was working ok previously. And it's saying "Too many failed attempts" even after correctly answering the captcha right the first time.

[Peter2469]

I am also having the issue; if I follow the VNC it gets stuck before it claims the game and even though I picked the right answer it fails with "Too many failed attempts"

[Spillebulle]

Same, It also won't let me solve the captcha and just says "Failed challenge captcha, please try again later"

[BGarber42]

Accessibility cookie didn't help either.

[CorneliousJD]

Since #261 was closed, I'll add my info here.

Have this running on a regular schedule via Docker and nothing I do to solve a Captcha works. I can watch VNC the entire time and it just doesn't accept any solves at all.

[vogler]

Thanks, but I think we've established by now that something about the docker image triggers unsolvable captcha challenges 😄 The question is what.

(My 8GB M1 MBA is swapping beyond being usable already, so no room for docker experiments until a reboot. uptime says 115 days 🙈)

[Albirew]

For me, I believe it's related to epic's security scans, and the way all headless firefox have the same imprint (same number of fonts, same useragent, same plugins, etc.). Maybe "randomizing" imprint (by installing or emulating installed fonts or plugins, changing customizing general.useragent.override, etc.) at container creation could help.

[CorneliousJD]

Not sure if helpful here but

https://github.com/claabs/epicgames-freegames-node

This project seemingly still works - I had used it ages ago and abandoned it in favor of this project but I fired it backu p and it looged me right in, logs show it actually knows what the free games are. I should know if it's FULLY working in a few days when next free game drops.

Setting timezone: America/New_York
Run on startup: true
[2023-12-18 17:52:39.357 -0500] INFO: Started epicgames-freegames-node
    COMMIT_SHA: "abc123xxx"
    BRANCH: "master"
    DISTRO: "alpine"
[2023-12-18 17:52:39.770 -0500] INFO: Checking free games for myuser@gmail.com 
    user: "myuser@gmail.com"
[2023-12-18 17:52:40.648 -0500] INFO: searchStrategy is `all`: searching for weekly and promotional games
    user: "myuser@gmail.com"
[2023-12-18 17:53:14.056 -0500] INFO: Available free games
    user: "myuser@gmail.com"
    availableGames: [
      "Destiny 2: Legacy Collection (2023)"
    ]
[2023-12-18 17:53:14.205 -0500] INFO: Unpurchased free games
    user: "myuser@gmail.com"
    purchasableGames: []
[2023-12-18 17:53:14.347 -0500] INFO: No free games available
    user: "myuser@gmail.com"
[2023-12-18 17:53:14.349 -0500] INFO: Exiting successfully
Run once: false
Setting cron schedule as 0 0,6,12,18 * * *

[vogler]

For me, I believe it's related to epic's security scans, and the way all headless firefox have the same imprint (same number of fonts, same useragent, same plugins, etc.). Maybe "randomizing" imprint (by installing or emulating installed fonts or plugins, changing customizing general.useragent.override, etc.) at container creation could help.

Yea, I think it's one or more of those things, but I don't think randomizing is needed - just need to figure out what sets it apart from most other clients. The useragent is some common Windows one, so that by itself shouldn't be an issue. But maybe it's reported Windows but no default Windows fonts etc.