Closed RequestFX closed 2 years ago
Louuke
commented
2 years ago I'm not sure if you're talking about the global McD app, if so: McD has an app that is only valid in Germany, whose API is relatively easy to read. I have used the usual mitm tools
RequestFX
commented
2 years ago I'm not sure if you're talking about the global McD app, if so: McD has an app that is only valid in Germany, whose API is relatively easy to read. I have used the usual mitm tools
I use the Austrian McDonald's app should be the same (com.mcdonalds.mobileapp). This one: https://play.google.com/store/apps/details?id=com.mcdonalds.mobileapp
For me it is no possible to intercept the traffic. When I launch the app it does some checking, I think thats from the google playstore connected with the safetynet or something and it will just show a message that the network connection failed. However I am able to see the network traffic for example when I launch the app and later turn on the proxy. This works until it does some requests with googleapis.com
I would love if you could help me out with this. Could you add me on Discord: RequestFX#1541
Louuke
commented
2 years ago Yup, that's definitely the global McD app. That's the german: https://play.google.com/store/apps/details?id=de.mcdonalds.mcdonaldsinfoapp
I once tried to read the traffic of the global version, but it is much more complicated to get. I think I tried to patch the app first, but it always crashed. I then tried Frida, which also had problems and I was eventually blocked because root was detected. Currently, I'm still dealing a lot with McReverse and McCoupon in my spare time, so I hardly have time to start anything else.
I did not delete anything.
RequestFX
commented
2 years ago Yup, that's definitely the global McD app. That's the german: https://play.google.com/store/apps/details?id=de.mcdonalds.mcdonaldsinfoapp
I once tried to read the traffic of the global version, but it is much more complicated to get. I think I tried to patch the app first, but it always crashed. I then tried Frida, which also had problems and I was eventually blocked because root was detected. Currently, I'm still dealing a lot with McReverse and McCoupon in my spare time, so I hardly have time to start anything else.
I did not delete anything.
Yeah I pass all the rootchecks and safetynet but what I think is happening is that this mcdonalds app uses the googleapi and the googleapi also does some antidebug whatever stuff which is the reason I "cant" see the traffic. I can but googleapi is blocking the app from running. Also I cannot install it as an apk since it will detect its not installed from the playstore. I also tried to intercept the traffic of whatsapp and snapchat but failed. Discord app works fine though
Hey, im interested in how you managed to reverse engineer the McDonald's App. I tried to read the network traffic with HTTP Toolkit but couldnt get passed SSL pinning. Did you take your time to reverse the App or did you find a way to read the App's traffic?