FireBase (Google)
FireBase is a Google service which provides database access via an API.
FireBase is a Google service which provides database access via an API. There are subcategories of services that are integrated with FireBase such as FireBase Messages. A lot of iOS apps use this service and store sensitive information, such as API keys and URLs in plist files usually named GoogleService-Info.plist or similar.
1
Richards-iPad:/var/containers/Bundle/Application root# find . -iname "Google*.plist"
2
./40D41454-C236-4788-B31E-D50C4A5A7625/NewDay.app/GoogleService-Info.plist
3
./90413EA2-23BE-4813-8DEC-1D435253CC3D/Anywhere.app/GoogleService-Info.plist
4
./6AB7C202-E61D-4426-A9F3-974CB06D04AA/OneTalk.app/GoogleService-Info.plist
5
./B49DE46C-19E8-43EE-B507-5616E8E519F5/Dominos.app/GoogleService-Info.plist
6
./927CDE80-4F16-49FB-8F79-6DFD9FC15EFE/HomeRunHKNews.app/GoogleService-Info.plist
7
./EAFF5668-10E4-450A-B066-CD6C0AAAF2DA/App.app/GoogleService-Info.plist
8
./AD6BD99D-5814-4E98-BBF7-6C4C812E1E2F/Giggle.app/GoogleService-Info.plist
9
./F8EAC32F-16E2-4998-A881-7FAF0852A911/RollyLegs.app/GoogleService-Info.plist
10
./5A63614C-56DD-4C97-8173-DBBA7758BDCB/KFC.app/GoogleService-Info-release.plist
11
<snipped>
Copied!
It is possible to test the FireBase Messaging API with the following curl command replacing the API key with the one found in the plist.
Requires a custom token, and an API key.
Obtain ID token and refresh token from custom token and API key:
1
curl -s -XPOST -H 'content-type: application/json' -d '{"token":":custom_token","returnSecureToken":True}' 'https://identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=:api_key'
Copied!
Exchange ID token for auth token:
1
curl -s -XPOST -H 'content-type: application/json' -d '{"idToken":":id_token"}'
2
https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyCustomToken?key=:api_key
3
'
Copied!
Credit for the curl request goes to KeyHacks by Streaak (https://github.com/streaak/keyhacks)
Copy link