blob: 2150f27503bd2eee5da0cbc8220eb70beb4f375e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
Finding the Ebay Kleinanzeigen Application Password
###################################################
:date: 2019-03-12 23:42
:tags: disassembly,kleinanzeigen,ebay
To use the ebay kleinanzeigen api (e.g. with `ebk-client <https://github.com/tejado/ebk-client/>`_) an application username and an application
password is required.
However there are only two options to get this:
1. send a mail to <pre>api@ebay-kleinanzeigen.de</pre> and never get a response or
2. find the working credentials yourself in applications which must store the
credentials
This blog post describes the second approach, however you will have to to the
steps yourself and maybe even learn something as the "answer" is not stored here.
If you are unwilling to follow the steps, you are probably not worthy to use
the ebay kleinanzeigen api.
Preparation
-----------
To get started you will need to install the following tools:
1. `apktool <https://ibotpeaches.github.io/Apktool/>`_
2. `dex2jar <https://github.com/pxb1988/dex2jar>`_
3. `java decompiler <http://java-decompiler.github.io/>`_
Getting the application
-----------------------
You will have to get the ebay kleinanzeigen apk from somewhere, i chose to
`duckduckgo "ebay kleinanzeigen apk" <https://duckduckgo.com/?q=ebay+kleinanzeigen+apk&ia=web>`_
Download the app and put it in the current working directory.
Unpacking the apk layers
------------------------
I use **apktool** and **dex2jar** to unpack the apk
.. code-block:: bash
apktool d -r -s eBay_Kleinanzeigen.apk
cd eBay_Kleinanzeigen
d2j-dex2jar ./classes.dex --force
Finding the credentials
-----------------------
Once unpacked we simply have to find the credentials somewhere in the code.
At first we open **./classes-dex2jar.jar** with the java disassembler:
.. code-block:: bash
jd-gui ./classes-dex2jar.jar
and now we can use the search to find the loot:
.. image:: /img/jd-gui_search.png
:width: 500px
:alt: jd-gui search window
:target: /img/jd-gui_search.png
|
