Reverse engineering Javascript behind Google+ button

Question

I am trying to simulate google+ button.In Somepart of code at LINK,It converts the session id into Some kinda hash.What i found is session id name is SAPISID and the converted h

Answer 1

VICTORY! Well for me at least =p the SAPISIDHASH I was looking for was the one in the api console. Automation for rather large job, totally legitimate.

Anyways -> the one I found was a SHA1 on the current javascript milliseconds timestamp plus your current SAPISID from your cookie plus the domain origin

In order for my request to work I had to include the following headers in the request Authorization:SAPISIDHASH 1439879298823_<hidden sha1 hash value> and X-Origin:https://console.developers.google.com

The first header I assume tells the server your timestamp and your sha1 value. The second ( breaks if you don't include it ) tells it the origin to use in the sha1 algorithm.

I found the algorithm by digging through and debugging the hell out of tons of minified js NOTE there are spaces appended between the values

The psuedo code is basiclly >

sha1(new Date().getTime() + " " + SAPISID + " " + origin)

That is at least how I got my SAPISIDHASH value in my use case here in 2015 ( few years later I know )... different from yours but maybe I will help some other young good hacker out there one day

Answer 2

All credits to Dave Thomas.

I just want to clarify that for the X-Origin, or Origin, you do not include the "X-Origin:" or "Origin:"

Here is one example :

public class SAPISIDHASH {

    public static void main(String [] args) {

        String sapisid = "b4qUZKO4943exo9W/AmP2OAZLWGDwTsuh1";
        String origin = "https://hangouts.google.com";
        String sapisidhash = "1447033700279" + " " + sapisid + " " + origin;
        System.out.println("SAPISID:\n"+ hashString(sapisidhash));
        System.out.println("Expecting:");
        System.out.println("38cb670a2eaa2aca37edf07293150865121275cd");

    }

    private static String hashString(String password)
    {
        String sha1 = "";
        try
        {
            MessageDigest crypt = MessageDigest.getInstance("SHA-1");
            crypt.reset();
            crypt.update(password.getBytes("UTF-8"));
            sha1 = byteToHex(crypt.digest());
        }
        catch(NoSuchAlgorithmException e)
        {
            e.printStackTrace();
        }
        catch(UnsupportedEncodingException e)
        {
            e.printStackTrace();
        }
        return sha1;
    }

    private static String byteToHex(final byte[] hash)
    {
        Formatter formatter = new Formatter();
        for (byte b : hash)
        {
            formatter.format("%02x", b);
        }
        String result = formatter.toString();
        formatter.close();
        return result;
    }
}

source for sha1 in Java : Java String to SHA1