⚠ Attention! Newcomers can't claim bonuses and drops with the newly obtained cookies! ⚠

[Randomblock1]

Describe the bug
Fails to login. (Probably only when there are no cookies)

To Reproduce
Steps to reproduce the behavior:

1. Try to login with no cookies.
2. It fails.

Expected behavior
It logs in.

Desktop (please complete the following information):

• OS: Docker arm64
• Latest version

Log
https://pastebin.com/KbKKfuib

Additional context
ERROR - TwitchChannelPointsMiner.classes.TwitchLogin - [login_flow]: Unknown error: {'error': 'Please update your device to the latest version of Android or iOS to continue.', 'error_code': 5024, 'error_description': 'client not supported for app upgrade'}

[rdavydov]

Accepted a bug, thanks. Working on it.

[rdavydov]

Looks like they're back to https://passport.twitch.tv/protected_login preceded by https://passport.twitch.tv/integrity with Kasada on Android.

:(

@6accOnThe6locc I'm busy with the RL right now, could you please take a look and help?

[rdavydov]

Switching to Dalvik/2.1.0 (Linux; U; Android 7.1.2; SM-G977N Build/LMY48Z) tv.twitch.android.app/14.3.2/1403020 returns error 5023.

[rdavydov]

Actually, the latest version of Android or iOS means the OS version. Need to experiment with that.

[rdavydov]

Changing Android version in the UA gives the same results: error 5023. I guess error 5024 is just about the app version.

[rdavydov]

I do have the same problem on a fresh install on macos. The error message is not exactly the same though.

ERROR - [login_flow]: Unknown error: {'error': 'Please update your app to continue', 'error_code': 5023, 'error_description': 'client is not supported for this feature'}

Because you have error 5023 and @Randomblock1 have error 5024.

I've updated the master branch after their post, now the miner should give error 5023, which we are working on here.

[rdavydov]

Please do not post messages like "same error", "me too", etc.
They are not helpful in solving this issue.

[rdavydov]

And we can't use the old Selenium login method because ultrafunkamsterdam/undetected-chromedriver#897 never got fixed, nor commented.

Quite a stalemate situation.

Full automation of the Kasada anti-bot system bypassing will require some serious reverse engineering of the JS code and knowledge in cryptography.

More info here #15.

[rdavydov]

@Rakambda @DevilXD What are you guys planning to do with your login issues?

[Rakambda]

I have cookies with the mobile version so I didn't dig too deep into it.

However what has always worked for me is having the user log into his browser, export cookies, and I use those with a selenium instance that pops every so often to get the GQL integrity token.
https://github.com/Rakambda/ChannelPointsMiner/blob/develop/miner/src/main/java/fr/rakambda/channelpointsminer/miner/api/gql/integrity/browser/BrowserIntegrityProvider.java

[DevilXD]

@rdavydov I have no immediate solution. I've tried a couple of different user agents, but they all seem to basically just point at updating the app. Seems to me like the new app probably uses the protected endpoint only, and the only reason this old one worked so far was because the old app had no idea the endpoint changed, so they had to let it through - but now it seems like they just straight up dropped support for it completely and require an update. If dropping support is not the case, then they still have to let it through somehow - finding that "somehow" might be the solution.

If they did drop the support completely and straight up require a new app build for every android version since 5.0 and up (also possible to do), then there's not much we can do here. Unless @6accOnThe6locc has any ideas, I'm personally not a "hacker" and would never be able to figure out even 10% of what he did.

PS: As far as I'm aware, each authentication token from a cookie is valid for a year, unless invalidated otherwise. Gives hope for people who already managed to login previously, sucks for newcomers and new instances. Can't imagine taking a year to find a solution, but just noting it for other people here, who might be worried about the token expiring too fast - it won't.

[sinedsem]

Is there any workaround for getting cookies manually and providing those to miner? I am a newcomer.

[rdavydov]

Is there any workaround for getting cookies manually and providing those to miner? I am a newcomer.

You can't claim bonuses and drops with those cookies, that's the whole point.
If you're fine with it, I can make a quick fix for you.

[sinedsem]

You can't claim bonuses and drops with those cookies, that's the whole point. If you're fine with it, I can make a quick fix for you.

I'm not interested in drops, but bonuses..
Anyway, that would help me and everyone to at least configure everything while you are working on fix.

