2fa

[noahmaes]

how to trigger the 2fa SMS code?

"data": { "error": { "code": "TWO_FACTOR_AUTHENTICATION_REQUIRED", "message": "User must verify their second factor", "details": {} } },

[MRVDH]

Hi! I haven't worked with the 2fa implementation yet. Maybe someone else can better assist you, or you can try to decompile the app to check the field required for it. I'll leave this open for now in case I take a look at it in the future.

[nielstenboom]

I just checked the network requests you need to do for this and they're as follows (for SMS 2FA):

POST https://storefront-prod.nl.picnicinternational.com/api/15/user/2fa/generate
{
    "channel": "SMS"
}

POST https://storefront-prod.nl.picnicinternational.com/api/15/user/2fa/verify
{
    "otp": "123456"
}

Hope it helps someone 👍

[MRVDH]

Thanks @nielstenboom! Are you using Frida with an ssl pinning bypass to find these requests + body or did you find an easier way? I'm still spending more time than I would like to on setting up an emulator, proxy, frida etc every time. 😄

[nielstenboom]

Thanks @nielstenboom! Are you using Frida with an ssl pinning bypass to find these requests + body or did you find an easier way? I'm still spending more time than I would like to on setting up an emulator, proxy, frida etc every time. 😄

Haha yeah same here, it's quite a bit of work and I actually set out the build a client myself before I found this repo amd figured someone would be helped if I shared the structure of the requests 😄

I did it with:

https://github.com/shroudedcode/apk-mitm https://mitmproxy.org

And then install this APK on my Android phone and listen to the requests 👍

[MRVDH]

Quick update: I'm currently implementing the routes and types for this and planning to release it tomorrow! 😄

[MRVDH]

Added in latest release: https://github.com/MRVDH/picnic-api/releases/tag/v3.1.0