jeena/snaphax
1
0
Fork 0
Code Issues Pull requests Projects Packages Wiki Activity Actions
No description
5 commits 1 branch 0 tags 45 KiB
Find a file
Thomas Lackner abc2a21abc dox fixes
2012-12-31 06:04:20 -06:00
examples first checkin of code 2012-12-31 05:49:27 -06:00
.gitignore update gitignore 2012-12-31 05:49:18 -06:00
README.md dox fixes 2012-12-31 06:04:20 -06:00
snaphax.php first checkin of code 2012-12-31 05:49:27 -06:00

README.md

Snaphax: a PHP library to use the Snapchat API

This library allows you to communicate with Snapchat's servers using their undocumented HTTP API. It was reverse engineered from the official Android client (version 1.6)

Warning

I made this by reverse engineering the app. It may be extremely buggy or piss off the Snapchat people.

Limitations

Only login (with list of new media) and fetching of images is implemented. This is obviously a huge failing which I am to correct when I have more time.

Motivation and development process

I'm a huge fan of Snapchat. I'm stunned and delighted by the fact that a simple feature like auto-expiration of images can create such a compelling and challenging service. And it's not just me: everyone I've told about Snapchat who has used it has loved it.

But I hate closed APIs, so I set about figuring out how it worked. Adam Caudill wrote an excellent analysis of their HTTP-based API by using an HTTPS traffic sniffer. Unfortunately this information now seems out of date.

I ended up having to fetch the official Android client's app binary (APK), decompiling the whole thing with a mix of tools (all of them seemed to produce subtly incorrect output), and then puzzling through the process of creating their dreaded access tokens (called req_token in the HTTP calls).

This involved me paging through Fiddler, trying to generate SHA-256 hashes seemingly at random, tearing my hear out, and weeping openly.

Their system is a bit unusual: it AES-256 hashes the two input values separately, using a secret key contained in the binary, and then uses a fixed pattern string to pull bytes from one or the other. The final composition of the two is used in HTTP requests.

Other things about the API that I've discovered so far:

  • Speaks JSON over HTTPS, using POST as the verb
  • Not made for human consumption; difficult error messaging
  • Doesn't seem to support JSONP (i.e., callback parameter in post data is ignored)

How to use

Pretty simple:

	require_once('snaphax/snaphax.php');

	$opts = array();
	$opts['username'] = 'username';
	$opts['password'] = 'password';
	$opts['debug'] = 1; // CHANGE THIS; major spewage

	$s = new Snaphax($opts);
	$result = $s->login();
	var_dump($result);

The apocalyptic future

The TODO list is almost endless at this point:

  • DOCS!!!
  • Syncing (to mark snaps as seen)
  • Video fetching
  • Image/video posting
  • Friend list maintenance
  • Port to Javascript (probably via Node + NPM since their API doesn't seem to support JSONP)
  • Add support for PHP composer
  • Test framework

Credits

Made by @tlack with a lot of help from @adamcaudill, and of course all of this is due to the inventiveness of the Snapchat team