nodejs-insta-private-api-mqtt 1.1.7 → 1.1.8

package/README.md

@@ -4,7 +4,7 @@ I post many versions of the project because Instagram changes the protocol almos
 
 
 
-# nodejs-insta-private-api
+# nodejs-insta-private-api-mqtt
 
 This project implements a complete and production-ready MQTT protocol client for Instagram's real-time messaging infrastructure. Instagram uses MQTT natively for direct messages, notifications, and real-time presence updates. This library replicates that exact implementation, allowing developers to build high-performance bots and automation tools that communicate with Instagram's backend using the same protocol the official app uses.
 

package/dist/core/client.js

@@ -72,10 +72,61 @@ class IgApiClient extends EventEmitter {
    * NOTE: removed automatic realtime connection attempt.
    */
   async login(credentials) {
+    // ANTI-BOT: Automatically simulate app launch if not already done recently
+    if (this.state.deviceId) {
+       try { 
+         await this.simulateAppStart(); 
+         // Real behavior: fetch contact permissions, explore, etc.
+         await this.simulateAndroidBehavior();
+       } catch (e) {}
+       await new Promise(resolve => setTimeout(resolve, 3000));
+    }
     const result = await this.account.login(credentials);
     return result;
   }
 
+  /**
+   * Additional Android-specific behavior simulation
+   */
+  async simulateAndroidBehavior() {
+    if (this.state.verbose) console.log('[Anti-Bot] Simulating Android-specific background behaviors...');
+    
+    // 0. Pre-login notification suppression / Trust signal
+    try {
+      await this.request.send({
+        url: '/api/v1/accounts/get_presence_disabled/',
+        method: 'GET',
+      });
+    } catch (e) {}
+
+    // 1. Fetch Contact Permission (often requested on start/login)
+    try {
+      await this.request.send({
+        url: '/api/v1/accounts/contact_point_pref/',
+        method: 'GET',
+      });
+    } catch (e) {}
+
+    // 2. Fetch Zero Rating (Mobile data settings)
+    try {
+      await this.request.send({
+        url: '/api/v1/zero/get_headers/',
+        method: 'GET',
+      });
+    } catch (e) {}
+
+    // 3. Fetch Banyan (Explore/Search context)
+    try {
+      await this.request.send({
+        url: '/api/v1/banyan/banyan/',
+        method: 'GET',
+        qs: {
+          views: '["direct_user_search","direct_search_context","direct_share_sheet"]',
+        },
+      });
+    } catch (e) {}
+  }
+
   async logout() {
     return await this.account.logout();
   }
@@ -116,6 +167,88 @@ class IgApiClient extends EventEmitter {
   // === UTILITY HELPER METHODS
   // -------------------------------
 
