Open abmantis opened 4 years ago
Preferably do the sniffing using Packet Capture, after allowing it to install a certificate and use a MITM to decrypt the traffic. It works better on old Android versions, in case you have an old phone lying around. Use gist if you'd like help in the analysis.
I was able to decrypt the protocol between the app and the server. But I'm not able to do the same for the protocol between the AC and the server. I don't think it has any direct LAN communication between the app and AC.
Is the communication between the AC and the server run in TLS? Which server is it contacting? I wouldn't be surprised if the AC didn't check the certificate, to avoid issues of expired certificates, so a MITM attack is worth a try.
Yeah, it is using TLS. It contacts the whirlpool server (I don't have the captures here ATM). I haven't tried a fake cert, but you may be right! I'll check it later!
Any tips on how you reverse engineered the protocol? I have an AC from Whirlpool and I've captured some packages but since they're encrypted, I can't see anything.
Any help would be much appreciated :)