- Platform: Faceboo.com
- Device: Web/Mobile
- Issue: Unable to link account with security check
- Issue date: May 3, 2019
- Issue type: Data corruption
- Account ID: 100000000743791
- Account name: festum
- How to reproduce:
- Add an mobile number in security page
I've tried so many ways to reset the error on checkpoint. I created a fan page under my wife's account as my temporary identity.
My account got real ban when fan page linked with my email but it didn't reset the checkpoint status. I still not able to send my ids.
Checkpoint request:
~ curl 'https://m.facebook.com/checkpoint/block/?checkpoint_created=1&checkpoint_data=%7B%22u%22%3A100000000743791%2C%22t%22%3A1560251105%2C%22step%22%3A1%2C%22n%22%3A%22vIR2t%2B4FSqk%3D%22%2C%22inst%22%3A2510230318986968%2C%22f%22%3A1501092823525282%2C%22st%22%3A%22p%22%2C%22aid%22%3Anull%2C%22ca%22%3Anull%2C%22la%22%3A%22%22%2C%22ta%22%3Anull%2C%22sat%22%3Anull%2C%22s%22%3A%22AWUX34PNZpa14cIh%22%2C%22cs%22%3A\[\]%7D&next=https%3A%2F%2Fm.facebook.com%2Fgroups%2F661134777319821%2F%3Fref%3Dgroup_header%26view%3Dpermalink%26id%3D825906654175965&ref=group_header' -H 'sec-fetch-mode: cors' -H 'dnt: 1' -H 'accept-encoding: gzip, deflate, br' -H 'accept-language: en-US,en;q=0.9,zh-TW;q=0.8,zh;q=0.7,nl;q=0.6' -H 'x-requested-with: XMLHttpRequest' -H 'cookie: datr=cdZVW7_DbDeQd2hqN2BCTnjD; sb=cdZVW-0-2vAp9Md1TF3cD_qz; c_user=100000000743791; xs=30%3AOkUPXkh6SNY8BQ%3A2%3A1538391898%3A14635%3A11281; presence=EDvF3EtimeF1557314152EuserFA21BB00743791A2EstateFDt3F_5b_5dG557314152825CEchFDp_5f1BB00743791F1CC; act=1557314226533%2F8; spin=r.1000812353_b.trunk_t.1560236816_s.1_v.2_; m_pixel_ratio=1; fr=0uxAmOi07PoeJuxIl.AWVR7m7Lu76AL2AVZa5VRKJjFeQ.BbUIkX.HF.Fye.0.0.Bc_4o4.AWWFGBsw; wd=1682x617' -H 'pragma: no-cache' -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3820.0 Safari/537.36' -H 'x-response-format: JSONStream' -H 'content-type: application/x-www-form-urlencoded' -H 'accept: */*' -H 'cache-control: no-cache' -H 'authority: m.facebook.com' -H 'referer: https://m.facebook.com/checkpoint/block/?next=https%3A%2F%2Fm.facebook.com%2Fgroups%2F661134777319821%2F%3Fref%3Dgroup_header%26view%3Dpermalink%26id%3D825906654175965&ref=group_header&_rdr' -H 'sec-fetch-site: same-origin' -H 'origin: https://m.facebook.com' --data 'full-name=&nh=aeeb605a77db695d9c5d4aafdf95020a1288e8ff&submit%5BSecure%20Account%5D=%E7%B9%BC%E7%BA%8C&m_sess=&fb_dtsg=AQFb_cxfa1eo%3AAQGjg2KxLuuD&jazoest=22195&__dyn=1KidAmm1gwHwh8-t28sBBg9o7C2i5U4e0C86u7E39x64o5K0Y8hw8C1rwfK2O1gCwjE1xoswdC0L81wbzo1MU88C0pS&__req=3&__ajax__=AYn-UkPuCAPPXwRhHCN98-5BnKSTjgQgWT6dUpIbMBiGPcNj5LqClRPbkaP5AYA6Y_WGXdcFMqlo1X7EVNJ1hDlrTgYvFlNCYfnspYdeU7-2Lw&__user=100000000743791' --compressed -v
* Trying 2a03:2880:f106:83:face:b00c::25de...
* TCP_NODELAY set
* Connected to m.facebook.com (2a03:2880:f106:83:face:b00c::25de) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-ECDSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=US; ST=CA; L=Menlo Park; O=Facebook, Inc.; CN=*.facebook.com
* start date: Apr 22 00:00:00 2019 GMT
* expire date: Jul 21 12:00:00 2019 GMT
* subjectAltName: host "m.facebook.com" matched cert's "*.facebook.com"
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 High Assurance Server CA
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7f80eb00ae00)
> POST /checkpoint/block/?checkpoint_created=1&checkpoint_data=%7B%22u%22%3A100000000743791%2C%22t%22%3A1560251105%2C%22step%22%3A1%2C%22n%22%3A%22vIR2t%2B4FSqk%3D%22%2C%22inst%22%3A2510230318986968%2C%22f%22%3A1501092823525282%2C%22st%22%3A%22p%22%2C%22aid%22%3Anull%2C%22ca%22%3Anull%2C%22la%22%3A%22%22%2C%22ta%22%3Anull%2C%22sat%22%3Anull%2C%22s%22%3A%22AWUX34PNZpa14cIh%22%2C%22cs%22%3A[]%7D&next=https%3A%2F%2Fm.facebook.com%2Fgroups%2F661134777319821%2F%3Fref%3Dgroup_header%26view%3Dpermalink%26id%3D825906654175965&ref=group_header HTTP/2
> Host: m.facebook.com
> sec-fetch-mode: cors
> dnt: 1
> accept-encoding: gzip, deflate, br
> accept-language: en-US,en;q=0.9,zh-TW;q=0.8,zh;q=0.7,nl;q=0.6
> x-requested-with: XMLHttpRequest
> cookie: datr=cdZVW7_DbDeQd2hqN2BCTnjD; sb=cdZVW-0-2vAp9Md1TF3cD_qz; c_user=100000000743791; xs=30%3AOkUPXkh6SNY8BQ%3A2%3A1538391898%3A14635%3A11281; presence=EDvF3EtimeF1557314152EuserFA21BB00743791A2EstateFDt3F_5b_5dG557314152825CEchFDp_5f1BB00743791F1CC; act=1557314226533%2F8; spin=r.1000812353_b.trunk_t.1560236816_s.1_v.2_; m_pixel_ratio=1; fr=0uxAmOi07PoeJuxIl.AWVR7m7Lu76AL2AVZa5VRKJjFeQ.BbUIkX.HF.Fye.0.0.Bc_4o4.AWWFGBsw; wd=1682x617
> pragma: no-cache
> user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3820.0 Safari/537.36
> x-response-format: JSONStream
> content-type: application/x-www-form-urlencoded
> accept: */*
> cache-control: no-cache
> authority: m.facebook.com
> referer: https://m.facebook.com/checkpoint/block/?next=https%3A%2F%2Fm.facebook.com%2Fgroups%2F661134777319821%2F%3Fref%3Dgroup_header%26view%3Dpermalink%26id%3D825906654175965&ref=group_header&_rdr
> sec-fetch-site: same-origin
> origin: https://m.facebook.com
> Content-Length: 409
>
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
* We are completely uploaded and fine
< HTTP/2 500
< expires: Sat, 01 Jan 2000 00:00:00 GMT
< x-xss-protection: 0
< content-encoding: br
< content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
< x-frame-options: DENY
< access-control-allow-methods: OPTIONS
< pragma: no-cache
< strict-transport-security: max-age=15552000; preload; includeSubDomains
< access-control-expose-headers: X-FB-Debug, X-Loader-Length
