How to register a new device? #58
Comments
|
I'm also interested in knowing this. I'm having the same issue. When I provide new device details, I get prompted for captcha on every request however I do not know how to bypass the captcha because the error just says "captcha field empty" or something along those lines. If I go back to device details that have been registered within the app everything works fine. I noticed an API call the first time you open the app on a new device which registers the device and returns device id, iid, etc however it posts encrypted data to retrieve that and I can't figure out what that data is! |
szdc
added
enhancement
|
Did anyone succeed? |
|
The data sent in when registering a device is gzipped and then encrypted using |
|
It's clear. But what parameters does he transmit? What are the key parameters? |
|
Has anyone succeeded this? I also found out that the POST body is encrypted using ttEncrypt, but has anyone gotten the binary of it? The string it encrypts is quite complex, but it is a stringified JSON object/array of various parameters. I haven't fully figured out the contents of the JSON yet. |
|
Ok I found the .so file in the apk. That apktool decompiler is great. |
|
@yaizudamashii @szdc Just a heads up, the function that encrypts the POST body looks likes a well-known encryption algorithm, but they committed the cardinal sin of rolling their own encryption by modifying it. On top of that, if you look at the JSON payload itself you'll find that they're using a native library to encode some of the values as well. It's not just one native encryption layer, but two. On top of that, the secondary encrypted value also contains hardware identifiers that are unique to your device and flags emulators. Eventually they're going to flag and disallow the methods everyone except me is using for the current cp/as/mas signing. Jack, I shot you a follow on Twitter btw - username begins with "C". You should ping me your discord username, assuming you've got one. |
|
https://github.com/ch4kn/tiktok-device-register <= Tiktok Device Register |
|
Can Anyone Mention The Code Location Just Before The Device Id Being Encrypted ? |
|
I could identify until this point where the function calling device register is accepting 4 arguments r3, r9, r2, r0 and out of which r2 - context |
Ok out of curiosity, I looked at that website, and quite literally I have no idea what it's for. I'm not gullible, it's 100% a scam, but I looked at the requests made by the site, and the site doesn't even get past CAPTCHA. I thought it might like send a username and password to a malicious server, but what's the point of that if it just never gets past CAPTCHA? Like for real, how much time did you spend on a hopeless website? |
I tried it out, and you just gotta disable your adblocker |
|
Closing as this project is no longer maintained. |
If you try to generate fresh device details you're unable to login successfully until device is registered with api it seems. You can use the same device for multiple accounts however you hit request limits extremely quickly. I see that the app makes an api call to register a new device however the data it posts seems to be encrypted. any idea on what is being sent over to the api during this post call?
The text was updated successfully, but these errors were encountered: