Hey,
ich habe gestern mal damit Angefangen den Netzwerkverkehr der Banking-App https://vivid.money zu Analysieren. Dabei auch ein paar Interessante Sachen gefunden. Bei Verbindungen zu zwei Diensten werden die Daten jedoch als application/octet-stream
, übertragen. Hier ist es mir nicht gelungen herauszufinden wie ich das decoden kann. Das ist auch laut Mozilla der Datentyp für alle sonst nicht definierten (eigenen) Dateiformate…
Daher meine Frage: Hat hier wer Tipps wie ich da rangehen könnte, welche Tools ich eventuell benutzen möchte, …
Was ich Probiert habe:
- BASE64 decoden
- Cyberchef Magic
- Binwalk
Daten:
Hier mal Beispielhaft ein Requests für beide Dienste bei denen ich das Problem habe.
Dabei habe ich die Daten jeweils zusätzlich BASE64 encoded, sonst ließe sich das hier nicht Sinnvoll posten.
Request an group-ib.com
POST /api/fl/logs/ HTTP/1.1
Content-Type: application/octet-stream
Content-Length: 378
User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Android SDK built for x86 Build/QSR1.210802.001)
Host: sb-de-back.group-ib.com
Connection: close
Accept-Encoding: gzip, deflate
CnZjw7xDw5XClcO+w7xow7c9wpXDlS7Dv8Kfw51+w6bCoWlTwrUnw67DrGRywoNjP8KYw447w70K
MsOjd8OHwoh2WcK0KTchworDlMKHw7JwU8KOw7XDtmnCvSkxY0/DtMKmwp/DhzDDkyAzw47DvsKS
Zn4+w7cmwqJyw71xwpzDuMOTwqdYwqbDv8KUw4rCkcOrwokow4gzw5Ulw4PDo8OKLVPDjcKqw4bC
qEJVLcKHXMObw4/Chms2w7HCj3hRwp3Ch8KBwrrDnArDim7DucKMNcOfX3pVRGvCtMOow5ZnXMKK
w4/Cky/DjcKawoPDvXDDhybDtV43V1DCrW3ClMOhe8OhwqzCh8OVwqrDs8OrQ8O/UcKjwroxKjTC
nsO1wqFSesOmwqvDtMO6w6LChsOowpjChMOwR8Ovwq7DmMOswoEgflJrCsKbM8KORMKlwpdKYWDD
jsOYw6M5fMKZw6bCr8KoXHTDhcKqwqViwrNNN1lQwqZlwqLCn8Okw4LCoHYnYXg7CSA3wqnDtcKn
w6TDtiHCly7CuHfDhcOOVMKCw5HCs3JVwrvDk8KUXcKlNAp4wpTDl8O1w5PDlCltwrjDlWHDllzD
qyt6wpU1CcOVKlM1w6RqTSPDncOFw5hTTMKAw5bDoMKUZ0hgwoRLw6QK
Request an appsflyersdk.com
