https://github.com/xtekky/facebook-dyn
Facebook's __dyn reversed.
https://github.com/xtekky/facebook-dyn
Last synced: 7 months ago
JSON representation
Facebook's __dyn reversed.
- Host: GitHub
- URL: https://github.com/xtekky/facebook-dyn
- Owner: xtekky
- Created: 2024-04-22T22:44:47.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-04-22T23:51:26.000Z (over 1 year ago)
- Last Synced: 2025-01-23T06:14:49.782Z (8 months ago)
- Language: HTML
- Size: 128 KB
- Stars: 13
- Watchers: 1
- Forks: 2
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
FaceBook's __dyn encrypts a list of javascript module numbers available in the page html, there is also the __rsc parameter which works with the same logic.
The module numbers used in the BitMap and CSRBitMap encryption come from the require/define module system used by Facebook's JavaScript codebase.
Some key points:
1. Each JavaScript module is assigned a unique module ID number when it is defined using the define() function. This module ID acts as a reference to that specific module.
2. The BitMap class is used to efficiently store and represent a set of module IDs. It uses a binary string where each bit represents whether a particular module ID is present (1) or not (0).
3. The toCompressedString() method of BitMap converts this binary representation into a compact string using a base-64 like encoding scheme (using the characters in the variable g). This allows the set of module IDs to be transmitted efficiently.
4. The CSRBitMap likely stands for "Client-Server Reconciliation BitMap". It seems to be used to keep track of which modules are present on the client vs server.
5. When a script is loaded, the BitMap of its required module IDs is compared against the CSRBitMap to determine which additional modules need to be fetched from the server.
!! `dyn.fixed.py` works now (only tested for `__dyn`)
I am working on reversing __rsc as it changed and I cannot reproduce the result when fetching modules from html.
Dyn is located in [G3Nm7rYDpD0.js](https://static.xx.fbcdn.net/rsrc.php/v3/yb/r/G3Nm7rYDpD0.js%3F_nc_x=Ij3Wp8lg5Kz) on [meta.ai](meta.ai)
It is called by `CSRBitmap`, referring to `__csr` but encrypts `__dyn` aswell
here `"BootloaderEndpointConfig"` number 5094 is added/set.
callstack:
Module numbers are set:
then their value is equated to 1 in a list where the module number is the index. This list is then transformed to binary and encrypted/hashed.
On other sites look for `toCompressedString`.
A simple `console.log` statement here can console log the arrays used to encrypt.
Better scripts and documentation to come soon, a function to extract module numbers is available in `dyn.py`
the algorithm in .py is not working right, refer to `dyn.js`.
dyn.py (for __dyn)
```
7xeUmwlEnwn8K2Wmh0cm5U4e0yoW3q32360CEbo19oe8hw2nVE4W0om0MU2awpUO0n24o5-0Bo7O2l0Fwqo31w9O0H8-U2zxe2Gew9O22362W2K0zK1swa-7U1bobodEGdw46wbS1LwTwNw4mwr86Dwlo18ouwKxvzUgw000C7yu
```
from meta.ai
```
7xeUmwlEnwn8K2Wmh0cm5U4e0yoW3q32360CEbo19oe8hw2nVE4W0om0MU2awpUO0n24o5-0Bo7O2l0Fwqo31w9O0H8-U2zxe2Gew9O22362W2K0zK1swa-7U88138bodEGdw46wbS1LwTwNw4mwr86Dwlo18ouwKxvzUgw
```
`000C7yu` is added in py, probably because of some inaccuracy.
dyn.py (with module extraction) for `__rsc`
```
gTdLExd2pbGiK00qz0gbwBga8gw46wEzi1i0oO3RwzgrFet2F6aw6boS1jwr41Iw2vQ0a2wnm1fix6ce1zg0009wuU2
```
dyn.js
```
gTdLExd2pbGiK00qz0gbwBga8gw46wEzi1i0oO3RwzgrFet2F6aw6boS1jwr41Iw2vQ0a2wnm1fix6ce1zg
```
the ending bytes differ somehow, I am not sure why that Is so.
__dyn module list
```
[
7,
27,
31,
54,
141,
165,
258,
270,
317,
323,
328,
329,
527,
551,
619,
757,
772,
827,
876,
926,
1081,
1127,
1421,
1478,
1496,
2104,
2111,
2190,
2580,
2776,
2915,
3019,
3032,
3401,
3419,
3515,
3665,
3790,
3828,
3829,
3871,
3977,
4171,
4328,
4501,
4517,
4521,
4685,
4705,
4748,
4763,
4920,
4953,
5003,
5050,
5094,
5237,
5239,
5332,
5508,
5540,
5573,
5842,
5888,
5943,
5954,
5968,
6231,
6421,
6533,
6589,
6639,
6918,
7027,
7133,
7135,
7221,
7511,
7542,
7589,
7613,
7615,
7631,
7648
]
```
(search for these in html to understand where these numbers are comming from)
module list for __rsc
```
[
1,
2,
3,
4,
5,
6,
7,
8,
9,
10,
11,
12,
13,
14,
15,
16,
17,
18,
19,
20,
21,
22,
23,
24,
25,
26,
27,
28,
29,
30,
31,
32,
33,
34,
35,
37,
39,
42,
46,
47,
54,
55,
56,
62,
67,
76,
82,
88,
93,
100,
27468,
27472,
27473,
27474,
27475,
27476,
27478,
27479,
27480,
27481,
27482,
27483,
27484,
27560,
27589,
27590,
27594,
27595,
27596,
27597,
27598,
27599,
27600,
27601,
27602,
27603,
27604,
27605,
27606,
27607,
27609,
27611,
27612,
27613,
27614,
27615,
27616,
27617,
27618,
27619,
27620,
27621,
27622,
27623,
27624,
27625,
27628,
27707,
27708,
27790,
27811,
27812,
27813,
27818,
27819,
27821,
27822,
27823,
27970,
27972,
27973,
27974,
27975,
27976,
27980,
27981,
28032,
28192,
28193,
28202,
28285,
28286,
28287,
28288,
28289,
28290,
28291,
28294,
28312,
28313,
28319,
28325,
28326,
28334,
28336,
28337,
28338,
28355,
28375,
28391,
28392,
28394,
28396,
28397,
28398,
28399,
28400,
28401,
28403,
28404,
28405,
28406,
28407,
28408,
28409,
28410,
28411,
28412,
28413,
28414,
28415,
28416,
28417,
28418,
28419,
28420,
28421,
28423,
28425,
28433,
28463,
28599,
28603,
28615,
28908,
28910,
28911,
28912,
28921,
28922,
28923,
28924,
28925,
28926,
28929,
28937,
28938,
28949,
28955,
28956,
30577,
30578,
30579,
30655,
30657,
30658,
30665,
30673,
30695
]
```