+  /**
+   * Simulates the exact sequence of requests an Android device makes when opening the Instagram app.
+   * This should be called BEFORE login to establish the device's presence as a legitimate app instance.
+   */
+  async simulateAppStart() {
+    if (this.state.verbose) console.log('[Anti-Bot] Starting Android App Launch Simulation...');
+    
+    // 1. Emulate Launcher Sync (Fetching app configuration)
+    // This tells Instagram "I am opening the app and checking for feature flags"
+    try {
+      await this.request.send({
+        url: '/api/v1/launcher/sync/',
+        method: 'POST',
+        form: {
+          configs: 'ig_android_launcher_sync_config',
+          id: this.state.uuid,
+        },
+      });
+      if (this.state.verbose) console.log('[Anti-Bot] Launcher Sync: OK');
+    } catch (e) {
+      if (this.state.verbose) console.warn('[Anti-Bot] Launcher Sync Failed (Non-fatal):', e.message);
+    }
+
+    // 2. Emulate QE Sync (Quick Experiment Sync)
+    // Instagram apps check for A/B testing experiments on launch
+    try {
+      await this.request.send({
+        url: '/api/v1/qe/sync/',
+        method: 'POST',
+        form: {
+          experiments: 'ig_android_qe_sync_config',
+          id: this.state.uuid,
+        },
+      });
+      if (this.state.verbose) console.log('[Anti-Bot] QE Sync: OK');
+    } catch (e) {
+      if (this.state.verbose) console.warn('[Anti-Bot] QE Sync Failed (Non-fatal):', e.message);
+    }
+
+    // 3. Log Attribution (App Launch Event)
+    // This is crucial. Real apps report "I have launched".
+    try {
+      await this.request.send({
+        url: '/api/v1/attribution/log_attribution/',
+        method: 'POST',
+        form: {
+          adb_ifa: this.state.adsId, // Advertising ID
+          did: this.state.deviceId,
+          event_name: 'app_launch',
+          extra: JSON.stringify({
+            clock_skew: 0,
+          }),
+        },
+      });
+      if (this.state.verbose) console.log('[Anti-Bot] Attribution Logged: OK');
+    } catch (e) {
+      if (this.state.verbose) console.warn('[Anti-Bot] Attribution Log Failed (Non-fatal):', e.message);
+    }
+
+    // 4. Check App Updates (Optional but realistic)
+    // Simulates checking if a new version is available (often happens on launch)
+    if (this.state.verbose) console.log('[Anti-Bot] App Simulation Complete. Ready to Login.');
+  }
+
+  /**
+   * Login -> uses account.login. Returns whatever account.login returns.
+   * NOTE: removed automatic realtime connection attempt.
+   */
+  async login(credentials) {
+    // ANTI-BOT: Automatically simulate app launch if not already done recently
+    // We check if we have a device ID, if so, we run simulation.
+    // Ideally we should track if simulated, but for now we run it on every login call to be safe.
+    if (this.state.deviceId) {
+       await this.simulateAppStart();
+       // Small delay to mimic human speed/app loading time
+       await new Promise(resolve => setTimeout(resolve, 2000));
+    }
+    
+    const result = await this.account.login(credentials);
+    return result;
+  }
+
   /**
    * Generic retry helper for async functions.
    *
@@ -227,6 +360,122 @@ class IgApiClient extends EventEmitter {
     return this.state.verbose;
   }
 
+  /**
+   * Simulates the exact sequence of requests an Android device makes when opening the Instagram app.
+   */
+  async simulateAppStart() {
+    if (this.state.verbose) console.log('[Anti-Bot] Starting Android App Launch Simulation...');
+    
+    // 1. Emulate Launcher Sync
+    try {
+      await this.request.send({
+        url: '/api/v1/launcher/sync/',
+        method: 'POST',
+        form: {
+          configs: 'ig_android_launcher_sync_config',
+          id: this.state.uuid,
+        },
+      });
+      if (this.state.verbose) console.log('[Anti-Bot] Launcher Sync: OK');
+    } catch (e) {
+      if (this.state.verbose) console.warn('[Anti-Bot] Launcher Sync Failed (Non-fatal):', e.message);
+    }
+
+    // 2. Emulate QE Sync
+    try {
+      await this.request.send({
+        url: '/api/v1/qe/sync/',
+        method: 'POST',
+        form: {
+          experiments: 'ig_android_qe_sync_config',
+          id: this.state.uuid,
+        },
+      });
+      if (this.state.verbose) console.log('[Anti-Bot] QE Sync: OK');
+    } catch (e) {
+      if (this.state.verbose) console.warn('[Anti-Bot] QE Sync Failed (Non-fatal):', e.message);
+    }
+
+    // 3. Log Attribution
+    try {
+      await this.request.send({
+        url: '/api/v1/attribution/log_attribution/',
+        method: 'POST',
+        form: {
+          adb_ifa: this.state.adsId,
+          did: this.state.deviceId,
+          event_name: 'app_launch',
+          extra: JSON.stringify({
+            clock_skew: 0,
+          }),
+        },
+      });
+      if (this.state.verbose) console.log('[Anti-Bot] Attribution Logged: OK');
+    } catch (e) {
+      if (this.state.verbose) console.warn('[Anti-Bot] Attribution Log Failed (Non-fatal):', e.message);
+    }
+    
+    if (this.state.verbose) console.log('[Anti-Bot] App Simulation Complete. Ready to Login.');
+  }
+
+  /**
+   * Simulates the exact sequence of requests an Android device makes when opening the Instagram app.
+   */
+  async simulateAppStart() {
+    if (this.state.verbose) console.log('[Anti-Bot] Starting Android App Launch Simulation...');
+    
+    // 1. Emulate Launcher Sync
+    try {
+      await this.request.send({
+        url: '/api/v1/launcher/sync/',
+        method: 'POST',
+        form: {
+          configs: 'ig_android_launcher_sync_config',
+          id: this.state.uuid,
+        },
+      });
+      if (this.state.verbose) console.log('[Anti-Bot] Launcher Sync: OK');
+    } catch (e) {
+      if (this.state.verbose) console.warn('[Anti-Bot] Launcher Sync Failed (Non-fatal):', e.message);
+    }
+
+    // 2. Emulate QE Sync
+    try {
+      await this.request.send({
+        url: '/api/v1/qe/sync/',
+        method: 'POST',
+        form: {
+          experiments: 'ig_android_qe_sync_config',
+          id: this.state.uuid,
+        },
+      });
+      if (this.state.verbose) console.log('[Anti-Bot] QE Sync: OK');
+    } catch (e) {
+      if (this.state.verbose) console.warn('[Anti-Bot] QE Sync Failed (Non-fatal):', e.message);
+    }
+
+    // 3. Log Attribution
+    try {
+      await this.request.send({
+        url: '/api/v1/attribution/log_attribution/',
+        method: 'POST',
+        form: {
+          adb_ifa: this.state.adsId,
+          did: this.state.deviceId,
+          event_name: 'app_launch',
+          extra: JSON.stringify({
+            clock_skew: 0,
+          }),
+        },
+      });
+      if (this.state.verbose) console.log('[Anti-Bot] Attribution Logged: OK');
+    } catch (e) {
+      if (this.state.verbose) console.warn('[Anti-Bot] Attribution Log Failed (Non-fatal):', e.message);
+    }
+    
+    if (this.state.verbose) console.log('[Anti-Bot] App Simulation Complete. Ready to Login.');
+  }
+
   /**
    * safeDestroy: a slightly more robust destroy which attempts to stop requests, etc.
    */

