Google bot-guard protection bypass

[axel578]

Your bot should integrate the bg.request wich is the most important of all , if google sees that you login without it , he will wait that yoyu connect like this with all your account and will all shut them down ( i happened to me for 3000 of them ) , bg.request is part of the botguard process developped by google , it 's an enormous javascript script that generates a sort of sentence encrypted in Xtea with the key integrated in the bg request , the bg request contains your canvas identity webgl ....

[BitTheByte]

Hi @axel578

Could you please rephrase your comment? as i'm not able to understand it properly.

[axel578]

botguard , the request you send should contains in data bg.request= ... , the ... should contains the bg data , those datas contains everything about your computer , if the bg.request is not here , all the accounts who send request without this bg data will be traced down and terminated .( closed )

[axel578]

the idea know is to reverse engineer the bg.request wich is process with this script : https://textup.fr/313569za , to see the bg. request, just go to youtube/upload with the network inspector of chrome or firefox open (developper tool ) and upload a video and catch the request named ...rupio?authuser=1 , there are sometimes two of them , one of them contains : X-Goog-BGR: !4eKl4sNCyy... the goog-bgr is the botguard and after it is the encrypted text containing all your computer information , this encrypted text is generated by this script: https://textup.fr/313569za , just know have to reverse engenire it .

[BitTheByte]

Hey @axel578

Thanks for the clarification I appreciate it.

First of all i do understand your request but unfortunately I will not fix this issue.
I created this repository as a side fun project so me attempting to reverse/crack google's anti-bot protection is over do, instead of i could provide a another slow but reliable solution by using Chrome web driver For those who want a reliable results But using this mode will cost alot at the side of system resources since running ~20/30 threaded chrome instances simultaneously running Youtube will eat up at least 4/5GB of your RAM and probably 30~50% of the CPU if it's a high-end model

Of course any better ideas are welcomed so i'll wait a 5 to 8 weeks before implementing the Optional (ChromeDriver mode) just in-case anyone has came up with a better idea

[BitTheByte]

Sorry for the delay. After further reviewing this i decided not to implement the suggested fix.

[ikp4success]

if you go to any youtube video link like https://www.youtube.com/watch?v=AV8GNQTOyBU, open the page source, there is "botguardData" in the youtube source, if you ctrl + f. If you can manage to regex out that data you can use that botguardData to login. All you have to do is make the request to random youtube video and regex that botguarddata before your google account login request. I am sure this will be blocked soon..lol

Another way is to try and sign in with a fake account while inspect element is opened and pre-save bgrequest in file or list, dict(do this process again till you have enough), and randomly get bg request from list/dict/file for acoount sign in. Bg request is persistent, but expire after some days.

Another way reverse engineer BGrequest.
In python
https://github.com/ikp4success/bypass_google_bot_guard

[BitTheByte]

Hello @ikp4success,

Interesting approach, I'll be taking this with the recent open issues in consideration in the next release thanks for helping out on this

[BitTheByte]

Hello @ikp4success

I've been unable to bypass botgaurd using your python code. based on my knowledge creating a successful botgaurd token require some form of binary which get executed at custom javascript VM and return the token I've taken a shortcut by grabbing the binary from the page and let chrome do the heavy lifting. I also thought of getting as many tokens as possible and store them for later use but if tokens are verified based on timestamp or has a life span this will fail. I'll be researching this more. let me know if you have any ideas

[mewtlu]

Hi @BitTheByte, sorry to necro a fairly old issue but have you gotten anywhere with this issue? I'd be really interested to hear whether you've found any methods of getting around Botguard!