Javascript code static analysis OnlyFans

** Please carefully read the project before messaging or submitting your proposal. Some comments about your ideas about the project will help me to understand the reply is not a bot reply. Proposals that look like spam will be ignored. **

OnlyFans is a website is written in some Javascript framework (I think it's vue.js but not sure) and makes calls to their API. The API requires all requests to be signed (it sends a cookie with the request called 'sign'). The javascript is minified.

In simple terms, it takes a fixed value (which is somewhere in the javascript), the unix time in milliseconds, the user id, and the URL being accessed, and hashes all of that using SHA1. Then it transforms it through an array matrix operation and that becomes the signature to send with the request.

Some nice folks who wrote a python scraper have reverse engineered that signing code. We have access to that code, it's a public github project. I've successfully re-written that signing code in C# and it works fine for GET requests. However, there is no similar example for POST requests. I suspect the POST body is being hashed together with the other values (time, URL, etc), but I am not sure.

What is required:

* analyze OnlyFans javascript code, which is minimized (running it through an unminimizer seems to help)

* find the place where it's signing POST requests, and figure out the algorithm (how it differs from the signing of the GET requests)

* write an explanation of the algorithm (pseudocode, text description, etc)

* explain where you found the signing code so that I can adjust my code if they change anything (such as the static values that seem to change every few months).

Payment milestones will only be released on success so be sure you can handle the task before agreeing to proceed. Anyone with experience reverse engineering other people's javascript should have no problem figuring out what to do.

JavaScript Reverse Engineering

Projekt ID: #32239855

Om projektet