fca-phantom 1.0.0

package/phantom/datastore/models/matrix/ghost.js

@@ -0,0 +1,332 @@
+"use strict";
+
+const { warn, log, error } = require("./logger");
+
+const THREAT_PATTERNS = [
+    { pattern: /checkpoint/i,                       score: 80 },
+    { pattern: /action_required|action required/i,  score: 70 },
+    { pattern: /account.{0,10}(locked|suspended|disabled|banned)/i, score: 95 },
+    { pattern: /your account has been (suspended|disabled|banned|locked)/i, score: 100 },
+    { pattern: /this account has been (suspended|disabled)/i, score: 100 },
+    { pattern: /unusual.{0,10}(activity|behavior)/i, score: 75 },
+    { pattern: /suspicious.{0,10}activity/i,         score: 75 },
+    { pattern: /verify.{0,15}(account|identity)/i,   score: 65 },
+    { pattern: /confirm.{0,15}(identity|it'?s you)/i, score: 65 },
+    { pattern: /security.{0,10}check/i,               score: 60 },
+    { pattern: /login.{0,10}approvals/i,              score: 55 },
+    { pattern: /two.?factor.{0,10}(authentication|required)/i, score: 55 },
+    { pattern: /too.{0,10}many.{0,10}(requests|attempts)/i, score: 70 },
+    { pattern: /rate.{0,10}limit(ed)?/i,              score: 65 },
+    { pattern: /temporarily.{0,10}block(ed)?/i,       score: 80 },
+    { pattern: /automated.{0,10}behavior/i,           score: 90 },
+    { pattern: /not.{0,5}a.{0,5}human/i,              score: 95 },
+    { pattern: /bot.{0,10}detect(ed|ion)/i,           score: 90 },
+    { pattern: /spam.{0,10}detect(ed)?/i,             score: 75 },
+    { pattern: /violates.{0,10}(our.{0,5})?community.{0,5}standards/i, score: 70 },
+    { pattern: /policy.{0,10}violation/i,             score: 75 },
+    { pattern: /action.{0,5}blocked/i,                score: 70 },
+    { pattern: /messaging.{0,10}limit.{0,10}reached/i, score: 80 },
+    { pattern: /sending.{0,10}limit/i,                score: 75 },
+    { pattern: /you'?ve.{0,10}reached.{0,10}your.{0,10}limit/i, score: 75 },
+    { pattern: /integrity.{0,10}violation/i,          score: 85 },
+    { pattern: /anti.{0,5}(spam|abuse)/i,             score: 65 },
+    { pattern: /device.{0,10}login/i,                 score: 55 },
+    { pattern: /blocked.{0,10}from.{0,10}sending/i,   score: 80 },
+];
+
+const THREAT_SCORE_THRESHOLDS = {
+    warn:    40,
+    throttle:60,
+    block:   80,
+    trip:    85,
+};
+
+const HOUR_MULTIPLIERS = [
+    0.1, 0.1, 0.1, 0.1, 0.1, 0.15,
+    0.25, 0.4, 0.6, 0.8, 1.0, 1.0,
+    0.9, 1.0, 1.0, 0.95, 0.9, 0.85,
+    0.8, 0.75, 0.7, 0.5, 0.3, 0.15,
+];
+
+class Shield {
+    constructor() {
+        this._threadActivity = new Map();
+        this._threadLastMsg  = new Map();
+        this._threadRisk     = new Map();
+        this._sessionStart   = Date.now();
+        this._totalSent      = 0;
+
+        this._msgDelay    = 120;
+        this._threadDelay = 400;
+        this._burst       = 0;
+        this._burstStart  = Date.now();
+        this._burstWindow = 60_000;
+        this._burstLimit  = 30;
+
+        this._daily = {
+            date: new Date().toDateString(),
+            sent: 0,
+            max:  2500,
+            perThread: new Map(),
+        };
+
+        this._hourly = {
+            hour:  new Date().getHours(),
+            count: 0,
+            max:   350,
+        };
+
+        this._breaker = {
+            tripped:     false,
+            at:          null,
+            cooldown:    45 * 60_000,
+            signals:     0,
+            maxSignals:  2,
+            lastSignal:  null,
