SCO

Smart App
Reverse Engineering


Analysis:
This app was encrypted with proguards so wasn’t able to get the full code of the app
but I got all the required information.

To API Trying to Connect:
This app provide of all these features shown in screenshot.
Link: https://mobileapp.sco.gov.pk:7500

This app is trying to connect to a API url which is “HTTPS + HOST_PORT +
SERVER_CONTEXT”
So the link becomes: https://mobileapp.sco.gov.pk:7500/api/services
And RequestApi for signup would be like:
https://mobileapp.sco.gov.pk:7500/api/services/auth/v1/signup

Above screenshot showing all the API requests.
Customer calls for API:
Here are the calls that a customer can perform:

Register Activity:
User can signup using:
https://mobileapp.sco.gov.pk:7500/api/services/auth/v1/signup
And here is code for signup:

Login Activity:
The login link will become:
https://mobileapp.sco.gov.pk:7500/api/services//auth/v1/login/subs
with addition of API call from User.

Code:


TOP-UP Activity:

This activity is used for top-up your account balance.

Code:

I was wondering in this activity if it’s a online procedure to recharge your account
using online payments so we can somehow bypass this online procedure and get
topup, but this activity only allows you to scan a QR code or type scratch card
number and the request goes to server for validation as can be seen in code.
My Profile Activity:
This activity is shows sidebar options, which include profile related entities.



















Settings Activity:
And here is a sneak peak to settings activity.






















Conclusion:
Successfully Decompiled APK of SCO Smart App available of Play Store and got full
code from this APK. I decompile the whole code and I got the desired results from
the APK.
There was no activity related to call history of user or related, in this app.
Link of app:
https://play.google.com/store/apps/details?id=mm.com.pakistan.new