Skip to content

Latest commit

 

History

History
87 lines (72 loc) · 5.34 KB

guide_kakao.md

File metadata and controls

87 lines (72 loc) · 5.34 KB
Raw

Summary of downloading animated stickers in Kakao

Link Require auth token to download animated sticker?
https://emoticon.kakao.com/items/xxxxx Not required (Recommended method)
https://e.kakao.com/t/xxxxx Required
kakaotalk://store/emoticon/4404400 Not required (But no easy way to get it)
4404400 Not required (But no easy way to get it)
  • To download animated stickers, you have two options:
    • Method 1: (RECOMMENDED) Get the share link of the emoticon pack from Kakao app on phone, which does not need auth_token (https://emoticon.kakao.com/items/xxxxx)
    • Method 2-4: Use https://e.kakao.com/t/xxxxx which needs auth_token (Authorization header during request). Note that this method may not work in some cases with unclear reasons, so use method 1.

Method 1: Get share link

../imgs/kakao-share.jpeg

Method 2: Get auth_token from KakaoTalk Desktop application

  • sticker-convert will get auth_token from KakaoTalk Desktop application.
  • Note that this only work on Windows.

GUI:

  1. Download and Login to KakaoTalk Desktop
  2. Press on Generate button in sticker-convert GUI
  3. (Optional) if you installed KakaoTalk Desktop in non-default location, you may specify Kakao app path
  4. Press on Get auth_token and wait

CLI:

  1. Download and Login to KakaoTalk Desktop
  2. Add --kakao-get-auth-desktop as arguments
  3. (Optional) Add --kakao-bin-path <KAKAO_APP_PATH> if you installed KakaoTalk Desktop in non-default location
  4. Execute command

Method 3: Get auth_token by simulating login

  • sticker-convert will simulate login to Android Kakao app to get auth_token
    • You will send / receive verification code via SMS
    • You will most likely receive verification code
    • You have to send verification SMS if you requested to receive verification code too many times
    • You maybe logged out of existing device
  • The auth_token will expire after a period of time (About a week?), which you have to regenerate it.
  • Explanation of login information
    • Username: Email or Phone number used for signing up Kakao account. (e.g. +447700900142)
    • Password: Password of Kakao account
    • Country code: Example would be 82 (For korea), 44 (For UK), 1 (For USA)
    • Phone number: Phone number associated with your Kakao account. Used for send / receive verification code via SMS

GUI:

  1. Create KakaoTalk account on Phone
  2. Press on Generate button in sticker-convert GUI
  3. Enter account detail in the window
  4. Press on Login and get auth_token and follow instructions

CLI:

  1. Create KakaoTalk account on Phone
  2. Add --kakao-get-auth --kakao-username <YOUR_USERNAME> --kakao-password <YOUR_PASSWORD> --kakao-country-code <YOUR_COUNTRY_CODE> --kakao-phone-number <YOUR_PHONE_NUMBER> as arguments
    • Note: If you had saved username, password, country_code and phone_number before, you may choose not to add them as arguments
    • You may also add --save-cred to save the auth_token and login information for later use
  3. Execute command and follow instructions

Method 4: Get auth_token manually or get emoticon ID

You can manually get auth_token from rooted Android device (You are recommended to do it on emulated Android device)

  1. Create KakaoTalk account on Phone
  2. Install Android Studio and create an emulated device, then install KakaoTalk on the device
  3. Install BurpSuite
  4. Follow this guide to hook up Android emulated device with BurpSuite: https://blog.yarsalabs.com/setting-up-burp-for-android-application-testing/
  5. Follow this guide to bypass SSL pinning: https://redfoxsec.com/blog/ssl-pinning-bypass-android-frida/
    • For cer.cer mentioned in this guide, use the burp-ca.crt you created in step 4)
    • Run adb shell, su and /data/local/tmp/frida-server to start frida-server on Android Emulator
    • Run frida -U -f com.kakao.talk -l fridascript.js while frida-server is running
  6. Browse for some emoticons in KakaoTalk application and view HTTP history in BurpSuite
    • To get auth_token, copy Authorization from header of request seen in BurpSuite
    • To get emoticon ID, look for URL such as https://item.kakaocdn.net/dw/4404400.emot_001.webp. Emoticon ID would be 4404400

Technical sidenote: Decoding of animated emoticon

Emoticon that are in webp and gif need to be decoded. For Kakao Android application, com/kakao/digitalitem/image/lib/ImageDecode.java calls libdigitalitem_image_decoder.so...

  1. nativeWebpImageResizeDecode() or nativeGifImageDecode()
  2. webpDecode() or gifDecode()
  3. decryptData()
  4. cryptData(), which decode emoticon by LFSR and XOR

If interested, you may study by decompiling Kakao Android application with jadx and decompile libdigitalitem_image_decoder.so with ghidra.