MrPowerGamerBR / AminoREAPI

📱 An unofficial (and reversed enginnered!) client library for http://aminoapps.com/
42 stars 10 forks source link

Finish rewriting AminoREAPI #2

Open MrPowerGamerBR opened 6 years ago

MrPowerGamerBR commented 6 years ago

Currently the version on this repo is outdated. (and it is very bad... I made it while I was a beginner in Kotlin)

I'm currently rewriting AminoREAPI for Vespertine (https://vespertine.mrpowergamerbr.com), my unofficial Amino client.

However the rewrite is nowhere near finished, but should be soon up on this repo.

matatodo3000 commented 6 years ago

:relaxed:

moelrobi commented 6 years ago

If you need help, I would like to do it. :)

Your repo is the reason I created a node library for working with the Narvii-API.

MrPowerGamerBR commented 6 years ago

@moelrobi this project (Vespertine + AminoREAPI) is on hold because I got busy with other projects ( https://loritta.website/ ) (and I also got super mad at how Amino doesn't use WebSockets for the chat stuff, even if the app ALREADY USES WebSockets for... guess what? typing status!)

My local version is already miles better than the version on this repo (I created this one when I was a beginner in Kotlin stuff), I want to push it soon:tm: to here. (I also need to fix my Discord Bot's Amino post sync API)

What would be a good idea is to make a API documentation somewhere... hmmmm... 🤔

(So yes, I already cracked how Amino uses the WebSocket stuff with Frida 👍)

Also, before I forget what they are, here is the WebSocket URLs ws1.narvii.com ws2.narvii.com ws3.narvii.com ws4.narvii.com

MrPowerGamerBR commented 6 years ago

owo whats this: https://github.com/MrPowerGamerBR/AminoREAPI/commit/c80c4b3f6dd46ee97230f21b7322aaa6a9a30eee

And here is how to interact with the WebSocket stuff (I didn't add anything that uses WebSockets yet, but I want to keep here how I did interact with the Amino WebSocket stuff)

val signBody = amino.deviceId + "|" + System.currentTimeMillis()
val url = "wss://ws2.narvii.com/?signBody=${URLEncoder.encode(signBody, "UTF-8")}"

val builder = Request.Builder().url(url).header("User-Agent", "Amino Client").header("NDCDEVICEID", amino.deviceId)
builder.header("NDCAUTH", "sid=${amino.sessionId}")

val socket = OkHttpClient().newWebSocket(builder.build(), AminoSocketListener())

val obj = JsonObject()
obj["ndcId"] = "aaa"
obj["topic"] = "shrug"
socket.send(gson.toJson(WsMessage(300, obj)))
MrPowerGamerBR commented 6 years ago

What got me a bit worried is that it seems Amino is going to start signing the packets too NDC-MSG-SIG, it seems not all packets do use the signature (only the packets that doesn't use the NDC-AUTH header) and for now I'm just generating a random UUID for the signature: https://github.com/MrPowerGamerBR/AminoREAPI/blob/master/src/main/java/com/mrpowergamerbr/aminoreapi/Amino.kt#L43

MrPowerGamerBR commented 6 years ago

By the way, if anyone wants to help, here is what I use to do Amino stuff:

  1. IntelliJ IDEA
  2. Packet Capture (if you can stand looking at your phone & fails to decode WebSocket traffic) and Fiddler
  3. Frida (I used it to dump what the app receives/sends with WebSockets, here's the code I used: https://gist.github.com/MrPowerGamerBR/69bd49ed92a517c78ff90493bf3abecc )
  4. Patience
  5. BlameNarvii

MrPowerGamerBR commented 6 years ago

@coffeeboo not yet, I just rewrote (well, refactored it) to be better.

While I did implement new endpoints (and use some of the old endpoints) some of the old ones were removed and some of the old ones were changed to be better suited to Kotlin.

Some nifty features were added too, like MediaType deserialization.

moelrobi commented 6 years ago

@MrPowerGamerBR well but is there any Clue what they are singing the Messages for? Or yet better how they do it? I mean I wouldn't see a reason why they would do that. :thinking:

@coffeeboo i am already creating a Amino libary for interacting with Amino's API via Node. If you want to Helpout i can add you to the project

https://gitlab.robsys.space/Kikai/KikaiFramework

E-Mail Me: moelrobi@gmail.com if you are interested.

MrPowerGamerBR commented 6 years ago

@moelrobi no, I'm not sure why they are signing the requests, wouldn't it be easier if they just switched to HTTPS? 🤔

MrPowerGamerBR commented 6 years ago

I think it would be a good idea to start documenting the Amino API to keep everything nice and tidy, examples:

https://www.schiff.io/projects/humble-bundle-api http://wiki.vg/Protocol https://soupply.github.io/

moelrobi commented 6 years ago

@coffeeboo thier Endpoints resolve after http://service.narvii.com/api/v1

they are using ws and HTTPv.1.0

MrPowerGamerBR commented 6 years ago

@coffeeboo no they don't, but they do support HTTPS, which is... strange, very strange.

mclainj commented 6 years ago

I apologize for the unrelated comment, but I was unsure of where to ask this (not much experience in GitHub). I'm looking to do some natural language processing and analysis on blogs posted within an Amino community. Is there currently a way to access this kind of data? I do not have much experience dealing with APIs, so I'm sorry for the ignorance.

