Skip to content

DXVVAY/hcaptcha-reverse

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

THIS REPO WONT BE UPDATED AGAIN

So if you want a updated version or a auto updater you can buy it by contacting me on Telegram or add @dexv on Discord.


Logo

hCaptcha N data reversed

Discord . Telegram

fCaptcha - hCaptcha Enterprise Solver

If you want a good and fast solver join our discord and purchase credits

The solver uses multiple uhq real device fingerprints for a good result

String integrity check

This script is used to "encode" somes event data:

- webgl vendor + renderer
- browser performance
- browser timezone

I think it's used to verify the data is authentic / non duplicated (output is different each time you run the function)

Stamp

This script is used to generate the stamp value in the fingerprint.

Event hashes

This script is used with custom seed (5575352424011909552) to create unique hash of 15 unique properties such as:

- Html DOM
- Webgl properties
- Css properties
- Javascript window functions
- ...

Rand

Rand is a CRC-32 checksum hash of the N payload in json format, it's used to check the payload integrity if you edited it from memory etc... Format: [math.random, crc-32 * 2.3283064365386963e-10] (table: 79764919)

Encryption

Final payload is encrypted using AES-256-GCM (256 bits key) But we are hooking the encryption function in the WASM to inject a custom payload to encrypt

Fingerprint events

fingerprint_events is parsed output of fingerprinting script, somes data are hashed. Final output is used into n data. Hash algorithm is xxHash3.

Fingerprint

This is a hsw fingerprint decrypted

All the events are listed here before and after they are hashed

Sandbox

Sandbox is fast way to encrypt own HSW string without retrieving stuff as encryption key. You can buy a updated version of the hsw sandbox by contacting me on Telegram or add @dexv on Discord.

how does sandboxing work?

the sandbox executes a custom hsw containing a modified WASM which adds the payload to be encrypted to the end of memory and returns the pointer to encrypt our payload and not the one generated by hcaptcha.

Wasm hook

;; importing the dump and encrypt functions
(import "a" "sandbox" (func $sandbox (type $t4)))
(import "a" "dump" (func $dump (param i32)))

;; calling the dump and sandbox
local.get $l11
call $dump
local.get $l11
call $sandbox
local.set $p1

Hsw hook

sandbox: function (ptr) {
    const mem = new Uint8Array(MEMORYBUFFER);
    let len = enc_data.length;
    for (let offset = 0; offset < len; offset++) {
        const code = enc_data.charCodeAt(offset);
        if (code > 0x7f) {
            break;
        }
        mem[ptr + offset] = code;
    }

    return len;
},
dump: function (addr) {
    let buffer = new Uint8Array(MEMORYBUFFER , addr, MEMORYBUFFER .byteLength - addr);
    let term = buffer.indexOf(0);
    let decoded = new TextDecoder().decode(buffer.subarray(0, term));
    dumped_hsw = decoded;
    return decoded;
},

function fill_zero(length) {
    let result = "";
    for (let i = 0; i < length; i++) {
      result += "\u0000";
    }
    return result;
}

async function encrypt(req, data) {
  return await hsw(req, {"href": fill_zero(data.length) }, data);
}

async function dump(req) {
    await hsw(req, {"href": fill_zero(0) }, "");
    return dumped_hsw;
}

Credits

  • DEXV - Shit head (retarded) - DEXV - Main Author
  • KEK - Sexy Guy - kek - Reversed the events
  • Ab5 - Arab Bomber - AB5 - Taught me most of the stuff i know
  • Dort - Cool Guy - Dort - Helped with some stuff
  • Vichy - French - Vichy - Readme Template

About

hCaptcha hsw reverse engineered

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published