{"id":16762420,"url":"https://github.com/tlack/snaphax","last_synced_at":"2025-04-09T09:09:29.315Z","repository":{"id":6157105,"uuid":"7386592","full_name":"tlack/snaphax","owner":"tlack","description":"A PHP library to use the Snapchat API","archived":false,"fork":false,"pushed_at":"2013-11-10T20:35:23.000Z","size":181,"stargazers_count":259,"open_issues_count":15,"forks_count":198,"subscribers_count":27,"default_branch":"master","last_synced_at":"2025-04-02T07:11:12.959Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tlack.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2012-12-31T11:51:04.000Z","updated_at":"2025-02-04T17:35:26.000Z","dependencies_parsed_at":"2022-09-08T23:41:36.893Z","dependency_job_id":null,"html_url":"https://github.com/tlack/snaphax","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlack%2Fsnaphax","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlack%2Fsnaphax/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlack%2Fsnaphax/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlack%2Fsnaphax/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tlack","download_url":"https://codeload.github.com/tlack/snaphax/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248008630,"owners_count":21032556,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-13T04:44:42.750Z","updated_at":"2025-04-09T09:09:29.295Z","avatar_url":"https://github.com/tlack.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"Snaphax: a PHP library to use the Snapchat API\n==============================================\n\nThis library allows you to communicate with Snapchat's servers using their\nundocumented HTTP API. It was reverse engineered from the official Android\nclient (version 1.6)\n\nWarning\n-------\n\nI made Snaphax by reverse engineering the app. It may be extremely buggy or\npiss off the Snapchat people. Use at your own risk.\n\nHow to use\n----------\n\nPretty simple:\n\n```\n\trequire_once('snaphax/snaphax.php');\n\n\t$opts = array();\n\t$opts['username'] = 'username';\n\t$opts['password'] = 'password';\n\t$opts['debug'] = 1; \n\n\t$s = new Snaphax($opts);\n\t$result = $s-\u003elogin();\n\tvar_dump($result);\n```\n\nLimitations\n-----------\n\nOnly login (with list of new media) and fetching of image/video snaps is\nimplemented.  This is obviously a huge failing which I am to correct when I\nhave more time.\n\nMotivation and development process\n----------------------------------\n\nI'm a huge fan of Snapchat, a photo/video sharing app that allows you to set\nexpiration times on the media you send to your friends. They can't open it\nafter they've seen it for up to 10 seconds, and if they take a screenshot, the\nother party is notified.\n\nI'm stunned and delighted by the fact that a simple\nfeature like auto-expiration of images can create such a compelling and\nchallenging service. And it's not just me: everyone I've told about Snapchat\nwho has used it has loved it, and as of last November more than one billion\nsnaps had been exchanged using the service.\n\nBut I hate closed products, so I set about figuring out how it worked. [Adam\nCaudill](http://adamcaudill.com/2012/06/16/snapchat-api-and-security/) wrote an\nexcellent analysis of their HTTP-based API by using an HTTPS traffic sniffer.\nUnfortunately this information now seems out of date. \n\nI ended up having to fetch the official Android client's app binary (APK),\ndecompiling the whole thing with a mix of tools (all of them seemed to produce\nsubtly incorrect output), tracing the control flow a bit, and then puzzling\nthrough the process of creating their dreaded access tokens (called req\\_token\nin the HTTP calls).\n\nThis involved me paging through Fiddler, trying to generate SHA-256 hashes\nseemingly at random, tearing my heart out, and weeping openly.\n\nTheir system is a bit unusual: it AES-256 hashes two input values separately,\nusing a secret key contained in the binary, and then uses a fixed pattern\nstring to pull bytes from one or the other. The final composition of the two is\nused in HTTP requests. Why not just append the values pre-hash? The security\nprofile would be similar.\n\nOther things about the API that I've discovered so far:\n\n- Speaks JSON over HTTPS, using POST as the verb\n- Not made for human consumption; difficult error messaging\n- Doesn't seem to support JSONP (i.e., callback parameter in post data is\n\tignored)\n- Blob (image/video) downloads are encrypted using AES. This code successfully\n\tdecodes them before they are returned by the library. \n\nThe apocalyptic future\n----------------------\n\nThe TODO list is almost endless at this point:\n\n- API likely to change\n- DOCS!!!\n- Figure out the /device call - what's this do? also device_id in /login resp\n- Syncing (to mark snaps as seen)\n- Image/video uploading\n- Friend list maintenance\n- Port to Javascript (probably via Node + NPM since their API doesn't seem to\n\tsupport JSONP)\n- Add support for PHP composer\n- Test framework\n\nLicense\n-------\n\nMIT\n\nCredits\n-------\n\nMade by Thomas Lackner \u003c[@tlack](http://twitter.com/tlack)\u003e with a lot of help\nfrom [@adamcaudill](http://twitter.com/adamcaudill).  And of course none of\nthis would be possible without the inventiveness of the\n[Snapchat](http://snapchat.com) team\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftlack%2Fsnaphax","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftlack%2Fsnaphax","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftlack%2Fsnaphax/lists"}