GZIP compression / base64 broke

[nerrixde]

The compression of the request is different as done in the App, therefore the Server rejects requests made by the API.

[kangalio]

Is that the reason for this crash?

  File "main.py", line 154, in <module>
    for a in getNews(username, password):
  File "main.py", line 96, in getNews
    doc = getDoc(username, password)
  File "main.py", line 44, in getDoc
    url = getURL(username, password)
  File "main.py", line 93, in getURL
    raise e_android
  File "main.py", line 90, in getURL
    return(myDSB.fetch_entries())
  File "/home/kangalioo/dev/python/Vertretungsplangak_Bot/dsbapi.py", line 50, in fetch_entries
    for page in data["ResultMenuItems"][0]["Childs"]:
IndexError: list index out of range

[nerrixde]

@kangalioo No, it's the result. I'll take a look at the issue again today, but it's definitly because of the request's compression is different and therefore invalid.

[kangalio]

By the way what tool are you using to monitor Network traffic on Android? I'd be interested to help find the compression algorithm currently used. I have tried two HTTP capturing apps already but had problems with them

[jakobhellermann]

Are you sure the compression isn't working? gzip+base64 works fine for us: https://gitlab.com/jjakobh/dsbserver/blob/master/dsbapi/dsbapi/dsb.py#L48.

Try changing the OsVersion to 27 8.1.0, That worked for us.

[nerrixde]

@kangalioo avd + burp As I see they may validate version numers together with the device model, this is new and broke out codebase, thank you for this hint @jjakobh. But the encoded base64+gzip is still different than the one generated by Android, so we have to adjust this too as this might be the next thing which will break. Heinekenmedia broke our API multiple times and they also added the breakpoint in debugger, obfuscated configuration.js, etc.. The request must be exactly the same as the one by the android app, this is the only way to make this project stable... until the next android update (but the last one was 2016 c:)