nexus-fca 3.1.0 → 3.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +31 -1
- package/lib/safety/FacebookSafety.js +64 -28
- package/lib/safety/StealthMode.js +122 -0
- package/package.json +1 -1
package/index.js
CHANGED
|
@@ -76,7 +76,7 @@ const globalSafety = new FacebookSafety({
|
|
|
76
76
|
enableLoginValidation: true,
|
|
77
77
|
enableSafeDelays: true, // Human-like delays to reduce detection
|
|
78
78
|
bypassRegionLock: true,
|
|
79
|
-
ultraLowBanMode:
|
|
79
|
+
ultraLowBanMode: true // FORCED ULTRA-SAFE MODE for maximum protection
|
|
80
80
|
});
|
|
81
81
|
|
|
82
82
|
let checkVerified = null;
|
|
@@ -304,6 +304,36 @@ function buildAPI(globalOptions, html, jar) {
|
|
|
304
304
|
}
|
|
305
305
|
};
|
|
306
306
|
const defaultFuncs = utils.makeDefaults(html, i_userID || userID, ctx);
|
|
307
|
+
|
|
308
|
+
// ULTRA-SAFE WRAPPER: Throttle ALL API calls, not just sendMessage
|
|
309
|
+
const originalPost = defaultFuncs.post;
|
|
310
|
+
const originalPostFormData = defaultFuncs.postFormData;
|
|
311
|
+
const originalGet = defaultFuncs.get;
|
|
312
|
+
|
|
313
|
+
defaultFuncs.post = async function(...args) {
|
|
314
|
+
if (globalSafety && typeof globalSafety.applyAdaptiveSendDelay === 'function') {
|
|
315
|
+
await globalSafety.applyAdaptiveSendDelay();
|
|
316
|
+
}
|
|
317
|
+
return originalPost.apply(this, args);
|
|
318
|
+
};
|
|
319
|
+
|
|
320
|
+
defaultFuncs.postFormData = async function(...args) {
|
|
321
|
+
if (globalSafety && typeof globalSafety.applyAdaptiveSendDelay === 'function') {
|
|
322
|
+
await globalSafety.applyAdaptiveSendDelay();
|
|
323
|
+
}
|
|
324
|
+
return originalPostFormData.apply(this, args);
|
|
325
|
+
};
|
|
326
|
+
|
|
327
|
+
// We don't throttle GET as much, but maybe a little?
|
|
328
|
+
// Actually, let's throttle everything for "Most Safe" mode.
|
|
329
|
+
defaultFuncs.get = async function(...args) {
|
|
330
|
+
if (globalSafety && typeof globalSafety.applyAdaptiveSendDelay === 'function') {
|
|
331
|
+
// Use a lighter delay for GETs if needed, but for now use the same safe pipeline
|
|
332
|
+
await globalSafety.applyAdaptiveSendDelay();
|
|
333
|
+
}
|
|
334
|
+
return originalGet.apply(this, args);
|
|
335
|
+
};
|
|
336
|
+
|
|
307
337
|
require("fs")
|
|
308
338
|
.readdirSync(__dirname + "/src/")
|
|
309
339
|
.filter((v) => v.endsWith(".js"))
|
|
@@ -6,6 +6,7 @@
|
|
|
6
6
|
const crypto = require('crypto');
|
|
7
7
|
const fs = require('fs');
|
|
8
8
|
const path = require('path');
|
|
9
|
+
const StealthMode = require('./StealthMode');
|
|
9
10
|
|
|
10
11
|
class FacebookSafety {
|
|
11
12
|
constructor(options = {}) {
|
|
@@ -23,15 +24,29 @@ class FacebookSafety {
|
|
|
23
24
|
...options
|
|
24
25
|
};
|
|
25
26
|
|
|
26
|
-
//
|
|
27
|
+
// Initialize Stealth Mode
|
|
28
|
+
this.stealthMode = new StealthMode({
|
|
29
|
+
maxRequestsPerMinute: this.options.ultraLowBanMode ? 3 : 10,
|
|
30
|
+
enableRandomPauses: true,
|
|
31
|
+
pauseProbability: this.options.ultraLowBanMode ? 0.08 : 0.02,
|
|
32
|
+
minPauseMinutes: 3,
|
|
33
|
+
maxPauseMinutes: 10
|
|
34
|
+
});
|
|
35
|
+
|
|
36
|
+
// ULTRA-SAFE user agents - Most common real browsers (Nov 2025)
|
|
37
|
+
// These are the MOST COMMON UAs to blend in with real users
|
|
27
38
|
this.safeUserAgents = [
|
|
28
|
-
|
|
29
|
-
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/
|
|
30
|
-
'Mozilla/5.0 (Windows NT 10.0; Win64; x64
|
|
31
|
-
|
|
32
|
-
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/
|
|
39
|
+
// Chrome Windows (most common)
|
|
40
|
+
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36',
|
|
41
|
+
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36',
|
|
42
|
+
// Edge Windows (very common)
|
|
43
|
+
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0',
|
|
44
|
+
// Chrome Mac (common)
|
|
45
|
+
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36',
|
|
46
|
+
// Safari Mac (very common for Mac users)
|
|
47
|
+
'Mozilla/5.0 (Macintosh; Intel Mac OS X 14_7_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1 Safari/605.1.15'
|
|
33
48
|
];
|
|
34
|
-
// NEW: fixed user agent anchor (set once per session)
|
|
49
|
+
// NEW: fixed user agent anchor (set once per session) - NEVER CHANGE during session!
