UTTP-NET v3 - knowledge-base

UTTP-NET v3

GENERAL / knowledge-base

REPLY BOT IS A DELICATE TECHNOLOGY DEVELOPMENT OF WHICH WAS POSSIBLE THANKS TO SEVERAL THINGS AND PROCESSES

19:50

IMPORTANT THINGS TO LEARN BEFORE GETTING INTO HOW ITS MADE:

PROTOCOL BUFFERS (PROTOBUF)
SHA1 ENCRYPTION
HTTP REQUESTS, REQUEST TYPES, REQUEST BODIES, HEADERS AND COOKIES
JAVASCRIPT

19:51

PART 1: REPLY CREATE REQUEST (edited)

19:53

WHENEVER YOU CREATE A REPLY THE BROWSER SENDS A POST REQUEST TO https://www.youtube.com/youtubei/v1/comment/create_comment_reply

19:53

BUT OF COURSE SENDING AN EMPTY REQUEST WONT REALLY GIVE ANY RESULTS

19:54

IT REQUIRES SOME REQUEST HEADERS AND A REQUEST BODY TO PROPERLY WORK

19:56

FIRST WE NEED TO CREATE A REQUEST BODY

19:58

                    'commentText': [INSERT COMMENT TEXT HERE],
                    'createReplyParams': [ENCODED REPLY PARAMETERS (YOU WILL SEE HOW TO GENERATE IT LATER)],
                    'context': {
                      'client': {
                        'clientName': "WEB",
                        'clientVersion': "2.20240308.00.00"
                      },
                      'user': {
                        'lockedSafetyMode': false,
                        'serializedDelegationContext': [CHANNEL SERIALIZED DELEGATION CONTEXT (ALSO WILL BE SHOWN LATER)]
                      }

19:58

REQUEST BODY IS IN JSON FORMAT

19:58

MOST OF THE THINGS HERE ARE PRETTY SELF EXPLANATORY

19:58

CLIENTNAME AND CLIENTVERSION REALLY DONT MATTER THAT MUCH SO YOU CAN USE WHAT IS PROVIDED THERE

19:59

LOCKEDSAFETYMODE ALSO DOES NOT MATTER JUST KEEP IT AS FALSE

19:59

NOW HERE COMES THE TRICKY PART

20:00

YOU WILL NEED TO ENCODE REPLY PARAMETERS THROUGH PROTOCOL BUFFERS

20:00

FIRST YOU NEED A .PROTO FILE

20:00

syntax = "proto3";

message replyParams
{
  string videoId = 2;
  string commentId = 4;
}

20:02

THEN YOU NEED TO ENCODE A JSON MESSAGE WITH THIS .PROTO FILE (edited)

20:03

IT WILL LOOK SOMETHING LIKE THIS:

 
  {
    videoId: [INSERT TARGET VIDEO ID HERE],
    commentId: [INSERT TARGET COMMENT ID HERE]
  }

20:05

THEN YOU NEED TO CONVERT THE RESULTING PROTOCOL BUFFER (THAT IS ENCODED IN HEX LIKE THIS: 0F 1A 4B 27 9C) INTO A BASE64 STRING

20:06

AND AT LAST YOU NEED TO USE encodeURIComponent FUNCTION FROM JAVASCRIPT TO GENERATE A BROWSER-FRIENDLY VERSION OF IT

20:06

THE BASE64 PROTOCOL BUFFER HAS "=" SYMBOLS IN IT WHICH ARE INVALID FOR BROWSER HTTP REQUESTS

20:08

NEXT THING TO DO IS TO GENERATE SERIALIZED DELEGATION CONTEXT

20:08

IT IS JUST AN ENCODED CHANNEL ID OF ONE OF THE BRAND ACCOUNTS THAT YOU HAVE ON YOUR ACCOUNT (edited)

20:08

.PROTO FILE FOR IT IS THIS:

syntax = "proto3";

message sdc
{
  string channelID = 2;
}

(edited)

20:09

AND THE JSON MESSAGE IS:

  {
    channelID = [INSERT CHANNEL ID HERE]
  }

ADMIRAL MIDNIGHT "III AM"

