[loktarogar]

In my experience reverse engineering is often the easy bit, or at least easy compared to what follows: maintenance. Knowing both when and how it fails when it fails (eg in cases like when the API stops returning any results but is still otherwise valid). Knowing when the response has changed in a way that is subtle to detect, like they changed the format of a single field, which may still parse correctly but is now interpreted incorrectly.

How do you keep up with the maintenance?

[alanloo]

We feel your pain with maintenance. We have plans to handle this by using LLMs to detect response anomalies.

From our experience, reverse engineering is still less prone to breakage compared to traditional browser automation. But we definitely want to make integrations even more reliable with maintenance features.

[cphoover]

Wouldn't something like snapshot testing from a scheduled probe be more effective and reliable than using an LLM?

Every X hours test the endpoints and validate the types and field names are consistent... If they change then trigger some kind of alerting mechanism to the user.

[alanloo]

if the types and field names change, our parsing script should be able to detect that so it should be covered. I was talking about handling the subtle changes that are undetectable by checking field types and names

[sureglymop]

I word say: it depends. I must've wasted days of my life trying to reverse engineer android apps with pinned certificates. It's crazy how hard it has become to just inspect the traffic on my own device that I bought and own.

[sunbum]

Just setup httptoolkit [0], it just works.

[0] - https://httptoolkit.com/

[franga2000]

I'm gussing you haven't done this a lot? You can't easily add a cert to the system store without rooting, but then you need to bypass root detection. If the app uses cert pinning, you either need to hook it (also detectable) or patch it (error-prone and again, detectable). If the app is Flutter, you'll need to do some binary patching too.

[buildfocus]

If you have root, HTTP Toolkit will handle most of that for you - it can detect root via ADB, install systems certs automatically, and install Frida & intercept individual app targets with most cert pinning disabled (frida scripts it uses are here: https://github.com/httptoolkit/frida-interception-and-unpinn...).

No manual setup or config, just click a button and done.

Avoiding in-depth detection is left as an exercise for the reader, although there are a small set of existing countermeasures in there. In practice, there is definitely a very long tail of further cases of increasing complexity, with diminishing returns on automated solutions, but it turns out in practice you can automate quite a long way down that path and cover most normal cases.

Flutter is the one awkward case here I've found that doesn't fully work. Very interested to see if there are generalizable automated solutions there, or if the recent fork announcements mean the slow death of flutter anyway...

[loktarogar]

Yeah I feel you on that. I wonder if this can deal with those difficult cases? This would be killer if so