|
|
35
50
|
this._fixedUA = null;
|
|
36
51
|
|
|
37
52
|
this.safeDomains = [
|
|
@@ -43,11 +58,13 @@ class FacebookSafety {
|
|
|
43
58
|
this.regions = ['ASH', 'ATL', 'DFW', 'ORD', 'PHX', 'SJC', 'IAD'];
|
|
44
59
|
this.currentRegion = this.regions[Math.floor(Math.random() * this.regions.length)];
|
|
45
60
|
|
|
61
|
+
// ULTRA-SAFE human delay patterns - Much slower to avoid detection
|
|
46
62
|
this.humanDelayPatterns = {
|
|
47
|
-
typing: { min:
|
|
48
|
-
reading: { min:
|
|
49
|
-
thinking: { min:
|
|
50
|
-
browsing: { min:
|
|
63
|
+
typing: { min: 1500, max: 3500 }, // Slower typing (1.5-3.5s)
|
|
64
|
+
reading: { min: 3000, max: 8000 }, // Longer reading time (3-8s)
|
|
65
|
+
thinking: { min: 5000, max: 15000 }, // Much longer thinking (5-15s)
|
|
66
|
+
browsing: { min: 2000, max: 5000 }, // Slower browsing (2-5s)
|
|
67
|
+
messageDelay: { min: 8000, max: 20000 } // 8-20s between messages!
|
|
51
68
|
};
|
|
52
69
|
|
|
53
70
|
this.sessionMetrics = {
|
|
@@ -150,17 +167,25 @@ class FacebookSafety {
|
|
|
150
167
|
}
|
|
151
168
|
|
|
152
169
|
/**
|
|
153
|
-
* Generate human-like delay patterns
|
|
170
|
+
* Generate human-like delay patterns - ULTRA SAFE VERSION
|
|
154
171
|
*/
|
|
155
172
|
getHumanDelay(action = 'browsing') {
|
|
156
|
-
if (!this.options.enableSafeDelays) return
|
|
173
|
+
if (!this.options.enableSafeDelays) return 5000; // Minimum 5s even if disabled!
|
|
157
174
|
|
|
158
175
|
const pattern = this.humanDelayPatterns[action] || this.humanDelayPatterns.browsing;
|
|
159
176
|
const baseDelay = Math.random() * (pattern.max - pattern.min) + pattern.min;
|
|
160
177
|
|
|
161
|
-
// Add randomness to make it
|
|
162
|
-
const variation = baseDelay * 0.
|
|
163
|
-
|
|
178
|
+
// Add MORE randomness to make it VERY human-like
|
|
179
|
+
const variation = baseDelay * 0.4 * (Math.random() - 0.5); // ±40% variation
|
|
180
|
+
const jitter = Math.random() * 2000; // Add 0-2s random jitter
|
|
181
|
+
|
|
182
|
+
// Risk-based multiplier - slow down even more if high risk
|
|
183
|
+
const riskMultiplier = this.sessionMetrics.riskLevel === 'high' ? 2.5 :
|
|
184
|
+
this.sessionMetrics.riskLevel === 'medium' ? 1.8 : 1.3;
|
|
185
|
+
|
|
186
|
+
const finalDelay = (baseDelay + variation + jitter) * riskMultiplier;
|
|
187
|
+
|
|
188
|
+
return Math.max(3000, Math.floor(finalDelay)); // Minimum 3 seconds!
