Making My Own BML App
2021-05-17 . Written by fishie
>Be Me
its a simple concept. if im bold enough to complain about something i should be willing to do it myself. otherwise there is no reason for me to talk shit about someone elses work. so if i want a smaller and simpler bml app i have to do it myself cause me complaining about it wont change anything
so lets get started
lets look at what needs to be done. i need to make an android app that has the same features or more features as the bml app. only issue is i dont know jack shit about java or kotlin. sure i can read the code and i made a few apps here and there but i know my limits. it would be foolish to jump into a big project like this without having a basic understanding of what im getting into.ok so what now
well im familiar with c# so why not make a c# app for windows first and then make an android app.
the reason im doing this is so that i would first know how to communicate with the bml api and have the basic know how of the structure of the app ill be making. so by the time i finish making windows version ill know exactly what i need to do in kotlin that means i would know exactly what docs to read
so whats the plan
i originally decided to just jump into it and start writing an app. but then i had a better ideawhat if i make a library instead of the app. that way it will be easier for others to use it and it would be easier for me to modify the app in the future.
so i got started
i didnt know much about the API so i went on github and tried to check out others work. i know people who are much more experianced then me has already made apps that works with the bml api before so i checked out a few repos for some examples.only issue is that these were mostly hard to read. not exactly hard to read but hard for me to read. the issue is not with the dev but more with modular programing in general where parts of the code is split into classes and files so its like going through a maze and i was just not in the mood to figure out how to jump through the code. and then i remembered that SAR made a cli client for bml
Bank of Maldives CLI Client Written in bash
now what's so specials about this?
well the way this script works is it just makes curl calls and the entire app is in one script
lets examine the code
cd "$(dirname "${BASH_SOURCE[0]}")">/dev/null 2>&1CONFIG=~/.config/bml-cli/config
CREDENTIALS=~/.config/bml-cli/.credentials
COOKIE=~/.cache/bml-cli/.cookie
this is the first few lines of the code. notice how cookie is maked as a variable. it seems the way this script works is by reusing the same cookie file with the curl call.
DASHBOARD=$(curl -s -b $COOKIE $BML_URL/dashboard)
if we look at a few curl calls we can see it pretty clearly. so lets look at the login code
LOGIN=$(curl -s -c $COOKIE $BML_URL/login \ --data-raw username=$BML_USERNAME_UNSAFE \ --data-raw password=${BML_PASSWORD_UNSAFE} \ | jq -r .code)
the red text is the important things that i noticed. this is my version of the code in c#
var formContent = new FormUrlEncodedContent(new[]
{
new KeyValuePair<string, string>("username", username),
new KeyValuePair<string, string>("password", password),
});
handler.CookieContainer = cookieContainer; // store cookies in the handler
httpClient.DefaultRequestHeaders.UserAgent.ParseAdd("Mozilla/5.0 (Windows NT 10.0; Win64; x64)");
HttpResponseMessage responseMessage = await httpClient.PostAsync(URL, formContent);
it might be a bit hard to read but lemmi highlight it
var formContent = new FormUrlEncodedContent(new[]
{
new KeyValuePair<string, string>("username", username),
new KeyValuePair<string, string>("password", password),
});
handler.CookieContainer = cookieContainer; // store cookies in the handler
httpClient.DefaultRequestHeaders.UserAgent.ParseAdd("Mozilla/5.0 (Windows NT 10.0; Win64; x64)");
HttpResponseMessage responseMessage = await httpClient.PostAsync(URL, formContent);
as you can see im also passing the same strings as well as assigning cookies. the only difference is the useragent code i added. the reason i added this is cause i kept getting blocked and for some reason by adding a useragent to the request sent to the bml api it get to bypass the block. so now that i have a reference for the api and managed to bypass the block what now.
well i just kept adding more stuff
so far i have added
- Login
- Userinfo
- Contacts
- Activities
there is something interesting about the userinfo api or should i say annoying? i dunno.
//ping profile api so userinfo is allowed
//idk why it is like this whoever made the bml api makes it so you have to do this
//so ill just have to work with it
await httpClient.GetAsync(@"bml/api/profile");
//send a get request to bml servers to get userinfo
HttpResponseMessage UserInfoMessage = await httpClient.GetAsync(@"bml/api/userinfo");
string UserInfoJson = await UserInfoMessage.Content.ReadAsStringAsync();
JObject jObject = JObject.Parse(UserInfoJson);
ok so line one you can see me sending a ping to /api/profile
i guess this brings a change to the cookie which makes it so that now you can ping /api/userinfo cause unless you ping profile first you cant ping userinfo so yeah there is that. some wild shit if you ask me
anyways thats my story so far.
in the future ill have to implement more features and stuff. now will i release this?
yes and no.
ill release the library publicly but not the app. mainly cause its a banking app and im making this for myself. and i dont want to encourage anyone to just run random apps where they enter their account detail. but if i make the library public anyone can build their own app since all code is there. they will just have to code the ui and link it to the library. with things like banking apps i dont think you are equiped to run a custom app unless you have the skill to build it. thats my take on that. if you can build it yourself then you dont have the understanding to know what the code does and what happens to your login details so ill leave it at that.