+            totalTrips:  0,
+            history:     [],
+        };
+
+        this._threatScore   = 0;
+        this._fingerprint   = null;
+        this._consecutive   = 0;
+        this._maxConsecutive = 10;
+        this._responseScores = [];
+
+        this._warmup = {
+            active:     false,
+            startedAt:  null,
+            durationMs: 15 * 60_000,
+            maxPerHour: 40,
+        };
+
+        this._dailyTimer  = setInterval(() => this._checkDailyReset(),  60_000).unref?.() || setInterval(() => this._checkDailyReset(), 60_000);
+        this._hourlyTimer = setInterval(() => this._checkHourlyReset(), 30_000).unref?.() || setInterval(() => this._checkHourlyReset(), 30_000);
+        try { this._dailyTimer.unref(); } catch (_) {}
+        try { this._hourlyTimer.unref(); } catch (_) {}
+    }
+
+    _checkDailyReset() {
+        const today = new Date().toDateString();
+        if (this._daily.date !== today) {
+            this._daily.date = today;
+            this._daily.sent = 0;
+            this._daily.perThread.clear();
+            this._threadRisk.clear();
+            log("Shield", "Daily counters reset");
+        }
+    }
+
+    _checkHourlyReset() {
+        const h = new Date().getHours();
+        if (this._hourly.hour !== h) {
+            this._hourly.hour  = h;
+            this._hourly.count = 0;
+        }
+    }
+
+    _currentHourMultiplier() {
+        return HOUR_MULTIPLIERS[new Date().getHours()] ?? 1;
+    }
+
+    _effectiveHourlyLimit() {
+        if (this._warmup.active) return this._warmup.maxPerHour;
+        return Math.floor(this._hourly.max * this._currentHourMultiplier()) || 1;
+    }
+
+    lockSessionFingerprint(ua, secChUa, platform, locale, timezone) {
+        this._fingerprint = { ua, secChUa, platform, locale, timezone, locked: Date.now() };
+        log("Shield", "Session fingerprint locked");
+    }
+
+    getFingerprint() { return this._fingerprint; }
+
+    enableWarmup(durationMs = null) {
+        this._warmup.active    = true;
+        this._warmup.startedAt = Date.now();
+        const dur = durationMs ?? this._warmup.durationMs;
+        setTimeout(() => {
+            this._warmup.active = false;
+            log("Shield", "Warmup mode ended");
+        }, dur);
+        log("Shield", `Warmup mode activated (${Math.round(dur / 60_000)}min)`);
+    }
+
+    scoreThreat(text) {
+        if (!text || typeof text !== "string") return 0;
+        let   score  = 0;
+        const lower  = text.toLowerCase();
+        for (const { pattern, score: s } of THREAT_PATTERNS) {
+            if (pattern.test(lower)) score = Math.max(score, s);
+        }
+        return score;
+    }
+
+    detectThreatSignal(text) {
+        return this.scoreThreat(text) >= THREAT_SCORE_THRESHOLDS.warn;
+    }
+
+    processResponse(responseText, threadID = null) {
+        if (!responseText || typeof responseText !== "string") return false;
+        const score = this.scoreThreat(responseText);
+        if (score < THREAT_SCORE_THRESHOLDS.warn) return false;
+
+        this._threatScore = Math.min(100, this._threatScore + score * 0.1);
+        this._breaker.signals++;
+        this._responseScores.push({ score, at: Date.now(), threadID });
+        if (this._responseScores.length > 20) this._responseScores.shift();
+
+        if (threadID) {
+            const prev = this._threadRisk.get(String(threadID)) || 0;
+            this._threadRisk.set(String(threadID), Math.min(100, prev + score * 0.3));
