Audible icon indicating copy to clipboard operation
Audible copied to clipboard

Published 20 hours ago verified publisher icon mkb79

CAPTCHA requirement

Open 89z opened this issue 3 years ago • 3 comments

Thank you for this great tool. I am able to run this example with no issue:

https://github.com/mkb79/Audible/blob/3ffd04ad0ba2b837da7a3b5f85489025efdd96fd/examples/get_activation_bytes.py#L13-L18

However I noticed that I do have to complete a CAPTCHA. I was just wondering, I have run through the login process a few times using Android Studio with a virtual device, and I have never had to do a CAPTCHA. Would it be possible for this package to avoid the CAPTCHA, either emulating the Android client or something else?

89z avatar Jan 25 '22 19:01 89z

A CAPTCHA appears when the Amazon server detects some abnormal things during login process.

The only thing that helps against CAPTCHAS is to replicate the registration process as much as possible. Some can be replicate easy (e.g. initial cookies, user agent). But some are hard in pure Python and without a webbrowser which supports JavaScript and can simulate a human being (mouse moving, keyboard pressing, time between request and response on client site)!

With Audible v0.7.0 and playwright installed you can use a webrowser to login. These should prevent CAPTCHAS.

Finally, I would like to say that I don't get any CAPTCHAS in the last month. I usually log in once a week to test how it works. But I must also say that I have activated the 2FA! Maybe this makes the difference!

Edit: Please remember, your code above register a new device with every execution. So please save your credentials to file and reuse them. So you have to login only once!

mkb79 avatar Jan 25 '22 21:01 mkb79

Hey I did some more testing. If you make a request like this:

https://www.amazon.com/ap/signin?
openid.assoc_handle=amzn_audible_android_aui_us&
openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&
openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&
openid.mode=checkid_setup&
openid.ns.oa2=http%3A%2F%2Fwww.amazon.com%2Fap%2Fext%2Foauth%2F2&
openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&
openid.oa2.client_id=device%3A3738656232643031306334623466323238346237234131304b49535032475746304534&
openid.oa2.code_challenge=FqnF5AR7EuNjawwfQ2f757HcSMrEej9V3GqSsyzWS9Q&
openid.oa2.response_type=code&
openid.oa2.scope=device_auth_access

You can login without the CAPTCHA! Not sure how to get the openid.oa2.client_id or openid.oa2.code_challenge yet, but maybe you know about those?

You are login with an Android device. I will keep this in mind.

You can create a client_id, code_verifier and code_challenge for this device like so:

import base64
import hashlib
import secrets


def create_client_id():
    serial = secrets.token_hex(10).upper()
    device_type = "A10KISP2GWF0E4"
    serial_device_id = f"{serial}#{device_type}".encode()
    serial_device_id_hex = serial_device_id.hex()
    client_id = "device:" + serial_device_id_hex
    return client_id


def create_code_verifier(length: int = 32) -> bytes:
    verifier = secrets.token_bytes(length)
    return base64.urlsafe_b64encode(verifier).rstrip(b'=')


def create_s256_code_challenge(code_verifier: bytes):
    m = hashlib.sha256(code_verifier)
    return base64.urlsafe_b64encode(m.digest()).rstrip(b'=')

The client_id have to url encoded before you send them.

mkb79 avatar Feb 17 '22 07:02 mkb79