Read this in russian.
This code makes it possible to obtain VK token, that works for VK audio API, so you can query audio URIs. The code was obtained through reversing Kate Mobile application and official VK client. VK login, VK password, GMS ID and GMS token are needed. (The last two only for Kate Mobile based method) No additional dependencies are required.
See files in the examples
directory to see how it can be used. These scripts obtain both GMS credentials and VK token. Just run one of them: example_microg.php login pass
and it will print the token. Examples that show how to use obtained VK token with different API methods are in the usage
subdirectory.
More detailed VK API description is available at https://vodka2.github.io/vk-audio-token/ (Currently in progress)
There is also more advanced CLI tool, that emulates Kate Mobile:
Usage: src/cli/vk-audio-token.php [options] vk_login vk_pass
src/cli/vk-audio-token.php [options] non_refreshed_kate_token
Options:
-s file - save GMS ID and token to the file
-l file - load GMS ID and token from file
-g gms_id:gms_token - use specified GMS ID and token
-d file - use droidguard string from file
instead of hardcoded one
-m - make microG checkin (default)
-o - old checkin with droidguard string
that may expire
with droidguard string is made
-t code - use two factor authentication
pass GET_CODE to get code or
pass code received in SMS
-h - print this help
Two-factor authentication is supported. You can also add an application password in VK settings and use it instead of your account password.
composer require vodka2/vk-audio-token
docker build -t vk-audio-tokens src/
docker run -t vk-audio-tokens:latest php src/cli/vk-audio-token.php -m vk_login vk_pass
docker run -t vk-audio-tokens:latest php src/examples/usage/example_kate.php token
There are two ways to obtain GMS credentials.
The first way is to get them from a rooted Android device. The token is in /data/data/com.google.android.gsf/shared_prefs/CheckinService.xml
file and ID is in /data/data/com.google.android.gms/shared_prefs/Checkin.xml
file. You can install GMS Credentials application to see them.
The second way is to perform Android Checkin yourself. Class AndroidCheckin
is designed for this task. This class provides two options: checkin with droidguard string and checkin as in microG project. Note that the obtained credentials may expire.
For the first option you need a string that is generated by com.google.ccc.abuse.droidguard
(the.apk). One such string is in example_droidguard_str.php
file, it may expire. When using the second option one extra request is made and PHP needs to have sockets enabled.
It is also possible to intercept Android Checkin request (it is made on first boot) and see the returned GMS ID and token.
Free drinks always give me motivation to write code.
WMR — P778046516389
WMZ — Z828082159527