MrPowerGamerBR commented 6 years ago

Yes it is possible to pull posts from a community

Em sex, 6 de jul de 2018 23:13, McLain Johnson notifications@github.com escreveu:

I apologize for the unrelated comment, but I was unsure of where to ask this (not much experience in GitHub). I'm looking to do some natural language processing and analysis on blogs posted within an Amino community. Is there currently a way to access this kind of data? I do not have much experience dealing with APIs, so I'm sorry for the ignorance.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/MrPowerGamerBR/AminoREAPI/issues/2#issuecomment-403181770, or mute the thread https://github.com/notifications/unsubscribe-auth/AJDnJxRgrjfP-DUAkfBw6OAcl7cqDUufks5uEBlPgaJpZM4SVzAa .

mclainj commented 6 years ago

Thanks for the quick response! Is that only possible through AminoREAPI at the moment? I read that an Android device was required, and I'm afraid I lack that.

MrPowerGamerBR commented 6 years ago

There are other APIs too for other languages.

What you will probably need is a device ID, and that you need by dumping the login contents...

However take a look at other issues in this repo, someone posted his device ID there and it works fine for logging in.

Em 6 de jul de 2018 23:19, "McLain Johnson" notifications@github.com escreveu:

Thanks for the quick response! Is that only possible through AminoREAPI at the moment? I read that an Android device was required, and I'm afraid I lack that.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/MrPowerGamerBR/AminoREAPI/issues/2#issuecomment-403182080, or mute the thread https://github.com/notifications/unsubscribe-auth/AJDnJ3CpTE2Tx8Z-pJ841O9dNCqT7zezks5uEBrMgaJpZM4SVzAa .

mclainj commented 6 years ago

Ah okay. I do remember seeing the device ID in that post. Since I do nlp in Python, do you know of a specific API that will work for me? I've not had any luck when researching on the internet.

moelrobi commented 6 years ago

Well Node got Two Libarys, Java / Kotlin One and there is one C# one.

On Sat, Jul 7, 2018, 4:25 AM McLain Johnson notifications@github.com wrote:

Ah okay. I do remember seeing the device ID in that post. Since I do nlp in Python, do you know of a specific API that will work for me? I've not had any luck when researching on the internet.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/MrPowerGamerBR/AminoREAPI/issues/2#issuecomment-403182365, or mute the thread https://github.com/notifications/unsubscribe-auth/AQ0th0yNwD2DBiS7TF5f3h4hqACNKd0vks5uEBwngaJpZM4SVzAa .

MrPowerGamerBR commented 6 years ago

Now this project is on hold, the reason I was reverse engineering the API was to write a unofficial web client for Amino... it was like, my motivation to reverse engineer it...

...but now Amino has an official web client 😭

MrPowerGamerBR commented 5 years ago

Maybe I will continue the project if, one day, I port my Discord bot to Amino... maybe... who knows!

MrPowerGamerBR commented 5 years ago

If you have Android Nougat+, you will need this Magisk module to intercept the connection with Fiddler/Packet Capturer: https://github.com/NVISO-BE/MagiskTrustUserCerts

Requires Magisk, I tested with Amino and it works fine :)

MrPowerGamerBR commented 5 years ago

https://cdn.discordapp.com/attachments/358774895850815488/533083850339909632/Screenshot_20190110-224443.png

Playing around while I'm recoding the API :3

MrPowerGamerBR commented 5 years ago

Looks like Amino now uses WebSockets for message receiving (yay!)

Reverse engineering that is way easier, since Amino Web also uses WebSockets and looking at the WebSocket messages is easy using Chrome (in the network tab -> "WS" -> select the connection -> Messages)

MrPowerGamerBR commented 5 years ago

I decided to push all my old changes to the master branch, it is not ready, but it does work: https://github.com/MrPowerGamerBR/AminoREAPI/commit/866c4f7d01c2f7a32006199cd2d30044665ad86a

MrPowerGamerBR commented 5 years ago

You can now listen for incoming messages via WebSockets.

 val client = AminoClientBuilder()
                .setDeviceId("DeviceID")
                .withCredientials("Email", "Password")
                .connectToWebSocket(true)
                .enableCache(true)
                .addEventListener(MessageListener())
                .connect()
class MessageListener : ListenerAdapter() {
    override suspend fun onMessageReceived(event: MessageReceivedEvent) {
        println("Message received! ${event.message.author.nickname}: ${event.message.content}")
    }
}
MrCreep commented 5 years ago

I still do not understand how to create a bot. Can someone help describe in stages how to do? Sorry for being so stupid: d