Up to now there are still countless people taking credentials from Google trial eligible accounts and using Android packet sniffing methods to apply them to other accounts that are not eligible including Plus one month six months one year plans and Pro one hundred dollar and two hundred dollar plans next I will share the methods that are already spreading widely online
All of it traces back to Google trial eligible accounts so the investigation and fix need to start strictly from the Google side
First, you will need a Google account. It can be from any region; a UK-specific Google account is not required.
In this guide, I am using a US-region Google account.
- One US-region Google account.
- Any US-issued payment card.
- Any Android device (root access is required to install the MITM certificate); an emulator will also work.
The underlying principle involves injecting a specific promotional code to force it to appear during the subscription checkout process.
These promotional codes include offers such as:
$0 for a single month (trial)
3-day free trial
$10 offer (50% off)
3-month free trial
6-month free trial
12-month free trial
1-month free “retention” trial (to win back lapsed subscribers)
There are two main types of offers:
One involves injecting a promotional code; the other applies to accounts that meet specific eligibility criteria (this method is the most stable).
| 3-day-free-trial
| plus-1-month-free-trial
| 1-month-10-dollars
The codes listed above cover the 3-day, half-price, and 1-month free trial offers. These codes are static and can be reused repeatedly—which explains how various online card shops are able to consistently generate and sell ChatGPT Plus subscriptions at such low prices.
Once you have successfully installed the MITM certificate on your Android device and set up the ChatGPT application (with the necessary pre-formatted text configurations), launch your packet capture tool (this method utilizes SSL pinning).
https:// andro id.chat.op enai.c om/bac kend-api/accounts/check/v4-2023-04-27
You should be able to locate this specific API endpoint; this is the interface ChatGPT uses to retrieve information about the currently logged-in user.
Within the “eligible_promo_campaigns” parameter field, we can modify the response value to forcibly inject a specific promotional code. Below is an example demonstrating how to inject a one-month free trial offer:
“eligible_promo_campaigns”: {
“plus”: {
“id”: “plus-1-month-free”,
“metadata”: {
“plan_name”: “chatgptplusplan”,
“title”: “linux.do”,
“summary”: “You have received a promotional code for a 1-month free trial of the Plus plan.”,
“discount”: {
“percentage”: 100
},
“credit_grant”: null,
“duration”: {
“num_periods”: 1,
“period”: “month”
},
“schedule”: null,
“price_period”: “recurring”,
“promotion_type”: “discount”,
“promotion_type_label”: “1-month free trial”,
“no_auto_renewal_at_discount_end”: true,
“plan_type_change”: null
}
}
},
Once the rules have been properly configured and applied, we reopen the application and click “Upgrade.” At this point, we should see the interface offering a one-month free trial.
We can then proceed to click “Subscribe” (assuming a payment card has already been linked to the account beforehand). Since the transaction amount is $0, Google’s fraud detection and risk assessment checks will be significantly less stringent.
You simply need to pass a quick card verification step to successfully complete the subscription.
At this stage, we need to intercept a specific API endpoint (you can simply redirect it to an invalid domain to prevent the actual request from executing):
![]()
By extracting the fetch_token value—specifically:
“fetch_token”: “xxxx”,
from the API response, we can secure the necessary subscription credential.
Subsequently, whenever we wish to enable a Pro subscription for another account, we simply need to access the browser’s session data for that account and retrieve the id value located within the account field.
By combining this id with the previously obtained subscription credential, we can successfully activate the subscription benefits for any arbitrary account. The same process applies to activating the “Pro” tier.
Now, let’s briefly explain the method previously utilized by various “public-interest bots” to mass-provision ChatGPT Pro accounts.
The Android version of ChatGPT utilizes a third-party subscription management platform hosted at https://api.revenuecat.com/v1/receipts. The application communicates with this endpoint to validate subscription credentials, while the actual Google Play billing interface operates independently.
The “infinite ChatGPT Pro duplication” exploit that circulated a while back worked as follows:
First, you would purchase a ChatGPT Pro subscription at full price. Then, within the ChatGPT application, you would select the option to “Downgrade to Plus.” When you do this, the application sends a request to the aforementioned API endpoint to generate a new fetch_token. This specific token serves as the subscription credential required to activate Pro access on other accounts. A unique, brand-new credential is generated each time this process is executed (provided the previous token hasn’t already been consumed); therefore, by simply applying this credential to the target account, you can successfully activate a Pro subscription for that user.
This exploit stems from a callback vulnerability inherent to ChatGPT’s own system—specifically, a failure to properly manage and synchronize the subscription API interactions with the third-party service provider.