+        }
+
+        const level =
+            score >= THREAT_SCORE_THRESHOLDS.trip    ? "trip" :
+            score >= THREAT_SCORE_THRESHOLDS.block   ? "block" :
+            score >= THREAT_SCORE_THRESHOLDS.throttle? "throttle" : "warn";
+
+        warn("Shield", `Threat detected [score:${score}, level:${level}] (signals:${this._breaker.signals}/${this._breaker.maxSignals})`);
+
+        if (level === "trip" || this._breaker.signals >= this._breaker.maxSignals) {
+            if (!this._breaker.tripped) this.tripCircuitBreaker(`threat_level_${level}`, this._breaker.cooldown);
+        }
+        return true;
+    }
+
+    tripCircuitBreaker(reason = "unknown", cooldown = null) {
+        this._breaker.tripped    = true;
+        this._breaker.at         = Date.now();
+        this._breaker.signals    = Math.max(this._breaker.signals, 1);
+        this._breaker.lastSignal = reason;
+        this._breaker.totalTrips++;
+        this._breaker.history.push({ reason, at: Date.now(), cooldown });
+        if (this._breaker.history.length > 20) this._breaker.history.shift();
+        const cd = cooldown ?? this._breaker.cooldown;
+        warn("Shield", `Circuit breaker TRIPPED — reason: ${reason} — cooldown: ${Math.round(cd / 60_000)}min`);
+        setTimeout(() => {
+            this.resetCircuitBreaker();
+            log("Shield", "Circuit breaker auto-reset after cooldown");
+        }, cd);
+    }
+
+    resetCircuitBreaker() {
+        this._breaker.tripped    = false;
+        this._breaker.signals    = 0;
+        this._breaker.at         = null;
+        this._threatScore        = Math.max(0, this._threatScore - 20);
+        log("Shield", "Circuit breaker reset");
+    }
+
+    isCircuitBreakerTripped() { return this._breaker.tripped; }
+
+    getThreadRisk(threadID)   { return this._threadRisk.get(String(threadID)) || 0; }
+
+    isDailyLimitReached()     { return this._daily.sent >= this._daily.max; }
+    isHourlyLimitReached()    { return this._hourly.count >= this._effectiveHourlyLimit(); }
+    isBurstLimitReached()     {
+        if (Date.now() - this._burstStart > this._burstWindow) { this._burst = 0; this._burstStart = Date.now(); }
+        return this._burst >= this._burstLimit;
+    }
+
+    setDailyLimit(n)  { if (typeof n === "number" && n > 0) this._daily.max  = n; }
+    setHourlyLimit(n) { if (typeof n === "number" && n > 0) this._hourly.max = n; }
+    setBurstLimit(n)  { if (typeof n === "number" && n > 0) this._burstLimit  = n; }
+
+    async addSmartDelay(threadID = null) {
+        if (this.isCircuitBreakerTripped()) {
+            const remaining = Math.max(0, (this._breaker.at + this._breaker.cooldown) - Date.now());
+            warn("Shield", `Circuit breaker active — waiting ${Math.round(remaining / 1000)}s`);
+            await new Promise(r => setTimeout(r, Math.min(remaining, 30_000)));
+            return;
+        }
+
+        const now = Date.now();
+
+        if (threadID) {
+            const last = this._threadLastMsg.get(String(threadID));
+            if (last && now - last < this._threadDelay) {
+                const threadWait = this._threadDelay - (now - last) + _jitter(200);
+                await new Promise(r => setTimeout(r, threadWait));
+            }
+            this._threadLastMsg.set(String(threadID), Date.now());
+        }
+
+        const risk   = this.getThreadRisk(threadID);
+        const riskMs = Math.floor(risk * 10);
+        let   base   = this._msgDelay + riskMs;
