So I've been trying to programatically aquire data from the Splatoon2 service on the Nintendo Switch Online app for a site like splatoon.ink I've succesfully authenticated as a user with my program but I can't seem to make any api calls after that. I'm just gonna share what I've learned so people can maybe use it or help me out documenting the whole service.
One thing that may be at fault is my gathered packets, They're from the app "Packet Capture" on the Play store, it uses a VPN and custom SSL Certificate and some things in the app stop working because of it ("Opening the splatoon 2 service results in an empty page :/"), gonna retry this with my phone rooted and an actually decent sniffer in a bit. Will update the thread if something changes because of it.
I've successfully sniffed 3 HTTPS POST requests the app sends to some service, one logs the user in with a previously aquired token and I've been able to replicate the request in Python3, that requests returns a access_token and an id_token, both which expire after 900 seconds. The second requests is to api.account.nintendo.com/2.0.0/users/me which gets some user related data like mii picture and email address. It requires you to set the Authorization header to "Bearer {access_token}", which I did, however it throws me back an html file with status code 405: Method not allowed (Maybe someone can try this just to see if it isn't me being sleep deprived that is the issue). After this the app is logged in and has the users info. When the Splatoon2 service is clicked another request is send. This request is magical to me, it sends a whole bunch of info to the server including device manufacturer, device name, android version etc etc and some ID's which the app doesn't retrieve at launch (hard coded maybe?), the request is encoded with gzip, all the server returns for me is a json encoded messages saying something along the lines of "1 item receive, 1 item accepted".
If someone wants the snippet of code I made then do tell, I'll upload it to pastebin or something
One thing that may be at fault is my gathered packets, They're from the app "Packet Capture" on the Play store, it uses a VPN and custom SSL Certificate and some things in the app stop working because of it ("Opening the splatoon 2 service results in an empty page :/"), gonna retry this with my phone rooted and an actually decent sniffer in a bit. Will update the thread if something changes because of it.
I've successfully sniffed 3 HTTPS POST requests the app sends to some service, one logs the user in with a previously aquired token and I've been able to replicate the request in Python3, that requests returns a access_token and an id_token, both which expire after 900 seconds. The second requests is to api.account.nintendo.com/2.0.0/users/me which gets some user related data like mii picture and email address. It requires you to set the Authorization header to "Bearer {access_token}", which I did, however it throws me back an html file with status code 405: Method not allowed (Maybe someone can try this just to see if it isn't me being sleep deprived that is the issue). After this the app is logged in and has the users info. When the Splatoon2 service is clicked another request is send. This request is magical to me, it sends a whole bunch of info to the server including device manufacturer, device name, android version etc etc and some ID's which the app doesn't retrieve at launch (hard coded maybe?), the request is encoded with gzip, all the server returns for me is a json encoded messages saying something along the lines of "1 item receive, 1 item accepted".
If someone wants the snippet of code I made then do tell, I'll upload it to pastebin or something