All Facebook parameters based around LGN, such as lgnjs, lgndim, lgnrnd, etc. published here. This was stupid easy, hardly security, took me longer to write thi readme than to reverse it.
Contact me: Telegram
- Inquire about Reverser's Academy, custom work, or anything else. Happy to provide general support!
I've created a coursec alongside @xTekky! Reverser's Academy, join us and learn the ins and outs of reverse engineering. We offer a zero to hero education style, teaching you the basics, all the way up to WASM, JS reversal, Android reversal, etc. Even reversing Hcaptcha and FunCaptcha!
Simply a timestamp of when the page was loaded, divided by 1e3 (1000). Very straightforward, no obfuscation or anything.
^^ One of Facebook's JS bundles, with the lgnjs parameter's algorithm highlighted.
This one was a bit more interesting. It encodes the window dimensions with base64 (atob), I wrote an algorithm to spoof these values and encode it.
^^ Using an online base64 decoder, we can see the payload for lgndim, it's window dimensions.
^^ Facebook's JS algorithm for lgndim is just a simple base64 encoder and fetching window dimensions.
^^ Identical response from Facebook's client, and my local JS.
This one was the least complex, took no JS reversal at all. It makes a request to login.php and parses the lgnrnd parameter from the response using a simple regex.
^^ Facebook's homepage HTML response, with the lgnrnd parameter highlighted.
All in all, this took me about ten minutes to reverse. All algorithms were simple, and could be reversed by anyone with a basic understanding of JS and devtools. Facebook has poor security.