Hi,
I want to reverse engineer api of an Android app to make a custom client that works on linux. I have good understanding of Linux, Networking and coding.
Where should I start? Is it too hard?
You can use an APK decompiler to get to the source code of the app. There is probably some logic for building and decoding API messages in there.
Interested to hear answers for this one… maybe MITM yourself and capture packets to see whats being sent?
Yeah, that’s where I’d start. I have no idea how easy it would be to make heads or tails of it. I guess best case it’s all plaintext JSON.
Hardest part will probably be getting around encryption. At least when I tried something like this in the past, just installing a system wide self-signed root cert was not enough as the acceptable certificate was embedded in the app and it didn’t use the system certificate store.
