Telega User Detector for Telegram Chats: Go Implementation
Installing VK's Telega client registers your Telegram ID in the VK Calls database without explicit user consent. This happens via anonymous login to calls.okcdn.ru. The mapping from Telegram ID to OK ID becomes publicly accessible through an unauthenticated API.
The Go-based antitelega detector scans chats, pulls member IDs, and checks if they're in the database. The whole process takes just three HTTP requests: anonymous login, OK ID lookup by external ID, and parsing the response.
POST https://calls.okcdn.ru/api/auth/anonymLogin
application_key=CHKIPMKGDIHBABABA
session_data={"device_id":"antitelega","version":2,...}
The CHKIPMKGDIHBABABA key is pulled from the Telega APK (appId: 512001570726). The server responds with a session_key for follow-up requests.
POST https://calls.okcdn.ru/api/vchat/getOkIdByExternalId
application_key=CHKIPMKGDIHBABABA
session_key=<from step 1>
externalId=123456789
A response with ok_id confirms registration; a 300 error means no record found.
Scanner Architecture: From /scan Command to Report
The bot kicks off with /scan @chatname in Saved Messages. The pipeline covers:
- Enumeration: Pulling members via
ChannelsGetParticipantswith pagination, jitter, and filtering out bots/deleted accounts. - Cache lookup: Checking SQLite cache (TTL 6 hours).
- Batch checking: Distributing across a worker pool with rate limiting and jitter.
- Report: Formatted output in Saved Messages, split into chunks if over 3800 characters.
Binary is ~26 MB, pure Go with modernc.org/sqlite, no CGO. ARM support included.
Risk_level: Presets to Avoid Bans
func jitteredDuration(d time.Duration, jitterPct float64) time.Duration {
factor := 1.0 + jitterPct*(2*rand.Float64()-1)
return time.Duration(float64(d) * factor)
}
Jitter mimics human behavior to dodge detection. Risk level presets:
- paranoid: 1 worker, 1 req/s, 30 members/page, ±50% jitter (16 min for 700 users).
- careful (default): 2 workers, 3 req/s, 80/page, ±40% (5 min).
- normal: 4 workers, 6 req/s, 150/page, ±30% (2.5 min).
- aggressive: No jitter, max speed (high ban risk).
Common Userbot Development Pitfalls
- Wrong DeviceConfig: gotgproto defaults to
GoTGProto, Helsinki, triggering bans. Fix: UseDeviceConfigmimicking Telegram Desktop. - Fixed Intervals: Exactly 350 ms is a dead giveaway for anti-spam. Jitter is essential.
- API Changes: Endpoint shifted from
getOkIdsByExternalIdsto singular; key can be revoked by OK. Makeapplication_keyconfigurable.
Method Limitations
A positive ok_id shows past Telega install, not current use. It mirrors Telega's exact protocol—no exploits involved.
Key Points:
- Mapping created on first Telega
anonymLogin. - API is public; key from APK.
- Userbots risk bans—use throwaway accounts.
- Cache and jitter cut detection odds.
- ~2000 lines of Go, MIT license.
— Editorial Team
No comments yet.