How the current verification was overriden

[MahtabAlam991]

I stumbled upon this and what I found fascinating at least for me was that this app was able to override the human verification that the official website imposes, I would love to know how this was achieved.

[ttdyce]

Actually, sometimes the site skip the human verification automatically and the app just check if it happens.
It is done using a hidden webview to open the site, and wait for any cookie returned: got cookie means skipped verify, no cookie means required verify.

You can see the code around here:

NHentai-NHViewer/app/src/main/java/com/github/ttdyce/nhviewer/view/SplashActivity.java

Lines 49 to 69 in 3bc7e4c

	handler.postDelayed(new Runnable() {
	public void run() {
	// handle Cloudflare challenge
	String cookies = CookieManager.getInstance().getCookie(url);
	Log.d("SplashActivitiy", "url: " + url);
	Log.d("SplashActivitiy", "Got cookie: " + cookies);
	Log.d("SplashActivitiy", "User agent: " + wvInvisibleSplash.getSettings().getUserAgentString());
	if (cookies == null || !cookies.contains("cf_clearance=")) {
	Log.e("SplashActivitiy", "Not found required cookie: cf_clearance, I think API call won't work");
	Toast.makeText(getApplicationContext(), "Failed to bypass human checking, use manual mode", Toast.LENGTH_LONG).show();
	startActivity(refreshCookieIntent);
	} else {
	CookieStringRequest.challengeCookies = cookies;
	CookieStringRequest.userAgent = wvInvisibleSplash.getSettings().getUserAgentString();
	}
	// return to MainActivity
	finish();
	}
	}, 2 * 1000); // 2 seconds

NHentai-NHViewer/app/src/main/java/com/github/ttdyce/nhviewer/view/RefreshCookieActivity.java

Lines 16 to 70 in 3bc7e4c

	public class RefreshCookieActivity extends AppCompatActivity {
	String url = "https://nhentai.net";
	@SuppressLint("SetJavaScriptEnabled")
	@Override
	protected void onCreate(Bundle savedInstanceState) {
	super.onCreate(savedInstanceState);
	setContentView(R.layout.activity_refresh_cookie);
	/* Use a WebView to bypass cloudflare challenge (Retrieve cookie) */
	// any api url is fine :|
	WebView wvRefreshCookie = findViewById(R.id.wvRefreshCookie);
	// uncomment this part to simulate no-cookie state, for debugging
	// CookieManager.getInstance().removeAllCookies(new ValueCallback<Boolean>() {
	// @Override
	// public void onReceiveValue(Boolean value) {
	// // leave empty
	// }
	// });
	wvRefreshCookie.getSettings().setJavaScriptEnabled(true);
	// wvInvisibleSplash.getSettings().setUserAgentString("Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/110.0");
	wvRefreshCookie.loadUrl(url);
	String cookies = CookieManager.getInstance().getCookie(url);
	Log.d("SplashActivitiy", "url: " + url);
	Log.d("SplashActivitiy", "Got cookie: " + cookies);
	Log.d("SplashActivitiy", "User agent: " + wvRefreshCookie.getSettings().getUserAgentString());
	checkCookie(wvRefreshCookie.getSettings().getUserAgentString());
	}
	private void checkCookie(String userAgent){
	Handler handler = new Handler();
	handler.postDelayed(new Runnable() {
	public void run() {
	String cookies = CookieManager.getInstance().getCookie(url);
	if (cookies == null || !cookies.contains("cf_clearance=")){
	Log.e("SplashActivitiy", "Not found required cookie: cf_clearance, try again soon...");
	checkCookie(userAgent);
	}else{
	Log.d("SplashActivitiy", "url: " + url);
	Log.d("SplashActivitiy", "Got cookie: " + cookies);
	// Log.d("SplashActivitiy", "User agent: " + wvInvisibleSplash.getSettings().getUserAgentString());
	CookieStringRequest.challengeCookies = cookies;
	CookieStringRequest.userAgent = userAgent;
	Toast.makeText(getApplicationContext(), "Saved cookie, page loading should be work now (" + cookies, Toast.LENGTH_LONG).show();
	finish();
	}
	}
	}, 500);
	}
	}

[MahtabAlam991]

Thank you.....