[Bug]:OpenAI: {"detail":"Our systems have detected unusual activity from your system. Please try again later."} (code: 403) Once Again Not Solved

Question

[Bug]:OpenAI: {"detail":"Our systems have detected unusual activity from your system. Please try again later."} (code: 403) Once Again Not Solved

SwimmingLiu opened this issue a year ago · 272 comments

SwimmingLiu commented a year ago

Is there an existing issue for this?

I have searched the existing issues and checked the recent builds/commits

What happened?

Steps to reproduce the problem

Try to run ask() with V1 API.

What should have happened?

Is should work:)

Version where the problem happens

Tried 6.3.4(latest)

What Python version are you running this with?

3.9

What is your operating system ?

Linux

Command Line Arguments

No

Console logs

Traceback (most recent call last):
  File "/usr/local/lib/python3.9/site-packages/revChatGPT/V1.py", line 726, in __check_response
    response.raise_for_status()
  File "/usr/local/lib/python3.9/site-packages/requests/models.py", line 1021, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: https://bypass.churchless.tech/conversation

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/root/gpt4_test.py", line 222, in <module>
    get_slice_thread_io(token)
  File "/root/gpt4_test.py", line 200, in get_slice_thread_io
    get_content(token[0], server)
  File "/root/gpt4_test.py", line 148, in get_content
    for data in chatbot.ask(prompt):
  File "/usr/local/lib/python3.9/site-packages/revChatGPT/V1.py", line 608, in ask
    yield from self.post_messages(
  File "/usr/local/lib/python3.9/site-packages/revChatGPT/V1.py", line 561, in post_messages
    yield from self.__send_request(
  File "/usr/local/lib/python3.9/site-packages/revChatGPT/V1.py", line 392, in __send_request
    self.__check_response(response)
  File "/usr/local/lib/python3.9/site-packages/revChatGPT/V1.py", line 91, in wrapper
    out = func(*args, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/revChatGPT/V1.py", line 733, in __check_response
    raise error from ex
revChatGPT.typings.Error: OpenAI: {"detail":"Our systems have detected unusual activity from your system. Please try again later."} (code: 403)

Additional information

No response

wong2 commented a year ago

Great

linweiyuan commented a year ago

Honeypot.

👀2

acheong08 commented a year ago

Fixed

Answer 1 · 2023-06-20T04:28:16.000Z

Same issue here.

Answer 2 · 2023-06-20T04:46:07.000Z

Am having the same issue, works for gpt 3.5 model

Answer 3 · 2023-06-20T05:37:56.000Z

it doesn't work bro

Answer 4 · 2023-06-20T06:23:21.000Z

"works on my computer"

Can you send a sample request payload from your browser?

Answer 5 · 2023-06-20T06:26:24.000Z

Try gpt-4-mobile as your model and see if anything changes

Answer 6 · 2023-06-20T06:39:49.000Z

@acheong08 your fix works on my computer with latest change.

Answer 7 · 2023-06-20T06:45:39.000Z

Try gpt-4-mobile as your model and see if anything changes

this model makes it work, thx sir!!

Answer 8 · 2023-06-20T13:19:52.000Z

@acheong08 your fix works on my computer with latest change.

gpt-4-mobile may be the final fix, whereas __arkose_token method only works for several hours.

Answer 9 · 2023-06-21T03:43:11.000Z

I believe they will add the arkose_token based verification to mobile models soon.

Answer 10 · 2023-06-21T11:54:37.000Z

Is there a difference between gpt-4 and gpt-4-mobile?

Answer 11 · 2023-06-21T14:44:02.000Z

Is there a difference between gpt-4 and gpt-4-mobile?

No

Answer 12 · 2023-06-22T14:01:45.000Z

Is there a difference between gpt-4 and gpt-4-mobile?

I have tested between gpt-4 and gpt-4-mobile and found differences in reasoning and writing style. gpt-4 looks much more advanced for long text.

Answer 13 · 2023-06-22T14:26:24.000Z

I've also found that for summarization of long text, gpt-4-mobile is far worse than both gpt-4 and text-davinci-002-render-sha

Answer 14 · 2023-06-22T19:09:38.000Z

Ok i'm now having the error with gpt-4-mobile, am I the only one?

So now both gpt-4 models don't work :/

Answer 15 · 2023-06-23T04:48:22.000Z

I am facing the same problem.

Answer 16 · 2023-06-23T06:46:48.000Z

reason may be here

It appears that an arkose_token field has been added to each ChatGPT conversation request, and currently only GPT-4 models are validating this field.

When a conversation is initiated from the GPT-3.5 page, the arkose_token is null. However, when a conversation is initiated from the GPT-4 page, an automatic request is made to fetch this arkose_token, which is then included in the conversation request.

It seems this is part of the Arkose FunCAPTCHA challenge process. However, the GPT-4 Mobile model isn't checking for this field at this time. As a workaround, you might want to use the GPT-4 Mobile model, which does not have usage restrictions at present.

Answer 17 · 2023-06-23T07:15:46.000Z

comment

# if data.get("model", "").startswith("gpt-4"):
#     data["arkose_token"] = self.__arkose_token()

in def __send_request, it work for me

Answer 18 · 2023-06-23T08:20:28.000Z

reason may be here

It appears that an arkose_token field has been added to each ChatGPT conversation request, and currently only GPT-4 models are validating this field.
When a conversation is initiated from the GPT-3.5 page, the arkose_token is null. However, when a conversation is initiated from the GPT-4 page, an automatic request is made to fetch this arkose_token, which is then included in the conversation request.
It seems this is part of the Arkose FunCAPTCHA challenge process. However, the GPT-4 Mobile model isn't checking for this field at this time. As a workaround, you might want to use the GPT-4 Mobile model, which does not have usage restrictions at present.

