I have made some progress.
Japan users can authenticate properly with the android's api app key and api secret key.I currently have app key from https sniffing. I am still trying to figure out the proper secret key. The secret key is just appended on the parameter string data before running through a SHA1 hash for request signatures.
I am having trouble decrypting the secret key though.
The app key and secret key are both stored in AES encrypted form in the application. They are both decrypted by the same function
I have been running tests on the app key because I know the encrypted value and decrypted value.
Code:
AES_KEY hex = 684402241a605b496944fd8b4807c6d48523db006b441a688023db02134d2710
encApp hex = 10ebd4c0523a1b8569c40429c22f31047cc4c754609a834f0b98a0250d996b0c9e48580eb99447c8b4c9bfdeefcfc274
decApp string = b50795ef027112acc028 192ad4bb890d31560da7
encSecret hex = 63e2f07c57580d7b14ef3a7493eecc807061bd4af7b733284cd7f2f23b3958be
They bitwise AND each byte with 0xFF before loading the key and data to decrypt.
I believe I have all the code correct to encrypt and decrypt the API app value but it isn't decrypting/encrypting correctly. I think because I am doing the AND transform incorrectly. They did something similar thing to keys in hulu desktop except the did bitwise XOR with 1.
I can share my test files if someone wants to help me out. I am a bit lost on what I am doing wrong. I can also point you to the java classes from the android app that are relevant. thanks.
edit:
it kept converting the decrypted App to a xbmc git commit so i put a space in it.