POST /api/v6.12/androidevent?app_id=vivid.money&buildnumber=6.12.4 HTTP/1.1
Content-Type: application/octet-stream
Content-Length: 2648
User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Android SDK built for x86 Build/QSR1.210802.001)
Host: nrhezv-conversions.appsflyersdk.com
Connection: close
Accept-Encoding: gzip, deflate
RMOFw5nDhFLCm8O0Q8KXw5J4CS7CjnHCmsOnwqLDrsOtw7bCm8KQPiBHw5PCrMKZw43DlcOPM8KT
w7PCkj5YwoUow4zCn8Oywp9cwoTCklDCq8KnwqHDr8K2wrosJMKtwp/DtMOfwo7CsSrDisKbV3HD
s0NxS2/DmMKTMMODa2LCicOCwoVrXMKhY8Kdw5ZPw4MqQMOIwrXCp8Kow6DCkT7DkcOywoFAwp/C
pWDCqMOXwpMnVsKOwr7CtcKowpXDrsK2w7/CpMK9wodwRC/Cl8OjCTNMecK1YMKGw67CpsOkw78w
RApwWMKkZMKFwrfDvzdtwrTCm8KdQlXCncKow4PDhDd2NHXDgHjCh0www57DjGdfwrHDgMO4UCFF
YGhzwrzCkMOQw7jDiH3DisKYw7/CusO2wovDqcKEw7PDlHHDq8OmOCHCvsO8WsOCPsOZfcK/fsK5
w4jDgUbDqsO+LsO9WsOpI8KdwoQmRMKGwo5BITbDmjnDjcKOwoY7w5fCoMK/w7fCiMKuw79XcsOe
IMOmRsKKwqAKw7nCjsOANsKDwqV4ScO/dUAibMKtwqvCksOsXkzDkMK8wrAnCsKKwoBKw5BMZMOU
aMKkNyfCpMOZJgrDtcOAw7PDgS1BPW/Ds246wpd3wpbDlTxzelrDkE0rR8OBwobDucK2wqHDlVNS
wpLDk8ORc8KDImp6w47DsW/Cm8OGw4NSSsO7wrvCgcKFdsOWw53CqHnDpsOQw5vDqMORwq5KegrD
hG87wpckwo/CkFYgV1HDgMOCw4rChmLDsjLCo8KWPMOxwoDDr8KkwoRlwoDCt8K/wrx3wrHDrwnC
p8KawqJFPcOqdMOZw78xwq9FMMK7RCLDmUtQQMODc25EwpRMaEfCmUdQdT9Gc8O5U2UwPMOcPFHD
qcOMbmgqwp/CmnBdXS/DtMOUSSfChsOAw60wZ8OqbS/CtnrCgHvChzcrw74zNlRdeyQ3w4s6VD7D
scO2w6t6wpHDhiPCkFwgwqnDt8O7w7J3dcOAw4TDmMORw7o+QlfDsSXCisKiVcOXw5plccOVw5ZL
QHbCpz/DscOld8K2wpxvw6HDk0FtwprCiMOCwqPChMOEw6o4wr1IeMO0wq7Cl8OZeitoW8OYCnZm
worDh25kwp/CplZKwo3DiVrDmDHDvMO/wpzCuktnwqXCtMKIwrHDusOiwp/DuWvDhnzDoWFqSsOy
W8OWJsOcwp1fa8K+w7ZDwq5gwq5RY8Ozwpxbw63CjcOVWHjCu0xaw4IJNMOQQn7DgsKtQcKUL8Kv
w6AgwoJWw79bW8OCwq5Dwq/DlkTDkyJ3w67DsHrCrMKdwpV8w6jDljJ3w4DCj8K8NcKIIsOPw6/C
pcOVOVLCqU7DvMOoworDgMO8ccOKM8KQUcOvw4cKUTZsw4xvw4Ylw5DCtsOjwoXDh3xywrhCX8KJ
