From: Joann Mõndresku Date: Wed, 15 May 2024 19:00:43 +0000 (+0300) Subject: Clarify few parts in reEgg saga X-Git-Url: https://git.based.quest/%7B%7B%20.RelPermalink%20%7D%7D?a=commitdiff_plain;h=9656149bd586e8d14326c843cc58d80033560fac;p=web-hugo.git Clarify few parts in reEgg saga --- diff --git a/content/posts/reverse-engineering-a-mobile-app-protobuf-api.md b/content/posts/reverse-engineering-a-mobile-app-protobuf-api.md index ce06d43..67c9120 100644 --- a/content/posts/reverse-engineering-a-mobile-app-protobuf-api.md +++ b/content/posts/reverse-engineering-a-mobile-app-protobuf-api.md @@ -100,7 +100,7 @@ certain global values. So we have a potential API endpoint, let's put it to the test. We're not going to recompile anything yet or do any byte-patching, let's try a quick smoke-test. Ensure your phone is rooted and you have a variant of Xposed Framework installed (I used LSPosed). We will need to unarm the SSL pinning present in most apps, including this one, I used [io.github.tehcneko.sslunpinning](https://github.com/Xposed-Modules-Repo/io.github.tehcneko.sslunpinning) module. -(Note: I know it is possible to repackage the app to do SSL unpinning in most cases, but in many cases, you won't know if it's worth the effort yet) +(NOTE: Users without root might want to skip to end of article where I showcase unpinning the app manually) Next, install [AdAway app from F-Droid](https://f-droid.org/packages/org.adaway/) so we can setup a redirection on any network we are on. Inside AdAway, add a redirection rule for the address we just found and point it to an IP address in your LAN that will run the API server. @@ -108,7 +108,8 @@ Inside AdAway, add a redirection rule for the address we just found and point it Generate a self-signed certificate authority and a certificate signed by it and run a webserver with both HTTP and HTTPS on the API server machine. ``` # Create an ext file containing the Subject Alternative Name (SAN) -# DNS.1 should correspond to the API endpoint of the app (more info near end of article if you plan on changing) +# DNS.1 should correspond to the API endpoint of the app. +# NOTE! If you are changing the API endpoint to a public domain, you can just use a public cert, no need for any of this. cat > auxbrain.ext << EOF authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE @@ -612,6 +613,9 @@ cp /path/to/your/apk . python3 apk-rebuild.py egginc.apk --pause ``` +**NOTE!** IF you do not intend to patch the API endpoint and just want to proceed with AdAway redirecting traffic, you can stop here and press ENTER! +Proceed only if you own a domain in your control (that is equal or less in length to www.auxbrain.com) and want to use the app without a VPN/redirection. + Open a new terminal window, the script will wait for us to perform modifications, enter the created folder `egginc.apk-decompiled` and `lib`. We have two folders here now, `arm64-v8a` and `armeabi-v7a`, just as we saw when we pulled the .so file out of the apk earlier. Let's tackle