Link | Require auth token to download animated sticker? |
---|---|
https://emoticon.kakao.com/items/xxxxx |
Not required (Recommended method) |
https://e.kakao.com/t/xxxxx |
Required |
kakaotalk://store/emoticon/4404400 |
Not required (But no easy way to get it) |
4404400 |
Not required (But no easy way to get it) |
- To download animated stickers, you have two options:
- Method 1: (RECOMMENDED) Get the share link of the emoticon pack from Kakao app on phone, which does not need auth_token (
https://emoticon.kakao.com/items/xxxxx
) - Method 2-4: Use
https://e.kakao.com/t/xxxxx
which needs auth_token (Authorization header during request). Note that this method may not work in some cases with unclear reasons, so use method 1.
- Method 1: (RECOMMENDED) Get the share link of the emoticon pack from Kakao app on phone, which does not need auth_token (
sticker-convert
will get auth_token from KakaoTalk Desktop application.- Note that this only work on Windows.
GUI:
- Download and Login to KakaoTalk Desktop
- Press on
Generate
button in sticker-convert GUI - (Optional) if you installed KakaoTalk Desktop in non-default location, you may specify
Kakao app path
- Press on
Get auth_token
and wait
CLI:
- Download and Login to KakaoTalk Desktop
- Add
--kakao-get-auth-desktop
as arguments - (Optional) Add
--kakao-bin-path <KAKAO_APP_PATH>
if you installed KakaoTalk Desktop in non-default location - Execute command
sticker-convert
will simulate login to Android Kakao app to get auth_token- You will send / receive verification code via SMS
- You will most likely receive verification code
- You have to send verification SMS if you requested to receive verification code too many times
- You maybe logged out of existing device
- The auth_token will expire after a period of time (About a week?), which you have to regenerate it.
- Explanation of login information
- Username: Email or Phone number used for signing up Kakao account. (e.g.
+447700900142
) - Password: Password of Kakao account
- Country code: Example would be 82 (For korea), 44 (For UK), 1 (For USA)
- Phone number: Phone number associated with your Kakao account. Used for send / receive verification code via SMS
- Username: Email or Phone number used for signing up Kakao account. (e.g.
GUI:
- Create KakaoTalk account on Phone
- Press on
Generate
button in sticker-convert GUI - Enter account detail in the window
- Press on
Login and get auth_token
and follow instructions
CLI:
- Create KakaoTalk account on Phone
- Add
--kakao-get-auth --kakao-username <YOUR_USERNAME> --kakao-password <YOUR_PASSWORD> --kakao-country-code <YOUR_COUNTRY_CODE> --kakao-phone-number <YOUR_PHONE_NUMBER>
as arguments- Note: If you had saved username, password, country_code and phone_number before, you may choose not to add them as arguments
- You may also add
--save-cred
to save the auth_token and login information for later use
- Execute command and follow instructions
You can manually get auth_token from rooted Android device (You are recommended to do it on emulated Android device)
- Create KakaoTalk account on Phone
- Install Android Studio and create an emulated device, then install KakaoTalk on the device
- Install BurpSuite
- Follow this guide to hook up Android emulated device with BurpSuite: https://blog.yarsalabs.com/setting-up-burp-for-android-application-testing/
- Follow this guide to bypass SSL pinning: https://redfoxsec.com/blog/ssl-pinning-bypass-android-frida/
- For
cer.cer
mentioned in this guide, use theburp-ca.crt
you created in step 4) - Run
adb shell
,su
and/data/local/tmp/frida-server
to startfrida-server
on Android Emulator - Run
frida -U -f com.kakao.talk -l fridascript.js
whilefrida-server
is running
- For
- Browse for some emoticons in KakaoTalk application and view HTTP history in BurpSuite
- To get auth_token, copy
Authorization
from header of request seen in BurpSuite - To get emoticon ID, look for URL such as
https://item.kakaocdn.net/dw/4404400.emot_001.webp
. Emoticon ID would be4404400
- To get auth_token, copy
Emoticon that are in webp and gif need to be decoded. For Kakao Android application, com/kakao/digitalitem/image/lib/ImageDecode.java
calls libdigitalitem_image_decoder.so
...
nativeWebpImageResizeDecode()
ornativeGifImageDecode()
webpDecode()
orgifDecode()
decryptData()
cryptData()
, which decode emoticon by LFSR and XOR
If interested, you may study by decompiling Kakao Android application with jadx
and decompile libdigitalitem_image_decoder.so
with ghidra
.
- Reversing android native library: https://github.com/maddiestone/AndroidAppRE/blob/master/reversing_native_libs.md
- Information about Kakao animated stickers: https://gist.github.com/chitacan/9802668
- Downloading and decrypting Kakao animated stickers: https://github.com/blluv/KakaoTalkEmoticonDownloader
- Using share link to get pack id: https://github.com/star-39/moe-sticker-bot