turns out someone already reversed that thing almost half a year ago, made a write-up at https://antibot.blog/ and even wrote a headless impl in golang (original repo was taken down apparently, but forks are [still up](https://github.com/yeyuchen198/twitter-tid-generator)). that's quite some dedication :o and they came to the same conclusion i did > I'll spoil the result, it's completely useless. The header doesn't make Twitter "trust" your request any more or less. I guess it's just there to gather data right now, however, it makes me wonder; Why go through so much effort making this whole dynamic key system, obfuscating the files, etc. just to do practically nothing with it? At least nothing that would warrant obfuscation like that. :neocat_googly_woozy: btw as far as i can see, the only thing that changed since is the hard-coded plaintext salt (was `bird`, now `obfiowerehiring`), calling out for the person who did the writeup, lol