Jan 26, 2014

Bypass Facebook Photo Verification

Facebook has different verification mechanisms in store. In certain cases Facebook requires you to verify yourself as a human being or to verify your identity. One of these identity checks is the photo verification. Facebook basically shows you photos of your friends and requires you to recognize them in the photos. This is done by presenting you with a list of prepopulated names of some of your friends who could possibly be shown in the pictures.


I have created a proof-of-concept software that can bypass the photo verification 100% of the time. I'll show you how to build the software step by step, all you need is:

  • A Facebook developer account (it's for free!)
  • A little bit of storage on your hard drive
  • A Linux machine (a virtual one will do)
  • A local web server to host a small php application (e.g. Apache web server)
  • The ability to copy and paste code



First things first: This is no hacking tutorial, and I will not be responsible for anything done with malicious intent with the information provided here. I show you a proof-of-concept to bypass Facebook's photo verification feature in case you are afraid to lose your account to this identification mechanism. I did this on a Linux machine (Ubuntu 12.04) but with some minor code twitches on the file system parts it will also work for Windows machines.

This method only works if your account is not yet blocked. See it as an insurance or protection which will work perfectly fine in case your account gets blocked and you need to unlock it. I'll stress this once more: This method will not work if your account is already blocked.

We will build a Facebook application where you can login to with the account which you'd like to unlock at a later point in time. The app will do the following once you log in to it with the account you'd like to protect.

1. Iterate over all photos your friends are tagged in
2. Store all these photos on your computer in a location you specified by creating one directory for each of your friends and putting their images in their according directory. The directories have the names of your friends, e.g.:

John Snow (containing all photos where John Snow is tagged in)
Ned Stark (containing all photos where Ned Stark is tagged in)
Jamie Lannister (containing all photos where Jamie Lannister is tagged in)
...

Once your account gets locked and you are facing photo verification, you can simply take the friends' names you are presented with and visually  compare the images shown by Facebook with the images the app stored in your friends folders on your hard drive. The photo verification does have a time limit, but this method works quickly enough to render the time limit useless.



Let's get started!

1. Create a Facebook developer account

  • This is not the account that is going to be unlocked later on. This is a developer account to create the Facebook app which we will use to gather your friends' tagged photos from later on.
  • Use an existing Facebook account or create a new one and make it a developer account. Follow this tutorial on how to create a developer account.
  • You'll need to verify your developer account with a phone number before you can use it!

2. Create and configure your unlock-app

  • Log into your developer account.
  • On the top right, in the menu, select "Manage Apps":
facebook_manage_apps

  • You will now be presented with a new account page for development.
  • At the top, click on "Apps" and "Create a New App":
facebook_create_new_app

  • Give it a name and a namespace and chose any category (it does not matter).
  • You are now presented with you freshly created app. Note down your app id and your app secret, you will need it later:
facebook_app_id_app_secret

  • In the left menu, go to "Settings".
  • Now click on "Add Platform":
facebook_app_add_platform

  • Now enter the following at "Site URL": http://127.0.0.1/fbunlocker.php.
facebook_app_enter_localhost

  • Click in the left menu on "Status & Review".
  • Switch the button which is described as "Do you want to make this app and all its live features available to the general public?" from "No" to "Yes" by clicking on it:
facebook_app_exit_development_mode

  • Congratulations! The hardest part is done.
  • All we have to do now is to install a web server and create the php script you just linked with your Facebook application.

2. Install a web server

  • We are now going to install the apache web server and create the php application.
  • On Linux this is straightforward. Open a terminal and type:
    • sudo apt-get install apache2

3. Download Facebook-php SDK

  • Download the files "base_facebook.php" and "facebook.php" from this github repo.
  • Create a folder called "src" in /var/www/:
    • sudo mkdir /var/www/src/
  • Place the two files in /var/www/src/ by doing (you have to replace the paths in brackets with your actual paths):
    • sudo mv <your_filepath_to_base_facebook.php> /var/www/src/
    • sudo mv <your_filepath_to_facebook.php> /var/www/src/

4. Create the actual Facebook application

  • Create a new text file and call it 'FBUnlocker.php'.
  • Open the new file and copy the following code into it:
 <?php  
 require_once('src/facebook.php');  
   
 function grab_image($url, $saveto)  
 {  
   $ch = curl_init($url);  
   curl_setopt($ch, CURLOPT_HEADER, 0);  
   curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);  
   curl_setopt($ch, CURLOPT_BINARYTRANSFER, 1);  
   $raw = curl_exec($ch);  
   curl_close($ch);  
   if (file_exists($saveto)) {  
     unlink($saveto);  
   }  
   $fp = fopen($saveto, 'x');  
   fwrite($fp, $raw);  
   fclose($fp);  
 }  
   
   
 $config = array(  
   'appId' => 'YOUR_APP_ID',  
   'secret' => 'YOUR_APP_SECRET'  
 );  
   
 function make_dir($path)  
 {  
   $ret = mkdir($path, 0755, true);  
   return $ret === true || is_dir($path);  
 }  
   
 $facebook = new Facebook($config);  
 $user_id = $facebook->getUser();  
 ?>  
   
 <!DOCTYPE html>  
 <html>  
  <head>  
 <meta charset="utf-8">  
 <meta content="text/html;charset=utf-8" http-equiv="Content-Type">  
 <meta content="utf-8" http-equiv="encoding">  
 </head>  
 <body>  
   
 <h1>Save friends' tagged photos!</h1>  
 <br>  
   
  <?php  
 if ($user_id) {  
     
   try {  
       
     $user_profile = $facebook->api('/me', 'GET');  
     $access_token = $facebook->getAccessToken();  
     $friends   = $facebook->api('/me/friends');  
       
       
       
     foreach ($friends['data'] as $friend) {  
         
       // CREATE FRIEND FOLDER STRUCTURE  
       make_dir('SAVE_FILES_HERE' . $friend["name"]);  
         
         
       // FQL QUERY FOR TAGGED PHOTOS  
       $fql_query   = "SELECT src_big,pid FROM photo WHERE pid IN (SELECT pid FROM photo_tag WHERE subject =" . $friend["id"] . ")";  
       $fql_query_url = 'https://graph.facebook.com/fql?q=' . urlencode($fql_query) . '&access_token=' . ($access_token);  
         
       $fql_query_result = file_get_contents($fql_query_url);  
       $fql_query_obj  = json_decode($fql_query_result, true);  
         
       // FQL QUERY FOR PROFILE PICTURE  
       $fql_query_profile_picture   = "SELECT pic_big FROM profile WHERE id =" . $friend["id"];  
       $fql_query_url_profile_picture = 'https://graph.facebook.com/fql?q=' . urlencode($fql_query_profile_picture) . '&access_token=' . ($access_token);  
         
       $fql_query_result_profile_picture = file_get_contents($fql_query_url_profile_picture);  
       $fql_query_obj_profile_picture  = json_decode($fql_query_result_profile_picture, true);  
         
         
       // DOWNLOAD PROFILE PICTURE  
       foreach ($fql_query_obj_profile_picture as $result) {  
         foreach ($result as $inner_element) {  
           if (!file_exists('SAVE_FILES_HERE' . $friend["name"] . "/profile_pic.jpg")) {  
             grab_image($inner_element["pic_big"], 'SAVE_FILES_HERE' . $friend["name"] . "/profile_pic.jpg");  
           }  
         }  
       }  
         
         
       // DOWNLOAD ALL PHOTOS WHERE FRIEND IS TAGGED IN  
       foreach ($fql_query_obj as $result) {  
         foreach ($result as $inner_element) {  
             
           if (!file_exists('SAVE_FILES_HERE' . $friend["name"] . '/' . $inner_element["pid"] . ".jpg")) {  
             grab_image($inner_element["src_big"], 'SAVE_FILES_HERE' . $friend["name"] . '/' . $inner_element["pid"] . ".jpg");  
           }  
         }  
           