+
+        if (this._warmup.active) base = Math.max(base, 500);
+        if (this._threatScore > 30) base = Math.floor(base * (1 + this._threatScore / 100));
+        if (this._consecutive > 5)  base = Math.floor(base * (1 + this._consecutive * 0.05));
+
+        const jitter = _jitter(150);
+        if (base + jitter > 0) await new Promise(r => setTimeout(r, base + jitter));
+
+        this._burst++;
+        this._daily.sent++;
+        this._hourly.count++;
+        this._totalSent++;
+        this._consecutive++;
+
+        if (this._burst > this._burstLimit) this._consecutive = 0;
+        if (Date.now() - this._burstStart > this._burstWindow) {
+            this._burst = 0;
+            this._burstStart = Date.now();
+            this._consecutive = 0;
+        }
+
+        if (threadID) {
+            const ts = this._daily.perThread.get(String(threadID)) || { count: 0 };
+            ts.count++;
+            ts.last = Date.now();
+            this._daily.perThread.set(String(threadID), ts);
+        }
+    }
+
+    async simulateTyping(threadID, charCount = 0) {
+        const WPM    = 180 + _jitter(80);
+        const chars  = Math.max(charCount, 1);
+        const words  = chars / 5;
+        const base   = Math.round((words / WPM) * 60_000);
+        const jitter = _jitter(400);
+        return Math.max(350, Math.min(base + jitter, 5_000));
+    }
+
+    async prepareBeforeMessage(threadID, body = "") {
+        if (this.isDailyLimitReached())  warn("Shield", `Daily limit reached (${this._daily.sent}/${this._daily.max})`);
+        if (this.isHourlyLimitReached()) warn("Shield", `Hourly limit reached (${this._hourly.count}/${this._effectiveHourlyLimit()})`);
+        await this.addSmartDelay(threadID);
+    }
+
+    getBehaviorProfile() {
+        return {
+            circuitBreakerTripped: this._breaker.tripped,
+            totalSignals:          this._breaker.signals,
+            totalTrips:            this._breaker.totalTrips,
+            threatScore:           Math.round(this._threatScore),
+            warmupActive:          this._warmup.active,
+            dailySent:             this._daily.sent,
+            dailyMax:              this._daily.max,
+            hourlySent:            this._hourly.count,
+            hourlyMax:             this._effectiveHourlyLimit(),
+            burstCount:            this._burst,
+            burstLimit:            this._burstLimit,
+            consecutiveMsgs:       this._consecutive,
+            uptime:                Date.now() - this._sessionStart,
+            totalSent:             this._totalSent,
+        };
+    }
+
+    getStatus()  { return this.getBehaviorProfile(); }
+    getConfig()  { return this.getBehaviorProfile(); }
+
+    detectSuspensionSignal(text) { return this.detectThreatSignal(text); }
+}
+
+function _jitter(max) { return Math.floor(Math.random() * max); }
+
+const globalShield        = new Shield();
+const globalAntiSuspension = globalShield;
+
+module.exports = { Shield, globalShield, globalAntiSuspension };

package/phantom/datastore/models/matrix/headers.js

@@ -0,0 +1,193 @@
+"use strict";
+
+const { generateIdentityByMode } = require("./identity");
+
+const LOCALES = [
+    "en-US,en;q=0.9",
+    "en-GB,en;q=0.9,en-US;q=0.8",
+    "en-US,en;q=0.9,es;q=0.8",
+    "en-US,en;q=0.9,fr;q=0.8",
+    "en-CA,en;q=0.9,fr;q=0.8",
+    "en-AU,en;q=0.9,en-GB;q=0.8",
+    "en-IN,en;q=0.9,hi;q=0.8",
+    "en-US,en;q=0.9,de;q=0.8",
