44 lines
1.2 KiB
Python
Executable File
44 lines
1.2 KiB
Python
Executable File
#!/usr/bin/env python3
|
|
|
|
# thanks to github.com/mlaily for the POC
|
|
|
|
import uuid
|
|
import sys
|
|
|
|
import requests
|
|
from Crypto.PublicKey import RSA
|
|
|
|
if len(sys.argv) != 2:
|
|
print(f'usage: {sys.argv[0]} TRICOUNT_ID')
|
|
sys.exit(1)
|
|
tricount_id = sys.argv[1]
|
|
|
|
API_URL = 'https://api.tricount.bunq.com/'
|
|
|
|
## generate random auth BS
|
|
|
|
app_id = str(uuid.uuid4())
|
|
rsa_pk = RSA.generate(2048).public_key().export_key().decode('utf-8')
|
|
|
|
s = requests.Session()
|
|
s.headers['User-Agent'] = 'com.bunq.tricount.android:RELEASE:7.0.7:3174:ANDROID:13:C'
|
|
s.headers['app-id'] = app_id
|
|
# apparently this can be any uuid4
|
|
s.headers['X-Bunq-Client-Request-Id'] = '049bfcdf-6ae4-4cee-af7b-45da31ea85d0'
|
|
|
|
auth_resp = s.post(
|
|
f'{API_URL}v1/session-registry-installation',
|
|
json={'app_installation_uuid': app_id,
|
|
'client_public_key': rsa_pk,
|
|
'device_description': 'Android'})
|
|
|
|
auth_info = {k: v for x in auth_resp.json()['Response'] for (k, v) in x.items()}
|
|
user_id = auth_info['UserPerson']['id']
|
|
|
|
s.headers['X-Bunq-Client-Authentication'] = auth_info['Token']['token']
|
|
|
|
## get the data
|
|
|
|
resp = s.get(f'{API_URL}/v1/user/{user_id}/registry?public_identifier_token={tricount_id}')
|
|
sys.stdout.write(resp.text)
|