카카오톡으로 여친 만들기

ps . https://pypi.python.org/pypi/kakao

ps2. pip install kakao

LINE(라인) protocol analysis [4] : Registration

* 2014.08.02 update *

If you need a python code right away, then please keep in touch with https://github.com/carpedm20/LINE

* This post is composed of a collection of data that I got from the analysis of LINE registration

* I will beautify this post, later...

* There are two kinds of registration, one is for mobile phone and the other for tablet

* 1. For mobile phone : use SMS registration

* 2. For tablet : login with e-mail and password authentication

Links

====

https://gd2.line.naver.jp/authct/v1/keys/naver
http://t.line.naver.jp/authct/v1/keys # not working

# t stands for tablet ( maybe..? )
# t.line.naver.jp/authct is used when 'RegisterWithNaverIdOrEmailPageVM.SetIdentityCredential()' is called

https://t.line.naver.jp/authct/v1/keys/naver
https://t.line.naver.jp/authct/v1/keys/line

Wireshark Filter
============

ip.addr == 119.235.235.0/24 

.Net Reflector
===========

1. Tablet authentication
===================

1. # from 'https://t.line.naver.jp/authct/v1/keys/line'
2. {
3.   "session_key":"jvhk3Vl3A1KJ8nK0",
4.   "rsa_key":
5.     "1696, # key name
6.    DBAE063DBDC04244CD0D6669AC6545CD0E7337C1E6ABC74E4C939D3958AADB2EF5B51013D46C0BFD1C9AFFEAA72F771DA4D450347606EFBD082625920202EF848204E783456F59AD953EA3E5872A38CF6415C97B818DB6AD2C6C9AF84676DFFB358EA41F08A4B81D8F3A653F7D68C449F5650B5894323D0B3C0A1A12FEB9E6EBBDEB6F69B2AA1136741D3ACC504048AFAEBDB52C034F, # e
7.    010001" # n
8. }
10. # personal information
11. string password = String.fromCharCode (session_key.length) + session_key  
12.                 + String.fromCharCode (email.length) + email  
13.                 + String.fromCharCode (password.length) + password;  
15. # generate encrypted password
16. var rsa =  new  RSAKey ();  
17. rsa.setPublic (evalue, nvalue);  
18. password = rsa.encrypt (password);  
20. # send POST request to http://gd2.line.naver.jp/rest/v1/login
21. {
22.   id : keyname  // In this case, '1696'
23.   password : password  // encrypted password
24.   persistent : 0  //  
25.   provider : 1  //
26. }

2. Mobile registration
=================

1. gm.line.naver.jp/api/v3/TalkService.do

   # request : [startverification] country_code + phone_number + druid + device_name + ???
   # response: auth_key(?)

2. gm.line.naver.jp/api/v3/TalkService.do

   # request : [verifyphone] auth_key + druid
   # response: verifyphone

3. gm.line.naver.jp/api/v3/TalkService.do

   # request : [registerDevice] auth_key
   # response : encrypted_key -> this is used to make X-Line-Access ( by using bellow C# code)

  # This code will make X-Line-Access key from auth_key

1. using System;
2. using System.Collections.Generic;
3. using System.Linq;
4. using System.Text;
6. namespace ConsoleApplication1
7. {
8.    
9.     class Program
10.     {
11.         static void Main(string[] args)
12.         {
13.             String issuedTo = "1" ;
15.             DateTime l = DateTime .UtcNow;
17.             long timestamp = (long )((l - new DateTime(1970, 1, 1, 0, 0, 0, 1)).TotalMilliseconds);
19.             String authToken = "????"; // auth_key
21.             string[] strArray = authToken.Split(new char[] { ':' });
22.             string issueTo = strArray[0];
23.             string encodedSecretKey = strArray[1];
25.             string str2 = string .Format("iat: {1}\n", issuedTo, timestamp);
26.             string str3 = Convert .ToBase64String(Encoding.UTF8.GetBytes(str2));
27.             string str4 = string .Empty;
28.             string str5 = str3 + "." + str4;
29.             byte[] key = Convert .FromBase64String(str3);
30.             string str6 = Convert.ToBase64String(LINE.Service.YamlWebToken .HmacAlgorithm.CreateInstance(LINE.Service.YamlWebToken.DEFAULT_ALOGORITHM.Name, key).ComputeHash(Encoding.UTF8.GetBytes(str5)));
31.             String str = str5 + "." + str6;  // base64(issuedTo) + '..' + Hmac(SecretKey)
32.         }
33.     }
34. }

In my view point, the analysis of LINE protocol was much easier than LOCO protocol which uses their own protocol.

Now, what...? :)

LINE(라인) protocol analysis [3] : session key

* 2014.08.02 update *

If you need a python code right away, then please keep in touch with https://github.com/carpedm20/LINE

Finally, I want to talk about session key  and auth key.

5. Session key

At first, I tried to follow UpdateAuthToken() function because this function adds the "X-Line-Access" header to the HTTP protocol.

As I followed this function, I finally arrived to create() function which updates the old session key.

It wasn't hard to understand how this function updates authKey, but I couldn't figure out when LINE change an auth key.

It seems like LINE's session key is changed when a user change his/her mobile phone or re-install the application.

In other words, the session key won't be changed if you don't erase or change your mobile phone.

This can cause security problems if someone change the code of LINE application and distribute it to the internet...but I don't think it will happen :)

Bellow is the list of functions that I followed to find out how LINE update their authorization key.

1. public void UpdateAuthToken(string authKey)
2. {
3.     if (authKey != null)
4.     {
5.         this._transport.AddRequestHeader("X-Line-Access", AccessTokenHelper.GetAccessToken(authKey)); // add "X-Line-Access" header to HTTP(s) protocol
6.     }
7. }
9. public void UpdateAuthToken(string authKey)
10. {
11.     try
12.     {
13.         if (authKey != null)
14.         {
15.             this._transport.AddRequestHeader("X-Line-Access", AccessTokenHelper.GetAccessToken(authKey)); // add "X-Line-Access" header to HTTP(s) protocol
16.         }
17.     }
18.     catch (Exception)
19.     {
20.     }
21. }
    
    
22. private void _addCustomHeader(HttpWebRequest httpWebRequest)
23. {
24.     Profile current = ProfileViewModel.GetInstance().Current;
25.     httpWebRequest.get_Headers().set_Item("X-Line-Access", AccessTokenHelper.GetAccessToken(current.AuthKey)); // add "X-Line-Access" header to HTTP(s) protocol
26.     httpWebRequest.get_Headers().set_Item("X-Line-Application", DeviceUtility.GetLineApplicationString());
27.     httpWebRequest.get_Headers().set_Item("Cache-Control", "no-cache");
28.     httpWebRequest.get_Headers().set_Item("Pragma", "no-cache");
29. }
31. public static string GetAccessToken(string authKey)
32. {
33.     long timestamp = (DateTime.get_UtcNow() - new DateTime(0x7b2, 1, 1, 0, 0, 0, 1)).get_TotalMilliseconds(); // use time stamp for making access token
34.     return GetAccessToken(timestamp, authKey);
35. }
37. public static string GetAccessToken(long timestamp, string authKey)
38. {
39.     if (((_accessToken == "") || !_accessToken.Equals(_lastAuthToken)) || (timestamp > (_lastUpdated + 0x5265c00L)))
40.     {
41.         lock (_thisLock)
42.         {
43.             _accessToken = Generate(authKey, timestamp);
44.             _lastUpdated = timestamp;
45.             _lastAuthToken = authKey;
46.         }
47.     }
48.     return _accessToken;
49. }
51. public static string Generate(string authToken, long timestamp)
52. {
53.     string[] strArray = authToken.Split(new char[] { ':' });
54.     if (strArray.Length != 2)
55.     {
56.         throw new ArgumentException("authToken");
57.     }
58.     string issueTo = strArray[0]; // use previous authToken for the new authToken
59.     string encodedSecretKey = strArray[1]; // use previous authToken for the new authToken
60.     string str3 = YamlWebToken.Create(issueTo, timestamp, encodedSecretKey);
61.     return (issueTo + ":" + str3);
62. }
64. public class YamlWebToken
65. {
66.     // Fields
67.     public static HmacAlgorithm DEFAULT_ALOGORITHM; // use Hmac algorith for generating token
69.     // Methods
70.     static YamlWebToken();
71.     public YamlWebToken();
72.     public static string Create(string issueTo, long timestamp, string encodedSecretKey);
73.     public static string Create(string issuedTo, long timestamp, string encodedSecretKey, HmacAlgorithm algorithm);
75.     // Nested Types
76.     public class HmacAlgorithm
77.     {
78.         // Methods
79.         public HmacAlgorithm(string name);
80.         public static HMAC CreateInstance(string name, byte[] key);
82.         // Properties
83.         public string Name { get; set; }
84.     }
85. }
87. public static string Create(string issueTo, long timestamp, string encodedSecretKey)
88. {
89.     return Create(issueTo, timestamp, encodedSecretKey, DEFAULT_ALOGORITHM);
90. }
92. public static string Create(string issuedTo, long timestamp, string encodedSecretKey, HmacAlgorithm algorithm)
93. {
94.     string str = "";
95.     try
96.     {
            // core algorithm to make new session key
97.         string str2 = string.Format("iat: {1}\n", issuedTo, timestamp); 
98.         string str3 = Convert.ToBase64String(Encoding.get_UTF8().GetBytes(str2));
99.         string str4 = string.Empty;
100.         string str5 = str3 + "." + str4;
101.         byte[] key = Convert.FromBase64String(encodedSecretKey);
102.         string str6 = Convert.ToBase64String(HmacAlgorithm.CreateInstance(algorithm.Name, key).ComputeHash(Encoding.get_UTF8().GetBytes(str5)));
103.         str = str5 + "." + str6; // base64(issuedTo) + '..' + Hmac(SecretKey)
104.     }
105.     catch (Exception)
106.     {
107.     }
108.     return str;
109. }

Anyway, I wrote an C# code that make updated session key... 

1. using System;
2. using System.Collections.Generic;
3. using System.Linq;
4. using System.Text;
6. namespace ConsoleApplication1
7. {
8.    
9.     class Program
10.     {
11.         static void Main(string[] args)
12.         {
13.             String issuedTo = "1" ;
15.             DateTime l = DateTime .UtcNow;
17.             long timestamp = (long )((l - new DateTime(1970, 1, 1, 0, 0, 0, 1)).TotalMilliseconds);
19.             String authToken = "????" // your old session key
21.             string[] strArray = authToken.Split(new char[] { ':' });
22.             string issueTo = strArray[0];
23.             string encodedSecretKey = strArray[1];
25.             string str2 = string .Format("iat: {1}\n", issuedTo, timestamp);
26.             string str3 = Convert .ToBase64String(Encoding.UTF8.GetBytes(str2));
27.             string str4 = string .Empty;
28.             string str5 = str3 + "." + str4;
29.             byte[] key = Convert .FromBase64String(encodedSecretKey);
30.             string str6 = Convert.ToBase64String(LINE.Service.YamlWebToken .HmacAlgorithm.CreateInstance(LINE.Service.YamlWebToken.DEFAULT_ALOGORITHM.Name, key).ComputeHash(Encoding.UTF8.GetBytes(str5)));
31.             String str = str5 + "." + str6;  // base64(issuedTo) + '..' + Hmac(SecretKey)
32.         }
33.     }
34. }

Next : LINE(라인) protocol analysis [4] : Registration