THEN YOU NEED TO CONVERT THE RESULTING PROTOCOL BUFFER (THAT IS ENCODED IN HEX LIKE THIS: 0F 1A 4B 27 9C) INTO A BASE64 STRING

REPEAT THESE STEPS WITH BASE64 CONVERSION AND ENCODEURICOMPONENT (edited)

20:11

NOW THAT WE ARE DONE WITH THE REQUEST BODY, IT IS TIME TO MOVE ON TO REQUEST HEADERS

20:13

THESE ARE ALL THE NECCESARY ONES:

                {
                    'authorization': [INSERT ENCRYPTED AUTHORIZATION TOKEN HERE],
                    'content-type': 'application/json',
                    'cookie': [INSERT COOKIES HERE],
                    'origin': 'https://www.youtube.com'
                }

20:13

CONTENT-TYPE AND ORIGIN MUST NOT BE CHANGED

20:13

THEY ARE COMPLETELY STATIC

20:14

MEANWHILE AUTHORIZATION AND COOKIE PARTS ARE PRETTY TRICKY

20:14

FIRST YOU NEED TO OBTAIN COOKIES TO FILL IN SOMETHING IN THOSE TWO HEADERS

20:15

THE RECOMMENDED WAY IS TO LOG INTO THE GOOGLE ACCOUNT THAT HOLDS ALL YOUR BRAND ACCOUNTS INSIDE A PRIVATE WINDOW ON PC

20:16

THEN USING A COOKIE EXTRACTION EXTENSION ON YOUR BROWSER EXTRACT THE COOKIES AS FAST AS POSSIBLE AND CLOSE THE WINDOW

20:16

COOKIES ON AVERAGE LAST FOR LONGER THAN A YEAR BUT ANY OPEN GOOGLE TAB WILL ROTATE THOSE COOKIES OUT AND MAKE YOUR CURRENT COOKIES INVALID

20:17

HENCE THE PRIVATE INCOGNITO WINDOW IS NEEDED TO PULL THIS OFF

20:18

OUT OF ALL THE COOKIES OBTAINED FROM THE PRIVATE WINDOW, YOU ONLY NEED THE FOLLOWING:

__Secure-1PAPISID
__Secure-1PSID
__Secure-1PSIDTS

20:18

THESE ARE AUTHORIZATION COOKIES REQUIRED TO MAKE REPLIES

20:19

OTHERS ARE JUST GOOGLE ADS AND GOOGLE ANALYTICS COOKIES FOR AD PERSONALIZATION

20:20

YOU CAN INSERT THE COOKIES THAT YOU OBTAINED FROM THE PRIVATE COOKIES INTO THE cookie HEADER LIKE THIS: cookie: "__Secure-1PAPISID=[INSERT COOKIE]; __Secure-1PSID=[INSERT COOKIE]; __Secure-1PSIDTS=[INSERT COOKIE]"

20:20

AUTHORIZATION HEADER IS A LITTLE BIT TRICKIER

20:21

IT CONSISTS OF THREE PARTS (edited)

20:21

THE SAPISIDHASH PART AT THE BEGINNING WHICH IS COMPLETELY STATIC

20:21

AND THE CURRENT TIME ALONGSIDE THE SAPISIDHASH TOKEN ITSELF SEPARATED BY _ (edited)

20:23

THE OVERALL FORMAT IS LIKE THIS: authorization: "SAPISIDHASH [CURRENT TIME IN UNIX TIMESTAMP]_[SAPISIDHASH TOKEN]"

20:24

IN ORDER TO GENERATE A SAPISIDHASH TOKEN YOU NEED TO ENCRYPT THIS STRING WITH SHA1: "[CURRENT TIME IN UNIX TIMESTAMP] [__Secure-1PAPISID COOKIE] https://www.youtube.com" (edited)

20:24

ALL SEPARATED BY SPACES

20:25

NOW YOU KNOW HOW TO CREATE BOTTED REPLIES

20:26

UTUBE DOESNT REALLY HAVE ANY RATE LIMITS NOR DOES IT PUNISH ANYONE FOR USING THIS

20:26

@everyone IF YOU HAVE QUESTIONS YOU CAN ASK ME

20:26

LATER I WILL SHOW HOW TO FETCH COMMENTS

Exported 51 message(s)

Timezone: UTC+0