How To: Reverse Engineer Any Private API (iOS/Android and Desktop)

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey what's up guys today i'm just going to be doing a quick video talking about what i learned from reversing the private api for tencent wii game um hopefully it'll give you some insights into reversing whatever private api you're hoping to use so just a quick background so that you can kind of understand what it was that i wanted to get out of this um for the game that i like playing league of legends there are pretty often statistic websites like this op.gg where you can go and look up your teammates or the statistics for whatever character that you're playing so that you can help yourself improve by looking at the data that presents itself from your matches however for the chinese super server they do not offer this functionality publicly they want you to use either their mobile app or their desktop app which is this is like a similar concept to steam uh you can look up people's profiles but of course this data that i want you see here's some games here for from north america this data does exist here they are it's the same concept right uh you can click on this and see some more detailed statistics on what's going on but i wanted to be able to access this data from outside of this client so the way that i did that was by reversing their private api which is undocumented and everything you're not supposed to be plugging into it but of course this application needs to get its data from somewhere and if you can spoof that you're logged in using this application you can get whatever data you could get normally through this so my first thing that i remembered um coming back into this was a video by live overflow which had him reversing the api of a guild wars 2 trading bot um and i remembered him using burp suite and another thing called fiddler maybe those are two different videos but i tried downloading burp suite burp suite didn't work for me it seems like more of a corporate thing but fiddler worked for me and it did everything that i needed for desktop at least so there are two programs that i'm going to recommend to you fiddler fiddler is the uh is a proxy that you can use for intercepting https traffic on your desktop this application is not useful though for proxying mobile applications which i'm going to get into soon too because i couldn't get the data that i wanted out of this i needed to use their mobile app which exposed easier end points for me to plug into so ultimately this was not my savior but it does have a lot of great features it allows you to replay messages that you get to see if uh if you can get the same response back or generate requests and then you can export your output as curl and then import that into something like python so this was quite a useful tool for me even though it didn't ultimately solve my problem and then the second piece of software that i used is something called midim proxy minim proxy will let you intercept traffic on mobile devices so i had my iphone proxied through this https proxy so i could still read any response data that came back even though it was encrypted with https because my uh my phone would accept this as a certificate authority and it would be able to decrypt the data i did have problems with proxying my android phone because there there's a practice called certificate pinning over there where an application will not accept even though your phone trusts the certificate the application doesn't so the pin certificate data i wasn't able to intercept that i'm sure that there's a workaround of some kind but for me i had an easier time intercepting ios traffic than android traffic and now i'm going to give you a quick demo of uh what it's like setting up midim proxy so if you don't know how to find your ip address of your computer that you're on type ipconfig all you should have something a 192 address or a 10.0 address or something because we want to have things connect to this computer we're going to just quickly disable the firewall in general and on or off i'm going to go off off and then it's going to say hey your firewall's off the point of a firewall is to block incoming and outgoing connections to your computer we don't want the firewall to block any incoming connections because we're connecting to port 8080 that minim proxy is opening up uh then once you're all done just go and use recommended settings and then you're back to normal so on your iphone or android just go into your wi-fi settings and select proxy type in the ip address of the computer that you are using for midim proxy and type in port 8080 if you get this black screen while you try to go to midim.it which will detect if you're correctly proxying or not it's probably a firewall setting or something like that then just download the correct certificate for your device for ios you go and you download the profile and install it install again then on iphone there's a similar step on android here you actually have to trust it as a root certificate so just go into about and hit trust as a root certificate then when i open up wii game here you can see the requests start rolling into midim proxy get user session list so here's the cookie data here's the body data of the request so now we're going to rebuild this request inside of fiddler so we copied that cookie data over most of the time the user agent and uh the rest of this is not very important but we do want this body and the correct url to request is this one here and we get a let's look at this in json success we get the same response that we were expecting once you've created a request inside of fiddler or whatever other program you might actually want to just use it in something like python for me that's what i was using for my testing just because it was the easiest right so if you look at this the same sort of thing when you're reversing stuff as well here let's open up useful links when you're reversing things take notes of everything that you recognize too like oh this probably does this you find a useful link add some information about it because there is a lot of things that you're not going to understand and maybe you'll come back across something uh you know the next session that you have of trying to reverse and oh this probably connects back to this or oh what's that link again having a document with all of the links that you've already come across is very very useful especially these are the responses and what things you have to request it with uh this will save you a bunch of time in the future you can also save your captures and come back through them in the future but this is uh this is what i did and this was very helpful to me uh but let's export this and use it as curl because it's it's very easy to convert something from curl to uh python for requests at least so if we just go here export selected session and we go to curlscript next i'm just going to save it to the desktop now we don't really want to make a request with this what i want to do is just copy it to my clipboard curl to python girl command python command and as we can see here uh let's just go new file we'll be able to see the resemblance though this is uh test2.py the key in this one is wrong uh and i also don't think it does the right request in the body where's the body yeah so for me i also needed to because mine included a body request as well like for anyway the way that you would add that you just create the string the same way that you would anywhere else this is the the same body that i was requesting with like i did earlier and then data equals d or whatever you have and then get the response so quickly to demo what i did with my reversing here um here's the tencent wii game website you just log in it adds this pop-up and here's that same profile that we're looking at here we can see even if you don't play the game you'll probably be able to recognize the images here's his most recently played matches we'll have a quick look at this one there's the items that he bought over here so he built these boots he built this and if we just refresh this and then pop this down those those are the same items that he built obviously mine is a million times better than theirs haha i can go and navigate to other people's profiles i can refresh this guy's data check out how his matches went it's way faster um and much more similar to this version i just have a theme on this one i can i could add support for that in the future but i don't know if i'm gonna do that right now uh but there is some information that i'm not able to access within the within their api data that doesn't exist obviously if they don't supply it at all you're not gonna be able to use it they don't use this data in their own stuff though to the the data that i'm talking about in particular is there are these two things here these are your league of legends runes and they do not keep track of that so i am not able to interface with those but uh profile navigation resolving people's account from their username they have a bunch of different area ids i was able to select all of the area ids and reverse those as well uh understanding where the endpoints are for the items so i could make a local copy of all of them i another thing that i'd recommend is keeping requests to a minimum um here's all of the items that they have inside of their database even though these are just like regular hd http traffic requests i think if you can keep your request to a minimum you have a much lesser potential of being uh found out in them changing how something works and making a headache for you so um i just have all of these being streamed in from a different source but they it's a one-to-one match and then if i want to go and scrape them again in the future i have my little python script with uh the end points for where those images are so hopefully i don't have to do that in the future but yeah this is what i came up with with my reversing and i hope that for you guys you can build whatever project it is that you need
Info
Channel: downthecrop
Views: 10,409
Rating: 4.951807 out of 5
Keywords: downthecrop, private, api, hacking, reverse engineering, private api, hacking/reverse engineering a private api, hacking an api, hacking api, reverse engineering api, how to reverse engineer an api, hacking private api, reverse engineer private api, reverse engineering a private api, hacking a private api, chriscodes, hack api, hack private api, reverse engineering private api, reverse engineer, engineer api, python, coding, programming, tutorial, how to, access private api, parse, curl
Id: RchCi6E2hVs
Channel Id: undefined
Length: 11min 47sec (707 seconds)
Published: Fri Jan 01 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.