Open abmantis opened 4 years ago
deiger
commented
4 years ago Preferably do the sniffing using Packet Capture, after allowing it to install a certificate and use a MITM to decrypt the traffic. It works better on old Android versions, in case you have an old phone lying around. Use gist if you'd like help in the analysis.
abmantis
commented
4 years ago I was able to decrypt the protocol between the app and the server. But I'm not able to do the same for the protocol between the AC and the server. I don't think it has any direct LAN communication between the app and AC.
deiger
commented
4 years ago Is the communication between the AC and the server run in TLS? Which server is it contacting? I wouldn't be surprised if the AC didn't check the certificate, to avoid issues of expired certificates, so a MITM attack is worth a try.
abmantis
commented
4 years ago Yeah, it is using TLS. It contacts the whirlpool server (I don't have the captures here ATM). I haven't tried a fake cert, but you may be right! I'll check it later!
Any tips on how you reverse engineered the protocol? I have an AC from Whirlpool and I've captured some packages but since they're encrypted, I can't see anything.
Any help would be much appreciated :)