+    "en-US,en;q=0.9,ja;q=0.7",
+    "en-US,en;q=0.9,ko;q=0.7",
+];
+
+const TIMEZONES = [
+    -720, -660, -600, -570, -540, -480, -420, -360, -300, -240,
+    -210, -180, -120, -60, 0, 60, 120, 180, 210, 240,
+    270, 300, 330, 345, 360, 390, 420, 480, 525, 540,
+    570, 600, 630, 660, 720,
+];
+
+const DPR_VALUES   = ["1", "1.25", "1.5", "2", "2.5", "3"];
+const VIEWPORTS    = ["1280", "1366", "1440", "1536", "1600", "1920", "2560"];
+
+function getRandomLocale()   { return LOCALES[Math.floor(Math.random() * LOCALES.length)]; }
+function getRandomTimezone() { return TIMEZONES[Math.floor(Math.random() * TIMEZONES.length)]; }
+function getRandomDpr()      { return DPR_VALUES[Math.floor(Math.random() * DPR_VALUES.length)]; }
+function getRandomViewport() { return VIEWPORTS[Math.floor(Math.random() * VIEWPORTS.length)]; }
+
+function sanitizeVal(v) {
+    if (v == null) return "";
+    let s = String(v);
+    if (s.trim().startsWith("[") && s.trim().endsWith("]")) {
+        try { if (Array.isArray(JSON.parse(s))) return ""; } catch (_) {}
+    }
+    return s.replace(/[\x00-\x08\x0A-\x1F\x7F\r\n\[\]]/g, "").trim();
+}
+
+function sanitize(hdrs) {
+    const out = {};
+    for (const [k, v] of Object.entries(hdrs)) {
+        if (!k || typeof k !== "string") continue;
+        const ck = k.replace(/[^\x21-\x7E]/g, "").trim();
+        if (!ck) continue;
+        const cv = sanitizeVal(v);
+        if (cv !== "") out[ck] = cv;
+    }
+    return out;
+}
+
+function _getHost(url) {
+    try { return new URL(url).hostname; } catch (_) { return "www.facebook.com"; }
+}
+
+function _getOrigin(url) {
+    try { const u = new URL(url); return `${u.protocol}//${u.host}`; } catch (_) { return "https://www.facebook.com"; }
+}
+
+function buildAndroidHeaders(url, opts, ctx, custom) {
+    const id     = generateIdentityByMode("android", opts || {});
+    const ua     = opts?.cachedAndroidUA || id.userAgent;
+    const host   = _getHost(url);
+    const locale = opts?.cachedLocale || getRandomLocale();
+
+    const h = {
+        "Content-Type":     "application/x-www-form-urlencoded",
+        "Host":             host,
+        "Connection":       "keep-alive",
+        "User-Agent":       ua,
+        "Accept":           "*/*",
+        "Accept-Language":  locale.split(",")[0].trim(),
+        "Accept-Encoding":  "gzip, deflate",
+        "X-FB-HTTP-Engine": "Liger",
+        "X-FB-Client-IP":   "True",
+        "X-FB-Server-Cluster": "True",
+    };
+
+    if (id.resolution) h["X-FB-Client-Density"] = String(id.resolution.density || "2");
+    if (ctx) {
+        if (ctx.lsd || ctx.fb_dtsg) h["X-Fb-Lsd"]     = ctx.lsd || ctx.fb_dtsg;
+        if (ctx.region)             h["X-MSGR-Region"] = ctx.region;
+        if (ctx.__spin_r)           h["X-Fb-Spin-R"]   = String(ctx.__spin_r);
+        if (ctx.__spin_b)           h["X-Fb-Spin-B"]   = String(ctx.__spin_b);
+        if (ctx.__spin_t)           h["X-Fb-Spin-T"]   = String(ctx.__spin_t);
+    }
+    if (custom) { Object.assign(h, custom); if (custom.noRef) delete h.Referer; }
+    return sanitize(h);
+}
+
+function buildDesktopHeaders(url, opts, ctx, custom, reqType = "navigate") {
+    const id     = generateIdentityByMode("desktop", opts || {});
+    const host   = _getHost(url);
+    const origin = _getOrigin(url);
+    const isXhr  = reqType === "xhr";
+    const locale = opts?.cachedLocale || getRandomLocale();
+    const tz     = opts?.cachedTimezone || getRandomTimezone();
+    const dpr    = getRandomDpr();
