search

lukas-clarke / pyEight

This is python code to interact with Eight Sleeps new OAuth2 API
Apache License 2.0
15 stars 1 forks source link

client_id and client_secret #1

Open kylemurray2 opened 1 year ago

kylemurray2 commented 1 year ago

Thanks for making this code available! How do you find the client_id and client_secret in the decompiled app?

lukas-clarke commented 1 year ago

I'm actually not sure where it is since I didn't use that method to find the client_id and client_secret. Someone else did here: https://www.reddit.com/r/homeassistant/s/Ot4YT4Phg9

I used PCAPDroid and an Android Studio virtual device to setup a mitm CA, and was able to pull the data from unencrypted API calls.

kylemurray2 commented 1 year ago

I tried the mitm but I ran into an issue with eightsleep not trusting the certificate. Did you run into this? Did you have to make your virtual device rooted and use something like justTrustMe/Xposed?

lukas-clarke commented 1 year ago

Android had made it a lot harder to install your own trusted CAs in the past few versions of Android. Here are the notes I took on the process I did:

- Open pcapdroid and install PCAPDroid mitm
- download and install rootAVD https://github.com/newbit1/video-files/blob/master/rootAVD_Windows.gif 
    ○ 2 ways to root an AVD (android studio); Magisk (rootAVD) and SuperSU
- Should auto install magisk
- Run the avd root install steps then open a cmd in ..\rootavd\rootAVD
- Install the mitm cert (mitmproxy-ca-cert.cert)
- https://emanuele-f.github.io/PCAPdroid/tls_decryption the MagiskTrustUserCerts module, and then install the hashed certificate (replace mitmproxy-ca-cert.cer with the PCAPdroid certificate name) as a system certificate.   
- Run the app and capture date in pcapdroid.
kylemurray2 commented 1 year ago

Thanks, I think I have the decrypted data working. I'm struggling to find the actual client_secret/id. in the output. How did you search for that from the pcapdroid output?

lukas-clarke commented 1 year ago

It's in the POST request from the app to auth-api.8slp.net. Make sure you are capturing traffic during login from the app.

How were the instruction steps? Easy to follow?

kylemurray2 commented 1 year ago

Ah okay, I didn't consider you needed to capture the actual login process.
The instructions definitely helped, but I hadn't done a mitm interception so there was a bit of a learning curve.. I got it working though and made a simple JavaScript version for an app https://github.com/kylemurray2/eightJS