Thanks for referencing my previous reply. However, it's important to note that some information has become outdated. Currently, all GPT-4 models, including the GPT-4 Mobile model, are validating the arkose_token field.

I've addressed this issue at hydrotho/ChatGPT_Model_Switcher#2. The fix appears to be working well at the moment. However, please be aware that it might become ineffective at some point in the future due to potential changes in ChatGPT.

Answer 19 · 2023-06-23T09:20:47.000Z

by applying "gpt-4-mobile" patch, it worked for 4 days. This issue happens again. So gpt-4-mobile is not a final fix. will try @hydrotho 's method.

@acheong08 your fix works on my computer with latest change.

gpt-4-mobile may be the final fix, whereas __arkose_token method only works for several hours.

Answer 20 · 2023-06-23T14:24:59.000Z

gpt-4-mobile
also reported 403 error

Answer 21 · 2023-06-24T04:31:03.000Z

RIP my borrowed plus account expired

Answer 22 · 2023-06-24T04:31:16.000Z

Which means the PUID is invalid for GPT-4 access

Answer 23 · 2023-06-24T04:35:26.000Z

Can anyone share a PUID?

Answer 24 · 2023-06-24T05:21:31.000Z

Can anyone share a PUID?

user-EW05FrqHnXwezENAhzlji1Fu:1687574587-vaKR9vKqhkcDEgh7ra3ytPYngcuoqKDQ7yfAZrrCr%2Bc%3D

Answer 25 · 2023-06-24T05:27:43.000Z

Can anyone share a PUID?

give me a way to contact you,I can lend you a plus account

Answer 26 · 2023-06-24T06:49:39.000Z

Matrix: https://matrix.to/#/@acheong08:matrix.duti.me
Discord: acheong08
Twitter: acheong08

Answer 27 · 2023-06-24T06:51:04.000Z

Since I don't have access to GPT-4 I can't test my patches. Based on observations of the web requests, arkose token is required, and either

PUID must match access token
arkose token must be fetched by matching IP

Answer 28 · 2023-06-24T07:00:47.000Z

Matrix: https://matrix.to/#/@acheong08:matrix.duti.me Discord: acheong08 Twitter: acheong08
i send message to your Matrix

Answer 29 · 2023-06-24T08:40:38.000Z

Updated PUID on server thanks to @WhiteCranes

Try and see if it works now

Answer 30 · 2023-06-24T11:47:07.000Z

@acheong08
"bda": str(base64.b64encode(b'{"ct":"","iv":"","s":""}'), "utf-8")
This bda is not working for me. (Any other people tried 6.4.2 revChatGPT?)

However, I found that the solution in this repo is working saeedezzati/superpower-chatgpt@cbb182e#diff-4dcce6c0d0a57cdca60dbc5551021cce5ab858d68da3a15d6fe2a9afa934c722

superpower-chatgpt is retrieving the arkso token from the following endpoint`

curl -i -X GET \
   -H "Origin:https://chat.openai.com" \
 'https://api.wfh.team/gptx/arkose/'

Not sure if the token getting from the above API will expire or not, but it is working for the moment.

https://api.wfh.team/gptx/arkose/ is not open source, so I don't know why it is working 😵‍💫

Answer 31 · 2023-06-24T13:25:36.000Z

@acheong08 "bda": str(base64.b64encode(b'{"ct":"","iv":"","s":""}'), "utf-8") This bda is not working for me. (Any other people tried 6.4.2 revChatGPT?)

However, I found that the solution in this repo is working saeedezzati/superpower-chatgpt@cbb182e#diff-4dcce6c0d0a57cdca60dbc5551021cce5ab858d68da3a15d6fe2a9afa934c722

superpower-chatgpt is retrieving the arkso token from the following endpoint`
curl -i -X GET \
   -H "Origin:https://chat.openai.com" \
 'https://api.wfh.team/gptx/arkose/'
Not sure if the token getting from the above API will expire or not, but it is working for the moment.

https://api.wfh.team/gptx/arkose/ is not open source, so I don't know why it is working 😵‍💫

Yep，I tried 6.4.2 revChatGPT. But neither 6.4.2 revChatGPT nor the token get from https://api.wfh.team/gptx/arkose/ works for me 😵‍💫

Answer 32 · 2023-06-24T13:34:39.000Z

6.4.2 not working for me either.

Answer 33 · 2023-06-24T13:48:34.000Z

Arkose token might be regional then. I'll implement server side fetching of arkose.

Answer 34 · 2023-06-24T14:06:50.000Z

Try https://github.com/acheong08/ChatGPT/releases/tag/6.4.3 to see if the system tries to link PUID with access token + arkose token

(This update fetches the PUID cookie automatically)

Answer 35 · 2023-06-24T14:09:57.000Z

(wait a bit. server updating)

Answer 36 · 2023-06-24T14:44:07.000Z

Server updated. Will now use its own arkose token

Answer 37 · 2023-06-24T14:47:49.000Z

use a dedicated "bda" with the corresponding "userbrowser" can work. It seems my bda generation is not following this algorithm: "str(base64.b64encode(b'{"ct":"","iv":"","s":""}'), "utf-8"),".

Answer 38 · 2023-06-24T14:49:35.000Z

I haven't been able to figure out how bda is generated. Not sure if hardcoding one works

Answer 39 · 2023-06-24T14:50:07.000Z

https://github.com/acheong08/ChatGPT-Proxy-V4/blob/df2fb77b0158d99071a8ebc00fdea88fcf68459c/arkose.go#L1-L44

Answer 40 · 2023-06-24T14:50:59.000Z

At least for my own computer, it works right now with server side arkose

Answer 41 · 2023-06-24T14:51:10.000Z

Not sure how long it'll last

Answer 42 · 2023-06-24T14:53:58.000Z

This thread is useful. linweiyuan/go-chatgpt-api#175

My Chinese is sadly not proficient enough to understand

Answer 43 · 2023-06-24T15:08:01.000Z

This thread is useful. linweiyuan/go-chatgpt-api#175

My Chinese is sadly not proficient enough to understand

linwenyuan said use this url as can generate correct arkose-token https://arkose-token.linweiyuan.com
Seems not useful for this repo.

