-
Notifications
You must be signed in to change notification settings - Fork 138
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New login verification system #116
Comments
update
|
emulate requires pin also. |
I have made a script that dips into the email inbox and gets the code - but i cannot for the life of me find out what URL to send the request too. The params are... "twoFactorCode" => $thecode, |
Why not just use the backup codes? |
they can only be used once. |
if you run out of the backup codes you can always regenerate more |
I dont need too I have a script that grabs the code from the email account. |
Same discussion here if it can help you: trydis/FIFA-Ultimate-Team-Toolkit#93 |
We need the URL where the security data is sent |
@LUFCMOT anyone tested my commit? |
@oczkers but where is POST too? |
I have just tested it and it's working fine, anyone confirms? |
How do you use it? |
fut.Core('login', 'password', 'secret_password', code=123456) code is needed only on first launch (and every 90 days) if you use cookies.txt |
my test import fut
EmailAdd='email@test.com'
PassWord='password'
SecretAnswer='secret'
PlatF='xbox'
CodeOR=123456
Emu=''
Fifa = fut.Core(EmailAdd, PassWord, SecretAnswer, platform=PlatF, code=CodeOR ,emulate=Emu, cookies= EmailAdd) result and I receive a new code by email |
@oczkers what url do you use for send the code? Login -> send in POST the username / password -> RESPONSE: html page of "Two factor code" form -> i get URL of this page -> send in POST correctly the code -> RESPONSE: html page of "Two factor code" form. the url of twofactorcode need of some extra cookie or extra header field? I use a JAVA tool that i made for me. |
^ Ditto but php. |
Hi people. |
@Innursery @christrato
e279030983s1 s1 = post login data (username, password) There is no difference in headers between s1,s2,s3 besides referer. EDIT: i'll release new stable version when we get more confirmations that it works (and logs from @Innursery) |
|
@Innursery |
@oczkers
|
@Innursery |
@oczkers I am sending the code to (s3) but I just get a 400 error Bad request. |
@LUFCMOT EDIT: it's dynamic url, for example e279030983 is changing on every login |
private function Verify($url) { |
Yes I see but all try I put the right code I use python 3.x |
Same here |
I don't know what red text are you talking about but if you use cookies.txt code is required on first login and once every 90 days |
My scripts are going down all the time. I have made one account today and its working fine for about 2 hours, I need more time to know if its really fine. Maybe my old accounts are flagged, but they were working fine before this validation. Anyone with problems? Other thing: I see there is no validation code for mobile app, I'm thinking about testing it if my bots don't get to work fine again. |
Writing that it's "going down" is pointless you should post logs or at least error message because it could be for example just connection problem |
I know, I just want to know if its happening to everybody. I turned debug on and restarted my bots, I'll post the logs soon. |
Seeing my logs, its just a expired session, but it was ok before this validation thing. I put 3 accounts to work together in the same vps I was using before, they don't go down in the same time. I can login in the account again, but sometimes EA asks for the pin again, even if I'm using cookies. But if I wait about one hours, I can login again without the pin. I believe they are changing something in the page that we need to request the pin. I will post logs of this soon, I'm looking for them in my archieve. So I'll just post the log of my expired session, there is 3 logs of this problem here. My bot closes after this, but its my option, I tell my script to close for general exceptions, like that. Idk if they would work after this, I believe not, I'll try again later. 