|
|
164
189
|
}
|
|
165
190
|
|
|
166
191
|
/**
|
|
@@ -267,7 +292,7 @@ class FacebookSafety {
|
|
|
267
292
|
}
|
|
268
293
|
|
|
269
294
|
/**
|
|
270
|
-
* Setup safe token refresh intervals
|
|
295
|
+
* Setup safe token refresh intervals - ULTRA SAFE VERSION
|
|
271
296
|
*/
|
|
272
297
|
setupSafeRefresh() {
|
|
273
298
|
// Replace previous interval/timer to avoid stacking
|
|
@@ -279,20 +304,25 @@ class FacebookSafety {
|
|
|
279
304
|
clearTimeout(this._safeRefreshTimer);
|
|
280
305
|
this._safeRefreshTimer = null;
|
|
281
306
|
}
|
|
282
|
-
//
|
|
283
|
-
// Previous risk-tier windows (25–60m) replaced per instruction.
|
|
307
|
+
// MAXIMUM STEALTH: Very long refresh intervals (4-8 hours!)
|
|
284
308
|
const schedule = () => {
|
|
285
309
|
if (this._destroyed) return;
|
|
286
|
-
// Base window 3h–5h. If risk escalates HIGH, clamp to 1h–1.5h for safety.
|
|
287
310
|
let minMs, maxMs;
|
|
288
311
|
if (this.sessionMetrics.riskLevel === 'high') {
|
|
289
|
-
|
|
290
|
-
|
|
291
|
-
|
|
312
|
+
// High risk: 2-3 hours (still slow to avoid detection)
|
|
313
|
+
minMs = 2 * 60 * 60 * 1000; // 2h
|
|
314
|
+
maxMs = 3 * 60 * 60 * 1000; // 3h
|
|
315
|
+
} else if (this.sessionMetrics.riskLevel === 'medium') {
|
|
316
|
+
// Medium risk: 3-5 hours
|
|
292
317
|
minMs = 3 * 60 * 60 * 1000; // 3h
|
|
293
318
|
maxMs = 5 * 60 * 60 * 1000; // 5h
|
|
319
|
+
} else {
|
|
320
|
+
// Low risk: 4-8 hours (maximum stealth!)
|
|
321
|
+
minMs = 4 * 60 * 60 * 1000; // 4h
|
|
322
|
+
maxMs = 8 * 60 * 60 * 1000; // 8h
|
|
294
323
|
}
|
|
295
324
|
const interval = minMs + Math.random() * (maxMs - minMs);
|
|
325
|
+
console.log(`🔒 Next token refresh in ${Math.floor(interval / (60 * 60 * 1000))}h ${Math.floor((interval % (60 * 60 * 1000)) / (60 * 1000))}m (ultra-safe mode)`);
|
|
296
326
|
const t = setTimeout(async () => {
|
|
297
327
|
await this.refreshSafeSession();
|
|
298
328
|
schedule();
|
|
@@ -438,22 +468,22 @@ class FacebookSafety {
|
|
|
438
468
|
this._periodicRecycleTimer = t;
|
|
439
469
|
}
|
|
440
470
|
|
|
441
|
-
// Heartbeat ping & watchdog
|
|
471
|
+
// Heartbeat ping & watchdog - ULTRA SAFE VERSION
|
|
442
472
|
_startHeartbeat() {
|
|
443
473
|
if (this._heartbeatTimer) clearInterval(this._heartbeatTimer);
|
|
444
474
|
if (this._watchdogTimer) clearInterval(this._watchdogTimer);
|
|
445
475
|
if (this._destroyed) return;
|
|
446
|
-
//
|
|
476
|
+
// MAXIMUM STEALTH: Much slower heartbeat (2-3 minutes!)
