-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Login approvals are on. Expect an SMS shortly with a code to use for log in (406) #1
Comments
Complete set I'm using to compile and set running foreground while it is not running yet make && make install && libtool --finish /opt/bitlbee/lib/bitlbee/ && /opt/bitlbee/sbin/bitlbee -D -u bitlbee -n |
|
Token manipulation from IRC "command line" Addition: Checking: Deletion: Unrecognized settings are ignored, yay! |
|
Do we need a new pre-auth signal? How does work login do things? |
WORK login:
So basically on success calls fb_api_cb_work_prelogin->fb_api_auth and on error fb_api_error . fb_api_error finally emits "error" signal. fb_api_auth calls fb_api_cb_auth when returning, which finally emits "auth" signal. |
Parapharsing myself from bitlbee#108 : "I used this script: https://gist.github.com/Tatsujin/953551fe38d8e38aac43b423998d3deb/raw/fdad42d41161f5b6ea0f9d343e2057f99e4db8fb/bitlbee-fb-login-2fa.py I butchered the script and copied uid, did and mid from bitlbee nick.xml . uid was 0 ! I changed it temporarily to my actual fb uid. MAYBE IT WORKS FOR 0 , I DONT KNOW. I enabled SMS 2-factor auth in FB. I ran the butchered script, got SMS, I entered the SMS code (6 numbers) to the script, then I got Access token: FLIAIJ9z82u3o8muasdodsfijodifjmOIJOIJoijfOIJOIJmu9z82u3o8muasdodsfijodifjmOIJOIJoijfOIJOIJmu9z82u3o8muasdodsfijodifjmOIJOIJoijfOIJOIJmu9z82u3o8muasdodsfijodifjmOIJOIJoijfOIJOIJmu9z82u3o8muasdodsfijodifjmOIJOIJoi I put the access token to my irc client ( account facebook set token FLIAIJ9z82u3o8muasdod... ) And it worked. I don't know what exactly was needed but this worked for me, thank heavens." |
Here's from the script essentials: headers = {"Content-type": "application/x-www-form-urlencoded", "Accept": "/"} check to make sure that worked...if response['error_code'] != 406: code = input('Code: ') error_data = json.loads(response['error_data']) data['credentials_type'] = 'two_factor' params = urlencode(fb_sig(data)) print("Access token:", response['access_token']) |
Lets reason again.
|
Made TWOFACTOR_CODE / twofactor_code changes. See xml: 123456 Making it actually so that IF this exists, then run twofactor_prelogin. |
Handy debug messages can be printed: imcb_log(ic, "Authenticating just auth"); |
Mystery: With token, how does the login flow go? I don't have a work account. |
Found: static FbHttpRequest * Also, in EDIT: Yes: So, fb_api_http_req does it |
In Facebook.com, this is how to go check your authorized devices: Top right profile picture => Settings & privacy => Settings => Security and login Or more directly here: |
Proper way to do things seems to be (now while debugging):
|
Priority one: Need to print and save login_first_factor when response is 406. |
Try to intercept in fb_api_cb_auth ? |
static gboolean Adding this print:
Gets me this: |
Printing the full json: Full json: {"error_code":406,"error_msg":"Login approvals are on. Expect an SMS shortly with a code to use for log in (406)","error_data":"{"uid":1000010492XXXX,"login_first_factor":"99ucgfzVsMBKCLN0M9B2iD0ZApeqnxPq", blaah blaah Here we have first factor. Now just need to extract and same it. |
Losing my mind. I think I have everything. Now even the original, unmodified script is not working. But turns out my telco is not sending SMS to here, Mexico anymore. |
GREAT NEWS! One can go to https://www.facebook.com/security/2fac/settings/ Then select Recovery codes and use them. THE EXTERNAL SCRIPT WORKS THUSLY! Now I can actually verify the my bitlbee changes. |
There is now confusion about variables. List follows: DID MID UID CID machine_id |
When creating new account on fresh project, uid is empty. We need to build from this I'm afraid. uid is present in the error data, so we could harvest it. Lets make a prop for machine_id and then make it to be generated also and then in one function store uid, machine_id, login_first_factor |
Random ramble: This is our auth func and see the callback: void
} |
Private note: Asking for generation works. Now I need to make function to scoop the data. |
IN static gboolean Making
The function will be a partial copy of fb_api_json_chk() |
Looks like commit 000d974 fixes this. See it in action: Needs a bit of testing for sure though. |
Made a simple test by invalidating my login. Result: So I get the new token fine and can continue without issues. In https://www.facebook.com/settings/?tab=security it is clearly listed as: So, so far so good. |
Quick check on memory. root@comms:~/tmp/bitlbee/bitlbee-facebook/facebook# ps aux | grep bitl Then I do the log off: Then I activate the account again: And then I put twofactor in and get logged in: I see no imminent memory leaks. And no crashes. Considering this working. |
Note for posterity: With the machine_id changes I now get only one auth code. Previously I think got multiple. Could be due to other reasons but I feel this change has possibly stabilized the thing. |
Force pushed both changes to commit 31b56ec because nobody else was probably interested in this in the first place. |
Actually made this now into a branch as requested in bitlbee#215 Branch is here: https://github.com/usvi/bitlbee-facebook/tree/automatic-2fa-tokens |
When taking plain bitlbee-facebook, compiling and running it, we get something like this:
05:08 <@root> facebook - Logging in: Authenticating
05:08 <@root> facebook - Login error: Login approvals are on. Expect an SMS shortly with a code to use for log in (406)
05:08 <@root> facebook - Logging in: Signing off..
05:08 <@root> facebook - Logging in: Reconnecting in 15 seconds..
The text was updated successfully, but these errors were encountered: