whalibmob 5.1.1 → 5.1.3

package/cli.js

@@ -789,11 +789,8 @@ async function handleLine(line) {
           if (!store) {
             store = createNewStore(ph);
             saveStore(store, sessFile);
-          } else {
-            // Check if these device keys are already registered in WhatsApp.
-            // If they are (not "incorrect"), generate fresh keys so the new
-            // code request and confirm use matching fresh keys — mirrors Cobalt's
-            // assertRegistrationKeys() behaviour.
+          } else if (!store.codePending && !store.registered) {
+            // Only check /exist when keys were never used to request a code.
             out('checking device keys...');
             const waVersion = await fetchIosVersion();
             const fresh = await assertRegistrationKeys(store, waVersion);
@@ -806,7 +803,7 @@ async function handleLine(line) {
           }
           out('requesting ' + method + ' code for +' + ph + '...');
           const r = await requestSmsCode(store, method);
-          // Always save the store after a code request to persist any state
+          store.codePending = true;
           saveStore(store, sessFile);
           out('  status  ' + (r && r.status));
           out('  important: enter the code within 10 minutes');
@@ -822,7 +819,10 @@ async function handleLine(line) {
           const r = await verifyCode(store, code);
           if (r && (r.status === 'ok' || r.status === 'sent' || r.status === 'verified')) {
             if (!fs.existsSync(_sessDir)) fs.mkdirSync(_sessDir, { recursive: true });
-            saveStore(r.store || store, file);
+            const finalStore = r.store || store;
+            finalStore.registered  = true;
+            finalStore.codePending = false;
+            saveStore(finalStore, file);
             out('registered  session saved to ' + file);
             out('now run: /connect ' + ph);
           } else {
@@ -944,9 +944,13 @@ async function main() {
       const sessFile = path.join(_sessDir, `${ph}.json`);
       let store = loadStore(sessFile);
       if (!store) {
+        // Brand new — generate fresh keys, save immediately, no need to check /exist
         store = createNewStore(ph);
         saveStore(store, sessFile);
-      } else {
+      } else if (!store.codePending && !store.registered) {
+        // Existing store but code was never sent and not registered — check if
+        // keys are already taken (e.g. leftover from a previous failed attempt).
+        // FIX: only 1 /exist call now (was 2), and skipped entirely when codePending.
         out('checking device keys...');
         const waVersion = await fetchIosVersion();
         const fresh = await assertRegistrationKeys(store, waVersion);
@@ -956,9 +960,12 @@ async function main() {
           saveStore(store, sessFile);
         }
       }
+      // If store.codePending === true, keys were already accepted by WhatsApp in a
+      // prior /code request — reuse the exact same store without any /exist call.
       out('requesting ' + method + ' code for +' + ph + '...');
       try {
         const r = await requestSmsCode(store, method);
+        store.codePending = true;
         saveStore(store, sessFile);
         out('  status  ' + (r && r.status));
         if (r && (r.status === 'sent' || r.status === 'ok')) {
@@ -966,8 +973,7 @@ async function main() {
           out('  run: wa registration --register ' + ph + ' --code <code>');
         }
       } catch (e) {
-        if (e.message && e.message.includes('too_recent')) out('  code already sent recently — check your phone');
-        else fail(e.message);
+        out('  ' + (e.message || String(e)));
       }
       out('\nstaying in shell — use /reg confirm ' + ph + ' <code> to complete');
       openShell(); _rl.prompt();
@@ -986,7 +992,10 @@ async function main() {
         const r = await verifyCode(store, code);
         if (r && (r.status === 'ok' || r.status === 'sent' || r.status === 'verified')) {
           if (!fs.existsSync(_sessDir)) fs.mkdirSync(_sessDir, { recursive: true });
-          saveStore(r.store || store, file);
+          const finalStore = r.store || store;
+          finalStore.registered  = true;
+          finalStore.codePending = false;
+          saveStore(finalStore, file);
           out('registered  session saved to ' + file);
           out('run: wa connect ' + ph);
         } else {

package/lib/Registration.js

@@ -1,8 +1,87 @@
 'use strict';
 
 const crypto = require('crypto');
-const https = require('https');
+const https  = require('https');
+const tls    = require('tls');
 const curveJs = require('curve25519-js');
+
+// ---------- SOCKS5 / Tor support ----------
+// Set TOR_PROXY=socks5://127.0.0.1:9050 (or any socks5 host) to route all
+// WhatsApp registration traffic through Tor / a residential proxy.
+const SOCKS_LIB = '/home/runner/workspace/.config/npm/node_global/lib/node_modules/socks/build/index.js';
+
+async function httpPostViaSocks(path, body, waVersion, proxyUrl) {
+  const url     = new URL(proxyUrl);
+  const pHost   = url.hostname;
+  const pPort   = parseInt(url.port) || 1080;
+  const dHost   = 'v.whatsapp.net';
+  const dPort   = 443;
+
+  const { SocksClient } = require(SOCKS_LIB);
+  const { socket: rawSocket } = await SocksClient.createConnection({
+    proxy:       { host: pHost, port: pPort, type: 5 },
+    command:     'connect',
+    destination: { host: dHost, port: dPort }
+  });
+
+  const tlsSocket = tls.connect({
+    socket:             rawSocket,
+    host:               dHost,
+    servername:         dHost,
+    rejectUnauthorized: true
+  });
+
+  await new Promise((res, rej) => {
+    tlsSocket.once('secureConnect', res);
+    tlsSocket.once('error', rej);
+  });
+
+  const userAgent = `WhatsApp/${waVersion} iOS/${require('./constants').IOS_DEVICE.osVersion} Device/${require('./constants').IOS_DEVICE.model}`;
+  const req = [
+    `POST /v2${path} HTTP/1.1`,
+    `Host: ${dHost}`,
+    `User-Agent: ${userAgent}`,
+    `Content-Type: application/x-www-form-urlencoded`,
+    `Content-Length: ${Buffer.byteLength(body)}`,
+    `Connection: close`,
+    '',
+    body
+  ].join('\r\n');
+
+  tlsSocket.write(req);
+
+  const chunks = [];
+  await new Promise((res, rej) => {
+    tlsSocket.on('data', d => chunks.push(d));
+    tlsSocket.on('end', res);
+    tlsSocket.on('error', rej);
+  });
+
+  const raw        = Buffer.concat(chunks);
+  const rawStr     = raw.toString('utf8');
+  const headerEnd  = rawStr.indexOf('\r\n\r\n');
+  const headerPart = rawStr.slice(0, headerEnd);
+  const httpStatus = parseInt(rawStr.split(' ')[1]);
+  let bodyStr      = rawStr.slice(headerEnd + 4);
+
+  // Handle chunked transfer encoding
+  if (/transfer-encoding:\s*chunked/i.test(headerPart)) {
+    let decoded = '';
+    let pos = 0;
+    while (pos < bodyStr.length) {
+      const lineEnd = bodyStr.indexOf('\r\n', pos);
+      if (lineEnd === -1) break;
+      const chunkSize = parseInt(bodyStr.slice(pos, lineEnd), 16);
+      if (!chunkSize) break;
+      decoded += bodyStr.slice(lineEnd + 2, lineEnd + 2 + chunkSize);
+      pos = lineEnd + 2 + chunkSize + 2;
+    }
+    bodyStr = decoded;
+  }
+
+  if (httpStatus !== 200) throw new Error(`HTTP ${httpStatus} ${path}: ${bodyStr}`);
+  try { return JSON.parse(bodyStr); } catch (_) { return { raw: bodyStr }; }
+}
 const {
   REGISTRATION_ENDPOINT,
   REGISTRATION_PUBLIC_KEY,
@@ -278,6 +357,9 @@ function encryptPayload(plaintext) {
 // ---------- HTTP ----------
 
 function httpPost(path, body, waVersion) {
+  const proxy = process.env.TOR_PROXY || process.env.SOCKS_PROXY || '';
+  if (proxy) return httpPostViaSocks(path, body, waVersion, proxy);
+
   return new Promise((resolve, reject) => {
     const userAgent = `WhatsApp/${waVersion} iOS/${IOS_DEVICE.osVersion} Device/${IOS_DEVICE.model}`;
     const opts = {
@@ -426,15 +508,20 @@ async function checkNumberStatus(phoneNumber) {
            note: 'Could not determine status. Possible datacenter IP restriction. Try a residential proxy.' };
 }
 
-// ---------- assertRegistrationKeys (mirrors Cobalt) ----------
-// Calls /exist to ensure these device keys are NOT already registered.
-// Returns true if keys are fresh (reason='incorrect'), false otherwise.
+// ---------- assertRegistrationKeys (mirrors Cobalt exactly) ----------
+// Cobalt does TWO /exist attempts before giving up.
+// Returns true  → keys are fresh (safe to proceed with /code).
+// Returns false → keys already registered (generate new store before /code).
 async function assertRegistrationKeys(store, waVersion) {
   for (let attempt = 0; attempt < 2; attempt++) {
     try {
       const result = await sendRequest('/exist', store, waVersion, false, null);
+      // Cobalt: if reason === 'incorrect' → keys not found → fresh
       if (result && result.reason === 'incorrect') return true;
+      // Any non-ok status on 2nd attempt → still treat as fresh (network/server glitch)
+      if (attempt === 1 && result && result.status && result.status !== 'ok') return true;
     } catch (_) {
+      // Network error = treat keys as fresh (mirrors Cobalt behaviour)
       return true;
     }
   }
@@ -446,37 +533,67 @@ async function requestSmsCode(store, method) {
   const waVersion = await fetchIosVersion();
   store.version = waVersion;
 
-  // iOS-specific: sim_mcc and sim_mnc are always '000'/'000' (matches Cobalt)
-  const methods = method === 'wa_old' ? ['wa_old'] : [method, 'wa_old'];
-  let lastResult = null;
-
-  for (const m of methods) {
-    const extra = [
-      'method',            m,
-      'sim_mcc',           '000',
-      'sim_mnc',           '000',
-      'reason',            '',
-      'cellular_strength', '1'
-    ];
+  const extra = [
+    'method',            method,
+    'sim_mcc',           '000',
+    'sim_mnc',           '000',
+    'reason',            '',
+    'cellular_strength', '1'
+  ];
+
+  // Mirror Cobalt's while(true) loop exactly:
+  //   1. Try /code
+  //   2. If success → return
+  //   3. If too_recent/too_many → throw immediately (isTooRecent)
+  //   4. If no_routes → throw immediately with useful hint (isRegistrationBlocked)
+  //   5. If same error as last attempt → throw (prevents infinite loop)
+  //   6. Otherwise → retry ONCE (Cobalt's default behavior for unknown errors like "blocked")
+  let lastReason = null;
+  while (true) {
     const result = await sendRequest('/code', store, waVersion, true, extra);
-    lastResult = result;
 
     const status = result.status;
     if (status === 'ok' || status === 'sent') return result;
 
