The main options:
- check to see if the file is stored locally on the phone, but requires root access.
- check if there is a website to download the data from, but there is not.
- intercept the traffic to capture the data as it is loaded
The third option is the only viable option, and that the run data was stored remotely was indicated by a delay in the app displaying the run data suggesting it was stored remotely.
The steps to take:
- install mitm proxy
- point phone to proxy server
- use the app and analyse the traffic between phone and server
Using the mitmweb tools on the server I can see traffic succesfully, and just how much data is transmitted from my phone to a whole multiude of servers!
Anyway, curiosuly the login request from the app is as follows:
The issue being that I am not sure how the ‘sign=’ is generated and so can only replay messages to the server where I know the full data being sent, and the full HTTP POST details including the value of ‘sign’.
If I could work out how the ‘sign’ is generated, I could make an app in whatever language to login in the future without having to use a proxy.
That being said, I can still replay the request with curl once I have captured it with the proxy.
So on my phone I browse to my running history, select a date and then a particular run. This is downloaded to the phone with the traffic being visible in the proxy.
I can then copy and save the request data JSON into a file, and use the POST request details to replay the request with curl. There is a limited opportunity to do so though as each request is timestamped and faces expiry. Any new request from the app will have a new timestamp, and new sign value.
Alternatively, I can now use the package mitmdump to run a python script which will do the hard work for me, useful when trying to get a whole bunch of run history.
I can even use the python script to decompress the data response into plain text/JSON and then manipulate that into a GPX (XML based) file.
Running from a windows command prompt, I can launch the script and proxy with:
Then, as I’m using the app on my phone, the output directory is filling with GPX files for each run which I can then upload manually to Strava.
Included below is the script; mitm-paiactive.py