-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
日向坂46メッセージ取得用の refresh_token が取得できない #108
Comments
The app looks like enabled SSL pinning. The update should be a month before with UI amendment. This feature would only trust the application stated SSL Certification rather than the MITM certification. What if you are using iOS, it's very difficult to capture. But, Android is still possible. Also, another stuff is the This is my observation. |
Thank you for issue and investigating. It seems that getting the Even on Android, it is difficult to use Currently, it is difficult for new users to use Unfortunately, I don't have a complete solution for this issue at the moment. For now, I will add a notice about this issue at the top of the repository. |
I think, for now, the best approach is to avoid updating or downgrading the app if you're using Android. I've tested on both my iOS and Android phones and successfully retrieved the iOS Android So, yeah, they enabled SSL pinning after the major UI update in August 2024. Luckily, we can still use the older app versions. |
I have confirmed that the refresh_token can be obtained by using an emulator running in Genymotion on Windows and Intel-based Macs. In Genymotion, start a device with Android 6.0 or below, and download the "日向坂46 メッセージ" app version below 3 from APKPure. After that, you can obtain the refresh_token using mitmproxy as usual. I haven't figured out a way to run an Android 6.0 or earlier emulator on an Apple Silicon Mac, so the same method doesn't work. If you have any ideas, I'd appreciate your help. |
Can we use access_token to download as many as possible as a temporary solution? access_token expires after an hour iirc which is enough to download quite a lot of messages |
Force updated has been released. Since 2400-2800, Dec.18, 2024, both iOS and Android devices would be requested to use latest version. So, from Dec.19, 2024, it is highly impossible to retrieve |
Yes, but if you have already retrieved the According the flow of application,
But, the things we discussed above are related to SSL pinning. In other words, the case all communications are protected with the SSL certification. It's very difficult to capture the communication between the application and server. |
Maybe. It's becoming those Cheers mates! 🍻 Thanks @proshunsuke to contribute this project. |
So, it means that despite having an access token, we still can't do anything because of SSL pinning? |
It's kinda sad, though. I really need this for when a member graduates or for monthly backups. I guess this might be the end for us—or maybe not. I hope the Chinese Weibo fans can do something about it. |
Because So, once you have |
Yeah, I mean, as long as we have the |
Seems like that. |
Thank you for notifying about the forced update. As explained, once a valid Due to the forced update, it will become difficult to retrieve a new |
I'm trying to use Genymotion on my Linux and I'm encountering an error like this. Do I need to use Android 7.0 or higher? |
Wait... maybe it's just a technical problem on Flutter...
|
Oh? So this Mobame app uses Flutter? I just found out... I tried using Reqable with the 'Bypass All SSL' feature yesterday, yet it still did not capture the API hits. |
I am able to get the token by running the latest APK on an Android Emulator. Do a scan using Cheat Engine on the emulator process. It takes some time to try an error to inspect the memory. |
can you provide which emulator you are using and maybe the process? I tried with nox and seems not working |
I am using LDPlayer 9. The process name is Ld9BoxHeadless. |
I'm trying to do this. |
On the login confirmation screen, I searched for "refresh_token" (the double quotation marks are necessary), then right-clicked on the result and selected "Browse this memory region," where I found my refresh_token. |
so thank you! |
Hello, I have followed your instructions to locate the refresh_token. |
After selecting 'Browse this memory region,' the Memory Viewer pops up, and you need to locate your refresh_token in the ascii pane, which is written in the format: "refresh_token":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx". |
Thank you, I get refresh token now! |
When I download Nogizaka msg, it shows:[31m[colmsg error][0m: HTTP status client error (400 Bad Request) for url (https://api.n46.glastonr.net/v2/update_token). |
Yes, I did encounter this issue, but updating colmsg to version 3.2.1 resolved it. |
Thank you! |
概要
refresh_token の取得手順 の mitmproxy で解析中に
https://api.kh.glastonr.net/v2/signin
へのリクエストが見つからないため refresh_token が取得できない情報
関係ないものもあるかもしれませんが、調査に関する情報を記載します。
The text was updated successfully, but these errors were encountered: