#!/usr/bin/env python3

# thanks to github.com/mlaily for the POC

import uuid
import sys

import requests
from Crypto.PublicKey import RSA

if len(sys.argv) != 2:
    print(f'usage: {sys.argv[0]} TRICOUNT_ID')
    sys.exit(1)
tricount_id = sys.argv[1]

API_URL = 'https://api.tricount.bunq.com/'

## generate random auth BS

app_id = str(uuid.uuid4())
rsa_pk = RSA.generate(2048).public_key().export_key().decode('utf-8')

s = requests.Session()
s.headers['User-Agent'] = 'com.bunq.tricount.android:RELEASE:7.0.7:3174:ANDROID:13:C'
s.headers['app-id'] = app_id
# apparently this can be any uuid4
s.headers['X-Bunq-Client-Request-Id'] = '049bfcdf-6ae4-4cee-af7b-45da31ea85d0'

auth_resp = s.post(
        f'{API_URL}v1/session-registry-installation',
        json={'app_installation_uuid': app_id,
              'client_public_key': rsa_pk,
              'device_description': 'Android'})

auth_info = {k: v for x in auth_resp.json()['Response'] for (k, v) in x.items()}
user_id = auth_info['UserPerson']['id']

s.headers['X-Bunq-Client-Authentication'] = auth_info['Token']['token']

## get the data

resp = s.get(f'{API_URL}/v1/user/{user_id}/registry?public_identifier_token={tricount_id}')
sys.stdout.write(resp.text)