|
|
447
477
|
this._heartbeatTimer = setInterval(() => {
|
|
448
478
|
if (this._destroyed) return;
|
|
449
479
|
try {
|
|
450
480
|
if (this.ctx && this.ctx.mqttClient && this.ctx.mqttClient.connected) {
|
|
481
|
+
// Only ping, don't publish foreground state (less detectable)
|
|
451
482
|
if (this.ctx.mqttClient.ping) this.ctx.mqttClient.ping();
|
|
452
|
-
try { this.ctx.mqttClient.publish('/foreground_state', JSON.stringify({ foreground: true })); } catch(_) {}
|
|
453
483
|
this.safetyEmit('heartbeat', { ts: Date.now() });
|
|
454
484
|
}
|
|
455
485
|
} catch(_) {}
|
|
456
|
-
}, (
|
|
486
|
+
}, (120 + Math.random()*60) * 1000); // 2-3 minutes!
|
|
457
487
|
this._watchdogTimer = setInterval(() => {
|
|
458
488
|
if (this._destroyed) return;
|
|
459
489
|
const idle = Date.now() - this._lastEventTs;
|
|
@@ -777,7 +807,13 @@ class FacebookSafety {
|
|
|
777
807
|
return Math.floor(min + Math.random()*(max-min));
|
|
778
808
|
}
|
|
779
809
|
|
|
780
|
-
applyAdaptiveSendDelay(){
|
|
810
|
+
async applyAdaptiveSendDelay(){
|
|
811
|
+
// First, check Stealth Mode limits (rate limiting & pauses)
|
|
812
|
+
if (this.stealthMode) {
|
|
813
|
+
await this.stealthMode.waitIfNeeded();
|
|
814
|
+
}
|
|
815
|
+
|
|
816
|
+
// Then apply adaptive delay based on risk
|
|
781
817
|
const d = this.computeAdaptiveSendDelay();
|
|
782
818
|
if (!d) return Promise.resolve();
|
|
783
819
|
return new Promise(r=> setTimeout(r, d));
|
|
@@ -0,0 +1,122 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Nexus-FCA Stealth Mode - Human Behavior Simulation
|
|
3
|
+
* Implements strict rate limiting and human-like pauses to prevent bans.
|
|
4
|
+
*/
|
|
5
|
+
|
|
6
|
+
class StealthMode {
|
|
7
|
+
constructor(options = {}) {
|
|
8
|
+
this.options = {
|
|
9
|
+
maxRequestsPerMinute: 3, // Very low limit for safety
|
|
10
|
+
enableRandomPauses: true,
|
|
11
|
+
pauseProbability: 0.05, // 5% chance to take a break after each action
|
|
12
|
+
minPauseMinutes: 5,
|
|
13
|
+
maxPauseMinutes: 15,
|
|
14
|
+
dailyRequestLimit: 500, // Hard limit per day
|
|
15
|
+
...options
|
|
16
|
+
};
|
|
17
|
+
|
|
18
|
+
this.requestHistory = [];
|
|
19
|
+
this.dailyCount = 0;
|
|
20
|
+
this.lastReset = Date.now();
|
|
21
|
+
this.inPause = false;
|
|
22
|
+
this.pauseUntil = 0;
|
|
23
|
+
}
|
|
24
|
+
|
|
25
|
+
/**
|
|
26
|
+
* Check if we can proceed with a request
|
|
27
|
+
* Returns { allowed: boolean, waitMs: number, reason: string }
|
|
28
|
+
*/
|
|
29
|
+
canProceed() {
|
|
30
|
+
const now = Date.now();
|
|
31
|
+
|
|
32
|
+
// Check if we are in a forced pause
|
|
33
|
+
if (this.inPause) {
|
|
34
|
+
if (now < this.pauseUntil) {
|
|
35
|
+
return {
|
|
36
|
+
allowed: false,
|
|
37
|
+
waitMs: this.pauseUntil - now,
|
|
38
|
+
reason: 'Human pause active'
|
|
39
|
+
};
|
|
40
|
+
}
|
|
41
|
+
this.inPause = false;
|
|
42
|
+
}
|
|
43
|
+
|
|
44
|
+
// Reset daily limit if it's a new day
|
|
45
|
+
if (now - this.lastReset > 24 * 60 * 60 * 1000) {
|
|
46
|
+
this.dailyCount = 0;
|
|
47
|
+
this.lastReset = now;
|
