FIXED BY FACEBOOK: This script could help to verify any BM by any email, if Facebook asked for it and you couldn't change email

bmemailverif.js

async function privateApiRequest(variables, docId) {
	let subDomain = getSubDomain();
	let graphUrl = `https://${subDomain}.facebook.com/api/graphql/`;
	
	let lsd = require("LSD").token;
	let dtsg = require("DTSGInitialData").token;
	let uid = require("CurrentUserInitialData").USER_ID;

	let body = {
		av: uid,
		__user: uid,
		__a: 1,
		fb_dtsg: dtsg,
		lsd: lsd,
		variables: JSON.stringify(variables),
		server_timestamps: true,
		doc_id: docId
	};

	let headers = {
		"accept": "*/*",
		"accept-language": "en-US,en;q=0.9",
		"content-type": "application/x-www-form-urlencoded",
		"sec-fetch-dest": "empty",
		"sec-fetch-mode": "cors",
		"sec-fetch-site": "same-origin",
		"x-fb-lsd": lsd
	};

	let f = await fetch(graphUrl, {
		headers: headers,
		body: new URLSearchParams(body).toString(),
		method: "POST",
		mode: "cors",
		credentials: "include"
	});
	
	let t = await f.text();
	if (t.startsWith("for (;;);")) t = t.substring(9);
	return JSON.parse(t);
}

function getSubDomain() {
	let curUrl = window.location.href;
	let subDomain = curUrl.includes("/business.") ? "business" : (curUrl.includes("/adsmanager.") ? "adsmanager" : "www");
	return subDomain;
}

// Main verification flow
async function verifyEmail() {
	console.log("Starting BM email verification process...");
	
	// Get email from user
	let email = prompt("Please enter the email address to verify:");
	if (!email) {
		alert("Email is required!");
		return;
	}

    let bmId = require("BizSiteIdentifier.brands").getBusinessID();
    console.log("Current BM Id: "+bmId);
    console.log("Getting org_id...");
    let variables = {businessID:bmId};
	let response = await privateApiRequest(variables, 8485318004815564);

    let orgId = response.data.user_session_data.review_id;
    console.log("Org Id: "+orgId);
 
    variables = {
        input:{
            authenticatable_entity_id:orgId,
            xfac_config:"XFAC_BUSINESS_VERIFICATION_STANDALONE_EMAIL",
            xfac_appeal_type:"BUSINESS_VERIFICATION_STANDALONE_EMAIL",
            business_verification_design_system:"GEODESIC",
            business_verification_ui_type:"BUSINESS_MANAGER_COMET",
            trigger_event_type:"XFAC_BV_ENTRY",
            nt_context:null,
            trigger_session_id:"e03ca500-08c7-4d73-bc37-cd2be24c7f5b"
        },
        scale:1
	};

	response = await privateApiRequest(variables, 8512995255478472);

    let state = response.data.ixt_xfac_bv_trigger.screen.view_model.content_renderer.serialized_state;
    console.log("Serialized state:", state);

	let uid = require("CurrentUserInitialData").USER_ID;
    variables = {
        input:{
            advertiser_authenticity_email_challenge:{
                email_address:email,
                org_id:orgId,
                serialized_state:state,
                website:""
            },
            actor_id:uid,
            client_mutation_id:"1"
        },
        scale:1}
    console.log("Sending code to email...");
	response = await privateApiRequest(variables, 28796170436648428);
	console.log("Send code to email response:", response);
    state = response.data.ixt_screen_next.view_model.serialized_state;
    console.log("Serialized state:", state);

	let code = prompt("Please enter the code from your email:");
	if (!code) {
		alert("Code is required!");
		return;
	}
    console.log(`Verifying code ${code}...`);
    variables = {
        input:{
            advertiser_authenticity_enter_email_code:{
                check_id:null,
                code:code,
                serialized_state:state
            },
            actor_id:uid,
            client_mutation_id:"2"
        },
        scale:1
    };
	response = await privateApiRequest(variables, 28796170436648428);

	console.log("Verification response:", response);
  alert('All DONE!');
  window.location.reload();
}
await verifyEmail();

Doesn't work nowadays

@dvygolov Do you have a script that modifies the phone to receive SMS messages?

Nope, there isn't such a thing. I've tested that and that's impossible AFAIK.

…

On Thu, Feb 5, 2026 at 6:37 PM Diego Conrado ***@***.***> wrote: ***@***.**** commented on this gist. ------------------------------ @dvygolov <https://github.com/dvygolov> Do you have a script that modifies the phone to receive SMS messages? — Reply to this email directly, view it on GitHub <https://gist.github.com/dvygolov/072ea035f63dda0247329461a3e79eab#gistcomment-5971833> or unsubscribe <https://github.com/notifications/unsubscribe-auth/ACGSGCJFY2BB4S64SZIZOM34KNITDBFKMF2HI4TJMJ2XIZLTSOBKK5TBNR2WLJZTGQYTOOBRHCSG4YLNMWUGCY3UN5ZF62LEQKSXMYLMOVS2I5DSOVS2I3TBNVS3W5DIOJSWCZC7OBQXE5DJMNUXAYLOORPWCY3UNF3GS5DZQKSXMYLMOVS2IZ3JON2KI3TBNVS2W5DIOJSWCZC7OR4XAZNMON2WE2TFMN2F65DZOBS2WR3JON2EG33NNVSW45FGORXXA2LDOOIYFJDUPFYGLJDHNFZXJJLWMFWHKZNJGEZTINZYGEYTMM5HORZGSZ3HMVZKMY3SMVQXIZI> . You are receiving this email because you were mentioned. Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub> .