first commit

crush.py

@@ -0,0 +1,169 @@
+#!/bin/python
+#
+# crush.py
+# VevoxCrusher
+#
+# Created by Yigit Colakoglu on 10/13/21.
+# Copyright 2021. Yigit Colakoglu. All rights reserved.
+#
+
+from websocket import create_connection
+import requests
+import sys
+import ssl
+
+apiurl = "https://web1-httpapi.vevox.com"
+
+ciss = """f7311cdd-7c93-4cc2-a37b-6f60dc590bd9
+f152afaf-1104-43da-8f1c-5bc344922d81
+cd1a88ef-999e-4c9d-be5d-b5b1e56f5c48
+6ee5f89d-1912-48c8-bf6d-d2990269469d
+52232dcf-68e2-47a7-b672-83b244eb1241
+f0895e68-15a0-478f-ad2b-ffefcc5705ce
+fdf37fbc-ed8e-4c23-90cc-d272ed06585c
+f43ef402-b4e2-4556-90e5-ac35535e3c1f
+ed3fd857-5b90-4a46-8c1a-abba08258618
+02ef350b-0994-4c22-b7fc-849864a53642
+87c50bc1-eb38-4f57-87e6-b82ca2b1b8f0
+f7978990-bfa0-4a2c-809d-1de725472cfb
+c8cb9238-119d-45eb-b436-312283f0ee66
+716fef4a-cd3e-4a68-aaca-02a991a8dcb5
+6f02e7b0-e27f-4215-952a-eb303fc1c5e9
+281d544a-de02-4ab4-9f27-ee773f1e396e
+484063ad-fc14-4437-aa17-40cce5e0ac1f
+af1b11f7-1942-4c28-8ffd-e7eec5555694
+c49c363a-3d29-486e-ba9a-2a409588087d
+6410f54e-142a-4c1b-ae6c-0e53c790000b
+320952ff-8a49-49d8-8ff4-ef93e168144c
+65bf2796-74dd-4388-a122-dae3d279c545
+459063f7-6681-4e1f-9e99-c649dc62e213
+99bc9405-8064-48f6-890e-a36318e3c09f
+4e79fc77-ebf9-447d-a8a7-712c3f455c80
+796d2460-45e6-4de0-9602-6409c82f7957
+df6d96b7-db9f-406c-a53b-ffa8c98fd1ad
+d5ce58d4-88f4-42ce-b937-8c34ae63248b
+538bca24-4f51-4ac9-a1a8-5cfa403d7240
+667a1b16-ce91-4f6a-ab37-30a6c3954d07
+2566f814-2121-45c2-b5fd-5b0e3fbfb326
+a672c800-68bc-4c9e-b6dc-12913d26e8ec
+98c4d069-b9e4-4409-bf06-3a01313023ba
+cb410cdc-7bb7-4196-a19e-743c6b08c1f8
+acb958cd-2628-410e-b0d9-8404767fa646
+3c098a63-7f9b-44f9-9b87-73385a90bb1f
+6fbc49d3-9191-4cd2-9549-99db8446f3d2
+4a58d30a-7e8b-446c-be53-513fcde9e125
+202f066c-35b7-4e75-970b-ee438d237ff6
+d4025dbf-da22-4594-a37b-dfcce2cc3fd9
+c6f1bc75-d8ce-45aa-8dda-ed0523578612
+6a77db93-eb33-46ba-bcf6-c374578d5dc0
+6bd70847-12f5-4d79-8f80-eff43bae2e18
+7b401ed5-1722-4f42-b8f6-9537f31c31fc
+9834866e-0e33-4536-a100-270d8a8692e4
+236fb156-2c86-4e19-89f5-ba42f8e3f873
+df33f43d-4209-4554-b686-8ba3be0bc6fe
+8eb1ef43-9587-42d7-af22-267b80d929d9
+f9da3907-d4bd-452e-97ac-d6ca22d7c67f
+1fab5eba-c366-4f94-997a-e3dd784ff306
+01dda5d7-4f50-481c-a7fc-f4e8ad6465ed
+ae4d1505-23af-41b2-a539-093807b5b060
+0af23214-1009-4f87-bf72-67c6ac93d3dc
+cd807405-6590-4077-8f4e-6f4a500253e0
+bbc393ff-a1e9-461c-8fe6-04f944e34199
+8e50612f-e9a0-4c25-9423-bee8f7fb8ddb
+4876f0b4-ca3a-409c-99c5-32e5467e21bb
+0a4e20b3-ebdb-4541-ab7c-45522a77da9b
+7b4d4fe0-2b75-49bf-b93c-8630e4703d19
+fe73a6ee-c79c-4fe0-919e-6eb02d172603
+a38aaf18-2ba1-4285-83b4-8109519c3ca5
+09435a3f-e4ba-40f7-bd77-5664e3d8e043
+0eabbf76-2ada-4ee6-9751-aac2e21ff568
+d86dd315-465f-454e-aa44-2ec17e34e89a
+dacb8d8c-e26c-44e7-ba44-ce190f23424d
+7a3e6b79-d98e-4ed4-a11f-ac8297bfe6da
+45d46ae4-5d05-462e-a95a-daed8363acc5
+d5c2f0ae-e002-42e0-80d4-fd7823655f74
+d0266250-2bbb-4a18-9fbe-8ed38720ac07
+1ff0eb16-435a-4713-9bac-62c8ed55e83c
+487cee8f-dd8a-40f5-aa9d-5ba62537e1bd
+fb0c1c48-b66f-43b2-8d80-fe2b331124fe
+aef12b08-51bc-4291-8ce6-4912b1948fff
+0ed13503-a48d-4a23-a022-1c258ddfaf95
+3dd501c9-4758-47e4-81ee-20620c3003c3
