Search code examples
androidreverse-engineeringkik

How do I reverse engineer kik's server API from an android emulator?


I have a group chat in kik messenger that has reached over 50 members. I need to automate some things like reputation points based on engagement and also kicking inactive members that don't post anything for XXX days. I've looked at the API reference and it seems that the only way bots can be interacted with in groups is using @mentions. which means we can't add them to groups and they can't monitor the group conversations. I've also come across this but it doesn't seem like it could help.

The current kik bot API gives very limited privileges and does not allow monitoring group messages so I've been thinking of reverse engineering the server API and creating a normal account that acts as a bot and interacts with this API. I've managed to reroute the traffic through fiddler, but I'm not sure where to go from there.

So the question is: Whats the workflow to follow for reverse engineering an API of an app that's running on an android emulator

Thanks in advance


Solution

  • This are general instructions for inspecting network traffic and how to debug interactions with APIs. Use them only for devices/APIs you're allowed to. Be aware of the possible legal implications and seek legal advice beforehand. For example it might be illegal to reverse engineer something in your country.

    Preparations:

    1. Set up a proxy on a computer using a tool like Fiddler, mitmproxy.
    2. Configure your proxy to intercept and decrypt SSL connections. During this process you have to generate a SSL root certificate (instructions for Fiddler and instructions for mitmproxy) and install it on your phone/emulator in order to make them accept any certificates generated by the proxy.
    3. Configure the proxy in the network settings of your phone.

    If the app/device does not support proxies, start an ad-hoc WiFi network on your computer, connect the device to it and use Wireshark (instructions how to decrypt SSL) to capture the entire traffic.

    It seems like you already did this. Now it's time to perform whatever actions you like to inspect/intercept on your phone and watch/record the requests they trigger. This could look like this:

    1. Send message.
    2. Identify the triggered requests and separate them from noise caused by other applications, e.g. by looking at request URLs or target IPs.
    3. Save the triggered requests for future reference and look at the details that might be interesting like user IDs, session tokens, URLs and request parameters. In case you're unsure what's fixed and what's variable, repeat the action (i.e. sending a message) multiple times and compare the requests with each other.

    If you think that you found out what you were looking for try to recreate the session using a tool like curl and check whether the results match your expectations. If not, continue gathering data and try again. Write some automated tests to being able to verify the behaviour in the future.