Duplicate of #10: New User ID Issues about yikyakterminal HOT 71 OPEN

I think posts might not be working. After a "successful" post, I check my own yaks and get an error message

from yikyakterminal.

Hey, I got the code working, the problem is that the user ID's your program
makes do not work anymore. I'm working on figuring out whats up with that,
but using an already assigned ID makes it work

On Thu, Nov 20, 2014 at 2:13 AM, Dean Dunbar [email protected]
wrote:

I think posts might not be working. After a "successful" post, I check my
own yaks and get an error message

—
Reply to this email directly or view it on GitHub
#11 (comment)
.

Very Respectfully,
Dennis M. Devey
MIDN USN

from yikyakterminal.

Heres the test ID I have been using:
46C8E8491692F83A9D229CA586EE1B52

On Thu, Nov 20, 2014 at 7:10 AM, Dennis Devey [email protected] wrote:

Hey, I got the code working, the problem is that the user ID's your
program makes do not work anymore. I'm working on figuring out whats up
with that, but using an already assigned ID makes it work

On Thu, Nov 20, 2014 at 2:13 AM, Dean Dunbar [email protected]
wrote:

I think posts might not be working. After a "successful" post, I check my
own yaks and get an error message

—
Reply to this email directly or view it on GitHub
#11 (comment)
.

Very Respectfully,
Dennis M. Devey
MIDN USN

Very Respectfully,
Dennis M. Devey
MIDN USN

from yikyakterminal.

Test ID is now banned... damnit.
Working on finding another working one

On Thu, Nov 20, 2014 at 7:11 AM, Dennis Devey [email protected] wrote:

Heres the test ID I have been using:
46C8E8491692F83A9D229CA586EE1B52

On Thu, Nov 20, 2014 at 7:10 AM, Dennis Devey [email protected] wrote:

Hey, I got the code working, the problem is that the user ID's your
program makes do not work anymore. I'm working on figuring out whats up
with that, but using an already assigned ID makes it work

On Thu, Nov 20, 2014 at 2:13 AM, Dean Dunbar [email protected]
wrote:

I think posts might not be working. After a "successful" post, I check
my own yaks and get an error message

—
Reply to this email directly or view it on GitHub
#11 (comment)
.

Very Respectfully,
Dennis M. Devey
MIDN USN

Very Respectfully,
Dennis M. Devey
MIDN USN

Very Respectfully,
Dennis M. Devey
MIDN USN

from yikyakterminal.

I think a cookie needs to be implemented for the API now, so I will look into it. Here is a test ID that works: B6C52E0EA41CBD9D4A1FA7D65C60AA4D

from yikyakterminal.

If you could add that to the program, that would be awesome.

from yikyakterminal.

B6C52E0EA41CBD9D4A1FA7D65C60AA4D
46C8E8491692F83A9D229CA586EE1B52

These test ID's do not seem to work anymore.

from yikyakterminal.

Is there anyway to generate new ID's?

Sent from my iPhone

On Nov 24, 2014, at 8:34 PM, "Trevor Hutto" <[email protected]mailto:[email protected]> wrote:

B6C52E0EA41CBD9D4A1FA7D65C60AA4D
46C8E8491692F83A9D229CA586EE1B52

These test ID's do not seem to work anymore, how can I find another?

Reply to this email directly or view it on GitHubhttps://github.com//issues/11#issuecomment-64296548.

from yikyakterminal.

You can generate ID's, and register them using the API.py, but I have not found a good way of finding IDs that work.

from yikyakterminal.

It requires a cookie to be generated now. I need to add it to the API. Sorry, I haven't had much time to work on it. I will work on it tomorrow.

B6C52E0EA41CBD9D4A1FA7D65C60AA4D must have gotten banned at some point.

from yikyakterminal.

46C8E8491692F83A9D229CA586EE1B52 this key works sometimes.

Yik Yak may have some flags in place to stop multiple people using it at the same time. Like geographical restrictions saying that you can't yak somewhere, and then yak somewhere else 100 miles away in less than 5 minutes.

from yikyakterminal.

I added the cookie, but it still isn't working with new IDs.

from yikyakterminal.

Don't know if this helps, But if I use my jailbroken iPhone (root access) and remove all APP data and reinstall it of course generates a new "USER ID". If I use this newly generated ID with YikYakTerminal any actions will fail, However if I proceed with some actions such as Upvoting, Commenting through the app itself then try again with the same "USER ID" all actions work perfectly.

from yikyakterminal.

Yes, that helps. Is it possible for you to try to generate and register a user_id with YikYakTerminal and try it in the app?

from yikyakterminal.

With my limited knowledge in programming, (I just tinker with stuff) I would have to figure out where the "plist" file is located to swap out the ID - This should be easy though.

Would it help if I sniff out the requests the app makes when I do actions in the app?

from yikyakterminal.

Yes, that would be helpful also, let us know if you get anywhere.

from yikyakterminal.

Found the plist, lets see if it's as simple as swapping the ID's

from yikyakterminal.

If you could sniff the request when the app is performing registerUser, that would be extremely helpful.

from yikyakterminal.

Okay, I am doing that now... So far no luck with swapping IDS as it makes the app unstable and crash. Under Private Documents file named "currentInstallation". - Perhaps a permissions issue I gotta look into.

{"classname":"_Installation","data":{"updatedAt":"2014-11-27T15:38:58.797Z","parseVersion":"1.4.2","deviceToken":"4859da5668ff9e40153275848e7c8465e8514124ea1889dffb02c805ecf4dcbc","badge":0,"deviceType":"ios","installationId":"6ddd9774-c606-462f-978e-ded22d3b36bc","channels":["c3C64F319-7515-4749-AE7C-00346E816D51
c"],"appIdentifier":"engineering.locus.chatter","timeZone":"America/Los_Angeles","appName":"Yik Yak","objectId":"nK0GqKfef0","appVersion":"2.1.2.2","createdAt":"2014-11-27T15:38:58.797Z"}}

the above ID 3C64F319-7515-4749-AE7C-00346E816D51 is valid and works

from yikyakterminal.

https://us-east-api.yikyakapi.net/api/getMessages?userID=CBA42CFD-AEAD-415C-A308-980AC6C0C333&lat=34.057076&long=-117.824496&userLat=34.057076&userLong=-117.824496&version=2.1.2&horizontalAccuracy=65.000000&verticalAccuracy=10.000000&altitude=76.308350&floorLevel=0&speed=-1.000000&course=-1.000000&salt=1417103505&hash=rgdPKnYPelRbtggfVUD6rT99oZo%3D

from yikyakterminal.

I just noticed that the user ID had leading and trailing c's in that response. I don't know if that would change anything.

from yikyakterminal.

Can you find the url for registerUser?

from yikyakterminal.

GET /api/registerUser?userID=067542B7-9155-4D4F-80F1-5A72D3C1FDDC&userLat=34.057076&userLong=-117.824496&version=2.1.2&horizontalAccuracy=65.000000&verticalAccuracy=10.000000&altitude=76.308350&floorLevel=0&speed=-1.000000&course=-1.000000&salt=1417103872&hash=%2BY96PUGB2vB6HQD8Y5LeTOBlL0U%3D HTTP/1.1

URL for above is - https://us-west-api.yikyakapi.net/api/registerUser?userID=067542B7-9155-4D4F-80F1-5A72D3C1FDDC&userLat=34.057076&userLong=-117.824496&version=2.1.2&horizontalAccuracy=65.000000&verticalAccuracy=10.000000&altitude=76.308350&floorLevel=0&speed=-1.000000&course=-1.000000&salt=1417103872&hash=%2BY96PUGB2vB6HQD8Y5LeTOBlL0U%3D

from yikyakterminal.

After the above you get

https://api.parse.com/2/create - POST /2/create HTTP/1.1

THEN

https://content.yikyakapi.net/refreshers/locate?latitude=34.057077&longitude=-117.824494 - GET /refreshers/locate?latitude=34.057077&longitude=-117.824494 HTTP/1.1

and finally it uses the east coast URL for the remaining requests..... - perhaps this is the reason??

https://us-east-api.yikyakapi.net/api/getMessages?userID=067542B7-9155-4D4F-80F1-5A72D3C1FDDC&lat=34.057076&long=-117.824496&userLat=34.057076&userLong=-117.824496&version=2.1.2&horizontalAccuracy=65.000000&verticalAccuracy=10.000000&altitude=76.308350&floorLevel=0&speed=-1.000000&course=-1.000000&salt=1417103876&hash=foggf9yJck8Qj9%2BMziTH7ss%2FStI%3D

from yikyakterminal.

Perfect! I'll try it out next time I get the chance. Happy Thanksgiving!

from yikyakterminal.

Same to you! Let me know and I also might have a custom request/for hire job after you figure out the issue :)

from yikyakterminal.

We need to figure out what the POST parameters are for the https://api.parse.com/2/create url.

I am getting {"error":"unauthorized"}.

from yikyakterminal.

For Request

{
"appBuildVersion": "2.1.2.2",
"data": {
"timeZone": "America/Los_Angeles",
"appVersion": "2.1.2.2",
"channels": ["cAB2FE464-6F82-4940-B525-377EB80B838Ec"],
"deviceType": "ios",
"appName": "Yik Yak",
"badge": 0,
"installationId": "e0314b51-dc33-4ffc-b968-af4b71d659aa",
"appIdentifier": "engineering.locus.chatter",
"parseVersion": "1.4.2",
"deviceToken": "4859da5668ff9e40153275848e7c8465e8514124ea1889dffb02c805ecf4dcbc"
},
"osVersion": "Version 8.1 (Build 12B411)",
"appDisplayVersion": "2.1.2",
"classname": "_Installation",
"v": "i1.4.2",
"uuid": "LEFT BLANK FOR PRIVACY",
"iid": "E0314B51-DC33-4FFC-B968-AF4B71D659AA"
}

And Response

{
"result": {
"data": {
"createdAt": "2014-11-28T20:55:15.292Z",
"objectId": "cSAarEmx2G"
}
}
}

from yikyakterminal.

There is also a section called "authentication" but I don't know if it's wise I post this publicly, I don't know if personal info is in there.

from yikyakterminal.

Anyone come up with a way to get these ID's registered yet?

If not, does anyone know an easy way to find the ID's on your phone?
I'm starting to look, just can't find them yet.

If anyone has a list of test ID's that still work, I'd really appreciate it, because I'm almost out.

from yikyakterminal.

Do these ones work?

64F8355DC1FF501A9405753FBAE1AFC3
D1A7BCC3B573537312F6E35EF81DCF91
76130FFB84E12A0CE8E4FEA14A146548
F07F93340D1B9ACB1056229C12EC5DEB

If so, I can generate them. For some reason, I'm getting a 500 error when I try to post, which is new. And I can't read the feed any more.

from yikyakterminal.

@lknparktheory88 used a jail broken iPhone to get an ID out. They are contained in the plist file. Here are two that I have found that are currently working.
AB2FE4646F824940B525377EB80B838E
46C8E8491692F83A9D229CA586EE1B52

You may be able to get some information on how ID's are created from @lknparktheory88 dumped data.

I have not been able to generate a working ID yet. Yik Yak has become a lot more complicated than it used to be.

from yikyakterminal.

That's the thing: I think I reverse engineered a way to generate them. Can someone with a working build try the ids I posted above?

from yikyakterminal.

Sorry Murphy, not working. Does anyone have even the slightest idea? I
remember hearing rumors about some sort of salt using a hashed geolocation,
but I'm not sure if that is still applicable.
Anyone on android know where the user ID's are located?

On Fri, Dec 5, 2014 at 6:29 PM, Brian Murphy [email protected]
wrote:

That's the thing: I think I reverse engineered a way to generate them. Can
someone with a working build try the ids I posted above?

—
Reply to this email directly or view it on GitHub
#11 (comment)
.

Very Respectfully,
Dennis M. Devey
MIDN USN

from yikyakterminal.

If you sniff the getMessages request on your own network, you may be able to get your phone's ID since it is a parameter in this request. I am not an Android user, but this method should work for anyone.

https://us-east-api.yikyakapi.net/api/getMessages?userID=067542B7-9155-4D4F-80F1-5A72D3C1FDDC&lat=34.057076&long=-117.824496&userLat=34.057076&userLong=-117.824496&version=2.1.2&horizontalAccuracy=65.000000&verticalAccuracy=10.000000&altitude=76.308350&floorLevel=0&speed=-1.000000&course=-1.000000&salt=1417103876&hash=foggf9yJck8Qj9%2BMziTH7ss%2FStI%3D

from yikyakterminal.

They are taking a compilation of the sim card number, the serial number, and a few other things, and then using them to choose a semi-random string of characters from 0-9 and A-F. If those services are not available, they are using the Java UUID to pick their string. I am looking at the source code. Are you sure we are registering these IDs correctly? if we aren't, that would explain why only the ones we pull off of devices are working.

from yikyakterminal.

No, the ID's are not being registered correctly.

from yikyakterminal.

Sniffing packets on Android isn't working for me, all traffic is encrypted. Now I'm going into finding the location of the user ID in the actual app's memory, anyone have any clue where that is?

from yikyakterminal.

