日向坂46メッセージ取得用の refresh_token が取得できない #108
Comments
|
I'm facing the same issue.
I think it only captures the /update_token only, not /signin. |
|
The app looks like enabled SSL pinning. The update should be a month before with UI amendment. This feature would only trust the application stated SSL Certification rather than the MITM certification. What if you are using iOS, it's very difficult to capture. But, Android is still possible. Also, another stuff is the This is my observation. |
|
Thank you for issue and investigating. It seems that getting the Even on Android, it is difficult to use Currently, it is difficult for new users to use Unfortunately, I don't have a complete solution for this issue at the moment. For now, I will add a notice about this issue at the top of the repository. |
|
I think, for now, the best approach is to avoid updating or downgrading the app if you're using Android. I've tested on both my iOS and Android phones and successfully retrieved the iOS Android So, yeah, they enabled SSL pinning after the major UI update in August 2024. Luckily, we can still use the older app versions.
|
|
I have confirmed that the refresh_token can be obtained by using an emulator running in Genymotion on Windows and Intel-based Macs. In Genymotion, start a device with Android 6.0 or below, and download the "日向坂46 メッセージ" app version below 3 from APKPure. After that, you can obtain the refresh_token using mitmproxy as usual. I haven't figured out a way to run an Android 6.0 or earlier emulator on an Apple Silicon Mac, so the same method doesn't work. If you have any ideas, I'd appreciate your help. |
|
Can we use access_token to download as many as possible as a temporary solution? access_token expires after an hour iirc which is enough to download quite a lot of messages |
|
Force updated has been released. Since 2400-2800, Dec.18, 2024, both iOS and Android devices would be requested to use latest version. So, from Dec.19, 2024, it is highly impossible to retrieve |
|
Yup, I got the notification too. I guess this is the end for us? |
Yes, but if you have already retrieved the According the flow of application,
But, the things we discussed above are related to SSL pinning. In other words, the case all communications are protected with the SSL certification. It's very difficult to capture the communication between the application and server. |
Maybe. It's becoming those Cheers mates! 🍻 Thanks @proshunsuke to contribute this project. |
So, it means that despite having an access token, we still can't do anything because of SSL pinning? |
It's kinda sad, though. I really need this for when a member graduates or for monthly backups. I guess this might be the end for us—or maybe not. I hope the Chinese Weibo fans can do something about it. |
Because So, once you have |
Yeah, I mean, as long as we have the |
Seems like that. |
|
Thank you for notifying about the forced update. As explained, once a valid Due to the forced update, it will become difficult to retrieve a new |
I'm trying to use Genymotion on my Linux and I'm encountering an error like this. Do I need to use Android 7.0 or higher? |
|
Wait... maybe it's just a technical problem on Flutter...
|
Oh? So this Mobame app uses Flutter? I just found out... I tried using Reqable with the 'Bypass All SSL' feature yesterday, yet it still did not capture the API hits. |
|
I am able to get the token by running the latest APK on an Android Emulator. Do a scan using Cheat Engine on the emulator process. It takes some time to try an error to inspect the memory. |
can you provide which emulator you are using and maybe the process? I tried with nox and seems not working |
I am using LDPlayer 9. The process name is Ld9BoxHeadless. |
概要
refresh_token の取得手順 の mitmproxy で解析中に
https://api.kh.glastonr.net/v2/signinへのリクエストが見つからないため refresh_token が取得できない情報
関係ないものもあるかもしれませんが、調査に関する情報を記載します。
The text was updated successfully, but these errors were encountered: