search

bmartin5692 / bumper

A standalone and self-hosted implementation of the central server used by Ecovacs vacuum robots.
GNU General Public License v3.0
273 stars 48 forks source link

[Doku enhancement] Trust certificate on android 9 pie #87

Open geniwes opened 4 years ago

geniwes commented 4 years ago

Hello ladies and gentlemen, english is not my mother tongue, I hope you understand it anyway.

With none of the instructions in www, I managed to make the file system writable on Android 9 Pie (Samsung J6), so I'm not able to put certificates to the system store.

The only thing that helped me was patching the Ecovacs Home app. I did it in Kali Linux and I don't know if this works in Windows.

  1. Download Ecovacs Home App to PC. E.g. https://addons.mozilla.org/de/firefox/addon/apkgk-downloader/

  2. If not present get a Java JDK >= 8 (bin/jarsigner is needed; e.g. https://openjdk.java.net/ )

  3. Clone https://github.com/levyitay/AddSecurityExceptionAndroid

  4. The script addSecurityExceptions.sh is unusable because there are errors in the file AndroidManifest.xml : Line 19 and line line 26 contains illegal spaces. So I run the commands manually (with the apk in the same dir as apktool.jar).

    mkdir ~/.android
keytool -genkey -v -keystore ~/.android/debug.keystore -storepass android -alias androiddebugkey -keypass android -keyalg RSA -keysize 2048 -validity 10000
java -jar "apktool.jar" d -f -o /tmp/ecohome "com-eco-global-app1572580800.apk"
cp "network_security_config.xml" /tmp/ecohome/res/xml/.
# do the next line only once!
sed -E "s/(<application.*)(>)/\1 android\:networkSecurityConfig=\"@xml\/network_security_config\" \2 /" /tmp/ecohome/AndroidManifest.xml > /tmp/ecohome/AndroidManifest.xml.new
mv /tmp/ecohome/AndroidManifest.xml.new /tmp/ecohome/AndroidManifest.xml
vim /tmp/ecohome/AndroidManifest.xml
# kill the space in "org.simalliance.openmobileap i.SMARTCARD" (actually two lines 19 and 26)
java -jar "apktool.jar" empty-framework-dir --force /tmp/ecohome
java -jar "apktool.jar" b -o ./ecohome.apk /tmp/ecohome
<pathtoJDK/bin/>jarsigner -verbose -keystore ~/.android/debug.keystore -storepass android -keypass android ./ecohome.apk androiddebugkey

  5. upload ecohome.apk to smartphone, deinstall the original app, install the patched one manually and be happy.

I have to admit that I haven't tried Bumper yet (still to come). I used this procedure for mitmproxy and that's why I came across this project. But I believe that this procedure could also be necessary for the Bumper-CA.

m8schmit commented 2 years ago

More than a year after, I tried this, because I don't want to root my phone, almost the same command lines, I just added sed -i 's/org.simalliance.openmobileap i.SMARTCARD/org.simalliance.openmobileapi.SMARTCARD/g' "$tmpDir/AndroidManifest.xml" In the script here: https://github.com/levyitay/AddSecurityExceptionAndroid.

But once installed the application don't work and turns off after being stuck for a few seconds on the main page. :-(

m8schmit commented 2 years ago

Ok it seem to be an error with Alibaba Cloud API: com.alibaba.cloudapi.sdk.exception.SdkException: app key or app secret must be initialed

https://help.aliyun.com/document_detail/143857.htm?spm=a2c4g.11186623.0.0.34ed755cCxvcwv#task-2334004

shawly commented 2 years ago

I can confirm that it worked with my DEEBOT 2017 app, though I did the steps manually like described here https://book.hacktricks.xyz/mobile-apps-pentesting/android-app-pentesting/make-apk-accept-ca-certificate