1st 2014-12-15 15:02:41,836 [DEBUG] [root] request: request: https://utas.fut.ea.com:443/ut/game/fifa/transfermarket args=(); kwargs={'params': {'maxb': 60000, 'start': 0, 'num': 1, 'type': 'player', 'maskedDefId': yyyyyy}} (line 310) 2014-12-15 15:02:41,841 [DEBUG] [requests.packages.urllib3.connectionpool] _make_request: "POST /ut/game/fifa/transfermarket?maxb=600&start=0&num=1&type=player&maskedDefId=184431 HTTP/1.1" 200 70 (line 362) 2014-12-15 15:02:41,841 [DEBUG] [root] request: response: {"message":null,"reason":"expired session","code":401} (line 312) 2nd 2014-12-15 15:07:43,499 [DEBUG] [root] request: request: https://utas.fut.ea.com:443/ut/game/fifa/transfermarket args=(); kwargs={'params': {'maxb': 55000, 'start': 0, 'num': 1, 'type': 'player', 'maskedDefId': zzzzzz}} (line 310) 2014-12-15 15:07:43,512 [DEBUG] [requests.packages.urllib3.connectionpool] _make_request: "POST /ut/game/fifa/transfermarket?maxb=550&start=0&num=1&type=player&maskedDefId=184575 HTTP/1.1" 200 70 (line 362) 2014-12-15 15:07:43,513 [DEBUG] [root] request: response: {"message":null,"reason":"expired session","code":401} 3rd - This one is a little different, because I got an Internal Server Error before, but I have an exception for it, so the bot won't close for this reason. It just will try to do the same thing he was trying before the Internal Server Error. And yes, I care about rpm, thats not the problem for sure. The gap between these two requests was short because I had some auction close to the end, I didn't change my bot, only upgraded the toolkit to use cookies and to use this new security code. Everything was 100% fine until last week. 2014-12-15 18:27:57,172 [DEBUG] [requests.packages.urllib3.connectionpool] _make_request: "POST /ut/game/fifa/watchlist HTTP/1.1" 200 86 (line 362) 2014-12-15 18:27:57,172 [DEBUG] [root] request: response: {"debug":"","string":"Internal Server Error (ut)","reason":"","code":"500"} (line 312) 2014-12-15 18:27:57,172 [DEBUG] [root] request: request: https://utas.fut.ea.com:443/ut/game/fifa/watchlist args=(); kwargs={} (line 310) 2014-12-15 18:27:57,177 [DEBUG] [requests.packages.urllib3.connectionpool] _make_request: "POST /ut/game/fifa/watchlist HTTP/1.1" 200 70 (line 362) 2014-12-15 18:27:57,177 [DEBUG] [root] request: response: {"message":null,"reason":"expired session","code":401} (line 312) |
I realize that I cannot login again in some accounts, even if I wait hours, like a said before. I didn't know, but my scripts were running doing nothing! I will delete all cookies and use new pins. Sorryfor this mistake, I don't know why it happened. So I believe my only problem is that I'm just getting disconnected too much... Dinana, thanks for the reference. I'm going to check. |
It's always good idea to look at one request/response before you got expired session - there could be something "weird" that makes your session expired. |
I have an account that only check prices of a list of players, and this account has the same problem. This account doesn't buy, doesn't sell, just check prices like some sites does. I'm seeing there are normal users with temporaries bans, like my accounts. Now I'm trying to run the script for 20 minutes only, they are restarting after 15 minutes. I'll see if it helps. |
hey mates! Just a question: Where do you host your app? because I host my own to heroku and their servers restarts every 24 hours (free plan), so I have to change the code every time... |
I run from linux server at home. You might want to consider using EC2 free tier. However I don't know if EA blacklists EC2 IPs. |
thank you for the tip ;) I'll check it |
I just tried your procedure from 5 days ago and it works like a charm. Thanks. I'll see how long the cookie lasts. Sounds like you're running multiple bots behind the same IP. I wonder if EA is expiring your session more aggressively than others. I'll find out when my login fails again. How do you manage to transfer money between your accounts? |
