You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1465 lines
42 KiB
1465 lines
42 KiB
// SPDX-FileCopyrightText: 2023 The Pion community <https://pion.ly>
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package main
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"crypto/md5"
|
|
"crypto/sha256"
|
|
"crypto/tls"
|
|
"encoding/base64"
|
|
"encoding/hex"
|
|
"encoding/json"
|
|
"flag"
|
|
"fmt"
|
|
"io"
|
|
"log"
|
|
"math/rand"
|
|
"net"
|
|
neturl "net/url"
|
|
"os"
|
|
"os/signal"
|
|
"strconv"
|
|
"strings"
|
|
"sync"
|
|
"sync/atomic"
|
|
"syscall"
|
|
"time"
|
|
|
|
fhttp "github.com/bogdanfinn/fhttp"
|
|
tlsclient "github.com/bogdanfinn/tls-client"
|
|
"github.com/bogdanfinn/tls-client/profiles"
|
|
|
|
"github.com/bschaatsbergen/dnsdialer"
|
|
"github.com/cbeuw/connutil"
|
|
"github.com/google/uuid"
|
|
"github.com/pion/dtls/v3"
|
|
"github.com/pion/dtls/v3/pkg/crypto/selfsign"
|
|
"github.com/pion/logging"
|
|
"github.com/pion/turn/v5"
|
|
)
|
|
|
|
// Global state trackers
|
|
var (
|
|
globalCaptchaLockout atomic.Int64
|
|
isDebug bool
|
|
manualCaptcha bool
|
|
autoCaptchaSliderPOC bool
|
|
globalAppCancel context.CancelFunc
|
|
)
|
|
|
|
type captchaSolveMode int
|
|
|
|
const (
|
|
captchaSolveModeAuto captchaSolveMode = iota
|
|
captchaSolveModeSliderPOC
|
|
captchaSolveModeManual
|
|
)
|
|
|
|
func captchaSolveModeForAttempt(attempt int, manualOnly bool, enableSliderPOC bool) (captchaSolveMode, bool) {
|
|
if manualOnly {
|
|
return captchaSolveModeManual, attempt == 0
|
|
}
|
|
|
|
switch attempt {
|
|
case 0:
|
|
return captchaSolveModeAuto, true
|
|
case 1:
|
|
if enableSliderPOC {
|
|
return captchaSolveModeSliderPOC, true
|
|
}
|
|
return captchaSolveModeManual, true
|
|
case 2:
|
|
if enableSliderPOC {
|
|
return captchaSolveModeManual, true
|
|
}
|
|
}
|
|
|
|
return 0, false
|
|
}
|
|
|
|
func captchaSolveModeLabel(mode captchaSolveMode) string {
|
|
switch mode {
|
|
case captchaSolveModeAuto:
|
|
return "auto captcha"
|
|
case captchaSolveModeSliderPOC:
|
|
return "auto captcha slider POC"
|
|
case captchaSolveModeManual:
|
|
return "manual captcha"
|
|
default:
|
|
return "captcha"
|
|
}
|
|
}
|
|
|
|
// region Helper: HTTP Headers Injection
|
|
|
|
func applyBrowserProfileFhttp(req *fhttp.Request, profile Profile) {
|
|
req.Header.Set("User-Agent", profile.UserAgent)
|
|
req.Header.Set("sec-ch-ua", profile.SecChUa)
|
|
req.Header.Set("sec-ch-ua-mobile", profile.SecChUaMobile)
|
|
req.Header.Set("sec-ch-ua-platform", profile.SecChUaPlatform)
|
|
req.Header.Set("Accept-Language", "en-US,en;q=0.9")
|
|
req.Header.Set("DNT", "1")
|
|
}
|
|
|
|
func generateBrowserFp(profile Profile) string {
|
|
data := profile.UserAgent + profile.SecChUa + "1920x1080x24" + strconv.FormatInt(time.Now().UnixNano(), 10)
|
|
h := md5.Sum([]byte(data))
|
|
return hex.EncodeToString(h[:])
|
|
}
|
|
|
|
func getCustomNetDialer() net.Dialer {
|
|
return net.Dialer{
|
|
Timeout: 20 * time.Second,
|
|
KeepAlive: 30 * time.Second,
|
|
Resolver: &net.Resolver{
|
|
PreferGo: true,
|
|
Dial: func(ctx context.Context, network, address string) (net.Conn, error) {
|
|
var d net.Dialer
|
|
dnsServers := []string{"77.88.8.8:53", "77.88.8.1:53", "8.8.8.8:53", "8.8.4.4:53", "1.1.1.1:53", "1.0.0.1:53"}
|
|
var lastErr error
|
|
for _, dns := range dnsServers {
|
|
conn, err := d.DialContext(ctx, "udp", dns)
|
|
if err == nil {
|
|
return conn, nil
|
|
}
|
|
lastErr = err
|
|
}
|
|
return nil, lastErr
|
|
},
|
|
},
|
|
}
|
|
}
|
|
|
|
func generateFakeCursor() string {
|
|
startX := 600 + rand.Intn(400)
|
|
startY := 300 + rand.Intn(200)
|
|
startTime := time.Now().UnixMilli() - int64(rand.Intn(2000)+1000)
|
|
var points []string
|
|
for i := 0; i < 15+rand.Intn(10); i++ {
|
|
startX += rand.Intn(15) - 5
|
|
startY += rand.Intn(15) + 2
|
|
startTime += int64(rand.Intn(40) + 10)
|
|
points = append(points, fmt.Sprintf(`{"x":%d,"y":%d,"t":%d}`, startX, startY, startTime))
|
|
}
|
|
return "[" + strings.Join(points, ",") + "]"
|
|
}
|
|
|
|
// endregion
|
|
|
|
// region Automatic Captcha Solver & Authentication
|
|
|
|
type VkCaptchaError struct {
|
|
ErrorCode int
|
|
ErrorMsg string
|
|
CaptchaSid string
|
|
CaptchaImg string
|
|
RedirectURI string
|
|
IsSoundCaptchaAvailable bool
|
|
SessionToken string
|
|
CaptchaTs string
|
|
CaptchaAttempt string
|
|
}
|
|
|
|
func ParseVkCaptchaError(errData map[string]interface{}) *VkCaptchaError {
|
|
// Extract error_code
|
|
codeFloat, ok := errData["error_code"].(float64)
|
|
if !ok {
|
|
log.Printf("missing error_code in captcha error data")
|
|
return nil
|
|
}
|
|
code := int(codeFloat)
|
|
|
|
// Extract redirect_uri
|
|
RedirectURI, ok := errData["redirect_uri"].(string)
|
|
if !ok {
|
|
log.Printf("missing redirect_uri in captcha error data")
|
|
return nil
|
|
}
|
|
|
|
// Extract captcha_sid
|
|
captchaSid, ok := errData["captcha_sid"].(string)
|
|
if !ok {
|
|
// try numeric
|
|
if sidNum, ok2 := errData["captcha_sid"].(float64); ok2 {
|
|
captchaSid = fmt.Sprintf("%.0f", sidNum)
|
|
} else {
|
|
log.Printf("missing captcha_sid in captcha error data")
|
|
return nil
|
|
}
|
|
}
|
|
|
|
// Extract captcha_img
|
|
captchaImg, ok := errData["captcha_img"].(string)
|
|
if !ok {
|
|
log.Printf("missing captcha_img in captcha error data")
|
|
return nil
|
|
}
|
|
|
|
// Extract error_msg
|
|
errorMsg, ok := errData["error_msg"].(string)
|
|
if !ok {
|
|
log.Printf("missing error_msg in captcha error data")
|
|
return nil
|
|
}
|
|
|
|
// Extract session token if redirect_uri present
|
|
var sessionToken string
|
|
if RedirectURI != "" {
|
|
if parsed, err := neturl.Parse(RedirectURI); err == nil {
|
|
sessionToken = parsed.Query().Get("session_token")
|
|
} else {
|
|
