I never really used to drink Starbucks. “It’s too expensive!” I’d say while angrily waggling my aeropress in the air. “It’s all sugar! Not worth it!”
Then they came out with their damned mobile ordering app and suddenly I’m throwing fistfuls of cash at them. It’s just. too. convenient.
Hacker Ryan Pickren took the idea one step further: he built a physical button that orders his favorite Starbucks drink with one press as he’s heading out the door.
The button itself is an Amazon IoT button — the generic, hacker-friendly version of the branded Dash buttons they pre-configure to sell you things like laundry detergent and cat food.
When he taps his button, it fires off a Python script that sends the same signal the Starbucks app would when sends out an order. On Starbucks’ side, it just looks like any old order that would’ve come through via the app.
Getting all of that to work, though, is where things got fun. I’d recommend checking out Ryan’s full breakdown here. From ripping out cryptographic keys to batting away security measures like SSL certificate pinning, it’s a great look into how quickly an undocumented API can be torn apart and frankensteined into something totally new.