Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Null response #1

Open
ghost opened this issue Nov 9, 2017 · 14 comments
Open

Null response #1

ghost opened this issue Nov 9, 2017 · 14 comments
Assignees
@mangledbottles
Labels
bug working on it

Comments

@ghost
Copy link

ghost commented Nov 9, 2017
edited by ghost
Loading

Hello! (First - sorry for my bad English, it is not my native language)
I am making simple "bot" to save Musical.ly videos. I tried using Charles Proxy to see how Musical.ly API works, but there was no informations about calls to API on Charles (even with SSL pinning disabled by using Inspectage + Emulator).

I do not use/like PHP. For me it is hard. (I really prefer C# - for me is much more easy to read)
I wanted to port your library to C# DLL (and add as repo) but your lib not works :(

When I run login.php from my local webserver it returns that:


Notice: Undefined offset: 7 in M:\MySQL\htdocs\Musically-API-master\src\musically.php on line 63



Notice: Undefined offset: 1 in M:\MySQL\htdocs\Musically-API-master\src\musically.php on line 64



Notice: Undefined offset: 3 in M:\MySQL\htdocs\Musically-API-master\src\musically.php on line 65



Notice: Undefined offset: 8 in M:\MySQL\htdocs\Musically-API-master\src\musically.php on line 67



Notice: Undefined offset: 3 in M:\MySQL\htdocs\Musically-API-master\src\musically.php on line 68



Notice: Undefined offset: 12 in M:\MySQL\htdocs\Musically-API-master\src\musically.php on line 71



Notice: Trying to get property of non-object in M:\MySQL\htdocs\Musically-API-master\src\musically.php on line 237

{"success":null,"full_response":null}

Last line says that response from Musically API is null. So what I did wrong. I tried your test account Jessica, my two test accounts and it still won't work - always response==null
After running login.php I tried searchuser.php but on end of printed error message I could read that response is null.
Please fix it or explain me what I did wrong... sorry - maybe it's n00b question and my setup is bad.
Thanks for your time.

Edit: I use Xampp, and M:\MySQL\htdocs is root of my webserver.
@mangledbottles
Copy link
Owner

Hello!
I haven't tested the API in a while so it may be outdated...
I will check it tomorrow, it may also be a problem that the account you tested with doesn't work!

Regards ;)

@mangledbottles mangledbottles self-assigned this Nov 18, 2017
@ghost
Copy link
Author

ghost commented Nov 20, 2017

Hello!
Did you find what causes this error? If you want, I can give you password to my test account.

Best regards!

@mangledbottles
Copy link
Owner

Hello,
I just checked it there, they seem to have changed the way they are hashing requests now. The login still returns a hash, but it's in a different format and with fewer parameters (which is what gave you the offset errors). I am unsure if this will affect the rest of the code yet.
I will look into it.

Regards

@dfuse-dev
Copy link

dfuse-dev commented Dec 14, 2017
edited
Loading

Try replacing these in src/musically.php file:

$dexplore = explode('=', $data[7]);
with $dexplore = explode('=', $data[6]);

and

$dexplore1 = explode('"', $data[8]);
with $dexplore1 = explode('"', $data[7]);

@ghost
Copy link
Author

ghost commented Dec 16, 2017

Still that:


Notice: Undefined offset: 6 in M:\MySQL\htdocs\Musically-API-master\src\musically.php on line 63

Notice: Undefined offset: 1 in M:\MySQL\htdocs\Musically-API-master\src\musically.php on line 64

Notice: Undefined offset: 3 in M:\MySQL\htdocs\Musically-API-master\src\musically.php on line 65

Notice: Undefined offset: 7 in M:\MySQL\htdocs\Musically-API-master\src\musically.php on line 67

Notice: Undefined offset: 3 in M:\MySQL\htdocs\Musically-API-master\src\musically.php on line 68

Notice: Undefined offset: 12 in M:\MySQL\htdocs\Musically-API-master\src\musically.php on line 71

Notice: Trying to get property of non-object in M:\MySQL\htdocs\Musically-API-master\src\musically.php on line 237
{"success":null,"full_response":null}


Maybe we could move to more "debuggable" language such as C#?
In .NET you can set breakpoints and see all variables values + run step by step ;) I'm C# developer and PHP is for me like Chinese - I can't even read it :( Thanks for help!

@ghost
Copy link
Author

ghost commented Dec 16, 2017

Tomorrow I will try setup GenyMotion and Inspectage to remove SSL Pinning and then I will send Charles Session file.

@scrapewww
Copy link

#5

@mangledbottles
Copy link
Owner

@Enter03 Did you check the API?

@ghost
Copy link
Author

ghost commented Feb 25, 2018

@mangledbottles
Yes, it worked! They're using REST API and Json, I think that the API it's very big and quite hard to debug. I used iPad3,3 (iOS 9.3.5) with SSLKillSwitch deb file installed and Charles Proxy.

I saw big file (161KB) "GET: https://api.musical.ly/rest/discover/navigate" that contains some kind of list of endpoints, it could be useful I will send it. But I still don't know how login is performed.

Here is navigate.json - https://www.dropbox.com/s/kvjopob4wg95l2h/navigate.json?dl=1
and request that my device made: request.txt

@charlie-niekirk
Copy link

This may help, there is a login endpoint returned by the https://api.musical.ly/rest/discover/navigate : /rest/passport/v2/login?___d=eyJhYyI6IlBPU1QiLCJieiI6InVzZXJfbG9naW4iLCJkbSI6IlVTRVIiLCJ2ZXIiOiJkZWZhdWx0In0%3D

alt text

@mangledbottles
Copy link
Owner

@Enter03 @charlieAndroidDev Thanks for you help! I'm reviewing it atm, I tried to jailbreak my iPhone 8 iOS 11 with Electra to install SSL Kill Switch 2; however I'm experiencing difficulties.
In another issue, someone stated that Musically does not SSL pin their Android app so it might be worthwhile looking into that. I have loads of iPhones and no androids!

@charlie-niekirk
Copy link

@mangledbottles Yep I can confirm that the latest Android app for both Musically and Lively are not SSL pinned. I can use this packet capture app: https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture&hl=en to capture all requests and responses.

I am now stuck on a very tricky issue however. The X-Request-Sign5 header used in most requests is an HMAC-SHA1 hash of what I think is the X-Request-Info5 header value. However, I am not sure how the hashing function works as it is done in the native layer and I believe the function has been dynamically registered and cannot find it in any of the native shared object files. More info available here: https://reverseengineering.stackexchange.com/questions/17583/reversing-an-apk-to-replicate-api-x-request-sign5

I’ll try to use remote LLDB to set breakpoints in the native code. I have decompiled the APK and edited the manifest to allow debugging and have seen quite a few interesting logs when the app has been running, I’ll try a bit more and update you on that when I get something good.

@charlie-niekirk
Copy link

charlie-niekirk commented Mar 10, 2018
edited
Loading

OK, I now know how the X-Request-Sign5 header value is generated after quite a bit of trial and error and static analysis of the smali code from the Android APK. No more obstacles in the way anymore..,

@awebartisan
Copy link

Hey guys, how the searchuser.php is working? its only returns {"success":null,"full_response":null}
Is it changed?
How username should be provided for searching in code?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mangledbottles mangledbottles

Labels
bug working on it
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@dfuse-dev @charlie-niekirk @mangledbottles @awebartisan @scrapewww