Something Changed about AppStore’s Redeem Protocol

For some reasons, I analyze the redeem protocol again.

Last time I looked into it about 18 months ago, there were two requests after entering code and pressing Redeem button on its landing page.
Code can be found here: /sskaje/code/itunes/auto_redeemer.php
1 Submit an html form to an address like ‘/WebObjects/MZFinance.woa/wo/1.2.3.4’ with the redeem code.
2 If the redeem code is not usable, error message will be displayed; otherwise iTunes would prompt a login dialog to ask your password.
3 After being re-authenticated, a second request would be sent, which performed a real redeem action.

Continue reading “Something Changed about AppStore’s Redeem Protocol” »

Something Changed about AppStore’s Redeem Protocol by @sskaje: https://sskaje.me/2013/10/something-changed-about-appstores-redeem-protocol/