       }  
         
     }  
       
       
   }  
   catch (FacebookApiException $e) {  
       
     $login_url = $facebook->getLoginUrl();  
     echo 'Please <a href="' . $login_url . '">login.</a>';  
     error_log($e->getType());  
     error_log($e->getMessage());  
   }  
 } else {  
     
   $login_url = $facebook->getLoginUrl(array(  
     'scope' => 'user_status,publish_stream,user_photos,user_photo_video_tags,friends_photos'  
   ));  
   echo 'Please <a href="' . $login_url . '">login.</a>';  
     
 }  
   
 ?>  
 </body>  

  • You have to modify 3 items in the code:
    • Replace 'YOUR_APP_ID' with your actual app ID. You did note it down, didn't you?
    • Replace 'YOUR_APP_SECRET' with your actual app secret
    • Replace 'SAVE_FILES_HERE' with the directory where you want to store the downloaded pictures of your tagged friends, e.g. '/home/your_user/tagged_photos/', whereas 'your_user' is your user
  • Move the FBUnlocker.php into your web server's directory:
    • sudo mv 'path_to_your_FBUnlocker.php' /var/www/'
  • Make sure your FBUnlocker.php is executable:
    • sudo chmod 755 /var/www/FBUnlocker.php
  • Ensure your tagged photo's download directory is writeable:
    • sudo chmod 755 'your_tagged_photos_directory' (e.g. '/home/your_user/tagged_photos/')

5. Use the app

  • Congrats, everything is now ready for use.
  • Fire up your favorite browser and point it to:
    • http://127.0.0.1/fbunlocker.php
  • You should be redirected to your Facebook app.
  • Enter the credentials of the account you want to protect from getting blocked.
  • Login, accept the requested permissions and wait until your browser is done working (this may take quite a while, depending on your number of friends and the number of photos they are tagged in).

If everything succeeded, you should now see a folder structure being created in your tagged photo's directory, one folder for each friend. The name of the folder is the one of the friend so you can rapidly look up the photos once photo verification presents you with names. Each folder contains all the photos of the according friend and his or her profile picture.

You can run the app multiple times and stop in between. It will recognize which photos it has already taken and not download them again.

A word on required disk space: Tests show a space usage of roughly 1 GB / 1.000 friends, so if you plan on maxing out your friends (5.000 at the moment) you should plan about 5 GB of space.

Possible further improvements:
  • Improve the code. The code has been thrown together with a focus on functionality, not beauty or performance. I'm sure there are more elegant and faster ways to download and store the photos. What about multithreading?
  • Plug-in an image-comparing software. Instead of manually looking up the names of the friends you are presented with by the photo verification test in your folder structure, the presented photos could be automatically grabbed and saved to your hard disk and compared by an image comparing software. This would save another manual step, although the current method involves very little human effort once the app is up and running.

TL;DR: To bypass the Facebook photo verification check, you have to do several things. Get yourself a developer account. Create a Facebook app and deploy it on a local web server. The app will download all photos in which your friends are tagged in to your hard disk. If you encounter photo verification you can browse you hard disk for the names you are presented with and compare the images manually. You'll bypass the verification within a heartbeat.




5 comments:

  1. Since the app does nothing illegal but merely downloads all your friend's tagged photos, Facebook does not take any "counter-measures". Yes, this is still working.

    ReplyDelete
  2. Hi Max,

    I'm excited to try this out, however when I add the 'Site URL' as specified, I get an error saying "this can't be a Facebook URL".

    Do you know a way around this?

    Thanks,
    Andy

    ReplyDelete
  3. Hi Andrew,

    there seem to be some issues around devloping Facebook apps on your local machine. Did you enter something in the 'App Domain' field? Leaving that field blank seems to do the trick for some people (see http://stackoverflow.com/questions/4532721/facebook-development-in-localhost).
    Some people report that you need might need to adjust your host file depending on your setup - see link above further down in the discussion.

    It seems like Facebook has slightly changed the setting for using localhost to develop FB apps.

    Thanks,
    Max

    ReplyDelete