diff options
Diffstat (limited to 'content/posts')
-rw-r--r-- | content/posts/kleinanzeigen-api.rst | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/content/posts/kleinanzeigen-api.rst b/content/posts/kleinanzeigen-api.rst new file mode 100644 index 0000000..2150f27 --- /dev/null +++ b/content/posts/kleinanzeigen-api.rst @@ -0,0 +1,64 @@ +Finding the Ebay Kleinanzeigen Application Password +################################################### +:date: 2019-03-12 23:42 +:tags: disassembly,kleinanzeigen,ebay + + +To use the ebay kleinanzeigen api (e.g. with `ebk-client <https://github.com/tejado/ebk-client/>`_) an application username and an application +password is required. +However there are only two options to get this: + +1. send a mail to <pre>api@ebay-kleinanzeigen.de</pre> and never get a response or +2. find the working credentials yourself in applications which must store the + credentials + +This blog post describes the second approach, however you will have to to the +steps yourself and maybe even learn something as the "answer" is not stored here. +If you are unwilling to follow the steps, you are probably not worthy to use +the ebay kleinanzeigen api. + +Preparation +----------- + +To get started you will need to install the following tools: + +1. `apktool <https://ibotpeaches.github.io/Apktool/>`_ +2. `dex2jar <https://github.com/pxb1988/dex2jar>`_ +3. `java decompiler <http://java-decompiler.github.io/>`_ + +Getting the application +----------------------- + +You will have to get the ebay kleinanzeigen apk from somewhere, i chose to +`duckduckgo "ebay kleinanzeigen apk" <https://duckduckgo.com/?q=ebay+kleinanzeigen+apk&ia=web>`_ + +Download the app and put it in the current working directory. + +Unpacking the apk layers +------------------------ + +I use **apktool** and **dex2jar** to unpack the apk + +.. code-block:: bash + + apktool d -r -s eBay_Kleinanzeigen.apk + cd eBay_Kleinanzeigen + d2j-dex2jar ./classes.dex --force + +Finding the credentials +----------------------- + +Once unpacked we simply have to find the credentials somewhere in the code. + +At first we open **./classes-dex2jar.jar** with the java disassembler: + +.. code-block:: bash + + jd-gui ./classes-dex2jar.jar + +and now we can use the search to find the loot: + +.. image:: /img/jd-gui_search.png + :width: 500px + :alt: jd-gui search window + :target: /img/jd-gui_search.png |