Comments on: New Facebook Photo Hacks

By: Arkhonx

Arkhonx — Wed, 03 Mar 2010 19:57:06 +0000

Is it possible to use this method to retrieve a recently deleted photo? The album’s open and stuff. I basically have everything but the pin and the server. They seem to be different from picture to picture although they’re in the same album.

Thanks in advance!

By: anonymous17

anonymous17 — Fri, 29 Jan 2010 04:21:02 +0000

too bad ugly51 that seems like a virus not any kind of photo hosting on the part of facebook.
a quick google for zwunzi will tell.

By: Ugly51

Ugly51 — Sun, 24 Jan 2010 01:22:17 +0000

Reference the post regarding the link:

http://photos-a.ak.fbcdn.net/photos-ak-anything/

I was in the middle of experimenting with this URL, when my connection dropped out while the page was loading, leaving me with something quite interesting in my address bar. I had:

http://www.zwunzi.com/and a huge random sting]

I think this may be of interest. Are Facebook hosting phots on Zwunzi.com?

The Zwunzi URL is not in my browser history, almost as though it never happened. Otherwise I would have posted the actual link here.

By: Bridget

Bridget — Wed, 30 Dec 2009 22:31:53 +0000

For the fbcdngen script, how large is the text file supposed to be when you run with the old 4-digit pins? I had to stop mine because it was approaching 400 gigabytes (after I left the computer for a few hours) and was going to fill up my entire hard drive if I let it run much longer. I don’t know if it was looping infinitely or if those really are all individual values — if the latter, how does anyone have the hard drive space for the 7-digit pins..?

By: Jat

Jat — Sun, 27 Dec 2009 01:44:50 +0000

This doesn’t work anymore does it? =[

By: Rohan Tarun

Rohan Tarun — Fri, 04 Dec 2009 03:07:35 +0000

I believe the script needs to be updated… as for there for the digits have been increased and extra numbers have been included…

please kindly lend us the updated version

By: Sasha

Sasha — Mon, 09 Nov 2009 17:27:12 +0000

Is there a way to figure out the sequence of the pin? For example, one of my pins (as you identify it) is .1273.

If someone has that pin along with the [photo-size][uid]_[pid]_[pin], can they now view my other photos? Thanks!

By: Interweb Troll

Interweb Troll — Tue, 08 Sep 2009 04:36:48 +0000

Hey, could you figure out who uploaded the photo which has a filename ending in 13523613_3602037.jpg? I think it’s from an album, not a profile picture, hence it has a 5-string ID but I was only given two of the strings. I don’t know the user ID of the person (that’s what I’m trying to figure out). Any advice would be appreciated. Thanks.

By: Anthony

Anthony — Sun, 06 Sep 2009 16:19:43 +0000

I don’t care how long the PIN is; it’s still technically a security issue. If they’re using a 3rd party CDN with no intelligence aside from wget, that means that a “friend” can grab the true URL of a photo, post it somewhere, and that’s that.

People are all caught up on the idea that a photo is secure, even on a CDN, as long as the URL is “unguessable”. But isn’t anyone concerned about an unguessable URL being acquired legitimately, but then posted somewhere it shouldn’t be, at which point there is no ACL to check permissions?

By: giraa2

giraa2 — Fri, 04 Sep 2009 04:54:18 +0000

There is a proven method available for accessing photos from private profiles, it is described in:

http://privacystalker.blogspot.com/

It uses brute force attack approach! It works for me!!
It was written in spanish but you can always use google translator or babylon…