DavidBuchanan314

Unofficial Rabbit R1 APK Changelog

Executive Summary

The APK is stored in the firmware system partition, and gets updated as a side-effect of OTA firmware updates. Thus, a certain OS version implies a particular APK version. The OS version numbers are more compact, so I'll use them to identify APK versions below.

v0.8.50 seems like a pre-prod version that accidentally got shipped on some early devices. Like all future versions, it sends the device's IMEI during account activation.

v0.8.67 is the "launch day" firmware. It sets the OS-Version and App-Version HTTP headers. It also sends the device's IMEI during authentication.

DavidBuchanan314

Zimperium zShield RE Notes

Newer versions of the Rabbit R1's APK are protected by https://www.zimperium.com/zshield/ (I don't know this for certain, somebody told me it is but I haven't really seen any identifying marks in the code yet)

Interesting assets within the APK:

lib/arm64-v8a/liboptipkawfn.so    ~3MB packed/encrypted ELF
assets/optipkawfn/0.odex          only 41 bytes (EDIT: I think this is part of an asset obfuscation scheme, the real file contents are likely elsewhere - inside the .szip maybe?)
assets/optipkawfn.szip ~8MB - I predict containing encrypted+compressed bytecode

DavidBuchanan314

import base64
import time
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import padding
import ctypes

libc = ctypes.CDLL("libc.so.6") # glibc needed

OS_VERSION = "rabbit_OS_v0.8.99_20240606175556"

guedou

// Copyright (C) 2019 Guillaume Valadon <[email protected]>
// This program is published under a GPLv2 license

/*
 * Decompile a function with Ghidra
 *
 * analyzeHeadless . Test.gpr -import $BINARY_NAME -postScript GhidraDecompiler.java $FUNCTION_ADDRESS -deleteProject -noanalysis
 *
*/

freem

/* NOTICE: THIS WAS MADE BACK IN 2017, OF COURSE IT'S NOT GOING TO WORK WELL NOW THAT TWITTER'S FUCKED THINGS UP */
@namespace url(http://www.w3.org/1999/xhtml);

@-moz-document domain("twitter.com") {
  [data-component-context="suggest_recap"],
  [data-component-context="suggest_who_to_follow"],
  [data-component-context="suggest_activity"],
  [data-component-context="suggest_activity_tweet"],
  [data-component-context="suggest_recycled_tweet_inline"],
  [data-component-context="suggest_recycled_tweet"]{

JuanjoSalvador

# Place the content of this script at the bottom of your ~/.bashrc file (or ~/.zshrc if you are using ZSH).
# Please be ensure that your shell doesn't have any alias or plugin with the following names: ai, ar, au, af

# Replace 'apt' with 'aptitude' if you want to use it instead,
$PMG="apt"

update() {
  sudo $PMG update
}

xerpi

Step 1: Compiling or Downloading the toolchain

Step 1.a: If you choose to download a pre-compiled toolchain (only for Linux x86-64)

• Go to https://toolchains.bootlin.com
• Select arch: armv6-eabihf
• Select libc: glibc
• Download bleeding-edge
• Uncompress it (for example to /opt)
• Add the bin/directory of the toolchain to $PATH
• In my case: export PATH=$PATH:/opt/armv6-eabihf--glibc--bleeding-edge-2020.08-1

ngengs

if(window.jQuery){
  //run when window ready
  $(window).ready(function(){
    //detect item click
    $('body').on('click','.item.file>a',function(e){
      var f=$(this);
      // Test the function, print the download/clicked file to console
      console.log("Downloading:"+f.context.href);
      ga('send', 'event', 'File Sharing', 'Download', f.context.href);
    })