alexa-remote-control
alexa-remote-control copied to clipboard
thorsten-gehrig
Login requires captcha inspite of using MFA
Amazon for some reason forced me to change my password and I forgot to set the new password in the script's config. When I noticed that it stopped working I set the new password in the config, ran the script again and it said "login failed, check /tmp/.alexa.login".
This file looks like amazon wants me to enter a captcha, although I'm using MFA. The Password and MFA_Secret set in the config are correct (I logged in with a browser using the generated OTP from oathtool). When I try to log in with a browser (Chromium & Firefox) with JS disabled from the same machine using XMING (it's a raspberry pi zero w/o GUI) no captcha is required.
Logging in via Browser, extracting the cookie and manually saving it to /tmp/.alexa.cookie works but obviously only until the cookie expires. I'd really like to be able to log in automatically again, is there anything else I could try?
Amazon decides when they want to get presented which security measure. They got very strict with this in the last time. I would have no idea what the script can do against that ...
Hi,
i have got the same problem. Maybe someone find a solution. Thanks a lot.
Cu kami
I had the same issue. It's not perfect, but you can make it work with the cookie approach from : https://github.com/thorsten-gehrig/alexa-remote-control/issues/10#issuecomment-399745225
Hi, thanks a lot. I have seen this, but you have to renew it on your own every 14 days.
Or?
BG kami
Yes, as cookies have an expiration date. I'm doing the same right now but it's a major inconvenience TBH :(
Does anything (except the effort) prevent a script from extracting the captcha, showing its uri in the terminal for copy/paste purposes and entering the captcha's solution in the terminal again to submit it? Granted it's a simple alphanumerical capture.
I might be able to code this but if anyone already tried it and failed for an obvious reason, I'd like to know.
@dnlm what's weird is that you don't get asked for a captcha when you use a browser with JS disabled.
You could try adjusting the user-agent (BROWSER env var to match taht of your actual browser).
Maybe creating a new MFA token would somehow reset your "bad-login" count with Amazon as well.
Regarding the captcha - I tried extracting using imageMagick and tesseract. none of the results had been fruitful though :(
@adn77
You could try adjusting the user-agent (
BROWSERenv var to match taht of your actual browser).
Gonna try that
Maybe creating a new MFA token would somehow reset your "bad-login" count with Amazon as well.
I already did that but Amazon supplied the same code for generating OTPs so it was useless.
Regarding the captcha - I tried extracting using imageMagick and tesseract. none of the results had been fruitful though :(
My idea was to extract the captcha image url, print it in the shell and wait for solved captcha user input. Copy, paste in browser and enter captcha solution manually, no image manipulation needed. Or did I misunderstand you?
@dnlm I actually tried solving the captcha by using tesseract - and failed miserably ::(
I didn't think about solving the captcha manually. The thing is the captcha is autocreated, you can only download it once. Also, it's a little besides the point of the script.
@adn77 Maybe it was a misconception on my part but I hoped that solving it once on that machine might unlock captchaless logins in the future. For me at least it worked flawlessly until a forced password change which I thought might have triggered a "enter captcha once so we can be sure everything is alright"-mechanic.
Still got to try adjusting the user-agent, will do now and report.
GREAT SUCCESS!!!11 👍 @kami83 @adn77 @matthewbarr
Changing the user agent sadly didn't work but I tried chromium (js disabled globally) via xming again and got the captcha request. Solved it, logged out, deleted cookies (obviously very important) and logged back in. Again, captcha reappears. Solved it, repeated log out/cookie delete etc and eventually after some tries I wasn't asked for captchas anymore. After logging in 2 times without a captcha request I tried alexa-remote-control on the command line and got logged in immediately. I hope the captcha flag got removed from my account (?) now. If it fails again, I'll report immediately but for now I'll call it solved.
I'm pretty sure it only needed 2 or 3 tries but I mistyped my password on 2 occasions in the process before switching to copy/paste from the password manager 😛
Also I'm not really sure if using the browser on the same physical machine really is necessary, when I first got the captcha on the pi I tried no-js incognito on my local windows pc and also got the captcha request. But I didn't want to take any chances (regretting it now) and suffered through the painfully slow chromium on my zero w.
