diff --git a/Documentation/auth/README.md b/Documentation/auth/README.md new file mode 100644 index 0000000..176ba4f --- /dev/null +++ b/Documentation/auth/README.md @@ -0,0 +1,49 @@ +## Auth (with token) + +### Details +**URL** +``` +POST https://android.clients.google.com/auth HTTP/1.1 +``` + +**HEADERS** +``` +device: 320d104c4dc6eaa4 +app: com.google.android.gms +Accept-Encoding: gzip +User-Agent: GoogleAuth/1.4 (A0001 NJH47F); gzip +content-length: 638 +content-type: application/x-www-form-urlencoded +Host: android.clients.google.com +Connection: Keep-Alive +``` + +**URLEncoded query string** +``` +androidId=&lang=en_US&google_play_services_version=11509438&sdk_version=25&device_country=it&request_visible_actions=&client_sig=38918a453d07199354f8b19af05ec6562ced5788&callerSig=38918a453d07199354f8b19af05ec6562ced5788&Email=&service=oauth2%3Ahttps%3A%2F%2Fwww.googleapis.com%2Fauth%2Fplacesserver&app=com.google.android.gms&check_email=1&token_request_options=CAA4AQ%3D%3D&system_partition=1&callerPkg=com.google.android.gms&Token= +``` + +**URLEncoded parsed** +``` +androidId: +lang: en_US +google_play_services_version: 11509438 +sdk_version: 25 +device_country: it +request_visible_actions: +client_sig: 38918a453d07199354f8b19af05ec6562ced5788 +callerSig: 38918a453d07199354f8b19af05ec6562ced5788 +Email: +service: oauth2:https://www.googleapis.com/auth/placesserver +app: com.google.android.gms +check_email: 1 +token_request_options: CAA4AQ== +system_partition: 1 +callerPkg: com.google.android.gms +Token: +``` + +### Notes + +Token in the URLEncoded query is the Master Token, not the Auth Token. +Some info on Master Token [here](https://sbktech.blogspot.it/2014/01/inside-android-play-services-magic.html) diff --git a/Documentation/download/README.md b/Documentation/download/README.md new file mode 100644 index 0000000..8f7d573 --- /dev/null +++ b/Documentation/download/README.md @@ -0,0 +1,36 @@ +## Download ( /fdfe/delivery ) + +### Details + +**URL** +``` +GET https://android.clients.google.com/fdfe/delivery?doc=com.termux.api&ot=1&st=EP6Gwc0FGc3MvN8QbNZBIhcI35bT8qSL1gIQAxABEAQQAhAGEAoYAg%3D%3D&vc=15&fdcf=1&fdcf=2 +``` + +**PARSED GET PARAMETERS** +``` +doc: com.termux.api +ot: 1 +st: EP6Gwc0FGc3MvN8QbNZBIhcI35bT8qSL1gIQAxABEAQQAhAGEAoYAg== +vc: 15 +fdcf: 1 +``` + +**HEADERS** +``` +X-DFE-MCCMNC: 22201 +X-DFE-Device-Id: +X-DFE-Content-Filters: +X-DFE-Network-Type: 4 +X-DFE-Request-Params: timeoutMs=4000 +User-Agent: Android-Finsky/8.1.72.S-all%20%5B6%5D%20%5BPR%5D%20165478484 (api=3,versionCode=80817206,sdk=25,device=A0001,hardware=bacon,product=bacon,platformVersionRelease=7.1.2,model=A0001,buildId=NJH47F,isWideScreen=0,supportedAbis=armeabi-v7a;armeabi) +X-DFE-Client-Id: am-android-oneplus +Authorization: GoogleLogin auth= +Accept-Language: en-US +Host: android.clients.google.com +Connection: Keep-Alive +Accept-Encoding: gzip +``` + +### Notes +Protobuf response is `download-delivery-byte` diff --git a/Documentation/download/download-delivery-byte b/Documentation/download/download-delivery-byte new file mode 100644 index 0000000..0d26e67 Binary files /dev/null and b/Documentation/download/download-delivery-byte differ diff --git a/Documentation/search/README.md b/Documentation/search/README.md new file mode 100644 index 0000000..6dae737 --- /dev/null +++ b/Documentation/search/README.md @@ -0,0 +1,31 @@ +## Search + +### Details +**URL** +``` +GET https://android.clients.google.com/fdfe/search?c=3&q=termux HTTP/1.1 +``` + +**HEADERS** +``` +X-Ad-Id: 70417864-0f86-4451-b5aa-103de27a6af5 +X-DFE-Content-Filters: +X-DFE-Network-Type: 4 +X-DFE-Encoded-Targets: CAESqwGzlYEGDsgF3gTRAkIC2AMCFJIHgAIWjgi1AVhAmQGOA4ICb+kKmAHgAQyGAS9o8gLzAe0BFvsLuAMBAsADjwLDFYUBNS2lCJYStgEBfgegAm2xAgEoAQYo4wvDAtAFqwIB+APWArYDwgHhBf0BjAICU+MGmgGRAZsC0AFMmgPkAuUBKyHOAVIC5QECrwEYAQYBowFLYgGpBYgDhQEBY0o2SqEDggJpYYgDtAMa9gQTAg7OATu1AaABCFoCAwRrN4DTzwKCu7EDAQEDAgQJCAgBAQIIAwEBAgEBAQICAgYBBhQKAQcCAwMEAhABAQHKAQETAwQCDecBfQolAhYFAgEKG3UMMxcBIQoUDwYHIjeEAQ4MFk0JUwV/EREYAQMNfgRfHhQQIwsOcGQEDQ9qowHAAoQBBIQBAgEBfA4ZGDYVARgBCwEoZQICJShzFCehBQYRGg43GBxpjQG0AVnQAR4nCzQmL1vUAWV3CQEK3gF2A30tDAMsZJ4BBIEBdFAfcogBigHMAgUFCc0BBUWgATk4jQIaYDUuzgENcqoBASCLA5IBqAImlwNhrQKEBnbjBfgBXaEBAQ8GAQEChwQEc5YBBlVtAUUB3AUyDnuzAZIBA4YGKxihAQcwASEBBwIgCBIdB6YDOAEaRoQBAfsBQHWnARkiAqMCLBYPvAsDAoABIocBO8kBygG2AQENAyeIAx7bAVKoBIMEqgETKQSLAbIDOhAndFdEOBWjAQGNAfUBGguZAUUMCwgvWwFpGrkBDhEgP3wLuAEhBgIUAb4DFG8TIa4BjgFFBgQCAQECWUKdAmIVBAEUxwESASQLWgoeJQIChAXCAQYjFTISxwFoBSFHEAEBWcsBMU5KkgEW0wGeAQceCDtk6AEGU44CpAHRAZIBC88BegEiTV0HSgQBBLgBDSYIMB0VCwIBed8BLW4DATaWAT0odAwCXztnERRVDSoDCkM/IwfKAgIHXQwCP1Y2bgQM+QICBgcUBREEWCZMAwwUGCRVKlNjHAMGGET/AQwBCwUHBJMBAn8RBx8eTwUqAgsJCw8HFAYECgoWBFoK0wIWMwY +X-DFE-Cookie: +User-Agent: Android-Finsky/8.1.72.S-all%20%5B6%5D%20%5BPR%5D%20165478484 (api=3,versionCode=80817206,sdk=25,device=A0001,hardware=bacon,product=bacon,platformVersionRelease=7.1.2,model=A0001,buildId=NJH47F,isWideScreen=0,supportedAbis=armeabi-v7a;armeabi) +X-DFE-Client-Id: am-android-oneplus +X-Limit-Ad-Tracking-Enabled: false +X-DFE-MCCMNC: 22201 +X-DFE-Device-Id: +X-DFE-Request-Params: timeoutMs=4000 +Accept-Language: en-US +Authorization: GoogleLogin auth= +Host: android.clients.google.com +Connection: Keep-Alive +Accept-Encoding: gzip +``` + +### Notes +Need to investigate `X-DFE-Cookie`. +Protobuf response is `search-response-bytes` diff --git a/Documentation/search/search-response-bytes b/Documentation/search/search-response-bytes new file mode 100644 index 0000000..6242d9a Binary files /dev/null and b/Documentation/search/search-response-bytes differ diff --git a/README.md b/README.md index 968f539..14ca4ff 100644 --- a/README.md +++ b/README.md @@ -10,81 +10,5 @@ This project is released under the BSD license. # API reversing -Here are some example request reversed from LineageOS 14.1 (Android 7.1) with lastest play services (as of 06/09/2017): - -### Search - -**URL:** GET https://android.clients.google.com/fdfe/search?c=4&q=zodiac -``` -X-Ad-Id: -X-DFE-Device-Id: -X-DFE-Content-Filters: -X-DFE-Network-Type: 4 -X-DFE-Request-Params: timeoutMs=4000 -X-DFE-Cookie: -X-DFE-Encoded-Targets: CAESqQGzlYEGDsgF3gTRAkIC2AMCFJIHgAIWjgi1AVhAmQGOA4ICb+kKmAHgAQyGAS9o8gLzAe0BFvsLuAMBAsADjwLDFYUBNS2lCJYStgEBfgegAm2xAgEoAQYo4wvDAtAFqwIB+APWArYDwgHhBf0BjAICU+MGmgGRAZsC0AFM/gXlASshzgFSAuUBAq8BGAEGAaMBS2IBqQWIA4UBAWNKNkqhA4ICaWGIA7QDGv4EEwIOzgE7tQGgAQhaAgMEazeA088CgruxAwEBAwIECQgIAQECCAMBAQIBAQECAgIGAQYUCgEHAgMDBAIQAQEBygEBEwMEAg3nAX0KJQIWBQIBCht1DDMXASEKFA8GByI3hAEODBZNCVMFfxERGAEDDX4EXx4UECMLDnBkBA0PaqMBwAKEAQSEAQIBAXwOGRg2FQEYAQsBKGUCAiUocxQnoQUGERoONxgcaY0BtAFZ0AEeJws0Ji9b1AFldwkBCt4BdgN9LQwDLGSeAQSBAXRQH3KIAYoBzAIFBQnNAQVFoAE5OI0CGmA1Ls4BDXKqAQEgiwOSAagCJpcDYa0ChAZ24wX4AV2hAQEPBgEBAocEBHOWAQZVbQFFAdwFMg57swGSAQOGBisYoQEHMAEhAQcCIAgSHQemAzgBGkaEAQH7AUB1pwEZIgKjAiwWD7wLAwKAASKHATvJAcoBtgEBDQMniAMe2wFSqASDBKoBEykEiwGyAzoQJ3RXRDgVowEBjQH1ARoLmQFFDAsIL1sBaRq5AQ4RX3wLuAEhBgIUAb4DFG8TIa4BjgFFBgQCAQECWUKdAmIVBAEUxwESASQLWgoeJQICBf8EwgEGIxUyEscBaAUhRxABAVnLATFOSpIBFtMBngEHHgg7ZOgBBlOOAqQB0QGSAQvPAXoBIk1dB0oEAQQ6BQcEAgVnDSYIMB0VCwIBed8BLW4DARUFBgcGnwE9KDY+DAJfO2cRFFUNKgMKQz8jB8oCAgddDAI/VjZuBAz5AgIGBxQFEQRYJkwDDBQYJFUqU2McAwYYRP8BDAELBQcEkwECfxEHHx5PBSoCCwkLDwcUBgQKChYEWgrTAhY -User-Agent: Android-Finsky/8.1.72.S-all%20%5B6%5D%20%5BPR%5D%20165478484 (api=3,versionCode=80817206,sdk=25,device=A0001,hardware=bacon,product=bacon,platformVersionRelease=7.1.2,model=A0001,buildId=NJH47F,isWideScreen=0,supportedAbis=armeabi-v7a;armeabi) -X-DFE-Client-Id: am-android-oneplus -X-Limit-Ad-Tracking-Enabled: false -Authorization: GoogleLogin auth= -Accept-Language: en-US -If-None-Match: 1903308838 -Host: android.clients.google.com -Connection: Keep-Alive -Accept-Encoding: gzip -``` - -### Details (single) - -**URL:** GET https://android.clients.google.com/fdfe/details?doc=com.google.android.apps.photos - -``` -X-Ad-Id: -X-DFE-Device-Id: -X-DFE-Content-Filters: -X-DFE-Network-Type: 4 -X-DFE-Request-Params: timeoutMs=4000 -X-DFE-Cookie: -X-DFE-Encoded-Targets: CAESqQGzlYEGDsgF3gTRAkIC2AMCFJIHgAIWjgi1AVhAmQGOA4ICb+kKmAHgAQyGAS9o8gLzAe0BFvsLuAMBAsADjwLDFYUBNS2lCJYStgEBfgegAm2xAgEoAQYo4wvDAtAFqwIB+APWArYDwgHhBf0BjAICU+MGmgGRAZsC0AFM/gXlASshzgFSAuUBAq8BGAEGAaMBS2IBqQWIA4UBAWNKNkqhA4ICaWGIA7QDGv4EEwIOzgE7tQGgAQhaAgMEazeA088CgruxAwEBAwIECQgIAQECCAMBAQIBAQECAgIGAQYUCgEHAgMDBAIQAQEBygEBEwMEAg3nAX0KJQIWBQIBCht1DDMXASEKFA8GByI3hAEODBZNCVMFfxERGAEDDX4EXx4UECMLDnBkBA0PaqMBwAKEAQSEAQIBAXwOGRg2FQEYAQsBKGUCAiUocxQnoQUGERoONxgcaY0BtAFZ0AEeJws0Ji9b1AFldwkBCt4BdgN9LQwDLGSeAQSBAXRQH3KIAYoBzAIFBQnNAQVFoAE5OI0CGmA1Ls4BDXKqAQEgiwOSAagCJpcDYa0ChAZ24wX4AV2hAQEPBgEBAocEBHOWAQZVbQFFAdwFMg57swGSAQOGBisYoQEHMAEhAQcCIAgSHQemAzgBGkaEAQH7AUB1pwEZIgKjAiwWD7wLAwKAASKHATvJAcoBtgEBDQMniAMe2wFSqASDBKoBEykEiwGyAzoQJ3RXRDgVowEBjQH1ARoLmQFFDAsIL1sBaRq5AQ4RX3wLuAEhBgIUAb4DFG8TIa4BjgFFBgQCAQECWUKdAmIVBAEUxwESASQLWgoeJQICBf8EwgEGIxUyEscBaAUhRxABAVnLATFOSpIBFtMBngEHHgg7ZOgBBlOOAqQB0QGSAQvPAXoBIk1dB0oEAQQ6BQcEAgVnDSYIMB0VCwIBed8BLW4DARUFBgcGnwE9KDY+DAJfO2cRFFUNKgMKQz8jB8oCAgddDAI/VjZuBAz5AgIGBxQFEQRYJkwDDBQYJFUqU2McAwYYRP8BDAELBQcEkwECfxEHHx5PBSoCCwkLDwcUBgQKChYEWgrTAhY -User-Agent: Android-Finsky/8.1.72.S-all%20%5B6%5D%20%5BPR%5D%20165478484 (api=3,versionCode=80817206,sdk=25,device=A0001,hardware=bacon,product=bacon,platformVersionRelease=7.1.2,model=A0001,buildId=NJH47F,isWideScreen=0,supportedAbis=armeabi-v7a;armeabi) -X-DFE-Client-Id: am-android-oneplus -X-Limit-Ad-Tracking-Enabled: false -Authorization: GoogleLogin auth= -Accept-Language: en-US -Host: android.clients.google.com -Connection: Keep-Alive -Accept-Encoding: gzip -``` - -### BulkDetails - -**URL:** POST https://android.clients.google.com/fdfe/bulkDetails?au=1 - -``` -X-DFE-Device-Id: -X-DFE-Content-Filters: -X-DFE-Network-Type: 4 -X-DFE-Request-Params: timeoutMs=30000 -X-DFE-Cookie: -X-DFE-Encoded-Targets: CAESqQGzlYEGDsgF3gTRAkIC2AMCFJIHgAIWjgi1AVhAmQGOA4ICb+kKmAHgAQyGAS9o8gLzAe0BFvsLuAMBAsADjwLDFYUBNS2lCJYStgEBfgegAm2xAgEoAQYo4wvDAtAFqwIB+APWArYDwgHhBf0BjAICU+MGmgGRAZsC0AFM/gXlASshzgFSAuUBAq8BGAEGAaMBS2IBqQWIA4UBAWNKNkqhA4ICaWGIA7QDGv4EEwIOzgE7tQGgAQhaAgMEazeA088CgruxAwEBAwIECQgIAQECCAMBAQIBAQECAgIGAQYUCgEHAgMDBAIQAQEBygEBEwMEAg3nAX0KJQIWBQIBCht1DDMXASEKFA8GByI3hAEODBZNCVMFfxERGAEDDX4EXx4UECMLDnBkBA0PaqMBwAKEAQSEAQIBAXwOGRg2FQEYAQsBKGUCAiUocxQnoQUGERoONxgcaY0BtAFZ0AEeJws0Ji9b1AFldwkBCt4BdgN9LQwDLGSeAQSBAXRQH3KIAYoBzAIFBQnNAQVFoAE5OI0CGmA1Ls4BDXKqAQEgiwOSAagCJpcDYa0ChAZ24wX4AV2hAQEPBgEBAocEBHOWAQZVbQFFAdwFMg57swGSAQOGBisYoQEHMAEhAQcCIAgSHQemAzgBGkaEAQH7AUB1pwEZIgKjAiwWD7wLAwKAASKHATvJAcoBtgEBDQMniAMe2wFSqASDBKoBEykEiwGyAzoQJ3RXRDgVowEBjQH1ARoLmQFFDAsIL1sBaRq5AQ4RX3wLuAEhBgIUAb4DFG8TIa4BjgFFBgQCAQECWUKdAmIVBAEUxwESASQLWgoeJQICBf8EwgEGIxUyEscBaAUhRxABAVnLATFOSpIBFtMBngEHHgg7ZOgBBlOOAqQB0QGSAQvPAXoBIk1dB0oEAQQ6BQcEAgVnDSYIMB0VCwIBed8BLW4DARUFBgcGnwE9KDY+DAJfO2cRFFUNKgMKQz8jB8oCAgddDAI/VjZuBAz5AgIGBxQFEQRYJkwDDBQYJFUqU2McAwYYRP8BDAELBQcEkwECfxEHHx5PBSoCCwkLDwcUBgQKChYEWgrTAhY -User-Agent: Android-Finsky/8.1.72.S-all%20%5B6%5D%20%5BPR%5D%20165478484 (api=3,versionCode=80817206,sdk=25,device=A0001,hardware=bacon,product=bacon,platformVersionRelease=7.1.2,model=A0001,buildId=NJH47F,isWideScreen=0,supportedAbis=armeabi-v7a;armeabi) -X-DFE-Client-Id: am-android-oneplus -Authorization: GoogleLogin auth= -Accept-Language: en-US -Content-Type: application/x-protobuf -Content-Length: 345 -Host: android.clients.google.com -Connection: Keep-Alive -Accept-Encoding: gzip -``` - -### Download (with DownloadManager) - -**URL:** GET https://android.clients.google.com/market/download/Download?packageName=com.blizzard.bma&versionCode=37&ssl=1&token=AOTCm0RaA2KnsS7TNkToZHQ-HFvfoFcKVl8cEtfceae9R_D1AM7NUnBmYUQ94qbR7KE_WzE-ujoJ7zjyBPjxFXTycEPO2D3PEcEeEKRnRkT-lQnWBX0zBTVyxl3cl_SHNrsD4mU89DOlhd7MxFyjHXYy8Z0sjCEKoEkxN_sEI1Yc76cRvpfhhsD6Hp41B9qizcCWpYF40XXRVbbO75zsAA7Bx4tdyR-7xG5Fu8tVcTU1m9Apj3QyFrQYDmVCz642avKBW2FaZGup8Eg4ixX3LPGnV2t7sL2-kjFrKsnSg8pZ9McN9bqAwNi2jzuotwsrGPsB_YHeiC-mad44p4h7HrDrDojnclKVAGzvt2dVSpV83w&cf=2&did=0&cpn=mizUmddBG6L0EGEh - -``` -User-Agent: AndroidDownloadManager/7.1.2 (Linux; U; Android 7.1.2; A0001 Build/NJH47F) -Accept-Encoding: identity -Connection: close -Host: android.clients.google.com -``` +Currently I'm trying to reverse a more recent version of the GooglePlay API on LineageOS 14.1 (Android 7.1) using [mitmproxy](https://mitmproxy.org/). +Checkout the Documentation folder for more details on single API endpoints.