+32fa2a02-cc5e-45dd-991a-e2a0a407e36a
+6b967a3c-82f9-4cf6-88ff-154baa81ab6a
+be3724a1-2f57-47ed-b72e-da74a20542e9
+055def12-8452-4b29-b652-02e62fc419ca
+dc876fa1-dae7-485d-9acb-c2e9e3e30d04
+aea2e4d3-7124-4e26-9205-77c0e61edbc3
+44e50283-9b0a-459d-b04b-a5b3653ef11a
+4c24f961-3efe-4233-8ee6-669b65b8d6c6
+4ca70109-64e4-4562-a6df-1e8f8bd541dc
+b03d8cb0-893a-40cc-9aae-23e3862086d9
+60105b65-fc68-4653-903c-480c9a03b17a
+d3ead3be-e473-4e03-ad5c-a8f8c93c612f
+ee56ab97-47bc-4e67-aceb-8cec8864a7cf
+ab3df90b-5e6e-461b-bf82-1d1bad4306b9
+b8f93e14-76dc-4b54-8f0f-ddff7a873311
+d8dcefb8-913c-4f83-9e77-23b24e449082
+0025acc9-05ab-4348-8aa0-c1fe6c163c41
+f1c5f0fd-861e-48f4-be43-532cb96279c2
+434e00ff-eedd-489c-b6a3-0819b3dfb708
+a5c06c4d-33db-4186-ac6f-adc5b59670e2
+3715749b-e88e-4d57-8e89-17f7446c83d4
+4925f118-c47b-45d7-9203-62a3739280e2
+7e95a757-8185-4085-ae7f-efbc8053ed3c
+c1bd06cc-bb5c-4c9d-929e-306e84c9076f
+9d6c83ee-64e6-47b0-917c-2aacafb3517b"""
+
+
+initialws = """{{"service":"httpapiservice-1_0","message":"SetConnectionInfo","data":{{"secret":"RIM2JSTSyk4Y/TXTwvh7nIWCrD6L5sraDV6Z7rZ1ZVk=","key":"FWfLAvjJmU9Wbnrm","thirdPartyUserId":"","deviceId":"{}","appVersion":"1.7.0","apiVersion":"1.23","tzid":"Europe/Amsterdam","tzoffset":-120,"sw":1022,"sh":241,"isAttendee":true,"gatewayMappings":{{"97":"wss://staging-httpapi.lumidev.net/api","98":"wss://qarel-httpapi.lumidev.net/api","99":"wss://qamaster-httpapi.lumidev.net/api"}}}}}},"timeout":60000,"requestId":3}}"""
+
+connectionws = """{{"service":"meetingservice-1_0","message":"DeviceConnectAction","data":{{"accessCode":"{}","appId":"{}","apiVersion":"1.23","connectProperties":{{"sortOrder":"normal"}}}},"timeout":10000,"reQquestId":4}}"""
+
+likews = """{{"service":"discussionservice-1_3","message":"DeviceDiscussionMessagePostAction","data":{{"topicId":{},"message":"test","anonymous":true,"nameHidden":false}},"timeout":10000,"requestId":5}}"""
+
+
+try:
+    _create_unverified_https_context = ssl._create_unverified_context
+except AttributeError:
+    # Legacy Python that doesn't verify HTTPS certificates by default
+    pass
+else:
+    # Handle target environment that doesn't support HTTPS verification
+    ssl._create_default_https_context = _create_unverified_https_context
+
+def main():
+    connection_ids = ciss.split('\n')
+    counter = 0
+    for i in range(int(sys.argv[1])):
+        r = requests.get(apiurl)
+        print("{}, {}".format(i, r.status_code))
+        cookie = ""
+        cdict = dict(r.cookies)
+        for i in cdict:
+            cookie += i+"="+cdict[i]+"; "
+        print(cookie)
+        cid = connection_ids[counter]
+        counter+= 1
+        upvoteq(sys.argv[2], cookie, connection_ids[counter], sys.argv[3])
+
+
+def upvoteq(qid, cookies, cid, sid):
+    ws = create_connection("wss://web1-httpapi.vevox.com/api?connection_id=" + cid, cookies=cookies)
+    # print(ws.recv())
+    test = initialws.format(cid)
+    print(test)
+    ws.send(test)
+    print(ws.recv())
+    test2 = connectionws.format(sid, cid)
+    print(test2)
+    ws.send(test2)
+    print(ws.recv())
+    ws.send(likews.format(qid))
+    print(ws.recv())
+    ws.close()
+
+
+if __name__ == "__main__":
+    main()
+

