Skip to content

Social Media

Jump to bottom Edit New page
Georg Lukas edited this page Nov 7, 2023 · 5 revisions

When uploading images from the NX300 to social media, it will try to talk unencrypted to snsgw.samsungmobile.com, using different API endpoints.

Example for a Facebook login (don't bother, those credentials are fake):

POST http://snsgw.samsungmobile.com/facebook/auth HTTP/1.1

<?xml version="1.0" encoding="UTF-8"?>
<Request Method="login" Timeout="3000" CameraCryptKey="844e7f0fadf4ba1cf5b6de9edb06ac9a448c0d3031b73db65a308cecb570428a44dea69bddd94403829e5c06efee9a4d555590f75a8c1313c3b935a0a03684d463733b30d3a34fe11b0da9d7f230366221ceec509419d89fd9b0cc36adc7258fbc904b497173d1f154202727c402b2a25d58dd0ecc6d576294880226cfb46151">
<UserName Value="7xKPwb19QdFKzsjsrQx62g%3D%3D"/>
<Password Value="U%2BK0X1QnWUv4tkvrrtQ0aQ%3D%3D"/>
<PersistKey Use="true"/>
4p4uaaq422af3"/>
<SessionKey Type="APIF"/>
<CryptSessionKey Use="true" Type="SHA1" Value="/////xAAwKRSAQAAAPAHtv////8QAMCkUgEAAADwB7Y="/>
<ApplicationKey Value="6a563c3967f147d3adfa454ef913535d0d109ba4b4584914"/>
</Request>

Yes, it's unencrypted. Yes, the XML is invalid.

The CameraCryptKey is different in each request, all the other fields remain the same. It looks like UserName and Password are encrypted in ECB or some other simple, IV-less mode.

As the service is down, I don't know (yet) the expected response format, so there is no way yet to mimic the service.

There is an accidental header file from libwifi-sns in the NX300 source code dump, containing those strings, under TIZEN/project/NX300/imagedev/usr/include/libwifi-sns/client_predefined.h, but there is no source code :(

Add a custom footer
Add a custom sidebar
Clone this wiki locally