This is just FYI. I'm using Python 2.4.x and I've had to hack a few things to get the script to work. I don't really know what I'm doing as I'm not that good with Python so feel free to throw these away or correct what I did. Thank you for the awesome tool. @@ -90,7 +91,7 @@ def cardInfo(resource_id): """Returns card info.""" # TODO: add referer to headers (futweb) - url = '{}{}.json'.format(self.urls['card_info'], baseId(resource_id)) + url = '{0}{1}.json'.format(self.urls['card_info'], baseId(resource_id)) return requests.get(url).json() ''' @@ -153,7 +154,7 @@ else: raise FutError('Invalid emulate parameter. (Valid ones are and/ios).') # pc/ps3/xbox/ # === login - self.urls['login'] = self.r.get(self.urls['fut_home']).url + self.urls['login'] = self.r.get(self.urls['fut_home'],verify=False).url self.r.headers['Referer'] = self.urls['login'] # prepare headers data = {'email': email, 'password': passwd, @@ -393,7 +394,7 @@ def cardInfo(self, resource_id): """Returns card info.""" # TODO: add referer to headers (futweb) - url = '{}{}.json'.format(self.urls['card_info'], baseId(resource_id)) + url = '{0}{1}.json'.format(self.urls['card_info'], baseId(resource_id)) return requests.get(url).json() def searchDefinition(self, asset_id, start=0, count=35): @@ -515,7 +516,7 @@ def tradepileDelete(self, trade_id): """Removes card from tradepile.""" - url = '{}/{}'.format(self.urls['fut']['TradeInfo'], trade_id) + url = '{0}/{1}'.format(self.urls['fut']['TradeInfo'], trade_id) self.__delete__(url) # returns nothing return True |
I keep receiving a huge HTML which overflows my cmd screen (the one with the iframe like the webapp) then I get this:
File "***\fut\fut\core.py", line 274, in _login Any idea? (N.B. I'm using this: >>> fut = fut.Core('email','password','secret',platform='ps3', code = 'codeFromEmail', emulate='and',cookies='cookies2.txt')) |
Oh I just have this old centos box that I haven't upgraded. You're right I should probably upgrade! |
I think I'm having an issue relating to the new login verification system as well. I keep getting this error every time I input the security code given to me by origin. This is the code I'm using: import fut But I keep getting this error: Here is my log file as well: https://gist.github.com/vmuruganandam/8da12ad4b8cb60f4f1a5 Is it just because its not recognizing the code I'm giving? |
Looks like your session is validated and code is not required but captcha appeared and you have to resolve it manualy or maybe remove cookies.txt and restart to create new session. "Your FUT account has been temporarily disabled because too many actions have been taken. Please solve the question below to unlock your account." |
Ohh, I didn't even realize. I went in and manually fixed that. I get a different error now, not really sure what this one means either. Went through the source code and couldn't really find an answer. File "build/bdist.macosx-10.9-intel/egg/fut/core.py", line 106, in init Log: https://gist.github.com/vmuruganandam/8da12ad4b8cb60f4f1a5 |
Huh....I don't know why this is a problem but all the parameters that I passed to fut.Core had double quotes and after I changed them to single quotes, the error didn't show up anymore. I'm not even sure that this is the actual problem and maybe I just had to wait before trying to log in again but that seemed to fix it. By the way, does turning off this two factor authentication system manually in your origin settings allow one to login without using codes at all? Right now I'm resorting to using the backup codes because of how buggy these security codes seem to be (sometimes they don't seem to work, some I don't receive in my email, etc). |
You got 500 error and empty response - looks like a temporary server error, retryng after few seconds/minutes should help. Double or single quote doesn't make any diference, it was probably just temporary sever error :-) |
Traceback (most recent call last): Is it a bug or I'm doing something wrong? |
It works on Debian 8, but not on Debian 7. |
My guess would be old requests - updating or chaning json() to json should help |
@LUFCMOT are you using the guzzle php framework? I figured it out if you still haven't done it. You need to geteffectiveUrl() from the response of the login part and post data to that |
Hi , how may i post my Email and Password ( True login page ) |
The reason of creating new issue is to collect all info about new verification system (code, secreat answer, captcha etc.) in one place.
PS. I've pushed new commit (33f7192) that enables two step verification (email/sms code), it's not yet tested and probably doesn't work ;-).
TODO:
The text was updated successfully, but these errors were encountered: