bet365.com
bet365.com copied to clipboard
Chiang97912
Unable to authenticate
I started having this issue today as well.
Here is the new source code, still cannot figure out where that value is coming in: https://gist.github.com/mjgerace/ae144c6bcf434c68cf85f1b686d3ce83
I started having this issue today as well.
Here is the new source code, still cannot figure out where that value is coming in: https://gist.github.com/mjgerace/ae144c6bcf434c68cf85f1b686d3ce83
i think keyworld 'NST' or 'token'
I would agree, although I cannot figure out what this means in the context of that file. nodecrypto also seems very interesting. Perhaps related to https://nodejs.org/api/crypto.html#crypto_diffiehellman_generatekeys_encoding
I would agree, although I cannot figure out what this means in the context of that file.
nodecryptoalso seems very interesting.
I was trying
if you knows this problem
tell to me,
me to
and boot.nst what is mean?
I am investigating the 'h' business now. This is really interesting, as is your find. What is the name of that file?
I am investigating the 'h' business now. This is really interesting, as is your find. What is the name of that file?
just bet365 mainpage source
no another file
Any thoughts? Since last night, I have been trying to figure out how they can form this parameter.
I figure out what is the '???' in "P + session_id + '????'"。
First you can find a B365SimpleEncrypt.decrypt() in bet365 source code as follow:
And, you get two string about nstToken from response of "https://www.288-365.com"。As show in picture.
Then, you bind two string with dot , after that, use B365SimpleEncrypt.decrypt() function decrypt the string( PHP Code I use), as follow:
you will calculate "????", which is the surffix value of handshake message of wss of "wss://premws-pt3.365lpodds.com/zap/"。
And I also find out in request "wss://pshudws.365lpodds.com/zap/", you may get another string looks like the nstToken in request "wss://premws-pt3.365lpodds.com/zap/"。
If you work on the string with B365SimpleEncrypt.decrypt(), you will get the result of upstream "command" message in request "wss://premws-pt3.365lpodds.com/zap/".
But, even I have done this all, I can not receive valid match data. Do you have any more brain holes?
@lucifer-v
You have made it further than I did. I did the regex part like this in python. Please note d_value here is NOT ??? by your logic, I am not running decrypt on it.
def get_d_value(user_agent) -> str:
headers = {
'Cookie': SESSION_COOKIE_HEADER,
'User-Agent': user_agent
}
req = requests.get(url=HOME_PAGE, headers=headers)
regex = r'boot&&boot.nst&&boot.nst\((.*)\)'
matches = re.search(regex, req.text)
if not matches:
raise Exception(
'Session', 'Did not find D value.')
group = matches.group(0).split("\"")
d_value = "{}.{}".format(group[1], group[3])
print(d_value)
return d_value
To get the nstToken (pre-decryption), but you are drawing important correlations between the values. My initial assumption was that this value was the D value, but after seeing your response, it is clear it is not.
Also worth noting: boot.nst value changes dynamically without refreshing the page. Just view the source a couple of times and see it continuously change.
@mjgerace In one refresh, the D_value can be calculated by the value find in the response of "www.288-365.com" passed into B365SimpleEncrypt.decrypt(). you can have a try.
You know: "boot.nst( "str1", "str2" )" D_value (without "D_") = B365SimpleEncrypt.decrypt( "str1"+"."+"str2" )
@lucifer-v
I was just pointing out that the value seems to change repeatedly. IE, the nst ("str1", "str2") changes if you inspect the page source without refreshing (dynamically).
