## The smoke-test
So we have a potential API endpoint, let's put it to the test. We're not going to recompile anything yet or do any byte-patching,
-let's try a quick smoke-test. Ensure your phone is rooted and you have a variant of Xposed Framework installed (I used LSPosed).
+let's try a quick smoke-test.
+
+**UPDATE 15/05/2024: It turns out this old app version uses HTTP only, instead of HTTPS. You will only need to perform the AdAway instruction here.
+As this information is still vastly useful for reverse engineering most apps, I will be leaving this section intact.**
+
+Ensure your phone is rooted and you have a variant of Xposed Framework installed (I used LSPosed).
We will need to unarm the SSL pinning present in most apps, including this one, I used [io.github.tehcneko.sslunpinning](https://github.com/Xposed-Modules-Repo/io.github.tehcneko.sslunpinning) module.
-(Note: I know it is possible to repackage the app to do SSL unpinning in most cases, but in many cases, you won't know if it's worth the effort yet)
+(NOTE: Users without root might want to skip to end of article where I showcase unpinning the app manually)
Next, install [AdAway app from F-Droid](https://f-droid.org/packages/org.adaway/) so we can setup a redirection on any network we are on.
Inside AdAway, add a redirection rule for the address we just found and point it to an IP address in your LAN that will run the API server.
Generate a self-signed certificate authority and a certificate signed by it and run a webserver with both HTTP and HTTPS on the API server machine.
```
# Create an ext file containing the Subject Alternative Name (SAN)
-# DNS.1 should correspond to the API endpoint of the app (more info near end of article if you plan on changing)
+# DNS.1 should correspond to the API endpoint of the app.
+# NOTE! If you are changing the API endpoint to a public domain, you can just use a public cert, no need for any of this.
cat > auxbrain.ext << EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
openssl genrsa -des3 -out myCA.key 2048
openssl req -x509 -new -nodes -key myCA.key -sha256 -days 1825 -out myCA.pem
# Create a CSR and lets have the new CA sign it
+openssl genrsa -out auxbrain.key 2048
openssl req -new -key auxbrain.key -out auxbrain.csr -nodes
openssl x509 -req -in auxbrain.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out auxbrain.crt -days 825 -sha256 -extfile auxbrain.ext
-# You now have myCA.pem - the public certificate of your root CA, auxbrain.key - the private key for your webserver, auxbrain.pem - the public cert for your webserver.
+cat auxbrain.crt myCA.pem > auxbrain.pem
+# You now have:
+# myCA.pem - the public certificate of your root CA
+# auxbrain.key - the private key for your webserver
+# auxbrain.pem - the public cert for your webserver.
```
Use the generated `auxbrain.pem` and `auxbrain.key` files for your webserver SSL/TLS configuration. For nginx, append following values to your server directive:
python3 apk-rebuild.py egginc.apk --pause
```
+**NOTE!** IF you do not intend to patch the API endpoint and just want to proceed with AdAway redirecting traffic, you can stop here and press ENTER!
+Proceed only if you own a domain in your control (that is equal or less in length to www.auxbrain.com) and want to use the app without a VPN/redirection.
+
Open a new terminal window, the script will wait for us to perform modifications, enter the created folder `egginc.apk-decompiled` and `lib`.
We have two folders here now, `arm64-v8a` and `armeabi-v7a`, just as we saw when we pulled the .so file out of the apk earlier. Let's tackle
projects / web-hugo.git / blobdiff