search

ihciah / miaomiaoji-tool

A python tool to control MiaoMiaoJi / Paperang / 喵喵机
https://www.ihcblog.com/miaomiaoji/
MIT License
157 stars 52 forks source link

Reverse engineering for Paperang P2 ? #4

Open matthieusalvat opened 5 years ago

matthieusalvat commented 5 years ago

Hello,

Can you explain how you did the reverse engineering for Paperang P1 ?

I bought a Paperang P2 and with your program I can only display one black line (with the 300 black lines example) . I think it's just due to a small difference in the settings.

Thanks.

ihciah commented 5 years ago

I break the 360加固 first. It is like a shell outside the apk, which meant to stop you do reverse engine. You can use a self-compiled android virtual machine to dump the dex. After you get the dex file, you can use tools like jdgui to decompile it.

PS: the code of paperang app is very ugly... I'll write a post to explain how I did it. But it's in Chinese, maybe you need google translate.

ihciah commented 5 years ago

Check this: https://www.ihcblog.com/miaomiaoji/

akinazuki commented 5 years ago

I think MiaoMiaoji PC Client can do more interesting thing it write with QT and they can print content by USB

image

image

michal-klimek commented 5 years ago

I break the 360加固 first.

I bought a PeriPage printer (http://ileadtek.com/sy) which seems to be very similar to a Paperang one. I've tried to reverse engineer their protocol too, but the "shell" is hard to be broken to me. If I correctly understand, the app is dynamically loading encrypted dex files. Do you have any clues on how should I start, and what tools should I use to get these dex files, to be decompiled?

ihciah commented 5 years ago

I break the 360加固 first.

I bought a PeriPage printer (http://ileadtek.com/sy) which seems to be very similar to a Paperang one. I've tried to reverse engineer their protocol too, but the "shell" is hard to be broken to me. If I correctly understand, the app is dynamically loading encrypted dex files. Do you have any clues on how should I start, and what tools should I use to get these dex files, to be decompiled?

Yes, you can try to get the raw dex using android virtual machine. Maybe there's a univeral unpacking VM now. Also, if you cannot managed to remove the shell of dex, you can try to reverse the PC client(mentioned by @akechisatori , which I think is the easyest way, though it's another protocol. If there was a PC client I shall not reverse the APK).

Defozo commented 3 years ago

I have Paperang P2 and I was able to print self-test page. Unfortunately, when I try to print a .bmp file I get this:

/home/pi/.local/lib/python3.7/site-packages/numba/core/errors.py:154: UserWarning: Insufficiently recent colorama version found. Numba requires colorama >= 0.3.9
  warnings.warn(msg)
{'service-classes': ['1101'], 'profiles': [('1101', 258)], 'name': 'SerialPort', 'description': None, 'provider': None, 'service-id': None, 'protocol': 'RFCOMM', 'port': 1, 'host': '04:7f:0e:20:40:cf'}
Traceback (most recent call last):
  File "<string>", line 3, in recv
_bluetooth.error: (110, 'Connection timed out')

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "printer.py", line 32, in <module>
    mmj.print_image_file("/home/pi/paperang/python-paperang/bmp_24.bmp")
  File "printer.py", line 23, in print_image_file
    image_data.im2binimage(ski.io.imread(path),conversion="threshold")))
  File "/home/pi/paperang/python-paperang/hardware.py", line 192, in sendImageToBt
    self.sendFeedLineToBt(self.padding_line)
  File "/home/pi/paperang/python-paperang/hardware.py", line 204, in sendFeedLineToBt
    self.sendToBt(msg, BtCommandByte.PRT_FEED_LINE)
  File "/home/pi/paperang/python-paperang/hardware.py", line 138, in sendToBt
    return self.recv()
  File "/home/pi/paperang/python-paperang/hardware.py", line 142, in recv
    raw_msg = self.sock.recv(self.max_recv_msg_length)
  File "<string>", line 5, in recv
bluetooth.btcommon.BluetoothError: [Errno 110] Connection timed out

Any update on this?

ihciah commented 3 years ago

I have Paperang P2 and I was able to print self-test page. Unfortunately, when I try to print a .bmp file I get this:

/home/pi/.local/lib/python3.7/site-packages/numba/core/errors.py:154: UserWarning: Insufficiently recent colorama version found. Numba requires colorama >= 0.3.9
  warnings.warn(msg)
{'service-classes': ['1101'], 'profiles': [('1101', 258)], 'name': 'SerialPort', 'description': None, 'provider': None, 'service-id': None, 'protocol': 'RFCOMM', 'port': 1, 'host': '04:7f:0e:20:40:cf'}
Traceback (most recent call last):
  File "<string>", line 3, in recv
_bluetooth.error: (110, 'Connection timed out')

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "printer.py", line 32, in <module>
    mmj.print_image_file("/home/pi/paperang/python-paperang/bmp_24.bmp")
  File "printer.py", line 23, in print_image_file
    image_data.im2binimage(ski.io.imread(path),conversion="threshold")))
  File "/home/pi/paperang/python-paperang/hardware.py", line 192, in sendImageToBt
    self.sendFeedLineToBt(self.padding_line)
  File "/home/pi/paperang/python-paperang/hardware.py", line 204, in sendFeedLineToBt
    self.sendToBt(msg, BtCommandByte.PRT_FEED_LINE)
  File "/home/pi/paperang/python-paperang/hardware.py", line 138, in sendToBt
    return self.recv()
  File "/home/pi/paperang/python-paperang/hardware.py", line 142, in recv
    raw_msg = self.sock.recv(self.max_recv_msg_length)
  File "<string>", line 5, in recv
bluetooth.btcommon.BluetoothError: [Errno 110] Connection timed out

Any update on this?

Sorry, no further update. You can try to capture the packet since there may be some protocol update.