Sören GadeOct 6

This is such a great technical hack because it has a clear use case, straightforward solution and the right „I’ll just do it myself“ attitude. #PureGym #Swift #PassKit

https://drobinin.com/posts/how-i-accidentally-became-puregyms-unofficial-apple-wallet-developer/

How I accidentally became PureGym's unofficial Apple Wallet developer

Tired of fumbling with the PureGym app for 47 seconds every morning, I reverse-engineered their API to build an Apple Wallet pass that gets me in with a quick wrist scan. Along the way, I discovered their bizarre security theatre: QR codes that expire every minute while my ancient 8-digit PIN lives forever.

Vadim Drobinin - Founder & iOS Engineer
GripNewsAug 15, 2025
🌗 我無意間成了 PureGym 的非官方 Apple Wallet 開發者
➤ 一場因 UX 爛透而引發的逆向工程與 Apple Wallet 開發之旅
https://drobinin.com/posts/how-i-accidentally-became-puregyms-unofficial-apple-wallet-developer/
一位 iOS 開發者因每日進出 PureGym 健身房耗時過長,進而展開一連串技術探索。他透過逆向工程找出 PureGym 的 QR Code 驗證機制,並結合 GitHub 上的資訊,最終利用 Apple PassKit 框架,成功建立了一個可整合至 Apple Wallet 的動態通行證,大幅簡化了健身房的入場流程。
+ 這根本是駭客精神的最佳體現!為了省下那幾秒鐘,搞出一個 Apple Wallet pass,太佩服了!
+ 真的好奇 PureGym 的 PIN 碼和 QR Code 安全性為何會有這麼大的落差,這也太離譜
#iOS #Reverse Engineering #Apple Wallet #PassKit #API
How I accidentally became PureGym's unofficial Apple Wallet developer

Tired of fumbling with the PureGym app for 47 seconds every morning, I reverse-engineered their API to build an Apple Wallet pass that gets me in with a quick wrist scan. Along the way, I discovered their bizarre security theatre: QR codes that expire every minute while my ancient 8-digit PIN lives forever.

Vadim Drobinin - Founder & iOS Engineer
drupalthoughtsJul 19, 2023
anyone have recs or experience with services like #Cuseum or #Passkit for setting up digital wallet membership ID cards for #museum or other memberships, incl membership tiers? This would be for #apple wallet and #google wallet. I tend not to trust salespeople working for vendors like these :]
masukomiApr 26, 2023

General FYI re #Apple #PassKit

p12 certificate support has been dropped in OpenSSL 3.0
There are a lot of libraries and docs that talk about using that cert format when signing your .pkpass file. Don't. It won't work and will only bring you pain.

X509 (.cer) plus a PEM file w/ a password is the way forward.

Related: I've wandered into forking & updating the passbook #Ruby gem to work in the modern day. Details to follow when it's ready to release.