< access-control-allow-credentials: true
< content-type: application/x-javascript; charset=utf-8
< x-content-type-options: nosniff
< vary: Origin
< vary: Accept-Encoding
< cache-control: private, no-cache, no-store, must-revalidate
< access-control-allow-origin: https://m.facebook.com
< x-fb-debug: PavBiCZH3Y/Jy178pgLMPKaRui4sJXc0dSAuIwJo2WaUS6DbPBZr6/Zs+HMHRAIuvlwx7UuZJl+4GrF/C1vOEQ==
< date: Tue, 11 Jun 2019 11:09:38 GMT
<
!~P a/?($R[~֦H4
Ce8+1$JB{OYnZ4B +AdY
)XhӴr8L'WxMQ*bQj*5X|>KQ^خ$j}8EpK
vL{}PLUd[]kNXOn-SY"?%ֲ6APsb}2[q`apCemj<N)
\=Bc(]'F%Yf^8uBgcgkzѐȑm%3tb{7}^!}soF=&=7 yen5tr!Y^u}2
~hAf"CٵR/G,t1*ft_l5/;jF3+PH)_t:N1<'_T0"Ɣ�^Z@мu)vf[lMT`ͷ
O!ZicXIUTa&u:q&
`AcV
ma"D{yUZ~
vz[}#?%PA+ Me/s5aXy#NWWQMXϘN:4z'bkd_lꮿƆb[~
N{7Kyp
,\cAL{]hӚ}$se m0;lVxeI^+[or\
!n7ZPÇoMlE`]䵩PR80PP-D(k RZ@bEUNG
$撰#^\!"iTR)'x)O"T
* Connection #0 to host m.facebook.com left intact
zE@}zHIn6Q4}2oP>tC@f3w3}a [L89e ^;h@KGKWT
<M9t+؏`{Z]fr
Page submit request:
curl 'https://www.facebook.com/ajax/help/contact/submit/page' -H 'Sec-Fetch-Mode: cors' -H 'Referer: https://www.facebook.com/help/contact/183000765122339' -H 'DNT: 1' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3826.2 Safari/537.36' -H 'Content-Type: application/x-www-form-urlencoded' --data 'jazoest=2963&fb_dtsg=V8YOmXRZs84%3D&__vhsh=bc817427da1410f9c0f2454220572927&Field356294444474458[0]=AZWANBeogtiCCLkPg0aSHcGj7WuA8-wcKW8UsBfge5Cv0mghkDufWaZE97309yRhkiy0voKzbnnZ3qYQeJKDNCRItyFBf1tmfsZ20TH1DqAx99db1tmlJY0IZiXCDFF6WYPHpg5X_kpOuUKbkGpENa62ROKkJy3jIrS54pbX0TSF0Dx3BTk5LHscqKJFjHxxDVnzEk3tfW1uMNR4XjoIK04NYgZyX7JLWwFvC3ZApeMQe-99p4s-jwS6cgcxcDXQg6OmJeW2PLOLRWMkatJnveErZpOlZHVc8s_eh2D6tnanzhB3-49tMK31g_uf3-V52YdkK8gcHL6zX5O3PiK3gQoy&Field356294444474458[1]=AZWR353TvM7l9Pkt-LPedSmdT83ZDRnvRJoDkKkeytRhgQEVi43UMhzWsjm77QSX_jz-kHlWOSGWq6ho7g_3Z_D1PcucRjqPuV4chXhcA9zbQ0dBi0m9j-IC_gxWZZsTTcncngcCt9ELe4-gnxxR1TpZqECwy9F9yJIeJwOBsDBS8MHgZJ6wKWzxxjbegHVCnlmylSCdwvrjs0fX0KD_z-VkItZnt1-LMfiEXE1YR8UZzsTZb9eae8AJZZpYkmnlG9gQ9BCym78FAEbKA6z-Oodlps4LNa4dsieUJk4Ue7rV8rMrz7-UAX8E5jSbkcWBKNJ9EN-gaoEChsxz8QNJRonV&Field356294444474458[2]=AZXsEaIZ9shBd8qkI-NOENWpiUm4oQzOz8klhU7rtw6Jb_JgRfkK7svdv6YoRTLegDzFGlQEQuUexbhzRJTZH3fpYTkOq3U7UR9v5Wie7msqUh3l4u91QkgidtOw1XrsYmGLy_fSfdHtrJObtYFwwL98wqPr0AdPUnKwcmkOTvvjJh2mmte0Y4xsZgIaOSWgQmclZ4VpNo9p20s2Z0WFD1jic7eprLrteQHLqG8lSiR-2Qo2qgtQ9gecMUfC1Hc4SGuu3xhd8fdlowXEwMm4yNI7H0wC5-9QpL28szriRkNU-8lfEPW2VWi0Zb6ENa2IzpREwX_LYKaxDSay7vT8i0VQ&Field678538712279760=festum%40g.pl&support_form_id=183000765122339&support_form_hidden_fields=%7B%7D&support_form_fact_false_fields=[]&__user=0&__a=1&__dyn=7xe6Fo4OQ1PyUhxOnFwn84a2i5U4e0yoW7oowMxW0DUeUhwmU3Mx60yo5K0nCq1ewcG0KEswDwb62W2y1Aw60KdwnU1e42C220qu&__req=h&__be=1&__pc=PHASED%3ADEFAULT&dpr=1&__rev=1000844139&__s=%3Ae56c9v%3A3r75y2' --compressed