Answer 44 · 2023-06-24T15:11:56.000Z

This thread is useful. linweiyuan/go-chatgpt-api#175
My Chinese is sadly not proficient enough to understand

linwenyuan said use this url as can generate correct arkose-token https://arkose-token.linweiyuan.com Seems not useful for this repo.

Seems we should generate arkoseToken is proxy server, accoring to his patchset

if arkoseTokenUrl != "" {
			req, _ := http.NewRequest(http.MethodGet, arkoseTokenUrl, nil)
			resp, err := api.Client.Do(req)
			if err != nil || resp.StatusCode != http.StatusOK {
				c.AbortWithStatusJSON(http.StatusInternalServerError, api.ReturnMessage("Failed to get arkose token."))
				return
			}
responseMap := make(map[string]string)
			json.NewDecoder(resp.Body).Decode(&responseMap)
			request.ArkoseToken = responseMap["token"]
		}

Answer 45 · 2023-06-24T15:12:49.000Z

Seems we should generate arkoseToken is proxy server, accoring to his patchset

https://github.com/acheong08/ChatGPT-Proxy-V4/blob/df2fb77b0158d99071a8ebc00fdea88fcf68459c/arkose.go#L1-L44

Already doing that (since a couple minutes ago)

Answer 46 · 2023-06-24T15:13:15.000Z

Can you check if it works for you? (Also upgrade to latest version of revChatGPT so arkose doesn't get overriden by client)

Answer 47 · 2023-06-24T15:13:50.000Z

Works for me but since I'm in the same region as the proxy server, it might or might not be replicable by others

Answer 48 · 2023-06-24T15:28:43.000Z

Works for me but since I'm in the same region as the proxy server, it might or might not be replicable by others

Yes. It works for me either. This may be the final fix. Thanks.

Answer 49 · 2023-06-24T15:32:26.000Z

Works for me but since I'm in the same region as the proxy server, it might or might not be replicable by others

Upgrade both and it did work for the moment, proxy server of ap-southeast region. Thanks!

Answer 50 · 2023-06-24T15:37:10.000Z

Confirmed working for non-southeast accounts as well now (off thread)

Answer 51 · 2023-06-24T15:45:02.000Z

In case anyone is interested in figuring out how the bda was generated (I was not clear about it yet!)...

It is generated by this file funcaptcha_api.js?onload=loadChallenge and can be debug by searching this line b3[dK(f_a_ir.m)] = aF[dK(f_a_ir.n)](by)

Answer 52 · 2023-06-24T16:20:24.000Z

Hopefully someone good at JS can explain a bit on how it works? The code looks alien to me

Answer 53 · 2023-06-24T17:31:26.000Z

Works fine in Europe, thanks!!!

Answer 54 · 2023-06-25T12:59:13.000Z

Maybe not working again now? it worked in former few hours.
The same exception:
"OpenAI: {"detail":"Our systems have detected unusual activity from your system. Please try again later."} (code: 403)"

Answer 55 · 2023-06-25T14:21:04.000Z

Now it's 403 again. Could you please take a look.
@acheong08

Answer 56 · 2023-06-25T14:40:27.000Z

Fixed using @pengzhile's endpoint for now. Will look into how to generate the parameters.

Answer 57 · 2023-06-25T14:40:40.000Z

Looks like I might have to do some browser automation

Answer 58 · 2023-06-25T14:41:49.000Z

I hope someone can help me figure out what this might mean:

