Unable to login - Codeforces javascript redirect issue

[shank03]

Recently codeforces updated there web service to redirect through javascript to destination page. Because of this, the GET returns the page that redirects (not the final landing page) hence, the command line prompts Unable to find csrf.

This is what it returns:

<html>
 <head></head>
 <body>
  Redirecting... Please, wait.
  <script type="text/javascript" src="/aes.min.js"></script>
  <script>function toNumbers(d){var e=[];d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});return e}function toHex(){for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].toString(16);return e.toLowerCase()}var a=toNumbers("e9ee4b03c1d0822987185d27bca23378"),b=toNumbers("188fafdbe0f87ef0fc2810d5b3e34705"),c=toNumbers("ff42be26c8159cd50f366324c648d42c");document.cookie="RCPC="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/";document.location.href="https://codeforces.com/enter?f0a28=1";</script>
 </body>
</html>

Can you please update the tool to handle this ? Thanks

[tiger2005]

I thought that it requires cookie to verify identity. I tested serveral ways to send with cookie by Javascript but failed. If someone can fix this, here is the cookie: "RCPC=b55e2327c11ddadd0613edfb307a981d; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/"

[DonHalkon]

I thought that it requires cookie to verify identity. I tested serveral ways to send with cookie by Javascript but failed. If someone can fix this, here is the cookie: "RCPC=b55e2327c11ddadd0613edfb307a981d; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/"

I am not sure that hardcoded cookie usage is a good idea. Codeforces can revoke it or change the algorithm at any moment.

[tiger2005]

I thought that it requires cookie to verify identity. I tested serveral ways to send with cookie by Javascript but failed. If someone can fix this, here is the cookie: "RCPC=b55e2327c11ddadd0613edfb307a981d; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/"

I am not sure that hardcoded cookie usage is a good idea. Codeforces can revoke it or change the algorithm at any moment.

I also doubted about it. If Codeforces changes the seed rapidly or randomly, the problem may be super difficult. But, at lease previous 2 days, the seed weren't changes.

[shank03]

I managed somehow to overcome the redirect issue, but then, https://github.com/xalanq/cf-tool/blob/master/client/login.go#L78-L87 this block of params isn't accepted anymore. It throws 403 error (i.e. Request recognized but not authorized).

Looks like someone will have re-research (if that's a term) the whole login process again

[tiger2005]

I managed somehow to overcome the redirect issue, but then, https://github.com/xalanq/cf-tool/blob/master/client/login.go#L78-L87 this block of params isn't accepted anymore. It throws 403 error (i.e. Request recognized but not authorized).

Looks like someone will have re-research (if that's a term) the whole login process again

Please tell me how you solved the redirect problem. I developed this kind of software, too. I can use this method to pass the verification and try to figure out the apis of 'login'.

[shank03]

I managed somehow to overcome the redirect issue, but then, https://github.com/xalanq/cf-tool/blob/master/client/login.go#L78-L87 this block of params isn't accepted anymore. It throws 403 error (i.e. Request recognized but not authorized). Looks like someone will have re-research (if that's a term) the whole login process again

Please tell me how you solved the redirect problem. I developed this kind of software, too. I can use this method to pass the verification and try to figure out the apis of 'login'.

I used selenium web driver with headless argument (which opens browser in background) and then tried to login using those params.

[tiger2005]

I managed somehow to overcome the redirect issue, but then, https://github.com/xalanq/cf-tool/blob/master/client/login.go#L78-L87 this block of params isn't accepted anymore. It throws 403 error (i.e. Request recognized but not authorized). Looks like someone will have re-research (if that's a term) the whole login process again

Please tell me how you solved the redirect problem. I developed this kind of software, too. I can use this method to pass the verification and try to figure out the apis of 'login'.

I used selenium web driver with headless argument (which opens browser in background) and then tried to login using those params.

I use external window and finally solved the problem. https://github.com/CodeforcesContestHelper/CCHv2/blob/dev/js/authorize.js#L82:L91 Here are the data I used to enter, quite similar with how login.go does, and I can login after the verification. Sorry that I can't help (I'm a Go noob), but I have some ideas. Does the program clean the cookie after the verification?

[DonHalkon]

Codeforces disabled redirect

[shank03]

Oh damn

[tiger2005]

Oh damn

Useless work :( But at lease we found a way to avoid redirection!

[shank03]

Oh damn

Useless work :( But at lease we found a way to avoid redirection!

Yup.. learning everyday.

So I'll close this then :)

[rishakil]

I am facing the same issue. Did anyone resolve this? Can you please tell me what to do?

[tiger2005]

I am facing the same issue. Did anyone resolve this? Can you please tell me what to do?

The solution is to decrypt the codes in the redirect page and get the right key. You can search for the algorithm in some forks of this project.

[rishakil]

I am facing the same issue. Did anyone resolve this? Can you please tell me what to do?

The solution is to decrypt the codes in the redirect page and get the right key. You can search for the algorithm in some forks of this project.

Can you help me by providing the procedure to decrypt and fix it? Sorry if this sounds novice.