@Ankerman On android the User ID is located in /data/data/com.yik.yak/shared_prefs/YikYak.xml near the bottom. When I pull my user ID from my phone into the program it works. But if I replace it with an ID generated by the program it won't work

from yikyakterminal.

Thanks but I'm still missing it, think I'm missing the permissions. Are you rooted?

from yikyakterminal.

Yes you need to be rooted in order to see the files, or else the data folder will look empty

from yikyakterminal.

Does anyone know the file path for where the user ID is located on iPhone?

from yikyakterminal.

@brain-murphy What source code are you looking at?

from yikyakterminal.

I decompiled the yik yak android apk. Is it illegal for me to post it? I don't have any money, so as long as I don't go to jail I'm cool with it.

-------- Original message --------
From: Mitchell Borrego [email protected]
Date:12/21/2014 9:09 PM (GMT-05:00)
To: djtech42/YikYakTerminal [email protected]
Cc: "Murphy, Brian P" [email protected]
Subject: Re: [YikYakTerminal] Duplicate of #10: New User ID Issues (#11)

@brain-murphyhttps://github.com/brain-murphy What source code are you looking at?

Reply to this email directly or view it on GitHubhttps://github.com//issues/11#issuecomment-67795370.

from yikyakterminal.

@brain-murphy I am not sure if you should post it directly on here, but go ahead and put relevant code into a Pastebin and send a few of us in this thread a PM with the link.

from yikyakterminal.

I'd be interested if there's any relevant pastes as well, please -- there's nothing out there for yik yak right now; this is our last, best hope.

from yikyakterminal.

If anyone needs valid ID's, I generated ~400 Id's for people to use.
http://pastebin.com/bHJMx1cG
(I did not use YikYakTerminal to generate these, I used YikYak's actual Android app and they should mostly, if not all be working)

from yikyakterminal.

Thank you so much, I was down to two working accounts.

How'd you do that?
I'd love to contribute to the fund

On Sun, Jan 25, 2015 at 10:45 PM, lay295 [email protected] wrote:

If anyone needs valid ID's, I generated ~400 Id's for people to use.
http://pastebin.com/bHJMx1cG
(I did not use YikYakTerminal to generate these, I used YikYak's actual
Android app and they should mostly, if not all be working)

—
Reply to this email directly or view it on GitHub
#11 (comment)
.

Very Respectfully,
Dennis M. Devey
MIDN USN

from yikyakterminal.

Thank you for posting valid IDs. Are these using the old format or new format used by Yik Yak?

from yikyakterminal.

@Ankerman I've just set up an android emulator to open the app, grab the userID, upvote a comment, then close and clear app data. For some reason on my Android emulator when I clear app data, it gives me a whole new ID. This is not true on my phone though and gives me the same ID everytime

@djtech42 They should all be in the new format, just made them yesterday

from yikyakterminal.

@lay295 I will see if I can figure out the format and update the ID generation

from yikyakterminal.

Hi all, I have successfully written a working UserID generator. Hopefully I will be able to port it from Java to Python relatively soon.

from yikyakterminal.

@richraid21 mind posting the Java? I'm sure there are people here who could help port it. (myself included, possibly)

from yikyakterminal.

New version coming out soon to fix the API for the new update

from yikyakterminal.

I was able to post with a 200 response after updating the user agent, however posts made via randomly generated user ids seem to be shadowbanned. After posting, it is returned to me in the list of recent yaks, but no one else will be able to see them.

In general, it seems the POST request signing still works as long as the user id was generated via the client, but GET request signing for upvoting/downvoting appears to be broken. That is, even with a valid user id, I will get a 401 response when trying to upvote a yak.

from yikyakterminal.

I don't currently have the time or the right dev environment to properly reverse engineer this, but maybe someone in this thread is up to the challenge.

First get the APK from http://www.apk4fun.com/share/2240/
Plug it into this decompiler http://www.decompileandroid.com/

Request Signing
The basic signing algorithm seems to be unchanged (xv.java) but the HMAC key is probably different now. It seems to be generated at wV.java based on the SHA1 hash of the package signature followed by a MD5 hash and some custom bit shift operations (xx.java).

I noticed that the post_sign_request method in API.py isn't actually signing based on the sorted query params... This might be something to correct as well.

Registration
The registration should be relatively clear inside of SplashScreen.java. In addition to the original parameters, it seems like it now takes a "token" parameter which is just the userID (wtf?). The only "security" feature of the userID is that the 7th character is the same as the 6th character. You can verify that from @lay295 's list of userIDs.

from yikyakterminal.

Hey guys. New here. Been following this issue thread.
I have used a charles proxy to capture the request(s) made when the app registers for the first time. It seems as though they are using Parse.com to do their push notifications as well as user management. Whenever the app registers a new id, it first pushes it to Parse.com. It then sends a /registerUser request to the YikYak servers with the new userID.

I haven't been able to figure out the Parse api. It looks like YikYak is using an undocumented v2 api. It uses OAuth and what nots. I just haven't had the time to dig into it further.

So it seems that YikYak's servers are communicating with Parse on their end when you send a /registerUser request. It just doesn't seem to error handle correctly. If we could register an ID with Parse, then I think that it would work.

from yikyakterminal.

There is some info on the parse creds on a reddit im a part of

from yikyakterminal.

if someone would not mind helping me with a php getMessages function that recently stopped working i would not mind getting you the parse info .

from yikyakterminal.

Here is the code I have that allows me to pull messages. It seems as though YikYak doesn't authenticate for getMessage. It works for now: http://pastebin.com/Bjzph6BQ

Also, I have never done anything on reddit. Would there be a way to get me on that subreddit?

from yikyakterminal.

@tutman96 thank you sir! and as promised here is the info on the reddit im a member of , hope it helps! If you would like the info from any specific link just lmk!

So I believe to successfully post to YikYak you need to use OAuth authentication (OAuth key possibly derived from Parse?) in the header or you need to register the ID with Parse. Not sure how the parameters for initializing parse are derived (takes some internal values and turns them into the appID and clientKey). Anyway, using Dalvik Debugger in IDA 6.6 (my school provides it :D!) I found the following so far:

YikYak_b a.k.a Parse ApplicationID "wMkdjBI4ircsNcRn8mXnBkgH0dwOcrkexrdMY3vY"

YikYak_c a.k.a Parse clientKey "GbNFwvFgoUu1wYuwIexNImy8bnSlNhqssG7gd53Y"

Once again, I'm not 100% sure how these are derived but I can see the functions in which they are coming from.

I will now see how YikYak registers users for their server and Parse (will keep you guys updated if I get anything good).
http://postimg.org/image/lj4k45vt3/

from yikyakterminal.

BUT ...I do have one big issue , we had a system that was making automated requests to getMessages every 10 mins or so, they blocked our ip , we rotated ,blocked , rotated and then they did something that caused even rotating the ip not to work anymore....any idea what they could of done and how to route around it?

from yikyakterminal.

@tutman96 things are very slow on the subreddit , the admins are not very responsive but i can see what i can do. Whats ur reddit name?

from yikyakterminal.

That subreddit looks like it is on the right track. My reddit username is tutman96. If you could add me, that would be great! I am behind a school's IP so I don't think they would block me as that would block the whole school.

About them blocking your ip, what method did you use to rotate it? If it was an "privacy proxy" then they simply could have just blocked the whole pool.

from yikyakterminal.

Just changed elastic ips on AWS, whats the solution to get out of this situation, a new instance? and what can we do to avoid it happening again? I tried ur code locally and it works great/super legit , but on my server its just returns nada and ill work on getting you in , its kind of slow lately ,but lots of good info in their from prior threads

from yikyakterminal.

They are blocking all AWS IPs. You can look at various HTTPS proxies but the free ones are mostly unreliable and/or blocked. You can also check other cloud providers.

from yikyakterminal.

@fresh83 could you add me to this subreddit? My PHP implementation is broken now

Edit Fixed my implementation, you need to add an md5 uppercased hash of your user agent (not including the version string) to your GET parameters.

However still need to generate new user id's, trying with the pastebin code

from yikyakterminal.

@ctrlaltdylan Email me privately [email protected]

from yikyakterminal.

@fresh83 , mind if I email you as well?
On Jul 16, 2015 5:07 AM, "fresh83" [email protected] wrote:

@ctrlaltdylan https://github.com/ctrlaltdylan Email me privately
[email protected]

—
Reply to this email directly or view it on GitHub
#11 (comment)
.

from yikyakterminal.

Hello everyone , I am first time using parse.com. I am .net developer and want use parse.com with my web api project. I have downloaded one this project from https://codeload.github.com/aldenquimby/parse-csharp/zip/master. i have created parse.com account and i have AppId and RestApiKey but no any idea to completely to set up this project. if any other sample project you have please suggest me example links and videos..

from yikyakterminal.

@fresh83 would you be able to get me into that subreddit? My username is p0wer0n. I have voting working for this project and want to learn more. Thanks.

from yikyakterminal.