|
48
|
+
}
|
|
49
|
+
|
|
50
|
+
// Check daily limit
|
|
51
|
+
if (this.dailyCount >= this.options.dailyRequestLimit) {
|
|
52
|
+
return {
|
|
53
|
+
allowed: false,
|
|
54
|
+
waitMs: 60 * 60 * 1000, // Wait an hour before checking again (or stop)
|
|
55
|
+
reason: 'Daily limit reached'
|
|
56
|
+
};
|
|
57
|
+
}
|
|
58
|
+
|
|
59
|
+
// Clean up old history (older than 1 minute)
|
|
60
|
+
this.requestHistory = this.requestHistory.filter(ts => now - ts < 60000);
|
|
61
|
+
|
|
62
|
+
// Check rate limit
|
|
63
|
+
if (this.requestHistory.length >= this.options.maxRequestsPerMinute) {
|
|
64
|
+
// Calculate when the oldest request expires
|
|
65
|
+
const oldest = this.requestHistory[0];
|
|
66
|
+
const waitMs = 60000 - (now - oldest) + 1000; // +1s buffer
|
|
67
|
+
return {
|
|
68
|
+
allowed: false,
|
|
69
|
+
waitMs: waitMs,
|
|
70
|
+
reason: 'Rate limit exceeded'
|
|
71
|
+
};
|
|
72
|
+
}
|
|
73
|
+
|
|
74
|
+
return { allowed: true, waitMs: 0 };
|
|
75
|
+
}
|
|
76
|
+
|
|
77
|
+
/**
|
|
78
|
+
* Record a request and potentially trigger a random pause
|
|
79
|
+
*/
|
|
80
|
+
recordAction() {
|
|
81
|
+
const now = Date.now();
|
|
82
|
+
this.requestHistory.push(now);
|
|
83
|
+
this.dailyCount++;
|
|
84
|
+
|
|
85
|
+
// Random pause trigger
|
|
86
|
+
if (this.options.enableRandomPauses && Math.random() < this.options.pauseProbability) {
|
|
87
|
+
this.triggerRandomPause();
|
|
88
|
+
}
|
|
89
|
+
}
|
|
90
|
+
|
|
91
|
+
/**
|
|
92
|
+
* Trigger a random "coffee break" pause
|
|
93
|
+
*/
|
|
94
|
+
triggerRandomPause() {
|
|
95
|
+
const minMs = this.options.minPauseMinutes * 60 * 1000;
|
|
96
|
+
const maxMs = this.options.maxPauseMinutes * 60 * 1000;
|
|
97
|
+
const duration = Math.floor(Math.random() * (maxMs - minMs)) + minMs;
|
|
98
|
+
|
|
99
|
+
this.inPause = true;
|
|
100
|
+
this.pauseUntil = Date.now() + duration;
|
|
101
|
+
|
|
102
|
+
console.log(`☕ Stealth Mode: Taking a human break for ${Math.floor(duration / 60000)} minutes...`);
|
|
103
|
+
}
|
|
104
|
+
|
|
105
|
+
/**
|
|
106
|
+
* Wait until it's safe to proceed
|
|
107
|
+
*/
|
|
108
|
+
async waitIfNeeded() {
|
|
109
|
+
while (true) {
|
|
110
|
+
const status = this.canProceed();
|
|
111
|
+
if (status.allowed) {
|
|
112
|
+
this.recordAction();
|
|
113
|
+
return;
|
|
114
|
+
}
|
|
115
|
+
|
|
116
|
+
console.log(`🛡️ Stealth Mode: Waiting ${Math.ceil(status.waitMs / 1000)}s (${status.reason})`);
|
|
117
|
+
await new Promise(resolve => setTimeout(resolve, status.waitMs));
|
|
118
|
+
}
|
|
119
|
+
}
|
|
120
|
+
}
|
|
121
|
+
|
|
122
|
+
module.exports = StealthMode;
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "nexus-fca",
|
|
3
|
-
"version": "3.1.
|
|
3
|
+
"version": "3.1.1",
|
|
4
4
|
"description": "Nexus-FCA 3.1 – THE BEST, SAFEST, MOST STABLE Facebook Messenger API! Email/password + appState login, proxy support (HTTP/HTTPS/SOCKS5), random user agent, proactive cookie refresh, MQTT stability, session protection, and TypeScript support.",
|
|
5
5
|
"main": "index.js",
|
|
6
6
|
"repository": {
|