## LMApiaryDeviceCrypto I was interested in what would go into writing my own lightweight YouTube Music client. This was my step one. ### Steps to Step 1 With any client, there's a server. To find out how I could write a client, I needed to find out how Google's client communicated with the server. After inspecting a the HTTP traffic, I came to the conclusion there were four things I would need: 0. API key 1. Authorization HTTP header field 2. X-Goog-Device-Auth HTTP header field 3. X-Goog-Visitor-Id HTTP header field The API key was easy to get. YouTube includes it in the standard `GoogleService-Info.plist` (`AIzaSyC4SSoMBxVCNqJJEIuxYZa5WVFqZUurXjc`), and YouTube Music included a few in the binary. A quick `strings` and `grep` turned up five keys: ```txt AIzaSyBmltRCNALB9rnWNIiy5FUd-LpDVvYYbGE AIzaSyAdz24CjJsPc74_a3hV9nxIJSburJjtJe8 AIzaSyDK3iBpDP9nHVTk2qL73FLJICfOC3c51Og AIzaSyA5iahgfY6tRS9bOBoWAcosfzDu69-juHo AIzaSyDDAbQV7WXHydhJm-qArV2aCSKs1reexhk ``` I found this interesting. As far as I could tell, two of these were used in the app. Some of the ones I tested seemed to be registered in a database somewhere, but not fully setup: `YouTube Internal API (InnerTube) has not been used in project 75882956776 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/youtubei.googleapis.com/overview?project=75882956776 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.` With this out of the way, I moved on to the Authorization HTTP header field. It seemed like this was hardcoded as well, however I later found out that was incorrect. Since I didn't know that, I moved onto the device X-Goog-Device-Auth HTTP header field. ### Reverse Engineering `YTApiaryDeviceCrypto` is responsible for "signing" `NSMutableURLRequests` in YouTube clients on iOS. To be able to make my own requests, I would need the functionality of this class too. I decided the best way to do that was reimplement the class. Using [Hopper](https://www.hopperapp.com), [cycript](http://www.cycript.org/), and [MobileSubstrate](http://www.cydiasubstrate.com/), I was able to do this. I ran many tests, and after I was confident my implementation was the same as Google's, I wanted to share, in the hopes that others find it useful. I documented the header to my best abilities with helpful, relevant information.