I accidentally became PureGym’s unofficial Apple Wallet developer
9 days ago
- #API Hacking
- #iOS Development
- #Reverse Engineering
- The author describes their frustration with the PureGym app's slow entry process, taking 47 seconds to generate a QR code.
- They highlight the security contradiction where an 8-year-old static PIN is accepted, but the QR code refreshes every minute.
- Using mitmproxy, they intercept PureGym's API traffic to understand the QR code generation process.
- They discover the API endpoint for QR codes and note its odd refresh behavior.
- The author explores Apple's PassKit framework to create a dynamic Apple Wallet pass for gym access.
- They build a Swift backend using Vapor to handle pass updates and push notifications.
- The solution reduces gym entry time from 47 seconds to just 3 seconds, saving significant time annually.
- They also scrape PureGym's API for gym locations and integrate gym capacity data into their Home Assistant setup.
- The author reflects on the ethical implications and potential ToS violations but justifies the project as a personal solution.
- They conclude by humorously suggesting future enhancements and inviting collaboration from PureGym.