Hi,

I want to reverse engineer api of an Android app to make a custom client that works on linux. I have good understanding of Linux, Networking and coding.

Where should I start? Is it too hard?

  • cm0002@lemmy.world
    link
    fedilink
    arrow-up
    35
    ·
    11 months ago

    First, if you don’t have a rootable Android phone, you need to get one. An API is an API for the most part, so any cheap throwaway phone will probably work as long as it is sufficient to run the app and rootable

    Basically: you need to MITM yourself (Or at least your phone), you’re going to need to generate a SSL certificate and install it to your phone and “pin” it (Basically, make your phone use it for everything, the end all be all certificate.) Then route your phones connection through a proxy that will capture the traffic and then decrypt it using the same cert. Don’t forget to do stuff on the target app, I would start it fresh to capture any authentication stuffs.

    There’s an app that can do it all on the device (save for the decryption and parsing, you have to export the capture and cert to a computer for that) called Draeneg iirc