@mjgerace
Yes it will change when you open the page source. you can also inspect the value in this "Network " window, in "response" Tab, the value is fixed, and which is looks like the value used in the whole wss connection
And I paste the code of B365SimpleEncrypt, you can transfer it to python:
(function(e) { var t = (function() { function e() {} return e.encrypt = function(t) { var n, i = "", o = t.length, r = 0, s = 0; for (r = 0; o > r; r++) { for (n = t.substr(r, 1), s = 0; s < e.MAP_LEN; s++) if (n == e.charMap[s][0]) { n = e.charMap[s][1]; break } i += n } return i } , e.decrypt = function(t) { var n, i = "", o = t.length, r = 0, s = 0; for (r = 0; o > r; r++) { for (n = t.substr(r, 1), s = 0; s < e.MAP_LEN; s++) { if (":" == n && ":|~" == t.substr(r, 3)) { n = "\n", r += 2; break } if (n == e.charMap[s][1]) { n = e.charMap[s][0]; break } } i += n } return i } , e.MAP_LEN = 64, e.charMap = [["A", "d"], ["B", "e"], ["C", "f"], ["D", "g"], ["E", "h"], ["F", "i"], ["G", "j"], ["H", "k"], ["I", "l"], ["J", "m"], ["K", "n"], ["L", "o"], ["M", "p"], ["N", "q"], ["O", "r"], ["P", "s"], ["Q", "t"], ["R", "u"], ["S", "v"], ["T", "w"], ["U", "x"], ["V", "y"], ["W", "z"], ["X", "a"], ["Y", "b"], ["Z", "c"], ["a", "Q"], ["b", "R"], ["c", "S"], ["d", "T"], ["e", "U"], ["f", "V"], ["g", "W"], ["h", "X"], ["i", "Y"], ["j", "Z"], ["k", "A"], ["l", "B"], ["m", "C"], ["n", "D"], ["o", "E"], ["p", "F"], ["q", "0"], ["r", "1"], ["s", "2"], ["t", "3"], ["u", "4"], ["v", "5"], ["w", "6"], ["x", "7"], ["y", "8"], ["z", "9"], ["0", "G"], ["1", "H"], ["2", "I"], ["3", "J"], ["4", "K"], ["5", "L"], ["6", "M"], ["7", "N"], ["8", "O"], ["9", "P"], ["\n", ":|~"], ["\r", ""]], e } )(); e.B365SimpleEncrypt = t }
When you get any progress, please inform us. thanks
@mjgerace Yes it will change when you open the page source. you can also inspect the value in this "Network " window, in "response" Tab, the value is fixed, and which is looks like the value used in the whole wss connection
And I paste the code of B365SimpleEncrypt, you can transfer it to python:
(function(e) { var t = (function() { function e() {} return e.encrypt = function(t) { var n, i = "", o = t.length, r = 0, s = 0; for (r = 0; o > r; r++) { for (n = t.substr(r, 1), s = 0; s < e.MAP_LEN; s++) if (n == e.charMap[s][0]) { n = e.charMap[s][1]; break } i += n } return i } , e.decrypt = function(t) { var n, i = "", o = t.length, r = 0, s = 0; for (r = 0; o > r; r++) { for (n = t.substr(r, 1), s = 0; s < e.MAP_LEN; s++) { if (":" == n && ":|~" == t.substr(r, 3)) { n = "\n", r += 2; break } if (n == e.charMap[s][1]) { n = e.charMap[s][0]; break } } i += n } return i } , e.MAP_LEN = 64, e.charMap = [["A", "d"], ["B", "e"], ["C", "f"], ["D", "g"], ["E", "h"], ["F", "i"], ["G", "j"], ["H", "k"], ["I", "l"], ["J", "m"], ["K", "n"], ["L", "o"], ["M", "p"], ["N", "q"], ["O", "r"], ["P", "s"], ["Q", "t"], ["R", "u"], ["S", "v"], ["T", "w"], ["U", "x"], ["V", "y"], ["W", "z"], ["X", "a"], ["Y", "b"], ["Z", "c"], ["a", "Q"], ["b", "R"], ["c", "S"], ["d", "T"], ["e", "U"], ["f", "V"], ["g", "W"], ["h", "X"], ["i", "Y"], ["j", "Z"], ["k", "A"], ["l", "B"], ["m", "C"], ["n", "D"], ["o", "E"], ["p", "F"], ["q", "0"], ["r", "1"], ["s", "2"], ["t", "3"], ["u", "4"], ["v", "5"], ["w", "6"], ["x", "7"], ["y", "8"], ["z", "9"], ["0", "G"], ["1", "H"], ["2", "I"], ["3", "J"], ["4", "K"], ["5", "L"], ["6", "M"], ["7", "N"], ["8", "O"], ["9", "P"], ["\n", ":|~"], ["\r", ""]], e } )(); e.B365SimpleEncrypt = t }When you get any progress, please inform us. thanks
php b365simpleEncrypt source
can i get that?
They changed boot.nst[] to two variables var order=['WJcVaW=='] and var loadingflags=['ES1RgM8F13q8jNKI1ryxD2+AxGKXzFGQJLF0Odaeaet=']
@otac0074 PHP version, you change ext name to "php" by yourself.
some samples as follow: // command // commandnstFkBeXg==.4iswQ11b6Xlqbc5WxU3AX3cxm+iGCmDQ8AE4wr/5Buo=SPTBK $val = "iAeUaW==.KY26tHHRMaB0RSLz7xJdaJS7C+YjfCgtOdhK61/Le4E="; $val = "eEPUaW==.pXXEoxBRljjF16VK3FcrXbqDLECBWOgWoStFH7GG4rd="; $val = "HmyUaW==.UnOZs53sCPWceRF0q+5COVUe1mjj1/sbkW5gD3dWReb="; var_dump( Bet365SimpleEncrypt::decrypt($val) );
def decryptToken(t):
n = ""
i = ""
o = len(t)
r = 0
s = 0
MAP_LEN = 64
charMap = [["A", "d"], ["B", "e"], ["C", "f"], ["D", "g"], ["E", "h"], ["F", "i"], ["G", "j"], ["H", "k"], ["I", "l"], ["J", "m"], ["K", "n"], ["L", "o"], ["M", "p"], ["N", "q"], ["O", "r"], ["P", "s"], ["Q", "t"], ["R", "u"], ["S", "v"], ["T", "w"], ["U", "x"], ["V", "y"], ["W", "z"], ["X", "a"], ["Y", "b"], ["Z", "c"], ["a", "Q"], ["b", "R"], ["c", "S"], ["d", "T"], ["e", "U"], ["f", "V"], [
"g", "W"], ["h", "X"], ["i", "Y"], ["j", "Z"], ["k", "A"], ["l", "B"], ["m", "C"], ["n", "D"], ["o", "E"], ["p", "F"], ["q", "0"], ["r", "1"], ["s", "2"], ["t", "3"], ["u", "4"], ["v", "5"], ["w", "6"], ["x", "7"], ["y", "8"], ["z", "9"], ["0", "G"], ["1", "H"], ["2", "I"], ["3", "J"], ["4", "K"], ["5", "L"], ["6", "M"], ["7", "N"], ["8", "O"], ["9", "P"], ["\n", ":|~"], ["\r", ""]]
for r in range(0, o):
n = t[r]
for s in range(0, MAP_LEN):
if ":" == n and ":|~" == t[r:3]:
n = "\n"
r = r + 2
break
if n == charMap[s][1]:
n = charMap[s][0]
break
i = i+n
return i
This is the Python version for the decrypt function, guys
def decryptToken(t): n = "" i = "" o = len(t) r = 0 s = 0 MAP_LEN = 64 charMap = [["A", "d"], ["B", "e"], ["C", "f"], ["D", "g"], ["E", "h"], ["F", "i"], ["G", "j"], ["H", "k"], ["I", "l"], ["J", "m"], ["K", "n"], ["L", "o"], ["M", "p"], ["N", "q"], ["O", "r"], ["P", "s"], ["Q", "t"], ["R", "u"], ["S", "v"], ["T", "w"], ["U", "x"], ["V", "y"], ["W", "z"], ["X", "a"], ["Y", "b"], ["Z", "c"], ["a", "Q"], ["b", "R"], ["c", "S"], ["d", "T"], ["e", "U"], ["f", "V"], [ "g", "W"], ["h", "X"], ["i", "Y"], ["j", "Z"], ["k", "A"], ["l", "B"], ["m", "C"], ["n", "D"], ["o", "E"], ["p", "F"], ["q", "0"], ["r", "1"], ["s", "2"], ["t", "3"], ["u", "4"], ["v", "5"], ["w", "6"], ["x", "7"], ["y", "8"], ["z", "9"], ["0", "G"], ["1", "H"], ["2", "I"], ["3", "J"], ["4", "K"], ["5", "L"], ["6", "M"], ["7", "N"], ["8", "O"], ["9", "P"], ["\n", ":|~"], ["\r", ""]] for r in range(0, o): n = t[r] for s in range(0, MAP_LEN): if ":" == n and ":|~" == t[r:3]: n = "\n" r = r + 2 break if n == charMap[s][1]: n = charMap[s][0] break i = i+n return iThis is the Python version for the decrypt function, guys
yes, but no receive data.. i think have any more another checkpoint from bet365
We should investigate on the second socket connection. My assumption is that there's a red-light semaphore for receiving messages from the first socket until the second socket fires the message. I'll try to block with firewall the domain from the second socket and see the effect
Edit I have blocked the domain from the secondary socket (the one that stops receiving messages) and it does not affect the main socket, it still receives messages. So the issue must be somewhere. I guess it's easier than we think, but we must be blind to not find it :)
We should investigate on the second socket connection. My assumption is that there's a red-light semaphore for receiving messages from the first socket until the second socket fires the message. I'll try to block with firewall the domain from the second socket and see the effect
Edit I have blocked the domain from the secondary socket (the one that stops receiving messages) and it does not affect the main socket, it still receives messages. So the issue must be somewhere. I guess it's easier than we think, but we must be blind to not find it :)
Is there still no response?
Stll no response. I am investigating on other variables. I am performing my tests on bet365.it
Stll no response. I am investigating on other variables. I am performing my tests on bet365.it
dont give up, me to try bless you..
if possible, tell me please
I will resume attempts tonight as well, in like 10 hrs (I am EST timezone). One thing to peak at is Sec-Websocket-Key and Sec-Websocket-Accept. Normally, these values don't actually do anything and are for the client to verify they are talking to the right server. In this case, they could be doing something smart with the key to verify they are talking to the same client.
I think those headers are used at protocol-level and may really not be involved.