how can you see Bird scooters that are available to charge?

ubahnverleih / WoBike

Documentation of Bike Sharing APIs 🚴🛴🛵

952 stars 131 forks source link

how can you see Bird scooters that are available to charge? #58

Open kenshin088 opened 5 years ago

kenshin088 commented 5 years ago

Results are only showing me birds available to ride, not to charge.

robbi5 commented 5 years ago

There is the same problem we also have with lime: Nobody of the currently active maintainers of this repo has a bird (or lime) charger account. This would be a requirement to reverse engineer the charger api.

Jwillc commented 5 years ago

How do you reverse engineer the API? I have a juicer account. Set up mitmproxy but can't get anything from the Lime app. It's working for other apps though.

robbi5 commented 5 years ago

mitmproxy + frida with objection for disabling the tls pinning

rfaltings commented 4 years ago

Could you explain the process in more detail? I have access to a juicer account and have been trying to reverse engineer the API using mitmproxy + frida with objection. However, I still couldn't get Lime to connect via the proxy.

What I did was:

Used objection to patch the Lime apk
Launched mitmproxy, setup the proxy in my Android Wi-Fi settings, and installed the mitm certificate
Launched the patched apk (paused)
Used objection explore, connects to the phone, unpauses the app
Run android sslpinning disable from objection

After all these steps, the app still refuses to connect. Any help would be very much appreciated.

yoshimo commented 4 years ago

For analysing mobile apps i like HTTPCanary which runs as a local VPN that displays the webtraffic of all or specific apps. To get past pinning instead of FRIDA i prefer https://github.com/Fuzion24/JustTrustMe/ Recent Android Versions need a bit of work to get the Proxy Certificate to a trusted state. I therefore use the magisk modules "always trust user certificates" by Jeroen Beckers (nviso.be) and "Move Certificates" by yochananmargos to make mitm work.

yoshimo commented 4 years ago

@Extreme-Mildness , do the tools mentioned help you?

W1MMER commented 4 years ago

@Extreme-Mildness

Could you explain the process in more detail? I have access to a juicer account and have been trying to reverse engineer the API using mitmproxy + frida with objection. However, I still couldn't get Lime to connect via the proxy.

What I did was:

Used objection to patch the Lime apk

Launched mitmproxy, setup the proxy in my Android Wi-Fi settings, and installed the mitm certificate

Launched the patched apk (paused)

Used objection explore, connects to the phone, unpauses the app

Run android sslpinning disable from objection

After all these steps, the app still refuses to connect. Any help would be very much appreciated.

I use Proxyman. It works like a charm on the Lime app. I would love to know what the endpoints are for the Juicer side to encorporate it into the app that I'm devoloping right now.

watzon commented 4 years ago

I plan on updating the readme once I have a bit more knowledge in this area, but for finding chargeable scooters you need to a) be a charger and b) send a GET request to the bounties endpoint at /bird/bounty with the location header and the latitude, longitude, and radius query parameters.

A sample URL could look like this: https://api.prod.birdapp.com/bird/bounty/?latitude=00.0000&longitude=00.0000&radius=1000