Musically-API
Musically-API copied to clipboard
mangledbottles
Null response
Hello! (First - sorry for my bad English, it is not my native language) I am making simple "bot" to save Musical.ly videos. I tried using Charles Proxy to see how Musical.ly API works, but there was no informations about calls to API on Charles (even with SSL pinning disabled by using Inspectage + Emulator).
I do not use/like PHP. For me it is hard. (I really prefer C# - for me is much more easy to read) I wanted to port your library to C# DLL (and add as repo) but your lib not works :(
When I run login.php from my local webserver it returns that:
Notice: Undefined offset: 7 in M:\MySQL\htdocs\Musically-API-master\src\musically.php on line 63
Notice: Undefined offset: 1 in M:\MySQL\htdocs\Musically-API-master\src\musically.php on line 64
Notice: Undefined offset: 3 in M:\MySQL\htdocs\Musically-API-master\src\musically.php on line 65
Notice: Undefined offset: 8 in M:\MySQL\htdocs\Musically-API-master\src\musically.php on line 67
Notice: Undefined offset: 3 in M:\MySQL\htdocs\Musically-API-master\src\musically.php on line 68
Notice: Undefined offset: 12 in M:\MySQL\htdocs\Musically-API-master\src\musically.php on line 71
Notice: Trying to get property of non-object in M:\MySQL\htdocs\Musically-API-master\src\musically.php on line 237
{"success":null,"full_response":null}
Last line says that response from Musically API is null. So what I did wrong. I tried your test account Jessica, my two test accounts and it still won't work - always response==null After running login.php I tried searchuser.php but on end of printed error message I could read that response is null. Please fix it or explain me what I did wrong... sorry - maybe it's n00b question and my setup is bad. Thanks for your time.
Edit: I use Xampp, and M:\MySQL\htdocs is root of my webserver.
Hello! I haven't tested the API in a while so it may be outdated... I will check it tomorrow, it may also be a problem that the account you tested with doesn't work!
Regards ;)
Hello! Did you find what causes this error? If you want, I can give you password to my test account.
Best regards!
Hello, I just checked it there, they seem to have changed the way they are hashing requests now. The login still returns a hash, but it's in a different format and with fewer parameters (which is what gave you the offset errors). I am unsure if this will affect the rest of the code yet. I will look into it.
Regards
Try replacing these in src/musically.php file:
$dexplore = explode('=', $data[7]); with $dexplore = explode('=', $data[6]);
and
$dexplore1 = explode('"', $data[8]); with $dexplore1 = explode('"', $data[7]);
Still that:
Notice: Undefined offset: 6 in M:\MySQL\htdocs\Musically-API-master\src\musically.php on line 63
Notice: Undefined offset: 1 in M:\MySQL\htdocs\Musically-API-master\src\musically.php on line 64
Notice: Undefined offset: 3 in M:\MySQL\htdocs\Musically-API-master\src\musically.php on line 65
Notice: Undefined offset: 7 in M:\MySQL\htdocs\Musically-API-master\src\musically.php on line 67
Notice: Undefined offset: 3 in M:\MySQL\htdocs\Musically-API-master\src\musically.php on line 68
Notice: Undefined offset: 12 in M:\MySQL\htdocs\Musically-API-master\src\musically.php on line 71
Notice: Trying to get property of non-object in M:\MySQL\htdocs\Musically-API-master\src\musically.php on line 237
{"success":null,"full_response":null}
Maybe we could move to more "debuggable" language such as C#?
In .NET you can set breakpoints and see all variables values + run step by step ;) I'm C# developer and PHP is for me like Chinese - I can't even read it :( Thanks for help!
Tomorrow I will try setup GenyMotion and Inspectage to remove SSL Pinning and then I will send Charles Session file.
@mangledbottles Yes, it worked! They're using REST API and Json, I think that the API it's very big and quite hard to debug. I used iPad3,3 (iOS 9.3.5) with SSLKillSwitch deb file installed and Charles Proxy.
I saw big file (161KB) "GET: https://api.musical.ly/rest/discover/navigate" that contains some kind of list of endpoints, it could be useful I will send it. But I still don't know how login is performed.
Here is navigate.json - https://www.dropbox.com/s/kvjopob4wg95l2h/navigate.json?dl=1 and request that my device made: request.txt
This may help, there is a login endpoint returned by the https://api.musical.ly/rest/discover/navigate : /rest/passport/v2/login?___d=eyJhYyI6IlBPU1QiLCJieiI6InVzZXJfbG9naW4iLCJkbSI6IlVTRVIiLCJ2ZXIiOiJkZWZhdWx0In0%3D
@Enter03 @charlieAndroidDev Thanks for you help! I'm reviewing it atm, I tried to jailbreak my iPhone 8 iOS 11 with Electra to install SSL Kill Switch 2; however I'm experiencing difficulties. In another issue, someone stated that Musically does not SSL pin their Android app so it might be worthwhile looking into that. I have loads of iPhones and no androids!
@mangledbottles Yep I can confirm that the latest Android app for both Musically and Lively are not SSL pinned. I can use this packet capture app: https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture&hl=en to capture all requests and responses.
I am now stuck on a very tricky issue however. The X-Request-Sign5 header used in most requests is an HMAC-SHA1 hash of what I think is the X-Request-Info5 header value. However, I am not sure how the hashing function works as it is done in the native layer and I believe the function has been dynamically registered and cannot find it in any of the native shared object files. More info available here: https://reverseengineering.stackexchange.com/questions/17583/reversing-an-apk-to-replicate-api-x-request-sign5
I’ll try to use remote LLDB to set breakpoints in the native code. I have decompiled the APK and edited the manifest to allow debugging and have seen quite a few interesting logs when the app has been running, I’ll try a bit more and update you on that when I get something good.
OK, I now know how the X-Request-Sign5 header value is generated after quite a bit of trial and error and static analysis of the smali code from the Android APK. No more obstacles in the way anymore..,
Hey guys, how the searchuser.php is working? its only returns {"success":null,"full_response":null}
Is it changed?
How username should be provided for searching in code?