[rdavydov]

Anyway, that would help me and everyone to at least configure everything while you are working on fix.

Here you go: https://github.com/rdavydov/Twitch-Channel-Points-Miner-v2/releases/tag/1.5.4

Or just checkout the master branch.

[rdavydov]

@Rakambda Couple of questions if you don't mind.

Are you sniffing all the requests and filtering the integrity one? You don't post to /integrity by yourself, right?

controller.ensureLoggedIn();
CommonUtils.randomSleep(10000, 1);
currentIntegrity = extractGQLIntegrity(browser);

What is this random delay for? It is max 10 seconds, right?

[rdavydov]

@Rakambda One more question: is your Selenium instance running in headless mode?

[Rakambda]

First post:
Yes, I just open the page, sniff all requests and extract integrity from one of the GQL requests made.

10s is arbitrary, just waiting for a request to be made. I though that it's better to have a "large" timeout so that even on slower devices it'd have time to perform the request. And as the GQL token isn't refreshed that often, I think it's good enough, no need to be super quick.

---

Second post:
I have a config option to set it headless, but I never tried. I guess it isn't a great idea to do so anyways.
I personally run a selenium grid instance for my docker-instance of the bot I'm running.
Also works locally with a Vivaldi browser.

Though I have a very different approach from what Tkd did. Tkd's was more focused on an easily accessible bot; while in my case I don't really care making it hard to approach or requiring a more complex stack (here involving a selenium setup). Was for my personal use at first, just sharing it for some others that may want invest some time setting it up.

---

Docker selenium grid I use:

version: "3"
services:
  selenium-node-chrome:
    image: selenium/node-chrome:latest
    container_name: selenium-node-chrome1
    hostname: selenium-node-chrome1
    shm_size: 2gb
    depends_on:
      - selenium-hub
    env_file:
      - chrome.env
    ports:
      - "5901:5900"
    volumes:
      - "/whatever/path/Selenium/Node1:/home/seluser/profiles"
    deploy:
      resources:
        limits:
          memory: 2000M
    restart: unless-stopped

  selenium-hub:
    image: selenium/hub:latest
    hostname: selenium-hub
    container_name: selenium-hub
    ports:
      - "4442:4442"
      - "4443:4443"
      - "4444:4444"
    restart: unless-stopped

networks:
  default:
    name: selenium
    external: true

Chrome env:

SE_START_XVFB=true
SE_VNC_PORT=5900
SE_EVENT_BUS_HOST=selenium-hub
SE_EVENT_BUS_PUBLISH_PORT=4442
SE_EVENT_BUS_SUBSCRIBE_PORT=4443
SE_NODE_GRID_URL=https://selenium.my.domain.com

[rdavydov]

@Rakambda @DevilXD Thank you guys, so much useful info!
It is always a pleasure to read detailed clear answers from professionals! 👲

[Karatich]

Has the problem been resolved and can I already try to run it?

[6accOnThe6locc]

(Nobody care) Sorry guys, I'm busy with personal issues. Looks like you found the answer.

If you look at https://gql.twitch.tv/149e9513-01fa-4fb0-aad4-566afd725d1b/2d206a39-8ed7-437e-a3be-862e0f06eea3/fp you can see that they store a cookie in your browser. generate the client-integrity. When I have time I can post a POC.

[Glass47]

@rdavydov Hey if you can maybe tell me what a dev needs to know in order to be able to fix it. I can maybe try to search for some dev who can reverse engineer and then i will share stuff in here, as long as they dont charge some stupid amounts im fine with paying.

[rdavydov]

(Nobody care) Sorry guys, I'm busy with personal issues. Looks like you found the answer.

If you look at https://gql.twitch.tv/149e9513-01fa-4fb0-aad4-566afd725d1b/2d206a39-8ed7-437e-a3be-862e0f06eea3/fp you can see that they store a cookie in your browser. generate the client-integrity. When I have time I can post a POC.

I've already made a POC and integrated it to the miner. I was just waiting for your permission to use your old code and release it to the public. Looks like you didn't see my PM. :)

[rdavydov]

OK guys, fix is on the way, but it will require Chrome running in non-headless mode. Stay tuned.

[rdavydov]

Fix is ready in 1.6.0.

ℹ If you already have "console" cookies and your miner is claiming bonuses, you can stay on 1.5.4