• Like
Case Study: Reverse Engineering Facemoji
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Case Study: Reverse Engineering Facemoji

  • 2,074 views
Published

Facemoji chrome application allows users to send stickers in Facebook via PC. But this feature is only provided to Facebook Messenger for Android and iOS. The application does so by fooling Facebook’s …

Facemoji chrome application allows users to send stickers in Facebook via PC. But this feature is only provided to Facebook Messenger for Android and iOS. The application does so by fooling Facebook’s API by providing an access token related to its Android Messenger. This case study reveals all the tricks used by the app.

Published in Self Improvement
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
2,074
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
7
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. CaseStudy#1The Code JournalSidhartha Tirthankar[REVERSE ENGINEERING FACEMOJI]This case study shows how to reverse engineer Google Chrome applications and how to tinker with the FacebookAPI.
  • 2. Reverse Engineering facemoji 11 Case Study #1 | The Code Journalhttp://www.thecodejournal.com/PREFACEThis case study assumes that you have basic knowledge about Java Script (jQuery), HTTPheaders and Facebook API.Topics included:1. Reverse engineering Google Chrome applications2. Sending HTTP header requests through Fiddler23. Tinkering with the Facebook APISoftware used:1. Google Chrome (for browsing)2. Internet Explorer (for downloading Chrome application)3. Fiddler2 (for sending HTTP header requests)4. Sublime Text 2 (for analysing code)5. 7-Zip (for extracting the app)
  • 3. Reverse Engineering facemoji 22 Case Study #1 | The Code Journalhttp://www.thecodejournal.com/RESOURCESResource links:1. Google Chromehttp://chrome.google.com/2. Internet ExplorerComes preinstalled with Windows OS. Any other browser, like Firefox can alsobe used.3. Fiddler2http://www.fiddler2.com4. Sublime Text 2http://www.sublimetext.com/25. 7-Ziphttps://www.7-zip.org
  • 4. Reverse Engineering facemoji 33 Case Study #1 | The Code Journalhttp://www.thecodejournal.com/PART – 1Facemoji chrome application allows users to send stickers in Facebook via PC. But thisfeature is only provided to Facebook Messenger for Android and iOS. The application doesso by fooling Facebook’s API by providing an access token related to its Android Messenger.First, we have to download the application from Chrome App Store. This cannot be done byusing Google Chrome browser, since it will start auto installing the app once the downloadis finished. So, a secondary browser can be used to download the app to a desired locationin your computer. In this study I have used Internet Explorer, but any other browser (likeFirefox, Opera or Safari) will also do.To download the app, we need its id from Chrome App Store.First go to Chrome App Store. Then search for facemoji. On clicking the application’s name,notice the URL in your browser’s omnibox. It shows:https://chrome.google.com/webstore/detail/facemoji-stickers-for-fac/mehbdflnjkigggmglekojmmilmkhmaleThe last part of the URL is the app’s id, i.e. mehbdflnjkigggmglekojmmilmkhmaleNow open your secondary browser and go to:https://clients2.google.com/service/update2/crx?response=redirect&x=id%3Dmehbdflnjkigggmglekojmmilmkhmale%26uc
  • 5. Reverse Engineering facemoji 44 Case Study #1 | The Code Journalhttp://www.thecodejournal.com/Choose the save option and save the file to any location in your computer.Now, go to that location. You will find a file named extension_1_2_6.crxRename the file to extension_1_2_6.zip, now the file can be opened with 7-Zip.Extract all the contents of the archive.Now you have all the files contained in the app.
  • 6. Reverse Engineering facemoji 55 Case Study #1 | The Code Journalhttp://www.thecodejournal.com/PART – 2Till now we have extracted facemoji app in our computer’s local directory.Traverse to the extracted directory.Our work is only related to the js directory. So, traverse there. Now, we see:
  • 7. Reverse Engineering facemoji 66 Case Study #1 | The Code Journalhttp://www.thecodejournal.com/After looking through all the files, I concluded that only api.js, stickers.js andoptions.js are useful for our purpose.Open the three files in Sublime Text 2.Since the files are minified, activate word wrap by pressing ALT+Qapi.js has two things of our interest.First is this.CLIENT_ID="256002347743983", this indicates the id of the FacebookApp used by the application.We are still unsure of the App’s name.Next isthis.sendSticker=function(a,b){var d,c=newFormData;c.append("access_token",a.accessToken);"recipient"==a.idType?(c.append("to",[{"type":"id","id":"+a.id+"}]),d="me/threads"):(c.append("id",a.id),d="");c.append("client_tags",{"trigger":"chathead"});c.append("object_attachment",a.stickerId);c.append("locale","en_US");c.append("client_country_code","VN"); var e=newXMLHttpRequest;e.open("POST","https://graph.facebook.com/"+d,!0);This is the function which sends the stickers in Facebook.We see that this function uses HTTP headers to send POST request to the Facebook API. Wecan imitate the same by using Fiddler2.Next is options.js, this file hasa="https://www.facebook.com/dialog/oauth?page=display&response_type=token&client_id="+fbApi.CLIENT_ID+"&redirect_uri=https%3A//www.facebook.com/connect/login_success.html%3Fclient_id%3D"+fbApi.CLIENT_ID+"&scope=email%2C";This URL is used to GET the Access Token for the usage of the application(ID="256002347743983")
  • 8. Reverse Engineering facemoji 77 Case Study #1 | The Code Journalhttp://www.thecodejournal.com/stickers.js has a bunch of codes like:The numbers in blue colour indicate the id of the stickers.
  • 9. Reverse Engineering facemoji 88 Case Study #1 | The Code Journalhttp://www.thecodejournal.com/PART – 3Let the hacking begin.First open Fiddler2.Open Chrome and go tohttps://www.facebook.com/dialog/oauth?page=display&response_type=token&client_id=256002347743983&redirect_uri=https%3A//www.facebook.com/connect/login_success.html%3Fclient_id%3D256002347743983&scope=email%2CWe got this URL from options.jsQuickly switch to Fiddler2 and capture the GET request.Select the GET request from the left tab.Navigate to the right tab.In the right top tab select Inspectors and in the right bottom tab select Raw.
  • 10. Reverse Engineering facemoji 99 Case Study #1 | The Code Journalhttp://www.thecodejournal.com/The Location shows the URL returned by the GET request.Voila, we have an access token returned by Facebook.The GET request will return different access tokens for multiple requests.In this case, the access token returned by Facebook isCAADo1TDZCuu8BABkOoKuGw1TLZArl0jhe7YksR35nohNjudwByZBW3hvVITcjQUdRmqrRRpcHCVN3uKtFtns1UJZCDfPl2qWBYY1cNSgZAiBCFdIyjgt3dT65ObOASZBx0jTg20Fc4sobnWJV5nqgz4OxIm9fHVkUZDOnly the last step remains, i.e. to send the sticker to any friend in Facebook.First, send any message to your friend in Facebook message.Here I have sent myself “lol”.Next go to (make sure to alter the ?access_token= in the URL to the most recent accesstoken obtained by the GET request):https://graph.facebook.com/me/threads/?access_token=CAADo1TDZCuu8BABkOoKuGw1TLZArl0jhe7YksR35nohNjudwByZBW3hvVITcjQUdRmqrRRpcHCVN3uKtFtns1UJZCDfPl2qWBYY1cNSgZAiBCFdIyjgt3dT65ObOASZBx0jTg20Fc4sobnWJV5nqgz4OxIm9fHVkUZDYou will see something like this at the beginning of the page:Copy the id, in this case our message id is t_id.183832538440284
  • 11. Reverse Engineering facemoji 1010 Case Study #1 | The Code Journalhttp://www.thecodejournal.com/Now grab any random id from stickers.js.I’m using 126361874215276Let’s make our POST request using Fiddler2.Click on Composer in the right top tab.Under the Parsed tab, select POST from the drop down list.Set the URL https://graph.facebook.com/And select the type of request as HTTP/1.1Paste the below content in the Requested Headers section:Host: graph.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36(KHTML, like Gecko) Chrome/27.0.1453.94 Safari/537.36Origin: http://www.facebook.comContent-Type: multipart/form-data; boundary=----separatorAccept: */*Accept-Encoding: gzip,deflate,sdchAccept-Language: en-GB,en-US;q=0.8,en;q=0.6Content-Length: 435
  • 12. Reverse Engineering facemoji 1111 Case Study #1 | The Code Journalhttp://www.thecodejournal.com/And in the Request Body section paste (remember to change all the values in the requestbody as per your setup):------separatorContent-Disposition: form-data; name="access_token"CAADo1TDZCuu8BABkOoKuGw1TLZArl0jhe7YksR35nohNjudwByZBW3hvVITcjQUdRmqrRRpcHCVN3uKtFtns1UJZCDfPl2qWBYY1cNSgZAiBCFdIyjgt3dT65ObOASZBx0jTg20Fc4sobnWJV5nqgz4OxIm9fHVkUZD------separatorContent-Disposition: form-data; name="id"t_id.183832538440284------separatorContent-Disposition: form-data; name="object_attachment"126361874215276------separator--Hit the Execute button in the top right portion of the right tab.
  • 13. Reverse Engineering facemoji 1212 Case Study #1 | The Code Journalhttp://www.thecodejournal.com/Now head over to your Facebook messages to see a nice surprise.
  • 14. Reverse Engineering facemoji 1313 Case Study #1 | The Code Journalhttp://www.thecodejournal.com/POST MORTEM OF THE ACCESS TOKENWe were successful in our attempt to message stickers in Facebook via PC.But where exactly did we fool Facebook into thinking that we are sending the request fromits own Android Messenger app?Let’s go to https://developers.facebook.com/tools/debugEnter the access token in the input box and hit Debug.Notice the App ID, it says Facebook Messenger for Android.In short, we cheated Facebooks API by sending it an access token generated by its ownMessenger for Android app.That is what facemoji is doing to post Stickers in Facebook via PC.
  • 15. Reverse Engineering facemoji 1414 Case Study #1 | The Code Journalhttp://www.thecodejournal.com/FEEDBACKS“And now I own a Symbian powered phone, an Android poweredphone, and an iOS powered phone. Amazing work. ”- Dibya Ranjan Bhoi (Admin, TheWackyHeads)
  • 16. Reverse Engineering facemoji 1515 Case Study #1 | The Code Journalhttp://www.thecodejournal.com/ABOUT THE AUTHORSIDHARTHA TIRTHANKARIm a programmer and blogger.Specialties: C, C++, Python, HTML/CSS, JavaScript (and jQuery),PHP, SQL, Facebook APIE-mail: zappergod@gmail.comBlog: http://www.thecodejournal.comLinkedIn: http://in.linkedin.com/in/sidharthatirthankar