log.Printf("failed to parse redirect_uri: %v", err)
|
|
return nil
|
|
}
|
|
}
|
|
|
|
// Extract is_sound_captcha_available
|
|
isSound, ok := errData["is_sound_captcha_available"].(bool)
|
|
if !ok {
|
|
isSound = false
|
|
}
|
|
|
|
// Extract captcha_ts
|
|
var captchaTs string
|
|
if tsFloat, ok := errData["captcha_ts"].(float64); ok {
|
|
captchaTs = fmt.Sprintf("%.0f", tsFloat)
|
|
} else if tsStr, ok := errData["captcha_ts"].(string); ok {
|
|
captchaTs = tsStr
|
|
}
|
|
|
|
// Extract captcha_attempt
|
|
var captchaAttempt string
|
|
if attFloat, ok := errData["captcha_attempt"].(float64); ok {
|
|
captchaAttempt = fmt.Sprintf("%.0f", attFloat)
|
|
} else if attStr, ok := errData["captcha_attempt"].(string); ok {
|
|
captchaAttempt = attStr
|
|
}
|
|
|
|
// Build VkCaptchaError
|
|
return &VkCaptchaError{
|
|
ErrorCode: code,
|
|
ErrorMsg: errorMsg,
|
|
CaptchaSid: captchaSid,
|
|
CaptchaImg: captchaImg,
|
|
RedirectURI: RedirectURI,
|
|
IsSoundCaptchaAvailable: isSound,
|
|
SessionToken: sessionToken,
|
|
CaptchaTs: captchaTs,
|
|
CaptchaAttempt: captchaAttempt,
|
|
}
|
|
}
|
|
|
|
func (e *VkCaptchaError) IsCaptchaError() bool {
|
|
return e.ErrorCode == 14 && e.RedirectURI != "" && e.SessionToken != ""
|
|
}
|
|
|
|
func solveVkCaptcha(ctx context.Context, captchaErr *VkCaptchaError, streamID int, client tlsclient.HttpClient, profile Profile, useSliderPOC bool) (string, error) {
|
|
if useSliderPOC {
|
|
log.Printf("[STREAM %d] [Captcha] Solving captcha with slider POC...", streamID)
|
|
} else {
|
|
log.Printf("[STREAM %d] [Captcha] Solving captcha...", streamID)
|
|
}
|
|
|
|
if captchaErr.SessionToken == "" {
|
|
return "", fmt.Errorf("no session_token in redirect_uri for auto-solve")
|
|
}
|
|
if captchaErr.RedirectURI == "" {
|
|
return "", fmt.Errorf("no redirect_uri for auto-solve")
|
|
}
|
|
|
|
bootstrap, err := fetchCaptchaBootstrap(ctx, captchaErr.RedirectURI, client, profile)
|
|
if err != nil {
|
|
return "", fmt.Errorf("failed to fetch captcha bootstrap: %w", err)
|
|
}
|
|
|
|
log.Printf("[STREAM %d] [Captcha] PoW input: %s, difficulty: %d", streamID, bootstrap.PowInput, bootstrap.Difficulty)
|
|
|
|
hash := solvePoW(bootstrap.PowInput, bootstrap.Difficulty)
|
|
log.Printf("[STREAM %d] [Captcha] PoW solved: hash=%s", streamID, hash)
|
|
|
|
var successToken string
|
|
if useSliderPOC {
|
|
successToken, err = callCaptchaNotRobotWithSliderPOC(
|
|
ctx,
|
|
captchaErr.SessionToken,
|
|
hash,
|
|
streamID,
|
|
client,
|
|
profile,
|
|
bootstrap.Settings,
|
|
)
|
|
} else {
|
|
successToken, err = callCaptchaNotRobot(ctx, captchaErr.SessionToken, hash, streamID, client, profile)
|
|
}
|
|
if err != nil {
|
|
return "", fmt.Errorf("captchaNotRobot API failed: %w", err)
|
|
}
|
|
|
|
log.Printf("[STREAM %d] [Captcha] Success! Got success_token", streamID)
|
|
return successToken, nil
|
|
}
|
|
|
|
func fetchCaptchaBootstrap(ctx context.Context, redirectURI string, client tlsclient.HttpClient, profile Profile) (*captchaBootstrap, error) {
|
|
parsedURL, err := neturl.Parse(redirectURI)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
domain := parsedURL.Hostname()
|
|
|
|
req, err := fhttp.NewRequestWithContext(ctx, "GET", redirectURI, nil)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
req.Host = domain
|
|
applyBrowserProfileFhttp(req, profile)
|
|
req.Header.Set("Sec-Fetch-Site", "none")
|
|
req.Header.Set("Sec-Fetch-Mode", "navigate")
|
|
req.Header.Set("Sec-Fetch-Dest", "document")
|
|
req.Header.Set("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8")
|
|
|
|
resp, err := client.Do(req)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer func(Body io.ReadCloser) {
|
|
_ = Body.Close()
|
|
}(resp.Body)
|
|
|
|
body, err := io.ReadAll(resp.Body)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return parseCaptchaBootstrapHTML(string(body))
|
|
}
|
|
|
|
func solvePoW(powInput string, difficulty int) string {
|
|
target := strings.Repeat("0", difficulty)
|
|
for nonce := 1; nonce <= 10000000; nonce++ {
|
|
data := powInput + strconv.Itoa(nonce)
|
|
hash := sha256.Sum256([]byte(data))
|
|
hexHash := hex.EncodeToString(hash[:])
|
|
if strings.HasPrefix(hexHash, target) {
|
|
return hexHash
|
|
}
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func callCaptchaNotRobot(ctx context.Context, sessionToken, hash string, streamID int, client tlsclient.HttpClient, profile Profile) (string, error) {
|
|
vkReq := func(method string, postData string) (map[string]interface{}, error) {
|
|
reqURL := "https://api.vk.ru/method/" + method + "?v=5.131"
|
|
parsedURL, err := neturl.Parse(reqURL)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("parse request URL: %w", err)
|
|
}
|
|
domain := parsedURL.Hostname()
|
|
|
|
req, err := fhttp.NewRequestWithContext(ctx, "POST", reqURL, strings.NewReader(postData))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
req.Host = domain
|
|
applyBrowserProfileFhttp(req, profile)
|
|
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
|
req.Header.Set("Accept", "*/*")
|
|
req.Header.Set("Origin", "https://id.vk.ru")
|
|
req.Header.Set("Referer", "https://id.vk.ru/")
|
|
req.Header.Set("Sec-Fetch-Site", "same-site")
|
|
req.Header.Set("Sec-Fetch-Mode", "cors")
|
|
req.Header.Set("Sec-Fetch-Dest", "empty")
|
|
req.Header.Set("Sec-GPC", "1")
|
|
req.Header.Set("Priority", "u=1, i")
|
|
|
|
httpResp, err := client.Do(req)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer func(Body io.ReadCloser) {
|
|
_ = Body.Close()
|
|
}(httpResp.Body)
|
|
|
|
body, err := io.ReadAll(httpResp.Body)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
var resp map[string]interface{}
|
|
if err := json.Unmarshal(body, &resp); err != nil {
|
|
return nil, err
|
|
}
|
|
return resp, nil
|
|
}
|
|
|
|
baseParams := fmt.Sprintf("session_token=%s&domain=vk.com&adFp=&access_token=", neturl.QueryEscape(sessionToken))
|
|
|
|
log.Printf("[STREAM %d] [Captcha] Step 1/4: settings", streamID)
|
|
if _, err := vkReq("captchaNotRobot.settings", baseParams); err != nil {
|
|
return "", fmt.Errorf("settings failed: %w", err)
|
|
}
|
|
|
|
time.Sleep(200 * time.Millisecond)
|
|
|
|
log.Printf("[STREAM %d] [Captcha] Step 2/4: componentDone", streamID)
|
|
browserFp := generateBrowserFp(profile)
|
|
deviceJSON := buildCaptchaDeviceJSON(profile)
|
|
componentDoneData := baseParams + fmt.Sprintf("&browser_fp=%s&device=%s", browserFp, neturl.QueryEscape(deviceJSON))
|
|
|
|
if _, err := vkReq("captchaNotRobot.componentDone", componentDoneData); err != nil {
|
|
return "", fmt.Errorf("componentDone failed: %w", err)
|
|
}
|
|
|
|
time.Sleep(200 * time.Millisecond)
|
|
|
|
log.Printf("[STREAM %d] [Captcha] Step 3/4: check", streamID)
|
|
cursorJSON := generateFakeCursor()
|
|
answer := base64.StdEncoding.EncodeToString([]byte("{}"))
|
|
|
|
// Dynamically generate debug_info to avoid static fingerprint bans
|
|
debugInfoBytes := md5.Sum([]byte(profile.UserAgent + strconv.FormatInt(time.Now().UnixNano(), 10)))
|
|
debugInfo := hex.EncodeToString(debugInfoBytes[:])
|
|
|
|
connectionRtt := "[50,50,50,50,50,50,50,50,50,50]"
|
|
connectionDownlink := "[9.5,9.5,9.5,9.5,9.5,9.5,9.5,9.5,9.5,9.5,9.5,9.5,9.5,9.5,9.5,9.5]"
|
|
|
|
checkData := baseParams + fmt.Sprintf(
|
|
"&accelerometer=%s&gyroscope=%s&motion=%s&cursor=%s&taps=%s&connectionRtt=%s&connectionDownlink=%s&browser_fp=%s&hash=%s&answer=%s&debug_info=%s",
|
|
neturl.QueryEscape("[]"), neturl.QueryEscape("[]"), neturl.QueryEscape("[]"),
|
|
neturl.QueryEscape(cursorJSON), neturl.QueryEscape("[]"), neturl.QueryEscape(connectionRtt),
|
|
neturl.QueryEscape(connectionDownlink),
|
|
browserFp, hash, answer, debugInfo,
|
|
)
|
|
|
|
checkResp, err := vkReq("captchaNotRobot.check", checkData)
|
|
if err != nil {
|
|
return "", fmt.Errorf("check failed: %w", err)
|
|
}
|
|
|
|
respObj, ok := checkResp["response"].(map[string]interface{})
|
|
if !ok {
|
|
return "", fmt.Errorf("invalid check response: %v", checkResp)
|
|
}
|
|
status, ok := respObj["status"].(string)
|
|
if !ok || status != "OK" {
|
|
return "", fmt.Errorf("check status: %s", status)
|
|
}
|
|
successToken, ok := respObj["success_token"].(string)
|
|
if !ok || successToken == "" {
|
|
return "", fmt.Errorf("success_token not found")
|
|
}
|
|
|
|
time.Sleep(200 * time.Millisecond)
|
|
|
|
log.Printf("[STREAM %d] [Captcha] Step 4/4: endSession", streamID)
|
|
_, err = vkReq("captchaNotRobot.endSession", baseParams)
|
|
if err != nil {
|
|
log.Printf("[STREAM %d] [Captcha] Warning: endSession failed: %v", streamID, err)
|
|
}
|
|
|
|
return successToken, nil
|
|
}
|
|
|
|
func isAuthError(err error) bool {
|
|
if err == nil {
|
|
return false
|
|
}
|
|
errStr := err.Error()
|
|
return strings.Contains(errStr, "401") ||
|
|
strings.Contains(errStr, "Unauthorized") ||
|
|
strings.Contains(errStr, "authentication") ||
|
|
strings.Contains(errStr, "invalid credential") ||
|
|
strings.Contains(errStr, "stale nonce")
|
|
}
|
|
|
|
func handleAuthError(streamID int) bool {
|
|
cache := getStreamCache(streamID)
|
|
cacheID := getCacheID(streamID)
|
|
|
|
now := time.Now().Unix()
|
|
|
|
if now-cache.lastErrorTime.Load() > int64(errorWindow.Seconds()) {
|
|
cache.errorCount.Store(0)
|
|
}
|
|
|
|
count := cache.errorCount.Add(1)
|
|
cache.lastErrorTime.Store(now)
|
|
|
|
log.Printf("[STREAM %d] Auth error (cache=%d, count=%d/%d)", streamID, cacheID, count, maxCacheErrors)
|
|
|
|
if count >= maxCacheErrors {
|
|
log.Printf("[VK Auth] Multiple auth errors detected (%d), invalidating cache %d for stream %d...", count, cacheID, streamID)
|
|
cache.invalidate(streamID)
|
|
return true
|
|
}
|
|
return false
|
|
}
|
|
|
|
// region VK Credentials Layer
|
|
|
|
type VKCredentials struct {
|
|
ClientID string
|
|
ClientSecret string
|
|
}
|
|
|
|
var vkCredentialsList = []VKCredentials{
|
|
{ClientID: "6287487", ClientSecret: "QbYic1K3lEV5kTGiqlq2"}, // VK_WEB_APP_ID
|
|
//{ClientID: "7879029", ClientSecret: "aR5NKGmm03GYrCiNKsaw"}, // VK_MVK_APP_ID
|
|
//{ClientID: "52461373", ClientSecret: "o557NLIkAErNhakXrQ7A"}, // VK_WEB_VKVIDEO_APP_ID
|
|
//{ClientID: "52649896", ClientSecret: "WStp4ihWG4l3nmXZgIbC"}, // VK_MVK_VKVIDEO_APP_ID
|
|
//{ClientID: "51781872", ClientSecret: "IjjCNl4L4Tf5QZEXIHKK"}, // VK_ID_AUTH_APP
|
|
}
|
|
|
|
func vkDelayRandom(minMs, maxMs int) {
|
|
ms := minMs + rand.Intn(maxMs-minMs+1)
|
|
time.Sleep(time.Duration(ms) * time.Millisecond)
|
|
}
|
|
|
|
func getVkCredsCached(ctx context.Context, link string, streamID int, dialer *dnsdialer.Dialer) (string, string, string, error) {
|
|
cache := getStreamCache(streamID)
|
|
cacheID := getCacheID(streamID)
|
|
|
|
cache.mutex.RLock()
|
|
if cache.creds.Link == link && time.Now().Before(cache.creds.ExpiresAt) {
|
|
expires := time.Until(cache.creds.ExpiresAt)
|
|
u, p, a := cache.creds.Username, cache.creds.Password, cache.creds.ServerAddr
|
|
cache.mutex.RUnlock()
|
|
if isDebug {
|
|
log.Printf("[STREAM %d] [VK Auth] Using cached credentials (cache=%d, expires in %v)", streamID, cacheID, expires)
|
|
}
|
|
return u, p, a, nil
|
|
}
|
|
cache.mutex.RUnlock()
|
|
|
|
cache.mutex.Lock()
|
|
defer cache.mutex.Unlock()
|
|
|
|
// Double-check inside lock
|
|
if cache.creds.Link == link && time.Now().Before(cache.creds.ExpiresAt) {
|
|
return cache.creds.Username, cache.creds.Password, cache.creds.ServerAddr, nil
|
|
}
|
|
|
|
user, pass, addr, err := fetchVkCredsSerialized(ctx, link, streamID, dialer)
|
|
if err != nil {
|
|
return "", "", "", err
|
|
}
|
|
|
|
cache.creds = TurnCredentials{Username: user, Password: pass, ServerAddr: addr, ExpiresAt: time.Now().Add(credentialLifetime - cacheSafetyMargin), Link: link}
|
|
return user, pass, addr, nil
|
|
}
|
|
|
|
var (
|
|
vkRequestMu sync.Mutex
|
|
globalLastVkFetchTime time.Time
|
|
)
|
|
|
|
func fetchVkCredsSerialized(ctx context.Context, link string, streamID int, dialer *dnsdialer.Dialer) (string, string, string, error) {
|
|
vkRequestMu.Lock()
|
|
defer vkRequestMu.Unlock()
|
|
|
|
// Ensure a minimum cooldown between credential requests to avoid VK rate limits
|
|
minInterval := 3*time.Second + time.Duration(rand.Intn(3000))*time.Millisecond
|
|
elapsed := time.Since(globalLastVkFetchTime)
|
|
|
|
if !globalLastVkFetchTime.IsZero() && elapsed < minInterval {
|
|
wait := minInterval - elapsed
|
|
log.Printf("[STREAM %d] [VK Auth] Throttling: waiting %v to prevent rate limit...", streamID, wait.Truncate(time.Millisecond))
|
|
select {
|
|
case <-ctx.Done():
|
|
return "", "", "", ctx.Err()
|
|
case <-time.After(wait):
|
|
}
|
|
}
|
|
|
|
defer func() {
|
|
globalLastVkFetchTime = time.Now()
|
|
}()
|
|
|
|
return fetchVkCreds(ctx, link, streamID, dialer)
|
|
}
|
|
|
|
func fetchVkCreds(ctx context.Context, link string, streamID int, dialer *dnsdialer.Dialer) (string, string, string, error) {
|
|
// Check Global Lockout to prevent API bans
|
|
if time.Now().Unix() < globalCaptchaLockout.Load() {
|
|
return "", "", "", fmt.Errorf("CAPTCHA_WAIT_REQUIRED: global lockout active")
|
|
}
|
|
|
|
var lastErr error
|
|
jar := tlsclient.NewCookieJar()
|
|
|
|
for _, creds := range vkCredentialsList {
|
|
log.Printf("[STREAM %d] [VK Auth] Trying credentials: client_id=%s", streamID, creds.ClientID)
|
|
|
|
user, pass, addr, err := getTokenChain(ctx, link, streamID, creds, dialer, jar)
|
|
|
|
if err == nil {
|
|
log.Printf("[STREAM %d] [VK Auth] Success with client_id=%s", streamID, creds.ClientID)
|
|
return user, pass, addr, nil
|
|
}
|
|
|
|
lastErr = err
|
|
log.Printf("[STREAM %d] [VK Auth] Failed with client_id=%s: %v", streamID, creds.ClientID, err)
|
|
|
|
// Hard abort on captcha/fatal conditions instead of trying next creds
|
|
if strings.Contains(err.Error(), "CAPTCHA_WAIT_REQUIRED") || strings.Contains(err.Error(), "FATAL_CAPTCHA") {
|
|
return "", "", "", err
|
|
}
|
|
|
|
if strings.Contains(err.Error(), "error_code:29") || strings.Contains(err.Error(), "error_code: 29") || strings.Contains(err.Error(), "Rate limit") {
|
|
log.Printf("[STREAM %d] [VK Auth] Rate limit detected, trying next credentials...", streamID)
|
|
}
|
|
}
|
|
|
|
return "", "", "", fmt.Errorf("all VK credentials failed: %w", lastErr)
|
|
}
|
|
|
|
func getTokenChain(ctx context.Context, link string, streamID int, creds VKCredentials, dialer *dnsdialer.Dialer, jar tlsclient.CookieJar) (string, string, string, error) {
|
|
profile := Profile{
|
|
UserAgent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36",
|
|
SecChUa: `"Not(A:Brand";v="99", "Google Chrome";v="146", "Chromium";v="146"`,
|
|
SecChUaMobile: "?0",
|
|
SecChUaPlatform: `"Windows"`,
|
|
}
|
|
|
|
client, err := tlsclient.NewHttpClient(tlsclient.NewNoopLogger(),
|
|
tlsclient.WithTimeoutSeconds(20),
|
|
tlsclient.WithClientProfile(profiles.Chrome_146),
|
|
tlsclient.WithCookieJar(jar),
|
|
tlsclient.WithDialer(getCustomNetDialer()),
|
|
)
|
|
if err != nil {
|
|
return "", "", "", fmt.Errorf("failed to initialize tls_client: %w", err)
|
|
}
|
|
|
|
name := generateName()
|
|
escapedName := neturl.QueryEscape(name)
|
|
|
|
log.Printf("[STREAM %d] [VK Auth] Connecting Identity - Name: %s | User-Agent: %s", streamID, name, profile.UserAgent)
|
|
|
|
doRequest := func(data string, url string) (resp map[string]interface{}, err error) {
|
|
parsedURL, err := neturl.Parse(url)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("parse request URL: %w", err)
|
|
}
|
|
domain := parsedURL.Hostname()
|
|
|
|
req, err := fhttp.NewRequestWithContext(ctx, "POST", url, bytes.NewBuffer([]byte(data)))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
req.Host = domain
|
|
applyBrowserProfileFhttp(req, profile)
|
|
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
|
req.Header.Set("Accept", "*/*")
|
|
req.Header.Set("Origin", "https://vk.ru")
|
|
req.Header.Set("Referer", "https://vk.ru/")
|
|
req.Header.Set("Sec-Fetch-Site", "same-site")
|
|
req.Header.Set("Sec-Fetch-Mode", "cors")
|
|
req.Header.Set("Sec-Fetch-Dest", "empty")
|
|
req.Header.Set("Priority", "u=1, i")
|
|
|
|
httpResp, err := client.Do(req)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer func() {
|
|
if closeErr := httpResp.Body.Close(); closeErr != nil {
|
|
log.Printf("close response body: %s", closeErr)
|
|
}
|
|
}()
|
|
|
|
body, err := io.ReadAll(httpResp.Body)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
err = json.Unmarshal(body, &resp)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return resp, nil
|
|
}
|
|
|
|
// Token 1
|
|
data := fmt.Sprintf("client_id=%s&token_type=messages&client_secret=%s&version=1&app_id=%s", creds.ClientID, creds.ClientSecret, creds.ClientID)
|
|
resp, err := doRequest(data, "https://login.vk.ru/?act=get_anonym_token")
|
|
if err != nil {
|
|
return "", "", "", err
|
|
}
|
|
dataMap, ok := resp["data"].(map[string]interface{})
|
|
if !ok {
|
|
return "", "", "", fmt.Errorf("unexpected anon token response: %v", resp)
|
|
}
|
|
token1, ok := dataMap["access_token"].(string)
|
|
if !ok {
|
|
return "", "", "", fmt.Errorf("missing access_token in response: %v", resp)
|
|
}
|
|
|
|
vkDelayRandom(100, 150)
|
|
|
|
// Token 1 -> getCallPreview
|
|
data = fmt.Sprintf("vk_join_link=https://vk.com/call/join/%s&fields=photo_200&access_token=%s", link, token1)
|
|
_, err = doRequest(data, "https://api.vk.ru/method/calls.getCallPreview?v=5.275&client_id="+creds.ClientID)
|
|
if err != nil {
|
|
log.Printf("[STREAM %d] [VK Auth] Warning: getCallPreview failed: %v", streamID, err)
|
|
}
|
|
|
|
vkDelayRandom(200, 400)
|
|
|
|
// Token 2
|
|
data = fmt.Sprintf("vk_join_link=https://vk.com/call/join/%s&name=%s&access_token=%s", link, escapedName, token1)
|
|
urlAddr := fmt.Sprintf("https://api.vk.ru/method/calls.getAnonymousToken?v=5.275&client_id=%s", creds.ClientID)
|
|
|
|
var token2 string
|
|
for attempt := 0; ; attempt++ {
|
|
resp, err = doRequest(data, urlAddr)
|
|
if err != nil {
|
|
return "", "", "", err
|
|
}
|
|
|
|
if errObj, hasErr := resp["error"].(map[string]interface{}); hasErr {
|
|
captchaErr := ParseVkCaptchaError(errObj)
|
|
if captchaErr != nil && captchaErr.IsCaptchaError() {
|
|
solveMode, hasSolveMode := captchaSolveModeForAttempt(attempt, manualCaptcha, autoCaptchaSliderPOC)
|
|
if !hasSolveMode {
|
|
log.Printf("[STREAM %d] [Captcha] No more solve modes available (attempt %d)", streamID, attempt+1)
|
|
|
|
// Engage global lockout to protect API
|
|
globalCaptchaLockout.Store(time.Now().Add(60 * time.Second).Unix())
|
|
|
|
return "", "", "", fmt.Errorf("CAPTCHA_WAIT_REQUIRED")
|
|
}
|
|
|
|
var successToken string
|
|
var captchaKey string
|
|
var solveErr error
|
|
|
|
switch solveMode {
|
|
case captchaSolveModeAuto:
|
|
if captchaErr.SessionToken != "" && captchaErr.RedirectURI != "" {
|
|
successToken, solveErr = solveVkCaptcha(ctx, captchaErr, streamID, client, profile, false)
|
|
if solveErr != nil {
|
|
log.Printf("[STREAM %d] [Captcha] Auto captcha failed: %v", streamID, solveErr)
|
|
}
|
|
} else {
|
|
solveErr = fmt.Errorf("missing fields for auto solve")
|
|
}
|
|
case captchaSolveModeSliderPOC:
|
|
if captchaErr.SessionToken != "" && captchaErr.RedirectURI != "" {
|
|
successToken, solveErr = solveVkCaptcha(ctx, captchaErr, streamID, client, profile, true)
|
|
if solveErr != nil {
|
|
log.Printf("[STREAM %d] [Captcha] Auto captcha slider POC failed: %v", streamID, solveErr)
|
|
}
|
|
} else {
|
|
solveErr = fmt.Errorf("missing fields for slider POC auto solve")
|
|
}
|
|
case captchaSolveModeManual:
|
|
log.Printf("[STREAM %d] [Captcha] Triggering manual captcha fallback...", streamID)
|
|
manualCtx, manualCancel := context.WithTimeout(ctx, 60*time.Second)
|
|
|
|
type manualRes struct {
|
|
token string
|
|
key string
|
|
err error
|
|
}
|
|
resCh := make(chan manualRes, 1)
|
|
|
|
go func() {
|
|
var t, k string
|
|
var e error
|
|
if captchaErr.RedirectURI != "" {
|
|
t, e = solveCaptchaViaProxy(captchaErr.RedirectURI, dialer)
|
|
} else if captchaErr.CaptchaImg != "" {
|
|
k, e = solveCaptchaViaHTTP(captchaErr.CaptchaImg)
|
|
} else {
|
|
e = fmt.Errorf("no redirect_uri or captcha_img")
|
|
}
|
|
resCh <- manualRes{t, k, e}
|
|
}()
|
|
|
|
select {
|
|
case res := <-resCh:
|
|
successToken = res.token
|
|
captchaKey = res.key
|
|
solveErr = res.err
|
|
case <-manualCtx.Done():
|
|
solveErr = fmt.Errorf("manual captcha timed out after 60s")
|
|
}
|
|
manualCancel()
|
|
}
|
|
|
|
// If solving failed (auto or manual) or timed out
|
|
if solveErr != nil {
|
|
log.Printf("[STREAM %d] [Captcha] %s failed (attempt %d): %v", streamID, captchaSolveModeLabel(solveMode), attempt+1, solveErr)
|
|
|
|
nextSolveMode, hasNextSolveMode := captchaSolveModeForAttempt(attempt+1, manualCaptcha, autoCaptchaSliderPOC)
|
|
if hasNextSolveMode {
|
|
log.Printf("[STREAM %d] [Captcha] Falling back to %s...", streamID, captchaSolveModeLabel(nextSolveMode))
|
|
continue
|
|
}
|
|
|
|
// Engage global lockout to protect API
|
|
globalCaptchaLockout.Store(time.Now().Add(60 * time.Second).Unix())
|
|
|
|
return "", "", "", fmt.Errorf("CAPTCHA_WAIT_REQUIRED")
|
|
}
|
|
|
|
if captchaErr.CaptchaAttempt == "0" || captchaErr.CaptchaAttempt == "" {
|
|
captchaErr.CaptchaAttempt = "1"
|
|
}
|
|
|
|
if captchaKey != "" {
|
|
data = fmt.Sprintf("vk_join_link=https://vk.com/call/join/%s&name=%s&captcha_key=%s&captcha_sid=%s&access_token=%s",
|
|
link, escapedName, neturl.QueryEscape(captchaKey), captchaErr.CaptchaSid, token1)
|
|
} else {
|
|
data = fmt.Sprintf("vk_join_link=https://vk.com/call/join/%s&name=%s&captcha_key=&captcha_sid=%s&is_sound_captcha=0&success_token=%s&captcha_ts=%s&captcha_attempt=%s&access_token=%s",
|
|
link, escapedName, captchaErr.CaptchaSid, neturl.QueryEscape(successToken), captchaErr.CaptchaTs, captchaErr.CaptchaAttempt, token1)
|
|
}
|
|
continue
|
|
}
|
|
return "", "", "", fmt.Errorf("VK API error: %v", errObj)
|
|
}
|
|
|
|
respMap, okLoop := resp["response"].(map[string]interface{})
|
|
if !okLoop {
|
|
return "", "", "", fmt.Errorf("unexpected getAnonymousToken response: %v", resp)
|
|
}
|
|
token2, okLoop = respMap["token"].(string)
|
|
if !okLoop {
|
|
return "", "", "", fmt.Errorf("missing token in response: %v", resp)
|
|
}
|
|
break
|
|
}
|
|
|
|
vkDelayRandom(100, 150)
|
|
|
|
// Token 3
|
|
sessionData := fmt.Sprintf(`{"version":2,"device_id":"%s","client_version":1.1,"client_type":"SDK_JS"}`, uuid.New())
|
|
data = fmt.Sprintf("session_data=%s&method=auth.anonymLogin&format=JSON&application_key=CGMMEJLGDIHBABABA", neturl.QueryEscape(sessionData))
|
|
resp, err = doRequest(data, "https://calls.okcdn.ru/fb.do")
|
|
if err != nil {
|
|
return "", "", "", err
|
|
}
|
|
token3, ok := resp["session_key"].(string)
|
|
if !ok {
|
|
return "", "", "", fmt.Errorf("missing session_key in response: %v", resp)
|
|
}
|
|
|
|
vkDelayRandom(100, 150)
|
|
|
|
// Token 4 -> TURN Creds
|
|
data = fmt.Sprintf("joinLink=%s&isVideo=false&protocolVersion=5&capabilities=2F7F&anonymToken=%s&method=vchat.joinConversationByLink&format=JSON&application_key=CGMMEJLGDIHBABABA&session_key=%s", link, token2, token3)
|
|
resp, err = doRequest(data, "https://calls.okcdn.ru/fb.do")
|
|
if err != nil {
|
|
return "", "", "", err
|
|
}
|
|
|
|
tsRaw, ok := resp["turn_server"].(map[string]interface{})
|
|
if !ok {
|
|
return "", "", "", fmt.Errorf("missing turn_server in response: %v", resp)
|
|
}
|
|
user, ok := tsRaw["username"].(string)
|
|
if !ok {
|
|
return "", "", "", fmt.Errorf("missing username in turn_server")
|
|
}
|
|
pass, ok := tsRaw["credential"].(string)
|
|
if !ok {
|
|
return "", "", "", fmt.Errorf("missing credential in turn_server")
|
|
}
|
|
urlsRaw, ok := tsRaw["urls"].([]interface{})
|
|
if !ok || len(urlsRaw) == 0 {
|
|
return "", "", "", fmt.Errorf("missing or empty urls in turn_server")
|
|
}
|
|
urlStr, ok := urlsRaw[0].(string)
|
|
if !ok {
|
|
return "", "", "", fmt.Errorf("turn server url is not a string")
|
|
}
|
|
|
|
clean := strings.Split(urlStr, "?")[0]
|
|
address := strings.TrimPrefix(strings.TrimPrefix(clean, "turn:"), "turns:")
|
|
|
|
return user, pass, address, nil
|
|
}
|
|
|
|
// endregion
|
|
|
|
func dtlsFunc(ctx context.Context, conn net.PacketConn, peer *net.UDPAddr) (net.Conn, error) {
|
|
certificate, err := selfsign.GenerateSelfSigned()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
config := &dtls.Config{
|
|
Certificates: []tls.Certificate{certificate},
|
|
InsecureSkipVerify: true,
|
|
ExtendedMasterSecret: dtls.RequireExtendedMasterSecret,
|
|
CipherSuites: []dtls.CipherSuiteID{dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
|
|
ConnectionIDGenerator: dtls.OnlySendCIDGenerator(),
|
|
}
|
|
// Extended timeout to accommodate serialized credential fetching via mutex
|
|
ctx1, cancel := context.WithTimeout(ctx, 120*time.Second)
|
|
defer cancel()
|
|
dtlsConn, err := dtls.Client(conn, peer, config)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if err := dtlsConn.HandshakeContext(ctx1); err != nil {
|
|
return nil, err
|
|
}
|
|
return dtlsConn, nil
|
|
}
|
|
|
|
func oneDtlsConnection(ctx context.Context, peer *net.UDPAddr, listenConn net.PacketConn, connchan chan<- net.PacketConn, okchan chan<- struct{}, c chan<- error, sessionID []byte, streamID byte, v1 bool) {
|
|
var err error = nil
|
|
defer func() { c <- err }()
|
|
dtlsctx, dtlscancel := context.WithCancel(ctx)
|
|
defer dtlscancel()
|
|
var conn1, conn2 net.PacketConn
|
|
conn1, conn2 = connutil.AsyncPacketPipe()
|
|
go func() {
|
|
for {
|
|
select {
|
|
case <-dtlsctx.Done():
|
|
return
|
|
case connchan <- conn2:
|
|
}
|
|
}
|
|
}()
|
|
dtlsConn, err1 := dtlsFunc(dtlsctx, conn1, peer)
|
|
if err1 != nil {
|
|
err = fmt.Errorf("failed to connect DTLS: %s", err1)
|
|
return
|
|
}
|
|
defer func() {
|
|
if closeErr := dtlsConn.Close(); closeErr != nil {
|
|
err = fmt.Errorf("failed to close DTLS connection: %s", closeErr)
|
|
return
|
|
}
|
|
log.Printf("Closed DTLS connection\n")
|
|
}()
|
|
|
|
// Phase 1: Send Session ID + Stream ID (17 bytes) - only for v2 protocol
|
|
if !v1 {
|
|
dtlsConn.SetWriteDeadline(time.Now().Add(time.Second * 5))
|
|
idBuf := make([]byte, 17)
|
|
copy(idBuf[:16], sessionID)
|
|
idBuf[16] = streamID
|
|
if _, err1 = dtlsConn.Write(idBuf); err1 != nil {
|
|
err = fmt.Errorf("failed to send session ID: %s", err1)
|
|
return
|
|
}
|
|
log.Printf("Established DTLS connection and sent session ID with stream %d!\n", streamID)
|
|
} else {
|
|
log.Printf("Established DTLS connection (v1 protocol, no session ID)!\n")
|
|
}
|
|
go func() {
|
|
for {
|
|
select {
|
|
case <-dtlsctx.Done():
|
|
return
|
|
case okchan <- struct{}{}:
|
|
}
|
|
}
|
|
}()
|
|
|
|
wg := sync.WaitGroup{}
|
|
wg.Add(2)
|
|
context.AfterFunc(dtlsctx, func() {
|
|
listenConn.SetDeadline(time.Now())
|
|
dtlsConn.SetDeadline(time.Now())
|
|
})
|
|
var addr atomic.Value
|
|
// Start read-loop on listenConn
|
|
go func() {
|
|
defer wg.Done()
|
|
defer dtlscancel()
|
|
buf := make([]byte, 1600)
|
|
for {
|
|
select {
|
|
case <-dtlsctx.Done():
|
|
return
|
|
default:
|
|
}
|
|
n, addr1, err1 := listenConn.ReadFrom(buf)
|
|
if err1 != nil {
|
|
log.Printf("Failed: %s", err1)
|
|
return
|
|
}
|
|
|
|
addr.Store(addr1) // store peer
|
|
|
|
_, err1 = dtlsConn.Write(buf[:n])
|
|
if err1 != nil {
|
|
log.Printf("Failed: %s", err1)
|
|
return
|
|
}
|
|
}
|
|
}()
|
|
|
|
// Start read-loop on dtlsConn
|
|
go func() {
|
|
defer wg.Done()
|
|
defer dtlscancel()
|
|
buf := make([]byte, 1600)
|
|
for {
|
|
select {
|
|
case <-dtlsctx.Done():
|
|
return
|
|
default:
|
|
}
|
|
n, err1 := dtlsConn.Read(buf)
|
|
if err1 != nil {
|
|
log.Printf("Failed: %s", err1)
|
|
return
|
|
}
|
|
addr1, ok := addr.Load().(net.Addr)
|
|
if !ok {
|
|
log.Printf("Failed: no listener ip")
|
|
return
|
|
}
|
|
|
|
_, err1 = listenConn.WriteTo(buf[:n], addr1)
|
|
if err1 != nil {
|
|
log.Printf("Failed: %s", err1)
|
|
return
|
|
}
|
|
}
|
|
}()
|
|
|
|
wg.Wait()
|
|
listenConn.SetDeadline(time.Time{})
|
|
dtlsConn.SetDeadline(time.Time{})
|
|
}
|
|
|
|
type connectedUDPConn struct {
|
|
*net.UDPConn
|
|
}
|
|
|
|
func (c *connectedUDPConn) WriteTo(p []byte, _ net.Addr) (int, error) {
|
|
return c.Write(p)
|
|
}
|
|
|
|
type turnParams struct {
|
|
host string
|
|
port string
|
|
link string
|
|
udp bool
|
|
streamID int
|
|
getCreds getCredsFunc
|
|
}
|
|
|
|
func oneTurnConnection(ctx context.Context, turnParams *turnParams, peer *net.UDPAddr, conn2 net.PacketConn, c chan<- error) {
|
|
var err error = nil
|
|
defer func() { c <- err }()
|
|
user, pass, url, err1 := turnParams.getCreds(ctx, turnParams.link, turnParams.streamID)
|
|
if err1 != nil {
|
|
err = fmt.Errorf("failed to get TURN credentials: %s", err1)
|
|
return
|
|
}
|
|
urlhost, urlport, err1 := net.SplitHostPort(url)
|
|
if err1 != nil {
|
|
err = fmt.Errorf("failed to parse TURN server address: %s", err1)
|
|
return
|
|
}
|
|
if turnParams.host != "" {
|
|
urlhost = turnParams.host
|
|
}
|
|
if turnParams.port != "" {
|
|
urlport = turnParams.port
|
|
}
|
|
var turnServerAddr string
|
|
turnServerAddr = net.JoinHostPort(urlhost, urlport)
|
|
turnServerUdpAddr, err1 := net.ResolveUDPAddr("udp", turnServerAddr)
|
|
if err1 != nil {
|
|
err = fmt.Errorf("failed to resolve TURN server address: %s", err1)
|
|
return
|
|
}
|
|
turnServerAddr = turnServerUdpAddr.String()
|
|
fmt.Println(turnServerUdpAddr.IP)
|
|
// Dial TURN Server
|
|
var cfg *turn.ClientConfig
|
|
var turnConn net.PacketConn
|
|
var d net.Dialer
|
|
ctx1, cancel := context.WithTimeout(ctx, 5*time.Second)
|
|
defer cancel()
|
|
if turnParams.udp {
|
|
conn, err2 := net.DialUDP("udp", nil, turnServerUdpAddr) // nolint: noctx
|
|
if err2 != nil {
|
|
err = fmt.Errorf("failed to connect to TURN server: %s", err2)
|
|
return
|
|
}
|
|
defer func() {
|
|
if err1 = conn.Close(); err1 != nil {
|
|
err = fmt.Errorf("failed to close TURN server connection: %s", err1)
|
|
return
|
|
}
|
|
}()
|
|
turnConn = &connectedUDPConn{conn}
|
|
} else {
|
|
conn, err2 := d.DialContext(ctx1, "tcp", turnServerAddr) // nolint: noctx
|
|
if err2 != nil {
|
|
err = fmt.Errorf("failed to connect to TURN server: %s", err2)
|
|
return
|
|
}
|
|
defer func() {
|
|
if err1 = conn.Close(); err1 != nil {
|
|
err = fmt.Errorf("failed to close TURN server connection: %s", err1)
|
|
return
|
|
}
|
|
}()
|
|
turnConn = turn.NewSTUNConn(conn)
|
|
}
|
|
var addrFamily turn.RequestedAddressFamily
|
|
if peer.IP.To4() != nil {
|
|
addrFamily = turn.RequestedAddressFamilyIPv4
|
|
} else {
|
|
addrFamily = turn.RequestedAddressFamilyIPv6
|
|
}
|
|
// Start a new TURN Client and wrap our net.Conn in a STUNConn
|
|
// This allows us to simulate datagram based communication over a net.Conn
|
|
cfg = &turn.ClientConfig{
|
|
STUNServerAddr: turnServerAddr,
|
|
TURNServerAddr: turnServerAddr,
|
|
Conn: turnConn,
|
|
Username: user,
|
|
Password: pass,
|
|
RequestedAddressFamily: addrFamily,
|
|
LoggerFactory: logging.NewDefaultLoggerFactory(),
|
|
}
|
|
|
|
client, err1 := turn.NewClient(cfg)
|
|
if err1 != nil {
|
|
err = fmt.Errorf("failed to create TURN client: %s", err1)
|
|
return
|
|
}
|
|
defer client.Close()
|
|
|
|
// Start listening on the conn provided.
|
|
err1 = client.Listen()
|
|
if err1 != nil {
|
|
err = fmt.Errorf("failed to listen: %s", err1)
|
|
return
|
|
}
|
|
|
|
// Allocate a relay socket on the TURN server. On success, it
|
|
// will return a net.PacketConn which represents the remote
|
|
// socket.
|
|
relayConn, err1 := client.Allocate()
|
|
if err1 != nil {
|
|
err = fmt.Errorf("failed to allocate: %s", err1)
|
|
return
|
|
}
|
|
defer func() {
|
|
if err1 := relayConn.Close(); err1 != nil {
|
|
err = fmt.Errorf("failed to close TURN allocated connection: %s", err1)
|
|
}
|
|
}()
|
|
|
|
// The relayConn's local address is actually the transport
|
|
// address assigned on the TURN server.
|
|
log.Printf("relayed-address=%s", relayConn.LocalAddr().String())
|
|
|
|
wg := sync.WaitGroup{}
|
|
wg.Add(2)
|
|
turnctx, turncancel := context.WithCancel(context.Background())
|
|
context.AfterFunc(turnctx, func() {
|
|
relayConn.SetDeadline(time.Now())
|
|
conn2.SetDeadline(time.Now())
|
|
})
|
|
var addr atomic.Value
|
|
// Start read-loop on conn2 (output of DTLS)
|
|
go func() {
|
|
defer wg.Done()
|
|
defer turncancel()
|
|
buf := make([]byte, 1600)
|
|
for {
|
|
select {
|
|
case <-turnctx.Done():
|
|
return
|
|
default:
|
|
}
|
|
n, addr1, err1 := conn2.ReadFrom(buf)
|
|
if err1 != nil {
|
|
log.Printf("Failed: %s", err1)
|
|
return
|
|
}
|
|
|
|
addr.Store(addr1) // store peer
|
|
|
|
_, err1 = relayConn.WriteTo(buf[:n], peer)
|
|
if err1 != nil {
|
|
log.Printf("Failed: %s", err1)
|
|
return
|
|
}
|
|
}
|
|
}()
|
|
|
|
// Start read-loop on relayConn
|
|
go func() {
|
|
defer wg.Done()
|
|
defer turncancel()
|
|
buf := make([]byte, 1600)
|
|
for {
|
|
select {
|
|
case <-turnctx.Done():
|
|
return
|
|
default:
|
|
}
|
|
n, _, err1 := relayConn.ReadFrom(buf)
|
|
if err1 != nil {
|
|
log.Printf("Failed: %s", err1)
|
|
return
|
|
}
|
|
addr1, ok := addr.Load().(net.Addr)
|
|
if !ok {
|
|
log.Printf("Failed: no listener ip")
|
|
return
|
|
}
|
|
|
|
_, err1 = conn2.WriteTo(buf[:n], addr1)
|
|
if err1 != nil {
|
|
log.Printf("Failed: %s", err1)
|
|
return
|
|
}
|
|
}
|
|
}()
|
|
|
|
wg.Wait()
|
|
relayConn.SetDeadline(time.Time{})
|
|
conn2.SetDeadline(time.Time{})
|
|
}
|
|
|
|
func oneDtlsConnectionLoop(ctx context.Context, peer *net.UDPAddr, listenConnChan <-chan net.PacketConn, connchan chan<- net.PacketConn, okchan chan<- struct{}, sessionID []byte, streamID byte, v1 bool) {
|
|
for {
|
|
select {
|
|
case <-ctx.Done():
|
|
return
|
|
case listenConn := <-listenConnChan:
|
|
c := make(chan error)
|
|
go oneDtlsConnection(ctx, peer, listenConn, connchan, okchan, c, sessionID, streamID, v1)
|
|
if err := <-c; err != nil {
|
|
log.Printf("%s", err)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
func oneTurnConnectionLoop(ctx context.Context, turnParams *turnParams, peer *net.UDPAddr, connchan <-chan net.PacketConn, t <-chan time.Time, streamID int) {
|
|
// Create a copy of turnParams with the streamID
|
|
tp := *turnParams
|
|
tp.streamID = streamID
|
|
|
|
for {
|
|
select {
|
|
case <-ctx.Done():
|
|
return
|
|
case conn2 := <-connchan:
|
|
select {
|
|
case <-t:
|
|
c := make(chan error)
|
|
go oneTurnConnection(ctx, &tp, peer, conn2, c)
|
|
if err := <-c; err != nil {
|
|
if strings.Contains(err.Error(), "FATAL_CAPTCHA") {
|
|
log.Printf("[STREAM %d] Fatal manual captcha error. Shutting down application.", streamID)
|
|
if globalAppCancel != nil {
|
|
globalAppCancel()
|
|
}
|
|
return
|
|
}
|
|
if strings.Contains(err.Error(), "CAPTCHA_WAIT_REQUIRED") {
|
|
if !strings.Contains(err.Error(), "global lockout active") {
|
|
log.Printf("[STREAM %d] Backing off for 60 seconds to avoid IP ban...", streamID)
|
|
select {
|
|
case <-ctx.Done():
|
|
return
|
|
case <-time.After(60 * time.Second):
|
|
}
|
|
} else {
|
|
lockoutEnd := globalCaptchaLockout.Load()
|
|
sleepDuration := time.Until(time.Unix(lockoutEnd, 0))
|
|
if sleepDuration < 0 {
|
|
sleepDuration = 5 * time.Second
|
|
}
|
|
select {
|
|
case <-ctx.Done():
|
|
return
|
|
case <-time.After(sleepDuration):
|
|
}
|
|
}
|
|
} else {
|
|
log.Printf("[STREAM %d] %s", streamID, err)
|
|
time.Sleep(2 * time.Second)
|
|
}
|
|
}
|
|
default:
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
func main() { //nolint:cyclop
|
|
ctx, cancel := context.WithCancel(context.Background())
|
|
globalAppCancel = cancel
|
|
defer cancel()
|
|
signalChan := make(chan os.Signal, 1)
|
|
signal.Notify(signalChan, syscall.SIGTERM, syscall.SIGINT)
|
|
go func() {
|
|
<-signalChan
|
|
log.Printf("Terminating...\n")
|
|
cancel()
|
|
select {
|
|
case <-signalChan:
|
|
case <-time.After(5 * time.Second):
|
|
}
|
|
log.Fatalf("Exit...\n")
|
|
}()
|
|
|
|
host := flag.String("turn", "", "override TURN server ip")
|
|
port := flag.String("port", "", "override TURN port")
|
|
listen := flag.String("listen", "127.0.0.1:9000", "listen on ip:port")
|
|
vklink := flag.String("vk-link", "", "VK calls invite link \"https://vk.com/call/join/...\"")
|
|
wb := flag.Bool("wb", false, "use WB Stream instead of VK")
|
|
peerAddr := flag.String("peer", "", "peer server address (host:port)")
|
|
n := flag.Int("n", 0, "connections to TURN (default 4)")
|
|
udp := flag.Bool("udp", false, "connect to TURN with UDP")
|
|
direct := flag.Bool("no-dtls", false, "connect without obfuscation. DO NOT USE")
|
|
v1 := flag.Bool("v1", false, "use v1 server protocol (no session_id and stream_id)")
|
|
sessionIDFlag := flag.String("session-id", "", "override session ID (hex, 32 chars)")
|
|
debugFlag := flag.Bool("debug", false, "enable debug logging")
|
|
manualCaptchaFlag := flag.Bool("manual-captcha", false, "skip auto captcha solving, use manual mode immediately")
|
|
flag.Parse()
|
|
if *peerAddr == "" {
|
|
log.Panicf("Need peer address!")
|
|
}
|
|
peer, err := net.ResolveUDPAddr("udp", *peerAddr)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
if !*wb && *vklink == "" {
|
|
log.Panicf("Need either -wb or -vk-link!")
|
|
}
|
|
|
|
isDebug = *debugFlag
|
|
manualCaptcha = *manualCaptchaFlag
|
|
autoCaptchaSliderPOC = !manualCaptcha
|
|
|
|
var link string
|
|
var getCreds getCredsFunc
|
|
|
|
dialer := dnsdialer.New(
|
|
dnsdialer.WithResolvers("77.88.8.8:53", "77.88.8.1:53", "8.8.8.8:53", "8.8.4.4:53", "1.1.1.1:53", "1.0.0.1:53"),
|
|
dnsdialer.WithStrategy(dnsdialer.Fallback{}),
|
|
dnsdialer.WithCache(100, 10*time.Hour, 10*time.Hour),
|
|
)
|
|
|
|
if *wb {
|
|
link = "wb"
|
|
getCreds = func(ctx context.Context, lk string, streamID int) (string, string, string, error) {
|
|
return getCredsCached(ctx, lk, streamID, wbFetch)
|
|
}
|
|
} else {
|
|
parts := strings.Split(*vklink, "join/")
|
|
link = parts[len(parts)-1]
|
|
getCreds = func(ctx context.Context, lk string, streamID int) (string, string, string, error) {
|
|
return getVkCredsCached(ctx, lk, streamID, dialer)
|
|
}
|
|
}
|
|
|
|
if *n <= 0 {
|
|
*n = 4
|
|
}
|
|
if idx := strings.IndexAny(link, "/?#"); idx != -1 {
|
|
link = link[:idx]
|
|
}
|
|
params := &turnParams{
|
|
host: *host,
|
|
port: *port,
|
|
link: link,
|
|
udp: *udp,
|
|
streamID: 0,
|
|
getCreds: getCreds,
|
|
}
|
|
|
|
var sessionID []byte
|
|
if *sessionIDFlag != "" {
|
|
sessionID = make([]byte, 16)
|
|
if _, err := fmt.Sscanf(*sessionIDFlag, "%x", &sessionID); err != nil {
|
|
log.Panicf("Invalid session ID: %v", err)
|
|
}
|
|
} else {
|
|
sessionID, _ = uuid.New().MarshalBinary()
|
|
}
|
|
log.Printf("Session ID: %x", sessionID)
|
|
|
|
listenConnChan := make(chan net.PacketConn)
|
|
listenConn, err := net.ListenPacket("udp", *listen) // nolint: noctx
|
|
if err != nil {
|
|
log.Panicf("Failed to listen: %s", err)
|
|
}
|
|
context.AfterFunc(ctx, func() {
|
|
if closeErr := listenConn.Close(); closeErr != nil {
|
|
log.Panicf("Failed to close local connection: %s", closeErr)
|
|
}
|
|
})
|
|
go func() {
|
|
for {
|
|
select {
|
|
case <-ctx.Done():
|
|
return
|
|
case listenConnChan <- listenConn:
|
|
}
|
|
}
|
|
}()
|
|
|
|
wg1 := sync.WaitGroup{}
|
|
t := time.Tick(100 * time.Millisecond)
|
|
if *direct {
|
|
for i := 0; i < *n; i++ {
|
|
wg1.Add(1)
|
|
streamID := i
|
|
go func() {
|
|
defer wg1.Done()
|
|
oneTurnConnectionLoop(ctx, params, peer, listenConnChan, t, streamID)
|
|
}()
|
|
}
|
|
} else {
|
|
okchan := make(chan struct{})
|
|
connchan := make(chan net.PacketConn)
|
|
|
|
wg1.Add(1)
|
|
go func() {
|
|
defer wg1.Done()
|
|
oneDtlsConnectionLoop(ctx, peer, listenConnChan, connchan, okchan, sessionID, 0, *v1)
|
|
}()
|
|
|
|
wg1.Add(1)
|
|
go func() {
|
|
defer wg1.Done()
|
|
oneTurnConnectionLoop(ctx, params, peer, connchan, t, 0)
|
|
}()
|
|
|
|
select {
|
|
case <-okchan:
|
|
case <-ctx.Done():
|
|
}
|
|
for i := 0; i < *n-1; i++ {
|
|
connchan := make(chan net.PacketConn)
|
|
streamID := i + 1
|
|
wg1.Add(1)
|
|
go func(sID byte) {
|
|
defer wg1.Done()
|
|
oneDtlsConnectionLoop(ctx, peer, listenConnChan, connchan, nil, sessionID, sID, *v1)
|
|
}(byte(streamID))
|
|
wg1.Add(1)
|
|
go func() {
|
|
defer wg1.Done()
|
|
oneTurnConnectionLoop(ctx, params, peer, connchan, t, streamID)
|
|
}()
|
|
}
|
|
}
|
|
|
|
wg1.Wait()
|
|
}
|
|
|