-
-
Notifications
You must be signed in to change notification settings - Fork 36
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding check for SN and DEV ID 1/2 #16
Comments
Hi @frozen905, Would you mind explaining what SN and devices IDs are useful for? I might take a look at it ! Cheers |
Well, some portals check for serial number and also match device_id1 and device_id2 for playing channels. IPTV player will successfully login with MAC and show channels but will not play channels if not the right device_id or SN. I was away from stalker portal for long, I'll search for some portals that has this feature and I'll share them here. |
Sorry for the delay - I have other python scripts from Telegram "dubious sources" that can explain the logic of how to check for these. Indeed, modern stalker portals will return "This device is not registered" or "Device Conflict" errors when passing simply MAC address alone. Serial numbers, and device ID 1 and device ID 2 are passed in additional strings inside the URL using an additional structure. I have tons of examples. We generate these values using SHA256 and MD5 I believe, I'll cross check my scripts for reference shortly! I can also post many portals that require it, just not sure if this allowed here. I have ALL of this info and more, would love to assist - I just am not a coder, so I need you guys to add it. It will make mcbash infinitely more useful in 2023. |
Hi, could you please share the python script for the login machanism requiring sn and device_ids? All though, device_ids change while SN remains the same for a MAC. I know some mac scanner (runs on windows only) that can log onto any portal using only MAC. It automatically detects SN and other info. |
…hanced authentication' to use SN and DEVID in GET requests. - minor fix in dns regexp : '_' in path allowed
Hi guys, @frozen905 could you try the latest version with the option I've found this (and tried to include it in the latest commit) but am not sure how to structure it in the GET request :
|
Hi, I have generated an mitm proxy flow from an app. I am just posting the get_profile request of the portal server which is main function to login:
For that portal, the same SN which is EA32DC71A0D9A gets log onto all other MACs. I don't know if that will work for other portals. Here you can see a string 'random' present in the json which is obtained from the handshake. Here is the reponse from the portal while handshake:
|
… it if valid. More to come with DevID2 and random seed. #16
Thank you for this detailed answer @rockydares ! That's exactly what we needed I guess. Cheers |
Sorry guys I've been busy working on another project Here is the exact auth flow, you should be aiming for: Attempt auth with just MAC only - if device conflict/device unregistered error, then If failure on these still for device conflict/unregistered, then we move to device ID. Device ID is generated from the SHA256 hash of the MAC again, and just like the serial numbers, to really be thorough, the hash from both uppercase AND lowercase need to be uppercased and tested. Device ID 1 and Device ID 2 are ALWAYS the same. In total, there are 5 attempts to get in if you really want to try everything: If you try all 5 of these and it still fails, the account is using a hash that's random and you will never get in, time to move on. Hope this helps , and I can also make .pcap's from OTT Navigator or TiviMate authing on real servers, but it's not needed, I already have all the knowledge from analyzing other scripts Please feel free to find me on Telegram @Wizardstorm and message me there, I can do real time testing with you |
Thank you @frozen905, will be easy to follow step by step. Cheers |
That's awesome, appreciate that! there are many scripts out there that use other languages but never one in bash - mcbash stands alone in this regard, and I appreciate that, and want to see it be the best that it can be! I do not want to post servers on a public forum but if you need any for debugging and testing purposes please reach out any time, thanks again, and cheers as well!! |
I am reposting this after deleting the message earlier this year, because suddenly it looks like there is renewed interest both via the original dev and a new pull request..
The app can be made infinitely more effective by adding in additional flags to check for serial number, and then optionally device id 1 & 2 as well.
I know exactly what needs to be done but I am not a coder. If anybody wants to take a crack at adding this in, I think it would take no more than a few mins of your time!
Please feel free to contact me outside of here for easier communication as well, @Wizardstorm on Telegram, or happy to continue here as well
Thanks again !
The text was updated successfully, but these errors were encountered: