-
Well that's irritating - I just tried here with an unflashed Q3 and despite setting up a proxy with a trusted certificate, the app doesn't trust it.
I think you need rooted phone and put certificate to system partition for it to work for android 7 and up. however proxy only for http could work? https://stackoverflow.com/a/22040887 or see https://docs.mitmproxy.org/stable/howto-install-system-trusted-ca-android/
but I guess using device with android <7 may be easier?
-
were you looking in the code for a gnss-aide.com address?
I've used a .dex to .java decompiler and did a full text search in the sources.
But now I think that SMA isn't so unexperienced to allow this:
If I were SMA and wanted to protect my credentials I would authenticate the watch via API, wait for the SMA server to download from gnss-aide.com and provide the AGPS data via API - I think, thats what you observed.
I'm not experienced enough to find the AGPS data in the protocol, so I give up.Maybe someone is able to solder 2 wires to the serial port of the GPS hardware in the Q3 watch and capture the AGPS data from there...
You are reading a single comment by @Gordon and its replies.
Click here to read the full conversation.
fanoush
HilmarSt
@Gordon
Well that's irritating - I just tried here with an unflashed Q3 and despite setting up a proxy with a trusted certificate, the app doesn't trust it.
However when I try to update the AGPS it requests some API at SMA by the look of it, so I doubt it goes direct. Although we may be able to get the GPS data second-hand from SMA's servers.
@HilmarSt were you looking in the code for a gnss-aide.com address? What about if you try and look for some GPS-related API access?