Open kenshin088 opened 5 years ago
There is the same problem we also have with lime: Nobody of the currently active maintainers of this repo has a bird (or lime) charger account. This would be a requirement to reverse engineer the charger api.
How do you reverse engineer the API? I have a juicer account. Set up mitmproxy but can't get anything from the Lime app. It's working for other apps though.
Could you explain the process in more detail? I have access to a juicer account and have been trying to reverse engineer the API using mitmproxy + frida with objection. However, I still couldn't get Lime to connect via the proxy.
What I did was:
After all these steps, the app still refuses to connect. Any help would be very much appreciated.
For analysing mobile apps i like HTTPCanary which runs as a local VPN that displays the webtraffic of all or specific apps. To get past pinning instead of FRIDA i prefer https://github.com/Fuzion24/JustTrustMe/ Recent Android Versions need a bit of work to get the Proxy Certificate to a trusted state. I therefore use the magisk modules "always trust user certificates" by Jeroen Beckers (nviso.be) and "Move Certificates" by yochananmargos to make mitm work.
@Extreme-Mildness , do the tools mentioned help you?
@Extreme-Mildness
Could you explain the process in more detail? I have access to a juicer account and have been trying to reverse engineer the API using mitmproxy + frida with objection. However, I still couldn't get Lime to connect via the proxy.
What I did was:
- Used objection to patch the Lime apk
- Launched mitmproxy, setup the proxy in my Android Wi-Fi settings, and installed the mitm certificate
- Launched the patched apk (paused)
- Used objection explore, connects to the phone, unpauses the app
- Run android sslpinning disable from objection
After all these steps, the app still refuses to connect. Any help would be very much appreciated.
I use Proxyman. It works like a charm on the Lime app. I would love to know what the endpoints are for the Juicer side to encorporate it into the app that I'm devoloping right now.
I plan on updating the readme once I have a bit more knowledge in this area, but for finding chargeable scooters you need to a) be a charger and b) send a GET request to the bounties endpoint at /bird/bounty
with the location header and the latitude, longitude, and radius query parameters.
A sample URL could look like this: https://api.prod.birdapp.com/bird/bounty/?latitude=00.0000&longitude=00.0000&radius=1000
Results are only showing me birds available to ride, not to charge.