wrnCg8OfJ8O7SMKBcz/DhzLDvsOzwpFKw6HDrmvCuMKhwpLDrMKBJcKDwpoKcsOXw5U0w6bDk15i
w5bCrMKgw5bCgEjDoXMgVsOLUcK1w5bDtcKvw7bCncKkOCd8w6NBw6TCosKAwqhSwoNiwqfCjMOu
b8KowrR0ScOmwrzCqF3DqMKbw4wsZ8Kvw5jCqsOFwr7DlcKhJ2fDg8KbwqcuKUF5wrHDvzrDu8KS
wr3CmcOzMCZzM8Oew5nDqMOIKjTDmsOtV8O2WSDDp2dRwprDgMKwwrkicsOQwqYywoVzwoTCkFHC
qkTCtsKtwprCq05gNnchw4NAwoBawrRdw6DDksOSLVtWw5vDvsO4bmfDqwo0d0LCuTp7w6piLcK3
wqM2CijDg8KcNMKGwq/CtgrDksKYw792woXDu8KBwpfDoMOoPcKVNl9BwpvCgXDCjsOYJsOKd8KM
wqnDpsOqYlA2d8O1wpZKwozCj8OJW8O6OV/Cj8KQwr3Dl8OfbMOabcKYT8O2w5UnQ8KHcnpaVMKp
bF/CucORYV58w6fCkGjCmsOMwrbDulZHwodLCsKlwrAgw7gJwoc3w7/Ck0xWw5zCjcKCwp5nworC
pjIhwrfDiXzDpFLClMOuCkDCtHjDi0s3w7DCkzLClcKHXDPCh3ZawqRRYmk+woNAI0wvw5g5w6g7
fShuwrVCw6LDnMOiMcOnaAl4Xk1SIcKJwoMkw6jDt8OswqMJwrXCsnvDtsKmwqU4bsOTwqhiw45d
wozCmlbDmcKYw6dRworChcO/wq7DvcOeacONPsK/w7skwp/Ct37Cn8KPw6NqT8K6KUIsYTnCrkLD
pGI3RsO7w6/DscKGOsOVw5x9W8KIwp3DvsKWQ3BRZmPDuHkkwqFfM1DDim7CtMKvw4nDmF/CgynC
hcOBwrxHw4jDhcOqLsKlwrnCmVHDuHLDtsOmw6zCu8OZbXQgw5LDj8KJw4PDvsOQTsOcwoDDlcKL
w5vClcK5wp1KwqJyw7o1NsKpw5fDikxuwqF4w713U212w6HCv8OSw75Owr9iwpsjwrNqfmTCqcOE
wr/CtMOXw6TDoj/CqH7CoMKawqJUwqw3ccOFw7jDt3xxw4vCiyrCtsKMdjbDosKKwpl5wrcxdE11
acO2XsK1wpnDi8Kqw5EKw7BHaGzCi2tScMObw6klek3Di3clXUnDkzTDj1E9wpbDvVV4wo7Dhwp7
wohKQWNSV1vCoGnDuXEkw5d0w4kkSX1gVsO6wovDqMKZN8K9eFkuwos/w6DCvcKtRSvCqMKbIXY5
cEl3w4HDr8KmN8KvUMKXClLCosKPw7dxwqcybGfCssK4wq3CqMOFw6Y7acOlwp3ChcOpwqjDn8OQ
QUJeW8OZwpQ1b8KiwqXCgW84w4t7w7PCsG8hQMKnw6TCuFIKJsKSw7jDp8KVTVbCucOFWcKlw77C
vMKbw499wqzDocKCwp4wwpVIw5fDg8OawrNBw67CrMOlw67ClMODw7HCu8KBb8OuRSHDtMKLw5/C
t8OfwpLDqsKgw6LDr8KNwpbCjjTDn8O3w4VHVVhYwoXDrQprw7lJKz7DrmbDrMOjYX5aISrDjVvC
tMKTeydJc8Khw4fDg8Ktwq7CjsOZw7ggw7PCg0XDoMOpw5hXTsK3LETColFfdUfCtiZHwqJ8wqXD
oMOAZ3rDkMOMw63DrV90K2PCvSHCg8KLSsKuwpbDv8OZw67Dt8K7w7Imd03DqzRKw6LDpsO5wqrC
mTVhP1YiT3sswpLDkcODw57DjCIuw4bCr8ONZsOLw6Zca8OSw4pUw6nDq8K4wrjCqsKRw5RRwrA7
w7HCosOXwpvCgsOFJ8O/w5fDs0pvUHY5woJTK8K9w5zDscOPJ3nCr8OSKzkmaMKMWsOPwr/CtnAk
R8KkwrM/CsOxw6s2w4tWQMOmXXpewpdcwp/DqcOawovCpF/Ck2h9LcOyPMOGw6tvw6DDicKKw7A1
w4rDvMOcw6JKw43Cn3zCpGrCvMK3c8OqQVBHw5tHeMOuZMOCwofCr8O9JsO+LsO2w6BPwqDCrsOU
L8KGw7PCoVZ6fnLDpXVQw4/DhcOOQznCo8KSw7R5w5kKTcKaw5vCqsKCwpnDrTDDkEPCm8O+wrp7
O0TCgTDDtMOneMK/w4/CqsO9w7TCiQrCvMOYwoTCksKvMT/DnsOyPEDDgMOhw6AjaScxw5/CtHrC
rsO0w7MrwolVNMOLKsOmbsKawqbDmTp1d8Kgb3vCr8OJwpvCq8OjPSBibcKgR0PCgsO9XSXChMKm
w4tCZMOSw4slwrrCkMOZwpjCv3PClcOfw5LDjz1Gw6HDjsOMJ8OJQ8O/w6jDr2PDljLDksOyw7kz
w7FOw7zCnm/CiMOrw6PCuXwiw7JIa8KZw6V6w5lLQcOUw63DgcOMQ15iw7lRwpVHRMOdXsOvw7rD
vMK1wqTDgipaw6nDpsOsKVl8wrPCliczYcO/w7MKXlvDiUrCoELDiCcxwpM/SMKJwo7DvcOYMcOs
wr1cw6jCjTPCscOmw6Rkw6nDhHlxL8Kew4DDrjwzCnlnw4ZZIDHDhMO1w6DChEPDrMOuQsOUwrMK
w7zDisOycynCmyVWLMKhwovCrcKywqhEw57DhjnDm8KGd8KHw5XCosOpwp1Lw6fDscOawrUsRMKg
wpfDjTXCssKfwqgkwpjCssOiP8OUw5Uiwrs5QzfDqMKVwrglwpk5wo7CtsKMw70kw6nDpzbCmsOP
CnlnJMKZU1XCscK/w6DDqsOsw67DuMOqUcK8w6wzR8OtwrJAVSrCn2DCvsKNwr7DqnvCscOXCSXC
mCzCp3DCqcOrw7clw4PDh8KswpFHYMKRw5LDtsOqw7s8wonCr0Znw7DDi8OJw4DClcKjZMKdw75Z
JyjDvMKdOMKKWjx3wqzCv8O3LMK1w6FncMOLw7XDiMOUwp3Co8OHwow6w4k5wrrCi2jDvMK6UMKE
RMKGw7fCqMOuIMOIw6FIXVFUw5JQw6Y2wr7DtMK9OnfCoCtMwoDCh1TDnnrCrGrCocOEfMOgwp7D
t8KXw4nDlDBMwqU5OsKawp7CgMKMUcOEwrVVw6wqwpcjw5lPw4vDlmjCmMKTwo/DqC7ChnnCs1bC
iSzCrsKae8K2WcOtMMK9acKdCsKVYMKiw5FVwr7DlsKjSCVAwr9sKcKYJzEmwrjCtXrDrcKrw57C
iMK3fMOIwrgwacKXZCvCgsKqO23DuMKQwr/DiVRbwrjDjcKdwrxkwq/CnsOzwqPCksOnCsOIw6VS
w5jDpcO6w6PCslfDi8KtwpzDu8Krw6TDm8K5wpHCpG1KQsKuwr1ZwqzCjcOBwqJjw4BVw6fDocOa
w7B+w6XCjU5bwrY6JFfDq8KHwq3CilzDjsKCwqbDjcKQVMKawpt1wrhNw4rDucKDwp7DhMONw49N
LUXClzrCo8K+Z8KkwpTCvXlIJU9ybMKLwqjDs8O1woBFP01YwpJhw6Ftw6NKw4nDssKlwpbCisKW
w7DDsnchwrnDvMKmwqvCj2/DqcOPK2/CrMOrwo/DuMKYO8OITwo=