notes.md

@@ -0,0 +1,74 @@
+When you enter a session, the request:
+
+```http
+GET /api?connection_id=dcbfa537-2417-4110-8891-d958ee621eb9 HTTP/1.1
+Host: web1-httpapi.vevox.com
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0
+Accept: */*
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Sec-WebSocket-Version: 13
+Origin: https://vevox.app
+Sec-WebSocket-Key: JNfGd5OyxH1xd/oXdGrJIg==
+Connection: keep-alive, Upgrade
+Cookie: AWSALB=3/da+XKMODKQYcglV006mpTqKCTZ/zQsW1UyQA0JtSuzeR6z47LQu7FvzFsXjtfJbRMzuX+o9xJT3M/dhSpQVUD32ZotxH5d7bTttBAYg9loxFcXWRlKimn79Oax; AWSALBCORS=3/da+XKMODKQYcglV006mpTqKCTZ/zQsW1UyQA0JtSuzeR6z47LQu7FvzFsXjtfJbRMzuX+o9xJT3M/dhSpQVUD32ZotxH5d7bTttBAYg9loxFcXWRlKimn79Oax
+Sec-Fetch-Dest: websocket
+Sec-Fetch-Mode: websocket
+Sec-Fetch-Site: cross-site
+Pragma: no-cache
+Cache-Control: no-cache
+Upgrade: websocket
+```
+
+is sent to web1-httpapi.vevox.com. The cookies are sent by the server in the
+initial request. The connection_id is created on client-side by javascript with
+the lines:
+
+```javascript
+function l() {
+  return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function (e) {
+    var t = 16 * Math.random() | 0;
+    return ('x' == e ? t : 3 & t | 8).toString(16)
+  })
+}
+```
+
+After this, the json data is sent to the server:
+
+```json
+{
+   "service":"httpapiservice-1_0",
+   "message":"SetConnectionInfo",
+   "data":{
+      "secret":"RIM2JSTSyk4Y/TXTwvh7nIWCrD6L5sraDV6Z7rZ1ZVk=",
+      "key":"FWfLAvjJmU9Wbnrm",
+      "thirdPartyUserId":"",
+      "deviceId":"480e2645-c33c-4459-8b3c-2e9a772c2f73",
+      "appVersion":"1.7.0",
+      "apiVersion":"1.23",
+      "tzid":"Europe/Amsterdam",
+      "tzoffset":-120,
+      "sw":1022,
+      "sh":241,
+      "isAttendee":true,
+      "gatewayMappings":{
+         "97":"wss://staging-httpapi.lumidev.net/api",
+         "98":"wss://qarel-httpapi.lumidev.net/api",
+         "99":"wss://qamaster-httpapi.lumidev.net/api"
+      }
+   },
+   "timeout":60000,
+   "requestId":3
+}
+```
+
+```json
+{"service":"meetingservice-1_0","message":"DeviceConnectAction","data":{"accessCode":"175848995","appId":"b04cda41-22ea-40a5-a5e4-ce951bd12067","apiVersion":"1.23","connectProperties":{"sortOrder":"normal"}},"timeout":10000,"reQquestId":4}
+```
+
+This data is in javascript of index, secret/key is constant.
+
+
+``json
+{"service":"discussionservice-1_3","message":"DeviceDiscussionMessagePostAction","data":{"topicId":236248,"message":"test","anonymous":true,"nameHidden":false},"timeout":10000,"requestId":5}
+```

vevoxqa.py

@@ -0,0 +1,28 @@
+#!/bin/python
+#
+# vevox.py
+# VevoxCrusher
+#
+# Created by Yigit Colakoglu on 10/13/21.
+# Copyright 2021. Yigit Colakoglu. All rights reserved.
+#
+
+class VevoxQA:
+    def __init__(self, sessid):
+        self.sessid = sessid
+
+    # Open a connection to Vevox Q&A Session
+    def connect(self):
+        pass
+
+    # Get the questions from Vevox Q&A Session
+    def getquestions(self):
+        pass
+
+    # Like a question returns true if successful
+    def likequestion(self):
+        pass
+
+    # Unlike a question returns true if successful
+    def unlikequestion(self):
+        pass