Reverse Engineering the Show Box app
October 23, 2018 | 02:42 PM
Bunnbuns
For a while now I have been wondering how the app of Show Box stays afloat and how everything comes together. This page is of my current efforts to reverse engineering the app. As reverse engineering this app is not super easy I am keeping everything I find publicly available. Someday maybe a open source version of the app might be possible. Imagen running a version of Show Box in a browser without an emulator!
One of the first things I did to try reverse engineering the SB app was to inspect the traffic coming out of it. Using a free play store app (Packet Capture) that makes a local vpn to sniff the packets coming out of the app*, I got a few interesting things.
So, here is what I have:
~Note: Most of the links require a user agent string of "Show Box"
In oreder to send the custom user agent, use the browser exstention found here.
The links
This is where the app gets a token (I think): http://m10.sbfunapi.cc/api/serials/config/
This is what the app uses to get the movie/episode id: http://sbfunapi.cc/api/serials/episode_details_s/?h=110&u=1&y=1
This is where the app gets a hash (don't know what for yet): http://sbfunapi.cc/api/serials/mw_sign_s/?token=8fd195318eb916ec
This is where the app gets the video stream urls from, but, I haven't cracked this one yet: http://185.38.13.229/video/64c201b1c9db8bd5/manifest_mp4.json?sign=2d853598351265c9f0786ed092fc1854&expires_at=1540135799
I say this is a good start, but until I don't need the app anymore to get the url streams and moive/season id's, I have more work to do. I want to not have any reliance (except for their api and db) with the SB app. PLEASE, if you have any insight on this topic leave a comment below!
*I don't have a complete understanding of the packet app
Here is a noice site for the timestamp:
http://timestamp.online/
6 Comments
This is the FBI. Stop what you are doing immediately.
Interesting find!
*note* the domain of sbfun.cc is down and is no longer used by the app.
The new app uses the domain of http://sbrapi.cc
You aren't going to believe this new tech that creates interactive vidoes - no one else has this :-) Interactive & Immersive Experience Tailor the presentation to the customer's journey, maintaining engagement with interactive elements. AI-Driven Customization It adapts the presentation in real-time to viewer responses, preferences, and location, enhancing relevance and personalization. Personalization Incorporate the viewer's name to triple engagement and build trust. Geolocation Features Automatically update presentations with local information, saving time on manual edits. Interactive Calculations Provide viewers with personalized calculations of potential savings or earnings, informing follow-up discussions. Notifications & Follow-ups Automated alerts keep track of viewer engagement, ensuring timely follow-ups. https://cutt.ly/ywTvrzLV Analytics Access to creation, engagement, and conversion data helps refine presentation strategies. Live Data Presentations stay current with live updates, maintaining credibility and focus. Scheduling Integration Viewers can easily schedule calls during the presentation, streamlining the connection process. Direct Purchase Links Simplify the buying process with direct links, allowing immediate purchases. Video Content Embed videos to keep viewers on the presentation, providing detailed information seamlessly. AI Script Assistance Generate presentation scripts from a questionnaire to quickly create compelling content. https://cutt.ly/ywTvrzLV
Test