| 28 Aug 2024 |
 tulir | the web client refuses to break even after I removed recaptcha-related local storage and blocked all recaptcha urls, so maybe generating the blob doesn't require recaptcha | 15:57:53 |
 adambloom | In reply to @bigmalletman:beeper.com
you might consider deleting this picture if that's the number ultimately picked. new number but ty | 15:58:24 |
| tulir | looks like google is fairly strict about sending sms on non-business voice accounts, it already got slightly angry when I added a bunch of debugger breakpoints (or possibly sending too many test messages, not completely sure which) | 18:15:00 |
 ampersandru | 👎️ | 18:18:19 |
| ampersandru | business account = google workplace? | 18:18:45 |
| tulir | yeah | 18:18:53 |
 roc | My GV account is on Workspace. But it’s on a grandfathered free personal tier. Will be interesting to see how it behaves. | 18:36:26 |
| ampersandru | Does the bridge allow multiple GV logins? I'll try with my workplace account also | 18:43:21 |
| tulir | yes | 18:43:29 |
| ampersandru | ah damn, i have the grandfathered personal workplace account, cant add GV to it unless i upgrade | 18:45:34 |
| adambloom | In reply to @tulir:maunium.net
looks like google is fairly strict about sending sms on non-business voice accounts, it already got slightly angry when I added a bunch of debugger breakpoints (or possibly sending too many test messages, not completely sure which) interesting i'm surprised it's that different. There are definitely strict sending limits though (stricter on personal accounts) | 20:16:18 |
| adambloom | 
Download What's this param 10 for? | 20:18:39 |
| tulir | that's the aforementioned blob | 20:21:13 |
| tulir | the bridge just sends ! there which works on business accounts, but not personal ones
| 20:21:45 |
| adambloom | This obfuscated javascript is impossible 🤷♂️ | 20:39:16 |
| tulir | In reply to @adambloom:beeper.com
This obfuscated javascript is impossible 🤷♂️ the part that actually generates the blob is even worse than the rest | 20:41:14 |
| tulir | https://www.google.com/js/bg/RlFX-4NwKm1Os67zlSzR0i3vyvyfLiVfrrl7q6krc_4.js | 20:42:39 |
| tulir | or https://www.google.com/js/bg/sr2BvsM2R_OZKHX83mSXJ8YBPDmTxOV2dVCuSpL6Gdo.js | 20:43:29 |
| adambloom | I wonder if this would be a good starting point - https://github.com/LuanRT/BgUtils | 20:52:36 |
| tulir | oh is it the Waa stuff 🤔 | 20:53:54 |
| tulir | the web app doesn't make a Waa request for each send, but maybe it's something where it registers once and can generate keys with that later | 20:55:32 |
| tulir | seems like it is, if I block waa-pa.clients6.google.com, reload the page and try to send, it refuses entirely | 20:56:41 |
| adambloom | Yeah I’m not sure I just see “botguard” in that js you linked | 20:56:49 |
| tulir | I saw some references to integrity checks in the js, but BgUtils seems to require a DOM implementation so maybe it implements the same integrity checks | 20:57:46 |
| tulir | I already found using a debugger that the main gvoice app hashes destinations, message_ids and thread_id and passes them to the botguard js file | 21:00:00 |
| tulir | In reply to @tulir:maunium.net
I already found using a debugger that the main gvoice app hashes destinations, message_ids and thread_id and passes them to the botguard js file ah they're just plain sha256 hashes | 21:42:04 |
 GitHub | [mautrix/gvoice] illgitthat starred the repo | 21:53:57 |
| tulir | I think I got it working, but only in a browser, not in jsdom | 22:50:26 |
| tulir | self-hosted bridges will probably need an electron sidecar or something to generate those | 22:59:41 |
| tulir | it'll have very high ram usage (relative to the bridge itself), but otherwise should hopefully just work | 23:00:07 |