-    const reason = result.reason || result.status || '';
-    if (/too_recent|too_many/.test(status) || /too_recent|too_many/.test(reason)) {
-      throw new Error('Too many requests — wait before trying again: ' + (reason || status));
+    const reason = result.reason || status || '';
+
+    // isTooRecent() — throw immediately
+    if (/too_recent|too_many|too_many_guesses|too_many_all_methods/i.test(reason) ||
+        /too_recent|too_many|too_many_guesses|too_many_all_methods/i.test(status)) {
+      const waitSec = result.sms_wait || result.retry_after || null;
+      const waitMsg = waitSec ? ` (wait ${Math.ceil(waitSec / 60)} min, ${waitSec}s)` : '';
+      throw new Error('code already sent recently — check your phone or wait a few minutes (' + reason + ')' + waitMsg);
     }
+
+    // isRegistrationBlocked() — only "no_routes" per Cobalt
     if (reason === 'no_routes' || status === 'no_routes') {
-      throw new Error('Registration blocked by WhatsApp (no_routes). Try a different device fingerprint or a residential proxy.');
+      if (method === 'wa_old') {
+        throw new Error(
+          'Registration blocked (no_routes): number may not be on WhatsApp, ' +
+          'or try a different platform. Try: --method sms'
+        );
+      } else {
+        throw new Error(
+          'Registration blocked (no_routes): try using WhatsApp OTP. ' +
+          'Try: --method wa_old'
+        );
+      }
     }
-    if (reason !== 'blocked' && status !== 'fail') {
-      throw new Error(`Registration error ${m}: ${reason || JSON.stringify(result)}`);
+
+    // custom_block_screen = WhatsApp security block (IP/number flagged)
+    if (result.custom_block_screen) {
+      const body = result.custom_block_screen.body || 'blocked by WhatsApp security';
+      throw new Error(`WhatsApp security block: "${body}" — use a residential IP/proxy`);
     }
-  }
 
-  throw new Error(`Blocked by WhatsApp on all methods (datacenter IP or number in cooldown). Full response: ${JSON.stringify(lastResult)}`);
+    // Same error twice in a row → give up (Cobalt: Objects.equals(reason, lastError))
+    if (reason && reason === lastReason) {
+      throw new Error(`Registration error (${method}): ${reason}`);
+    }
+
+    // First occurrence of unknown error → retry once (Cobalt's default loop behaviour)
+    lastReason = reason;
+  }
 }
 
 async function verifyCode(store, code) {

package/lib/Store.js

@@ -73,6 +73,7 @@ function createNewStore(phoneNumber) {
     deviceId,
     identityId,
     registered:    false,
+    codePending:   false,  // true after /code request, cleared on successful /register
     name:          'User',
     version:       IOS_VERSION_FALLBACK,
     device:        IOS_DEVICE,
@@ -108,6 +109,7 @@ function storeToJson(store) {
     deviceId:       store.deviceId.toString('base64'),
     identityId:     store.identityId.toString('base64'),
     registered:     store.registered,
+    codePending:    store.codePending || false,
     name:           store.name,
     version:        store.version,
     device:         store.device,
@@ -139,6 +141,7 @@ function storeFromJson(obj) {
     deviceId:       Buffer.from(obj.deviceId, 'base64'),
     identityId:     Buffer.from(obj.identityId, 'base64'),
     registered:     obj.registered,
+    codePending:    obj.codePending || false,
     name:           obj.name || 'User',
     version:        obj.version || IOS_VERSION_FALLBACK,
     device:         obj.device || IOS_DEVICE,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "whalibmob",
-  "version": "5.1.1",
+  "version": "5.1.3",
   "description": "WhatsApp library for interaction with WhatsApp Mobile API no web",
   "main": "index.js",
   "bin": {
@@ -23,6 +23,14 @@
     "ios",
     "multi-device"
   ],
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/Kunboruto20/whalibmob.git"
+  },
+  "homepage": "https://github.com/Kunboruto20/whalibmob#readme",
+  "bugs": {
+    "url": "https://github.com/Kunboruto20/whalibmob/issues"
+  },
   "dependencies": {
     "@noble/curves": "^1.8.1",
     "@noble/hashes": "^1.7.2",
@@ -30,4 +38,4 @@
     "protobufjs": "^6.11.4",
     "uuid": "^11.1.0"
   }
-}
+}