Open denysvitali opened 8 years ago
Did you try to modify the android app with smali?
A good resource for smali: http://androidcracking.blogspot.de
I think they don't want let us build our own bots 😁
The problem is that, like for Pokémon Go they created a string that has to be sent on every request.
This string is created with the app signature and with a key generated by an arm7 library multi-architecture shared object called libhmac.so
, which is then called by the Java app itself (IIRC there is also a check to ensure that the lib is called from com.tellm.android.app)
I debugged this some time ago. Pretty easy actually.
generate()
function to get the secret for the hash function (No need to reverse it lol)calculateHmac()
functionI ended up with this (This is outdated. It doesn't seem to work for creating new accounts, but still does for re-authenticating old accounts.):
def _sign_request(self, method, url, headers, payload=None):
timestamp = datetime.datetime.utcnow().isoformat()[:-7] + "Z"
req = [method,
urlparse(url).netloc,
"443",
urlparse(url).path,
self.access_token if self.access_token else "",
timestamp]
req.extend(sorted(urlparse(url).query.replace("=", "%").split("&")))
req.append(payload if payload else "")
secret = bytearray([108, 67, 89, 78, 86, 75, 110, 104, 71, 120, 118, 111, 120, 101, 111, 119, 104, 108, 82, 80,
69, 99, 76, 82, 87, 120, 75, 106, 76, 77, 69, 101, 105, 116, 113, 98, 114, 110, 97, 82])
signature = hmac.new(secret, "%".join(req).encode("utf-8"), sha1).hexdigest().upper()
headers['X-Authorization'] = 'HMAC ' + signature
headers['X-Client-Type'] = 'android_4.5.11'
headers['X-Timestamp'] = timestamp
headers['X-Api-Version'] = '0.1'
For making this work again, you probably only need to get the new secret from the generate()
function.
Has anyone had any success in authenticating with Jodel via HMAC? I digged into the Jodel apk and found the following:
generate() is called from a native file (
CC++, libhmac.so) which decompiled leads to the following:I tried to call some functions in it, but I always get segmentation faults (for example one at
0x0000555555554933 in get_generated_key () at main.cpp:75
)