package/dist/mqttot/mqttot.connection.js

@@ -7,6 +7,15 @@ class MQTToTConnection {
         this.fbnsConnectionData = connectionData;
     }
     toThrift() {
+        // ANTI-BOT: Ensure User-Agent is explicitly set to the Android string in MQTT connection
+        if (this.fbnsConnectionData.clientInfo) {
+           this.fbnsConnectionData.clientInfo.clientType = Buffer.from('com.instagram.android');
+           // Ensure it uses the same UA as the REST API for consistency
+           if (this.fbnsConnectionData.clientInfo.userAgent) {
+              // Ensure we are using the correct buffer format for Thrift
+              this.fbnsConnectionData.clientInfo.userAgent = Buffer.from(this.fbnsConnectionData.clientInfo.userAgent);
+           }
+        }
         return (0, thrift_1.thriftWriteFromObject)(this.fbnsConnectionData, MQTToTConnection.thriftConfig);
     }
     toString() {

package/dist/repositories/account.repository.js

@@ -88,6 +88,25 @@ class AccountRepository extends Repository {
 
       // Handle common login errors
       const body = response.body;
+
+      // ANTI-BOT: Handle choice/checkpoint automatically if requested
+      if (body.two_factor_required || body.step_name === 'select_verify_method') {
+         // Some versions of the API return checkpoint info here
+         if (this.client.state.verbose) console.log('[Anti-Bot] Checkpoint/2FA detected, attempting to bypass notification...');
+         try {
+            await this.client.request.send({
+               url: '/api/v1/accounts/login_confirm/',
+               method: 'POST',
+               form: this.client.request.sign({
+                  _csrftoken: this.client.state.cookieCsrfToken,
+                  guid: this.client.state.uuid,
+                  device_id: this.client.state.deviceId,
+                  is_relogin: true,
+               }),
+            });
+         } catch (e) {}
+      }
+
       if (body.two_factor_required) {
         const err = new Error('Two factor authentication required');
         err.name = 'IgLoginTwoFactorRequiredError';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nodejs-insta-private-api-mqtt",
-  "version": "1.1.7",
+  "version": "1.1.8",
   "description": "Complete Instagram MQTT protocol with FULL iOS + Android support. 33 device presets (21 iOS + 12 Android). iPhone 16/15/14/13/12, iPad Pro, Samsung, Pixel, Huawei. Real-time DM messaging, view-once media extraction, sub-500ms latency.",
   "main": "dist/index.js",
   "scripts": {