-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.py
124 lines (95 loc) · 3.55 KB
/
main.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
import requests
import base64
import json
import pyotp # this import is just for generating the 2fa code
# put your roblosecurity cookie here
roblosecurity = ""
# put your group id here
group_id = 0
# put user id of the player you want to send robux to here
user_id = 0
# put the amount of robux to send here
robux_amount = 0
# two factor secret to generate the 6 digit 2fa code
twofactor_secret = ""
# actual code below
headers = {'Cookie': ".ROBLOSECURITY=" + roblosecurity}
# --- FUNCTIONS ---
def get_totp():
totp = pyotp.TOTP(twofactor_secret)
return totp.now()
def set_csrf():
request = requests.post("https://auth.roblox.com/v2/logout", headers=headers)
if request.status_code == 401:
print("Incorrect roblosecurity")
exit(0)
headers.update({'X-CSRF-TOKEN': request.headers['X-CSRF-TOKEN']})
def payout_request():
request = requests.post("https://groups.roblox.com/v1/groups/" + str(group_id) + "/payouts", headers=headers, json={
"PayoutType": "FixedAmount",
"Recipients": [
{
"amount": robux_amount,
"recipientId": user_id,
"recipientType": "User"
}
]
})
if request.status_code == 403 and request.json()["errors"][0]["message"] == "Challenge is required to authorize the request":
return request
elif request.status_code == 200:
print("Robux successfully sent!")
return False
else:
print("payout error")
print(request.json()["errors"][0]["message"])
return False
def verify_request(senderId, metadata_challengeId):
request = requests.post("https://twostepverification.roblox.com/v1/users/" + senderId + "/challenges/authenticator/verify", headers=headers, json={
"actionType": "Generic",
"challengeId": metadata_challengeId,
"code": get_totp()
})
if "errors" in request.json():
print("2fa error")
print(request.json()["errors"][0]["message"])
exit(0)
return request.json()["verificationToken"]
def continue_request(challengeId, verification_token, metadata_challengeId):
requests.post("https://apis.roblox.com/challenge/v1/continue", headers=headers, json={
"challengeId": challengeId,
"challengeMetadata": json.dumps({
"rememberDevice": False,
"actionType": "Generic",
"verificationToken": verification_token,
"challengeId": metadata_challengeId
}),
"challengeType": "twostepverification"
})
# --- Payout the robux ---
set_csrf()
data = payout_request()
if data == False:
exit(0)
# get necessary data for the 2fa validation
challengeId = data.headers["rblx-challenge-id"]
metadata = json.loads(base64.b64decode(data.headers["rblx-challenge-metadata"]))
metadata_challengeId = metadata["challengeId"]
senderId = metadata["userId"]
# send the totp verify request to roblox
verification_token = verify_request(senderId, metadata_challengeId)
# send the continue request, its really important
continue_request(challengeId, verification_token, metadata_challengeId)
# before sending the final payout request, add verification information to headers
headers.update({
'rblx-challenge-id': challengeId,
'rblx-challenge-metadata': base64.b64encode(json.dumps({
"rememberDevice": False,
"actionType": "Generic",
"verificationToken": verification_token,
"challengeId": metadata_challengeId
}).encode()).decode(),
'rblx-challenge-type': "twostepverification"
})
# send the final payout request
payout_request()