I hope this is a permanent solution and might help other people with the same problem.
It failed to login again on its own after the cookie expired. Sadly this means I'll be giving up on this :( really liked the cli approach, bummer
Started working again after about 14 days without any action on my side, will keep reporting if anyone is really interested.
Logging in via Browser, extracting the cookie and manually saving it to /tmp/.alexa.cookie works but obviously only until the cookie expires. I'd really like to be able to log in automatically again, is there anything else I could try?
Hello, can you please advise how to log in via Browser and extract the cookie manually?
Thanks! Dan
@dcaccount use this extension: https://chrome.google.com/webstore/detail/get-cookiestxt/bgaddhkoddajcdgocldbbfleckgcbcid
And follow this short how-to: https://github.com/thorsten-gehrig/alexa-remote-control/issues/10#issuecomment-381449803 (or the one 4 comments below)
@dcaccount use this extension: https://chrome.google.com/webstore/detail/get-cookiestxt/bgaddhkoddajcdgocldbbfleckgcbcid
And follow this short how-to: #10 (comment) (or the one 4 comments below)
Thanks, I have installed the extension and downloaded but I have a list of cookies in the downloaded txt file.
What one shall I take? I was looking for a cookie starting with:
{"loginCookie":
Please note that before running the script, I deleted all previous cookies.
On the contrary, if I log in in incognito mode, the extension does not find any cookie.
Thanks for helping, Dan
What one shall I take? I was looking for a cookie starting with:
IIRC I just pasted the whole file into /tmp/.alexa.cookie and it worked (for a week or two)
What one shall I take? I was looking for a cookie starting with:
IIRC I just pasted the whole file into /tmp/.alexa.cookie and it worked (for a week or two)
Thanks!
check out the latest feature which doesn't rely on username/password/mfa but uses the refresh_token returned by proper device registration: https://github.com/adn77/alexa-cookie-cli
or more on my blog: https://blog.loetzimmer.de/2021/09/alexa-remote-control-shell-script.html
@adn77 Will try that ASAP, thank you very much for commenting here! Edit: fetching the token and logging in using the token (in a wrapper script) works flawlessly 👍 Thank you again, this is awesome!
check out the latest feature which doesn't rely on username/password/mfa but uses the refresh_token returned by proper device registration: https://github.com/adn77/alexa-cookie-cli
or more on my blog: https://blog.loetzimmer.de/2021/09/alexa-remote-control-shell-script.html
Hello, thanks for your work!
I would like to use alexa_remote_control.sh in a Rpi4 working in headless mode.
How can I get the token? Please help!
I generated the token in another workstation but when I run alexa_remote_control I get the error:
trying to get CSRF from handlebars trying to get CSRF from devices-v2 ERROR: no CSRF cookie received
I managed to generate the token from within the same station where the script alexa_remote_control.sh should work but I always get
ERROR: no CSRF cookie received
Can you please help?
Thanks a lot, Dan
You shouldn't cross-post excessively :D
Well, you already figured out how to run the alexa-cookie-cli on another workstation. The problem that remains is retrieving the CSRF. As I made some changes to the matching of whitespace, that might be the source of your issue. Which OS is running on the Rpi4?
You shouldn't cross-post excessively :D
You are correct but I realised the issue step by step
Well, you already figured out how to run the alexa-cookie-cli on another workstation. The problem that remains is retrieving the CSRF. As I made some changes to the matching of whitespace, that might be the source of your issue. Which OS is running on the Rpi4?
I am running Raspian Buster Lite. What can I try?
Try echo 'hey you' | grep -E '\sy' which should print hey you
If that's the case, please checkout the latest version, I made a slight change to the "grep" commands.
Try
echo 'hey you' | grep -E '\sy'which should print hey youIf that's the case, please checkout the latest version, I made a slight change to the "grep" commands.
It works, it is awesome!
Thanks a lot.