I had some time today and set up an Android Virtual Device with MITM attack on the https connecion. Installed the Lockly App on there and was able to talk to the Lockly Cloud (and therefore my Lock) and sniff the traffic.
Here’s a stream of calls being the result of me logging in.
Quite different from APIs I havee seen in the past where each call seems to gt passed a “para” which most of the time is a unique seemingly random encoded string.
I’m kind of stuck there. Even the login call doesn’t pass the username / password but sends a bunch of random strings
If there are any experts here who could shed some light on this…