/TikTok-Brute

TikTok Login Tool | PoC

Primary LanguagePythonMIT LicenseMIT

TikTok Brute Force Tool

This is a Proof of Concept (PoC) Python script that logs accounts combinations using TikTok's mobile API. The code is no longer functional as of 2023, but it offers insights into TikTok's API architecture and algorithms.

You may find that this code is the basis of 99% of TikTok bruteforce tools sold as it was leaked when functionning.

Analysis

Device registration

When interfacing with TikTok's API, you might notice a query string containing two pairs of big numbers, denoted by iid and did. These are abbreviations for Install-Device-Id and Device-Id, respectively.

?iid=xxx&did=xxx

These device ids are generated by sending an HTTP POST request to /service/2/device_register along with encrypted device data. Here is the algorithm to encrypt the device data.

The server responds with a JSON object that contains device ids:

{
    "device_id": 7280600177604888325,
    "install_id": 7280600177604888325,
    "device_id_str": "7280600177604888325",
    "install_id_str": "7280600177604888325",
    "new_user": true
}

To establish more trust, send another HTTP POST request to https://xlog-va.byteoversea.com/v2/s? with additional device data.

Device registration workflow

The following diagram provides an overview of the device registration flow:

flowchart TD
    A(device_register: POST applog.musical.ly/service/2/device_register) --> B(GET xlog-va.byteoversear.com/v2/s)
    B --> C("POST xlog-va.byteoversear.com/v2/r")
    C -->|install| D[install]
    C -->|cold_start_1| E[cold_start_1]
    C -->|cold_start_2| F[cold_start_2]
    F --> G(GET applog.musical.ly/service/2/app_alert_check)
Loading

login flow

graph TB
    Main --> LoadConfig
    Main --> LoadProxies
    Main --> LoadCombos
    Main --> ThreadsHandler
    ListCombos -- For each combo --> ThreadsHandler
    ThreadsHandler --> LoginRequest
    ThreadsHandler -- Threads < Config Threads --> BruteAccount
    BruteAccount --If Thread Count is less than Config Threads --> LoginRequest
    LoginRequest --> SolveCaptcha
    SolveCaptcha -- If Captcha solved--> BaseParams
    SolveCaptcha -- If Captcha failed --> RetryCaptcha
    BaseParams --> BasePayload
    BasePayload --> BaseHeaders
    BaseHeaders --> SendLoginRequest
    SendLoginRequest -- If Login Success --> SaveHit
    SendLoginRequest -- If Login Error --> RetryLogin
    SaveHit --If log enabled --> WriteToFile
    SaveHit --If webhook enabled --> PostToWebhook
pgm --> ThreadsHandler
Loading

All code except ttencrypt.py, xlog.py and gorgon.py was written by me, @xtekky