voxelost
commented
1 month ago Hey, as far as I remember, I transpiled the source APK to java and went through the code manually as well as decompiled the bundled shared object file to regex search it for endpoint-like strings. Luckily, the foodsi team left full endpoint addresses (e.g no string builders) in the code, so fetching the paths was fairly straightforward. The rest was just sitting there with postman and figuring out the registration & login logic, then with a test account i went through other endpoints I found and rewrote the received responses into typescript models My initial idea was also to setup something like wireshark in front of an android emulator but I had issues with that, would definitely give it an another shot when reverse engineering something else
How did you manage to get that API out of android app?
Was actually trying to intercept adroid app requests somehow but couldnt do that... and yeah, just wondering how did u do that :D