{"ct":"/vfjnTlE3ZVKglS/2rXeoeDwcgCsKl/RgwpfExRQ90DTC+FYeFy4ZSzAsGJ9AiHCZ4NILmiMlF9I9tjTMB3K320yPa8/BRyPAU9fR8eaexyLH9XmXWF9ccO0aOD6fZf12nuUAp60x8ZZaX0mL6pF/F8ZQP0iyzg6dmQ77Xg0HCMCbEJYR9kavnknUSydOKNWtdGHNxNnNuvsxm2Qlpwq0+joshVwwHHJqlOUJHS9cC3dGEmFleWWQXwFz9Vx0EF8GtZJ9122n+CAkG0H6wi1cbbBUsyQWk9kl+KDy3O1t5+FsGf+F9pThpECMgcxPiJuf1aCtUbKIOmvpIHwYAcsWTOV3sNDf9yfJ5GnR7ZEBUGur4oz5UKJrp1B2xFrGfIkl4Vc8kFAFl4aoY5Uhf6k7c5Itj2XOjdbl5kPLlxFiRr+WqVFxexWtisNQrJ9vPwWGNxGGWi926UrkF4rwJV8SgOOPHPUfDobY8ezZRMuiQv8TPV84/LwDp2MuLaEJl0G/kyHMfxAyyLYbYJw3wXJ26pqfhvxasJfEQ2Q+IpNwQrnTx9PAV4C5nk832jujCOXAOnUwl8YBRSl/8pYgl+X/JJs+pgACBbKz9CX/ARAlDy4hzULMDtCpmiGWcOhQIkVOcPRGpEfef/0RGc0XfztcZMeDjaVWXnImELaRdfZ1p+xs1xi3VTelJ9ixETp1QYzj3SgP5Jgw20xQfJygxUE9SHuH6Fqt4/4P3BRoUTHkZh5k2joEGbsKno+Dnps4/+MF2BxAlaTf65R3byfLG3uLVWUv6Cwwj6d5pvmnHjW1aHQ3ulHkQENscC/ur3XtV2GNgxIHu0o1VryKuzVs4jDwQtVxmh1sB2VKV+AxPOp4l0nXIZpbQRsr08Q9BhQoaHrd2EQsW9uvNxCdZumd+JAqm7cirLZsvvv2CpiSfZPVjE95be+PdH7rThr5iSzKodDKSQ6Z/2P/mRkZ4psiWfo/mITbmczmq/9A432PqM3ffo1U1uH3CwOQx06SJGW9Kdu5YC+d7Y55L6dSrPKfcJagN+EOeuQNNr+aGpHJqfobjru0XUsxegARqofhYk9vJMyw9pcg/SZkFQ9PDJo1CbsKlhrIvYeP8U9IgkxaulOhHSlqnLWhJEgauEqT91ncO7VVQk7jDu8dlrrovGkih4dMByZCxJ8EjXnzpoCzeIe8a1PKZj4TQb5RlTifdfCl3Ki4n5EHnelre5O2pij6+XjC8j4ORXrzGVcR33KDgnzu4to8QBVpw9mdt49SSjsQ1NmtDuZt12IqPNQ/OHBHDssDnHlzvompbm6n/279YzvBwRsiEudM9KsG0m5myBOZztsW/t29l21nj0YcAdobBQFTjw1Bc9E1gbcKNJM33dV4afKD6vC1ubn3musUbe7KASjFcTWrdeh/6OGbmFeM+FR53N9ddCc214oat4TQEpV6ZurywcIhUR0JY3xr9HjEaCJTX0TNMkdER4fWv0oVT+B9psCx6NZ+n6zAiMPTHpEu5icQ4dVS/VOZUL5y3TwuC5kau0NQZkXEk+aQ6603yTvp7EIfi3RhT8wO33yWebRXWzQtBWNprK5Sz5Yp69I0hfUMwSd8vZ4SRrlr5ApSN9KwSQttwZAWmq+nuoswh23aEH7fUzRCDa4zdF6GMhMLXJLY4ptLDLSCkVTDZKlqnPwldWsdxvL/dZe3OY6mRg9CQWnNraeEuYh7ZNHEgINKwxvFAqzbWeKSvAeXgz5ERxEFmxD/myv/qAbF+5zitiUjmSHTjkAXHenT8qFnBzJcYlKUDGBErFNNVA/J7eKuv/uVr/NAX6TBEpkcePSxcJtdo2Dn+AevySOujJ30kdhCbuORrnlL6HZg2U7zMYubixcIORb/ftv98rD8VcqOA7KCVmJk/RBno/AyITag0uY2kZKVeFWHIkPKpl7/oBKUoZ1Hy/ijwDJO+Af+H6NINmx3Aa/CalvlQ7xzE3qoK9PPICOV2nfJKDMs5dGXOyQSVr2aCQsPhZqFjZR1z86IvoM2SPRE3Dygf9ozVeSvEI8aB7cF8KXqyZ8y6dKYJFN1no+EJj6cOvj7Q9vhZAEA0CNg4MjLxosmqUtsfXPfdFwLAzmgXGN42b7VPGzwLys+/N/YbiEsIUDJkx3BpmmM7cQhaQPs7HLVG10ei6xw/ll1dUrXTQT6AAgoCmLYqRbhKoIilfzfMV6+JUIQOz4vYOYryseG9kGGiHkP3+mnPZ8hOeMZYorey6T7bQRPmNad3EzZ94yvJJQui2UWFHhL22fI3WZDb0E7rj3WCt0v8Pp3L2Vu5H3xzM6sGBuyXPK5VYVBQy74rIeM1Hv4gCoiNSEfX7mFtIfRM3GNjrbX69t6XePK/I3zSSJFT/j5hlIbEUcTEEwLtzx+o1WTZdLvGOUhAv01CuAFHsjpMkknVVUdVQeAf5GZkdFqd0s2tMPXirvYRZT7aullUHwVknGL2F/SYrrw35g5PW6OvxSqRaU17WXeEFmg1r8pisRMyWyqpowQkBcjdOWgvXSJ/C6bk4YMJFbOkwSqNGs8MMxnFdedDBmn0eKaX9BCcEVEjxhAM73jL7zE+nGhgVg79a/KVSWK2094SKCfSkdnqLMpMx0JsQkULSgacAuzYI5LAJoo+9Jv1BVcm9XQZIuDB3gkrTSeK4i+7JhGlqttSNvtGA9bY+ImnCc/e/oinBoIevpGcN/mHaVLSUOpSGfmfxYQ31SMlysEacTWNknsCpuM3kYikNRHAuIiHOJ3yvXvnPWvyIa1I4oDVOq/9Kwa2zxBK3q4WYbqUKmmI+pU3+0o9f4WzvkPW9Bk4QctHdR/ICzpQY3QH3UwBmFD+09koTuW9fd7Jxp5aVYz1+EiSAkBpER10XIKP5p0Ydsh9HNhzuvJslhgkfhDelQx7QO8BwjSS2DOqfQdLNVpaLqch40qd5POFDfCn+wx+P+q6cyM5TQRMLykc69/Ug5ySCp/+oZqvvUym/gV24kvtRMXTkAlE10t3QtFp7kB4fTKtREJGxesDbVd4FiJ3kLShSrydNgpMl3vdiyclVRzVwQruziXc8sSJ4P2UvobiG14trEylFbtOKmdoll8JKAJ0iDss9m7gkjvDzTXODLU0bQ03N6sHxnnxoRpS22z6AdHO6ikp6ilm9fgkQ2OHOEEnGDpFHOm2WmrfB0uskqioGmmoweKCIp9t71bFX8VUzd+huLeOSxy0ApK0uptfXZ2Wz5H+kGGjEs2/Ci/Cse42BVt7AAnA8+2lrS29s/q7QvBWodeWuVtG3y4d2JOaZ0jRlN2DHnL2GZfkk5YRv8dVwBUfgQnBOaumwyFBlDwpEw3DL5VP/xiOQ2eblMRMicpUvPjsWJjb14shcaM/szroIbysy3W47ayzCKn66yCt1SjRvildJMpFfP4ACmbwdSuoyBuafsfezCjS1V/OmNxplEXG9theOSXT3LCiGMXUB+C0SCI2zOvcKB4SqhylxKp/1cNXO93D48obxz6oKIdIt7ErdfSmNoa225H7psPwDzdRgmg50tdsKqsMcUK8fE6EG1Wb5SvfW9dZVIkBsBDjNyNAZvUo/mgxxgczuqgv+j+qa17R0qancHNJviEFohgxc/n5EuMr7C8p0M8i9V9EE+MtA+XIb+8UV7RFOczGQLch2zecrzrk4uR25z1Zd4oPYus8FZ+Be0TBb1CVbt4CFjgo7e9dbhuv3eRKmgW5W3hBojiTHt8wLh4/loQb1epo6OIoWLkLy1zaHH5hi+fC6udxjuCaXIofLYe2vPymOT93P4r9rnM28eMXRhjR6nNzAUp2k5GehSB529h2Vx2DKukQdvMcZ9DL3dyeSXuOyaJoHC08lYx+T+NLqDUtuHP84hyxW4AUNtqlv+W7EX+0lxMwP7dvZBsfHGB+Zc7br/a6G0tZy5IB+m4pWHRyr2vO7/OeHHmrxkFMZ7PApcX/whC773R6Y7ZSZizazGV9DyBoARft1gzzJXd/I5VePN1Tf5Hmz57qU7rytdfVoGpOMHxZLJEhelh2/MZphJOSBjij8iwbKIAWBoJMQFFbni/Il1EGKP/340fc6UGxDDWOK0R0Lho9cxSDiSZIEdPM7mZfPcH7SE+Oi7mxzUef8yGPhfggZUTm3e3dUBEng8ETuO24umvJbM8uYtrV0KlBsZ9Ib4PRaPBZfUtCC02g76PJIBCp5uTtOmeXCWwfRmNdoqTKaNfsZpDZGt2m663CMT3JFwG9oAIcU40WAh7vDUJgS+KtML4f1VdRQejO33itMr1fLgsH4jCXbiuQtkynNIOopB5SfAXl+OgaoaijmZ1mJhmGnQeRg8fex+pO78SAYC2ATQv+YjMzRwslOkeFOjSNAqkq30nZCvY4mEZic51ZyWLxoeH41lua12WNRji2e9Veo7RBlIfUF3kUWAGrE3uE9mXu/1Z7d8FfoIfPuPzb5yRmRdxpRZXP4f73fyXN0eSQuZdtYQNjivp1+3RFYhVR3XlhJttOLsd0VrbFkuqKJu2bgyMjJLeSptvjsTAOdfD1+XPXoMXEexrZB9P9P6SIRWxJmEBSD1AXArtU/+UmdJX1psFujHxAPWan241I655GkzFtavjdPuFmc8FOWYJad6gx+JqBDDcFF1orN8AEk+H5b63rK4PSrsKFj3dBwNy0EKddOTDmqxNr6gZtpLOlvMNW1d5So/lZfFCtGur07/yVTyryhE2ii5YknbrGMh0zkobUh5l+6p7KJetBDpsfr11FZL4CpdG+/fAziIKx+4tK3JY2cccG779q7nQ1MG9VlNMVCgkeHvhCBjgmX9Q/UjSG46Zz/QI+f3t7HUOrZ3amB4HBmt5gTHA68h/Y5JcrZ9JRAH+Cuf1k+UMnIkdC4+Ecw3QrCIIeYYiP0eIv5Be7PCpo1CPOuRiSvM9WVc12olEO0Sg4AjpOc01IEIJhGyxIm3++tE9JJRT/74iBcfqI+E5ueNz4ZnCtMLLfgSZHJGLc1CZzZHOtB12Gse1DEcjopo3bXaQHqqn6yIy1oqAO7hNa6goOoi34Rv99Pmbrs1vOv6PJE7TR0yrXS+IB9LciXL6nlVFuBlAg/4k+Aw7IPkdbXfn3W5GeaxmlRxy5jmpi7ZFFcAYcl60Ch5BvaCMQRRzjZgGnK77kQR1aCMQhRUcgeBAvDjz/uq3Mceer+tG5QqlyhjSjhRwNa7FyqS6ebsuOJ4dL3Wh9m+XVPFNmlsbdDduuWxtgNCHJenfbWM4R+FDrSicwWDiMESCVlUXAgQgHbRPB2afzQHWrwaZCNBwuyfVzcaPfWntLfRzz44doxR4rO1GHp1kf9EwbFvy6vPYwftexdmR7KYzB345b8bBPMKQo8dmMlIfZV9/8ZsbLOeZzoguogQtTFlfpg9AVFSMKowLXr7XitacWKREM+v10eelCNqQlyePbO/548isYWiuxvrFw8mxDd2MYsnetkbGs37PPDqm9pyIdSXWBll99kfbXU9HHaPW7CLIel+NFqVK+VLy2w5tWct63EYSPj0kiWPcQR2FwMqHR485ZwBX8qB/kd1kwpK5Ah9h4Xw+1KO59s3jaeJsYxwFbBH2mj7knBks1MQeoRPGNJWfQijat0OtaI016x/ntFRagWkCt6OaFQySTM1P/VUJZYtsbdcUwCtSZVxI9KzZG4JdipRBsUxBURs9rtDWzSEqQwuwzq9lukoqxuZXU3jBW+h5+tXMWh9g1fYUSLTvfVdKQomrT3Cvr2Uhi4vBcaX01oFfKQK7WmFXc1RajSl1p3BECPCxu1uQnPSrpAc2iMoi4piKJ0eS3lH1AY74NsJoHgRNznv0krWKxe93fxL9wGV90/jxMMEJl+Y8U2XF75fdxt2dDzATCjxJVGsVZg2FC0nxLTcNLJNyhjfZBQGxB/CaqxjAAso9So5AzlhVEyMNnO6d6frRYq7WURR+5pL0c6YcUQU28mQL2wxjdgw83OYpO+z9Ik8G7GWBgvek8j2JprAQ6xsYoxs71J7Mnn5PbX/8i68dlOQI7ucmoUh4t9z22GMZDXXXHhfpa4YWsNR7Ooz4EzfZRAp3jhSPsV4FsLoj8O9vAG5KOmMV0E+K0/5hQkvD9lozzs9ZkiPXwcsF6BOf2r5/DjCZRFQxoc0fLGKZ3kDtUa1euxUsTpqZ2MoZevPkXY09ff0bAXGEG8EWapTHLTkWTy+zx4SU41WFNjSvXuX6x2D8f/oGg/ER1WV80nbZ0PjyncyG7VqC8QNgTHdq4DzW38/19PRor8BU/PEZT8V6pvqK2mHQIFci75/c6yj5c/KDyJ6orftgccn//KtCDYDngZYdTSoiQI0rec6r9UltfX4","iv":"105fe368222748c1264b91bc33b007db","s":"7b9a4247f3ba1451"}

Answer 59 · 2023-06-25T15:40:02.000Z

To think I found the answer in a roblox repo https://github.com/search?q=repo%3Anoahcoolboy%2Ffuncaptcha+encrypt&type=code

Answer 60 · 2023-06-25T15:42:37.000Z

Here is the simplified NodeJS code to generate a BDA:

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
const crypto_1 = require("crypto");
const alphabet = "abcdefghijklmnopqrstuvwxyz";
let md5 = (0, crypto_1.createHash)("md5");
function encrypt(data, key) {
  let salt = "";
  let salted = "";
  let dx = Buffer.alloc(0);
  salt = Array(8)
      .fill(0)
      .map((v) => alphabet[Math.floor(Math.random() * alphabet.length)])
      .join(""); // 8 random letters
  data =
      data +
          Array(17 - (data.length % 16)).join(String.fromCharCode(16 - (data.length % 16))); // Padding (pkcs7?)
  for (let x = 0; x < 3; x++) {
      dx = md5
          .update(Buffer.concat([
          Buffer.from(dx),
          Buffer.from(key),
          Buffer.from(salt),
      ]))
          .digest();
      salted += dx.toString("hex");
      md5 = (0, crypto_1.createHash)("md5");
  }
  let aes = (0, crypto_1.createCipheriv)("aes-256-cbc", Buffer.from(salted, "hex").slice(0, 32), Buffer.from(salted, "hex").slice(32, 32 + 16));
  aes.setAutoPadding(false);
  return JSON.stringify({
      ct: aes.update(data, null, "base64") + aes.final("base64"),
      iv: salted.substring(64, 64 + 32),
      s: Buffer.from(salt).toString("hex"),
  });
}

console.log(encrypt(`[{"key":"api_type","value":"js"},{"key":"p","value":1},{"key":"f","value":"16676487049c5ca1f9ed95f157118e34"},{"key":"n","value":"MTY4NzcwNDY4OQ=="},{"key":"wh","value":"69789b20711be96e029340977e1223f4|72627afbfd19a741c7da1732218301ac"},{"key":"enhanced_fp","value":[{"key":"webgl_extensions","value":"ANGLE_instanced_arrays;EXT_blend_minmax;EXT_color_buffer_half_float;EXT_disjoint_timer_query;EXT_float_blend;EXT_frag_depth;EXT_texture_compression_bptc;EXT_texture_compression_rgtc;EXT_texture_filter_anisotropic;EXT_sRGB;KHR_parallel_shader_compile;OES_element_index_uint;OES_fbo_render_mipmap;OES_standard_derivatives;OES_texture_float;OES_texture_float_linear;OES_texture_half_float;OES_texture_half_float_linear;OES_vertex_array_object;WEBGL_color_buffer_float;WEBGL_compressed_texture_astc;WEBGL_compressed_texture_etc;WEBGL_compressed_texture_etc1;WEBGL_compressed_texture_s3tc;WEBGL_compressed_texture_s3tc_srgb;WEBGL_debug_renderer_info;WEBGL_debug_shaders;WEBGL_depth_texture;WEBGL_draw_buffers;WEBGL_lose_context;WEBGL_multi_draw"},{"key":"webgl_extensions_hash","value":"e9b895637474b1973cef1f7f4328d572"},{"key":"webgl_renderer","value":"WebKit WebGL"},{"key":"webgl_vendor","value":"WebKit"},{"key":"webgl_version","value":"WebGL 1.0 (OpenGL ES 2.0 Chromium)"},{"key":"webgl_shading_language_version","value":"WebGL GLSL ES 1.0 (OpenGL ES GLSL ES 1.0 Chromium)"},{"key":"webgl_aliased_line_width_range","value":"[1, 7.375]"},{"key":"webgl_aliased_point_size_range","value":"[1, 255]"},{"key":"webgl_antialiasing","value":"yes"},{"key":"webgl_bits","value":"8,8,24,8,8,0"},{"key":"webgl_max_params","value":"16,64,16384,1024,16384,32,16384,32,16,32,1024"},{"key":"webgl_max_viewport_dims","value":"[16384, 16384]"},{"key":"webgl_unmasked_vendor","value":"Google Inc. (Intel)"},{"key":"webgl_unmasked_renderer","value":"ANGLE (Intel, Mesa Intel(R) Xe Graphics (TGL GT2), OpenGL ES 3.2)"},{"key":"webgl_vsf_params","value":"23,127,127,23,127,127,23,127,127"},{"key":"webgl_vsi_params","value":"0,31,30,0,31,30,0,31,30"},{"key":"webgl_fsf_params","value":"23,127,127,23,127,127,23,127,127"},{"key":"webgl_fsi_params","value":"0,31,30,0,31,30,0,31,30"},{"key":"webgl_hash_webgl","value":"ab8bb1a3f75e1f1792e3faa7f00b722f"},{"key":"user_agent_data_brands","value":"Not.A/Brand,Chromium,Brave"},{"key":"user_agent_data_mobile","value":false},{"key":"navigator_connection_downlink","value":null},{"key":"navigator_connection_downlink_max","value":null},{"key":"network_info_rtt","value":null},{"key":"network_info_save_data","value":null},{"key":"network_info_rtt_type","value":null},{"key":"screen_pixel_depth","value":24},{"key":"navigator_device_memory","value":1},{"key":"navigator_languages","value":"en-US"},{"key":"window_inner_width","value":0},{"key":"window_inner_height","value":0},{"key":"window_outer_width","value":1128},{"key":"window_outer_height","value":724},{"key":"browser_detection_firefox","value":false},{"key":"browser_detection_brave","value":true},{"key":"audio_codecs","value":"{\"ogg\":\"probably\",\"mp3\":\"probably\",\"wav\":\"probably\",\"m4a\":\"maybe\",\"aac\":\"probably\"}"},{"key":"video_codecs","value":"{\"ogg\":\"probably\",\"h264\":\"probably\",\"webm\":\"probably\",\"mpeg4v\":\"\",\"mpeg4a\":\"\",\"theora\":\"\"}"},{"key":"media_query_dark_mode","value":true},{"key":"headless_browser_phantom","value":false},{"key":"headless_browser_selenium","value":false},{"key":"headless_browser_nightmare_js","value":false},{"key":"document__referrer","value":""},{"key":"window__ancestor_origins","value":["https://chat.openai.com"]},{"key":"window__tree_index","value":[0]},{"key":"window__tree_structure","value":"[[]]"},{"key":"window__location_href","value":"https://tcr9i.chat.openai.com/v2/1.5.2/enforcement.64b3a4e29686f93d52816249ecbf9857.html#35536E1E-65B4-4D96-9D97-6ADB7EFF8147"},{"key":"client_config__sitedata_location_href","value":"https://chat.openai.com/"},{"key":"client_config__surl","value":"https://tcr9i.chat.openai.com"},{"key":"mobile_sdk__is_sdk"},{"key":"client_config__language","value":null},{"key":"navigator_battery_charging","value":true},{"key":"audio_fingerprint","value":"36.3949139806391"}]},{"key":"fe","value":["DNT:unknown","L:en-US","D:24","PR:1","S:2256,1504","AS:2256,1504","TO:-480","SS:true","LS:true","IDB:true","B:false","ODB:true","CPUC:unknown","PK:Linux x86_64","CFP:-1990083474","FR:false","FOS:false","FB:false","JSF:Andale Mono,Arial,Arial Black,Calibri,Cambria,Comic Sans MS,Courier,Courier New,Georgia,Helvetica,Impact,MS Gothic,MS PGothic,Times,Times New Roman,Trebuchet MS,Verdana","P:Brave PDF Viewer,JavaScript document plug-in,euAn6d1,g3EpUSRI","T:0,false,false","H:3","SWF:false"]},{"key":"ife_hash","value":"4932422eb567a9fa3082f32e495e8f80"},{"key":"cs","value":1},{"key":"jsbd","value":"{\"HL\":7,\"NCE\":true,\"DT\":\"\",\"NWD\":\"false\",\"DOTO\":1,\"DMTO\":1}"}]`,'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36' + <time>))

Answer 61 · 2023-06-25T16:09:07.000Z

Even simpler:

const fun = require("funcaptcha");
async function main() {
  const token = await fun.getToken({
    pkey: "35536E1E-65B4-4D96-9D97-6ADB7EFF8147", // The public key
    surl: "https://tcr9i.chat.openai.com ", // OPTIONAL: Some websites can have a custom service URL
    headers: {
      // OPTIONAL
      // You can pass custom headers if you have to, but keep
      // in mind to pass a user agent when doing that
      "User-Agent":
        "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36",
    },
    site: "https://chat.openai.com", // OPTIONAL: The site parameter, usually not required
  });
  console.log(token);
}
main();

Answer 62 · 2023-06-25T16:13:32.000Z

I'll be writing up an open source endpoint for fetching the BDA and stuff soon

Answer 63 · 2023-06-25T18:22:45.000Z

https://github.com/acheong08/arkose-generator

Answer 64 · 2023-06-26T06:13:26.000Z

I'll be writing up an open source endpoint for fetching the BDA and stuff soon

I've written a golang implementa tion of js funcaptcha. It work for me.

Answer 65 · 2023-06-26T10:00:53.000Z

I'm not sure but I think it seems to break down again now.

With the same exception of
"OpenAI: {"detail":"Our systems have detected unusual activity from your system. Please try again later."} (code: 403)"

@acheong08 Could you check this when you are free? Thanks a lot.

Answer 66 · 2023-06-26T10:01:42.000Z

Now it's 403 again. Could you please take a look.Thanks a lot.
@acheong08

Answer 67 · 2023-06-26T10:40:01.000Z

looks like browser automation is the only sane way

Answer 68 · 2023-06-26T11:05:36.000Z

It works again! Thank you.

Answer 69 · 2023-06-26T13:14:40.000Z

It works again! Thank you.

breaks down again @acheong08

Answer 70 · 2023-06-26T13:18:31.000Z

yes, everytime I try to use this repo, this error occurs again xD

Answer 71 · 2023-06-26T13:57:41.000Z

It's working for now. I'm working on another implementation as well. Using endpoint provided by @linweiyuan via browser automation

Answer 72 · 2023-06-26T14:36:26.000Z

Thanks to @flyingpot and @linweiyuan, I've got a local version working again.

Method:
Browser debug: https://linweiyuan.github.io/2023/06/24/%E5%A6%82%E4%BD%95%E7%94%9F%E6%88%90-GPT-4-arkose-token.html

Go implementation of ALFCCJS.encrypt by @flyingpot

Answer 73 · 2023-06-26T14:39:37.000Z

The TL;DR of why the original funcaptcha implementation doesn't work anymore is due to added fingerprints and capi parameters in the form

Answer 74 · 2023-06-26T14:42:07.000Z

Edit: It seems it works locally but not on my server? Perhaps server blacklisted?

Answer 75 · 2023-06-26T14:44:25.000Z

I'll try hosting a separate endpoint to fetch the token and see if anything changes

Answer 76 · 2023-06-26T14:48:47.000Z

Edit 2: Might have just been a typo

Answer 77 · 2023-06-26T14:51:44.000Z

Edit: Forgot a timestamp

Answer 78 · 2023-06-26T15:02:30.000Z

ChatGPT-Proxy-V4 works fine

Answer 79 · 2023-06-26T15:03:46.000Z

This should keep working:
https://github.com/acheong08/ChatGPT-Proxy-V4/releases/tag/1.6.2

I missed a timestamp on the previous version

Edit: https://github.com/acheong08/ChatGPT-Proxy-V4/releases/tag/1.6.3 (Missed actually updating the timestamp)

Answer 80 · 2023-06-26T15:12:06.000Z

There are now two mysteries to me left:

{
    "key": "wh",
    "value": "8bd9d6f9d9631d44e00e0d08202329b4|5ab5738955e0611421b686bc95655ad0"
  }

and

{ "key": "f", "value": "68bcbb9730494c5eef591ebf0b2ff666" }

in bx

@linweiyuan any hints?

(These two variables don't seem to have an effect though. They're MD5 hashes of something)

Answer 81 · 2023-06-26T15:22:00.000Z

Need to check.

Answer 82 · 2023-06-27T01:20:14.000Z

Per my tests, from yesterday night till now (UTC+08:00), if I pass null or just "abc" for arkose_token, still work, with different account, different IPs.

Answer 83 · 2023-06-27T03:27:06.000Z

Did they relax security again?

Answer 84 · 2023-06-27T03:28:32.000Z

Confirmed: Passing anything as arkose token works.

Bruh they keep trolling us

Answer 85 · 2023-06-27T06:03:03.000Z

Is OpenAI debugging or phishing? They have bad records on banning accounts.

Answer 86 · 2023-06-27T08:33:45.000Z

As @linweiyuan pointed out, there is a possibility that this is a honeypot (they keep track of invalid access but do nothing for now, then ban later on)

Answer 87 · 2023-06-27T08:34:34.000Z

Just in case, I have opted to continue passing along a valid arkose_token

Answer 88 · 2023-06-27T08:35:29.000Z

Another possibility is that they are updating the captcha since we've already figured it out

Answer 89 · 2023-06-28T03:31:16.000Z

Maybe failed again? (same 403 Error)
@acheong08
Could you please check when you are free? Thanks a lot.

Answer 90 · 2023-06-28T06:03:10.000Z

yes this is happening again... cat & mouse game with openai

Answer 91 · 2023-06-28T06:05:51.000Z

Seems like I fixed it but forgot to bump dependency version

Answer 92 · 2023-06-28T06:59:18.000Z

Seems like I fixed it but forgot to bump dependency version

Works now, thanks a lot!

Answer 93 · 2023-06-28T09:20:01.000Z

Not working again! 😵‍💫

Answer 94 · 2023-06-28T09:50:48.000Z

There are now two mysteries to me left:
{
    "key": "wh",
    "value": "8bd9d6f9d9631d44e00e0d08202329b4|5ab5738955e0611421b686bc95655ad0"
  }
and
{ "key": "f", "value": "68bcbb9730494c5eef591ebf0b2ff666" }
in bx

@linweiyuan any hints?

(These two variables don't seem to have an effect though. They're MD5 hashes of something)

This can be retrieved by the following funcapture's js function (new ArkoseEnforcement()).fc_fp.getFP
We can get them by running the following codes in the browser's console.

Not sure if it is possible to run this function in a headless browser and get those values from there. 😵‍💫

Answer 95 · 2023-06-28T09:54:56.000Z

The f: https://github.com/flyingpot/funcaptcha/blob/main/fingerprint.go#L347-L364

The wh: getWindowHash()|getWindowProtoChainHash() (have not find out them yet)

Answer 96 · 2023-06-28T10:33:01.000Z

What does it say in english?

“Please answer this question to prove that you are a real person.”

They want to fuck us up, its a limit of 25 messages per 3 hours, why they now start this shit ...

Answer 97 · 2023-06-28T11:48:18.000Z

I have tried using a proxy IP pool, but after each IP obtains a certain quantity of arkose_token(which is actually not a large amount), manual completion of the captcha is always required.

Previously, an arkose_token could be used repeatedly for a certain period of time or number of times. However, now it can only be used once.

Therefore, for a large number of requests, the problem can only be solved if the IP pool is extremely large. Additionally, the traffic consumed per request due to the bda issue will also be very costly.

So I guess its over now ... well it was a hell of a ride with you guys, and you did a great job