+    const vp     = getRandomViewport();
+
+    const ua      = opts?.cachedUserAgent              || id.userAgent;
+    const chUa    = opts?.cachedSecChUa                || id.secChUa;
+    const chFvl   = opts?.cachedSecChUaFullVersionList  || id.secChUaFullVersionList;
+    const chPlat  = opts?.cachedSecChUaPlatform        || id.secChUaPlatform;
+    const chPlatV = opts?.cachedSecChUaPlatformVersion || id.secChUaPlatformVersion;
+
+    const h = {
+        "Accept":          isXhr
+            ? "application/json, text/plain, */*"
+            : "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
+        "Accept-Encoding": "gzip, deflate, br, zstd",
+        "Accept-Language": locale,
+        "Cache-Control":   "no-cache",
+        "Connection":      "keep-alive",
+        "DNT":             "1",
+        "Dpr":             dpr,
+        "Host":            host,
+        "Pragma":          "no-cache",
+        "Referer":         `${origin}/`,
+        "Sec-Ch-Prefers-Color-Scheme": "light",
+        "Sec-Ch-Ua":                   chUa,
+        "Sec-Ch-Ua-Full-Version-List": chFvl,
+        "Sec-Ch-Ua-Mobile":            "?0",
+        "Sec-Ch-Ua-Model":             '""',
+        "Sec-Ch-Ua-Platform":          chPlat,
+        "Sec-Ch-Ua-Platform-Version":  chPlatV,
+        "Sec-Fetch-Dest":              isXhr ? "empty" : "document",
+        "Sec-Fetch-Mode":              isXhr ? "cors"  : "navigate",
+        "Sec-Fetch-Site":              isXhr ? "same-origin" : "none",
+        "Sec-Fetch-User":              isXhr ? undefined : "?1",
+        "User-Agent":                  ua,
+        "Viewport-Width":              vp,
+        "Width":                       vp,
+        "X-FB-Timezone-Offset":        String(tz * 60),
+    };
+
+    if (chPlat) {
+        const platStr = chPlat.toLowerCase();
+        if (platStr.includes("windows")) {
+            h["Sec-Ch-Ua-Arch"]    = '"x86"';
+            h["Sec-Ch-Ua-Bitness"] = '"64"';
+            h["Sec-Ch-Ua-Wow64"]   = "?0";
+        } else if (platStr.includes("macos")) {
+            h["Sec-Ch-Ua-Arch"]    = '"arm"';
+            h["Sec-Ch-Ua-Bitness"] = '"64"';
+        } else if (platStr.includes("linux")) {
+            h["Sec-Ch-Ua-Arch"]    = '"x86"';
+            h["Sec-Ch-Ua-Bitness"] = '"64"';
+        }
+    }
+
+    if (isXhr) {
+        h["Origin"]           = origin;
+        h["X-Requested-With"] = "XMLHttpRequest";
+    }
+
+    if (ctx) {
+        if (ctx.lsd)      h["X-Fb-Lsd"]      = ctx.lsd;
+        if (ctx.region)   h["X-MSGR-Region"]  = ctx.region;
+        if (ctx.__spin_r) h["X-Fb-Spin-R"]    = String(ctx.__spin_r);
+        if (ctx.__spin_b) h["X-Fb-Spin-B"]    = String(ctx.__spin_b);
+        if (ctx.__spin_t) h["X-Fb-Spin-T"]    = String(ctx.__spin_t);
+    }
+
+    if (custom) {
+        Object.assign(h, custom);
+        if (custom.noRef) delete h.Referer;
+    }
+
+    return sanitize(h);
+}
+
+function getHeaders(url, opts, ctx, custom, reqType = "navigate") {
+    const mode = opts?.persona || "desktop";
+    if (mode === "android" || mode === "mobile") {
+        return buildAndroidHeaders(url, opts, ctx, custom);
+    }
+    return buildDesktopHeaders(url, opts, ctx, custom, reqType);
+}
+
+module.exports = {
+    getHeaders,
+    buildDesktopHeaders,
+    buildAndroidHeaders,
+    getRandomLocale,
+    getRandomTimezone,
+    getRandomDpr,
+    getRandomViewport,
+    sanitizeHeaderValue: sanitizeVal,
+    sanitizeHeaders:     sanitize,
+};