Contact . Telegram . hCaptcha Study
This script was used to "encode" somes event data:
- webgl vendor + renderer
- browser performance
- browser timezone
It was used to just encode some data from the events to make sure they arent tampered
But that script is now outdated and there is a new way to encode the data
This script is used to generate the stamp value in the fingerprint.
This script The hashing algo is xxhash with the fixed seed (5575352424011909552)
Rand is a CRC-32 checksum hash of the whole hsw payload in json format, it's used to check the payload integrity if you edited it from memory etc...
Format: [math.random, crc-32 * 2.3283064365386963e-10]
Final payload is encrypted using AES-GCM (256 bits key)
To find the loaction of the key search for i32.const 544 and find this pattern with 4 calls to the same function
those 4 calls are calls to hcaptchas memory encryption function which encrypts the key in the memory, but by setting breakpoints in the wasm you can get the bigints before they get encrypted.
Then use this script to form the key using the bigints.
Making a automatic key fetcher that doesn't use any browser environment is a prett hard challenge, but not impossible
fingerprint_events is parsed output of fingerprinting script, somes data are hashed.
Final output is ecnrypted using AES-CBC (128 bits key).
Here is the blob encryption function seperated from the hsw js code
Keys for the version 7b6e17c04c6d797bfac5dc5382688970e3759da3629a52f9a4317bf71af11e3a: [58, 79, 236, 196, 100, 102, 227, 71, 74, 118, 130, 142, 166, 108, 77, 226]
The getcaptcha payload and response are both encrypted using different keys in some algo which i wont be publishing, (they are both in wasm)