Reverse engineering Lyft Bikes for fun (and profit?)

10 pointsposted 4 hours ago
by ibigio
(ilanbigio.com)

3 Comments

sampton

a few seconds ago

You never know with corporations. Consequences range from "federal pound-in-the-ass prison" or "here is $500".

ibigio

4 hours ago

Howdy.

Back in 2019 I reverse engineered the lyft bikes api to unlock them from my bed. It's one of my favorite stories, and after telling it dozens of times I finally decided to write it up in its full technical glory.

I used to love learning about security through blog posts/writeups, so I tried to include as much detail as possible. Let me know if you like this style!

spydum

3 minutes ago

Believe it or not, straight to jail! Just kidding, great writeup. I know it's not groundbreaking, but does surprise me how many products don't bother with rate limiting controls.