Textplus - reverse engineering of textplus

Textplus It's like textfree The same free SMS and call app . And Textfree Different ,Textplus No network client is provided . This limits our ability to interact with mobile applications . No problem , Let's start our Android Simulators and agents . I decided to start using charles agent , Because it provides a better layout , And I found it easy to use , Even if it's not free . Like mine textfree hack equally , Let us ​​ Start by viewing the application , See if we can find anything that could sabotage the deal （ I look for recaptchas、 Anti robot software , And whether the application is related to TOR In combination with ）.

When creating an account , You need to fill in recaptcha. This is a deal breaker . It seems impossible to create accounts programmatically . Don't judge a book by its cover .recaptcha And registration data . This means that we do not need to complete revalidation . Let me be clear , I did bypass google recaptcha,textplus It's just not completely coded .

After creating an account , The server will generate the post exploit operation （ For example, send text ） Vital information . For some reason , The server will respond to your registration request with your account data in the header . I don't understand why I did it , Because they have been using json Transfer data between the client and the server for the entire communication . This makes me a little disappointed , Because I want to retrieve data from the server in the same way as sending data . Looking around , I found it .

Textplus It uses a form of authentication that I've never seen before . Maybe it's because it's so bad . They use some kind of two-step verification . You provide your user name and password to “ https://cas.prd.gii.me/v2/ticket/ticketgranting/service”, It returns a “ ticket ”. This is a PHP Program , It will get you a ticket .

With this ticket , We have moved on to the second part of authentication . You provide tickets to “ https://cas.prd.gii.me/v2/ticket/service”, It returns another “ Authenticated ” ticket . This is a PHP Program , Can provide you with “ Authenticated tickets ”（ Ensure that all information is provided ）.

Every request after login needs “ Tickets granted ”. This is their form of user authentication . Use the ticket granted , We move on to the next part of the process , I.e. assigned number . We first get a list of available phone number locations . We will pay close attention to “ Zone setup ” value , As shown below ：

Now we have “ Zone setup ” Information , We can continue to register our devices . This is how we assign a number .

as far as I am concerned , Google push token seems to be static . In the past few weeks , I don't have the problem of reusing it . On the other hand , This step is not really necessary . We don't need to register the device , Because when we create an account ,textplus Will automatically assign us a temporary number , Even in applications , If you have not registered a number , You cannot send text messages . The next part is how we can bypass device registration . Even if there is no number , We can still send messages or emails “ The invitation ” people . Our interest is to invite... Through text , By the way ,textplus Allow us to customize the invitation . A few things to remember ： please remember , When you invite others , You will make money in the application itself , The money can be used to make phone calls …… please remember , Each account is assigned a different number .

As you can see , We can set custom text . This is through the text ：