
Reverse Engineered Nintendo Switch App REST API - SamWhited
https://github.com/ZekeSnider/NintendoSwitchRESTAPI
======
bryan_w
I wonder if anyone has reversed the Mario maker 2 API

~~~
realusername
This would be an interesting project, especially to archive levels, who knows
what will be left in a few years of the current levels.

------
Polylactic_acid
Is this your work? I'm wondering, if the app did use cert pinning, how would
you mitm it on your own device?

~~~
Scaevolus
> I reverse-engineered using mitmproxy. It was quite easy as the app does not
> use cert-pinning at all.

If the app used cert-pinning you'd probably do the RE work on android, where
you can more easily install a modified APK with cert pinning disabled.

~~~
lozaning
I've tried various times to get around a cert pinning thing for work, curious
as to what you'd recommend as the best method to go about doing this on
android. RE the APK or some kind of rooted phone based debugery?

~~~
xkcd-sucks
For me, the fastest way involves using apktool to decompile it, then simply
reading the API code. Or insert a log statement, recompile, run on phone w adb
log - requires minimal Android code fluency

~~~
Polylactic_acid
Does this usually work? I just unzipped an apk once and saw it was all
javascript but I assumed other apps would be minified.

~~~
xkcd-sucks
Java/Android is basically gibberish to me as is - Maybe it is obfuscated
sometimes. But strings themselves (API endpoints) have to be present some way
or another.

There is also something called "smali" which is an intermediate representation
- You can edit it following something like
[https://stackoverflow.com/questions/31101740/method-to-
add-a...](https://stackoverflow.com/questions/31101740/method-to-add-a-trace-
in-smali).

Finally, there are occasionally native ARM libs included in the jar - You can
get these with tool "retdec" or just run strings on it to find interesting
stuff

------
happppy
how many tokens are there?

------
guessmyname
> _Visit authorization link in browser. This page is an HTML page which loads
> the auth flow which you would normally see first when logging into the app.
> Follow through the flow by logging in with an account. I currently have no
> idea how this URL is generated. I recommend signing out of the Switch app,
> then sign back in and open the sign flow link in Safari. You can then open
> it on your computer and follow from there._

I was surprised when I read this paragraph because the owner of the repository
is a Full Stack Web Developer at Square. One would expect a web developer at
such an important company to know what OAuth is [1]… but then I saw the last
time the README file was updated was over 3 years ago on Jul 30, 2017. He
joined Square on October 2018 hopefully knowing what OAuth is but forgot to
update the repository.

[1] [https://tools.ietf.org/html/rfc6749](https://tools.ietf.org/html/rfc6749)

~~~
henriquez
OAuth is not even a real standard at this point, at best it’s a concept.
Practically every company is using a different implementation; so even if we
assume that Nintendo is using “OAuth,” it’s not safe to assume anything about
their implementation of it.

