![[WIP] Reverse Engineering: ParkMobile](https://www.notion.so/image/https%3A%2F%2Fwww.notion.so%2Fimages%2Fpage-cover%2Fsolid_yellow.png?table=block&id=debb450f-6c93-4391-b587-0dc58af52e00&cache=v2)
Introduction
Similar to many places, RIT offers parking spaces to those who do not have a parking pass for a small hourly fee of $1/hour. The process is simple — register an account, add your personal information, register your license plate, and pay for the amount of time you plan on using the space.
If you plan on using the space for 1 hour, you pay $1. If you plan on using the space for 2 hours, you pay $4. Now, why is this? Shouldn’t you pay $2 for the 2 hours? While 1 hour costs $1, ParkMobile increases the amount due, in relation to the number of hours being used, because it’s inconvenient for a user to extend their rented parking pass every hour on the hour.
Problem
Okay, so what’s the problem? I sometimes wake up late; to make sure I’m not late for class, I park at one of these slots and pay every hour on the hour to save money. Well, this doesn’t play out accordingly all the time. There are certain times when I forget to pay on the hour, resulting in getting a parking ticket from the school’s parking services.
Solution
There are a few ways to solve this problem:
- Wake up early so that I don’t have to park at one of the park mobile slots
- Pay for the number of hours I will be using the slot
- Set an alarm every hour on the hour to remind me to renew the park mobile slot
- Create a bot to renew the slot for every hour on the hour
I think the solution to this problem is simple and obvious — create a bot to renew the parking slot every hour on the hour. This should be fun.
Process
Enjoy this quick/beautiful sketch of the workflow I drew on my iPad. Sorry for the bad handwriting (not really).
I think the steps are self-explanatory, but I’ll briefly explain the goal of each step in the workflow:
- Login: In order to rent a slot, park mobile requires you to create an account. This account will contain all of a user’s information, such as the vehicle, payment information, etc. The script needs to be able to log in using my account to pay for the slot.
- Select Zone Number: Pretty simple, the script needs to select the parking zone where my car is parked at. This will be hardcoded because I won’t be moving my car at any time.
- Specify Duration: This will be hardcoded to 1 hour (the whole point of this script).
- Select Vehicle: My vehicle is already registered to my account and I am assuming park mobile has a distinct id for it. I need to figure out what it is.
- Add Payment Info: This is already registered to my account as well. I am also assuming that a distinct id exists for the payment information.
- Submit: All the previous steps don’t have to be performed by the script. I mean, it could be if I plan on using a browser library, like Mechanical/Beautiful Soup, but my goal is to simply use requests. One request, including all the information above, should get the job done. This request should be invoked automatically as soon as a session is over.
I am building this as I write this, so hopefully, it goes according to plan.
Login
We need to find the endpoint for logging in. This is pretty easy. On the login page, after we press the Sign In button, we need to monitor the requests that are invoked.
Cool, we got our endpoint. This is what our request will look like.
/* Need to fetch a xsrf-token. Can easily be done by fetching the home page. */ const res = fetch("https://app.parkmobile.io/login"); const xsrfToken = res.headers["cookies"]["XSRF-TOKEN"]; const res = fetch("https://app.parkmobile.io/api/login", { body: JSON.stringify({email: "...", password: "..."}), headers: { "content-type": "application/json", "origin": "https://app.parkmobile.io", "referer": "https://app.parkmobile.io/", "sec-fetch-dest": "empty", "sec-fetch-mode": "cors", "sec-fetch-site": "same-origin", "sourceappkey": "ParkmobileWeb", "x-xsrf-token": xsrfToken } });
Testing this using any tool will give us a 200 response. Awesome.
Zone Number
#3012 is the zone number we want to reserve.