Following up after the original meowant post Meowant Litter Box
I used mitm proxy and with some iteration was able to do something simple (turn auto-clean on and off).
Most of the http header fields don’t change (not filling out for privacy reasons):
content-type:
x-ubt-language:
x-ubt-deviceid:
accept:
authorization:
product:
x-ubt-appid:
priority:
accept-language:
accept-encoding:
content-length:
user-agent:
But I discovered that the last field:
x-ubt-sign: fbebd86b34e9f7e3915f01c93d4b2366 1776685892 2HR6c1gLG5 v2
appears to be dynamic per-request. I used mitmproxy to intercept, copied a fresh one into the httpclient I was using to debug, and success! I was able to toggle auto-clean off.
Anyone with more decryption experience than me have an interest in helping me reverse engineer what this field might be doing? Or have any ideas for how to auto-generate the contents of this field?
I’ll come back to this at some point and will post anything I figure out…