How To: Reverse Engineer Any Private API (iOS/Android and Desktop)

Tencent WeGame Statistics Project! Open Source! github.com/downthecrop/wegame-tencent-china-opgg

Been struggling for so long on doing this, then found out about a thing called "SSL pinning" which apps are using more and more to prevent this MITM attack for API monitoring, so if you're still stuck, look into that.

Worked amazing. So easy. Super helpful video thank you

I LOVED this.
Thank you so much for sharing
ez sub

Speaking of replaying the request, when I was a kid, there was this web-based game that everyone hyped over. There was two kinds of attacks, whereby the first one you'd just typically inspect element/fiddle with its memory addresses with CE the specific value on your client browser, and gold coins - or whichever resource - would max out accordingly, or go raw, and alter it server-side, with surely permanent effects. The underlying principle behind the latter was surely more intricate, but fundamentally I can speculate that - according to the semantics of the later disclosed method - it was based off replaying a precious request. Say you're about to sell a goldmine you've been pouring your time and sweat in for the past week or so, you could defer this action, fire up something like Charles at that era, isolate the game's domain, get the game in a kind of a stale state with no actions of your side, then listen for its requests, conduct the purchase, and you're good to go. Keep replaying the last action over and over nonstop. I even came up with some cursor-movement-repeating-macro kind of apps, that would just keep clicking the replay button. I remember once abusing the clicking till my Win7 cursor just started glitching non-stop, and apparently the server didn't implement a BigDecimal or smh for players' values. ;), thus my game records just overflowed with negative value.

out of all this, i think the image caching was the most pro move.

bro I also listened to this japanese songs playlist on youtube while reversing/programming hahah glad i am not alone

So helpful, great stuff!

Really useful. It's suprising to me that this is not possible on Android without rooting the phone. iOS - in this case - is more developer-friendly.

Amazing! This helped!

I'm telling! That youre da man! Thx G!

Awesome video, thanks

Hey dude when I connected to proxy on my phone I don't get the wifi connection "502" problem. can you help me ?

Anyone managed to do this for Android apps? It forks in Chrome on my phone, but no advancement on any apps (shows I'm not connected to the internet...). Installed the CA certificate as well...

yup SSL pinning is always blocking me xD

splendid video

when using mitmproxy web, the client generates a token key which will expire but I need to grab it from mitmproxy itself. Is there a way to grab it using python?

How to do you protect dll api?

Amazing thank you

what windows version

Can you please tell how to find ip and ip port of any game in ios? For eg pubg

thank you!!!!

How can i do this from a web server programmatically?

So we could still access Pokemon go API?

appguard blocks it on mitmproxy

could you ever make money or get a job in the security field? its so not in demand!

Your voice aaaaa

I have TWC. It's not working for me. You think my provider is blocking it? when I go to mitm.it it shows a black screen. My firewall is off.

👌

I'm having a lot of problem with an apk, they gave me this for work, can someone help me and maybe earn some money?

Is mitm trustworthy? And what’s that workaround for android certificate? Thanks!

hi there....can u help reverse engineer a android apk and devlop the api....i need to use the api to make a bot...let me knw...we can discuss the project and the charges.

nerd also reported

so android is secure 😅😅

I have no fucking Idea what i just watch. 😞