samrum
commented
1 year ago Hi, they're encrypted within the APK! There's actually a java class someone created to pull the values from the APK available here: https://github.com/samrum/OnStarJS/issues/208#issuecomment-1301587101
You can also grab them at runtime using an instrumentation tool like Frida.
glassbase
Hi there,
First off, amazing project. Thank you for your continuing commitment and it's so neat having this configured with my Home Assistant.
However, I am confused:
https://github.com/samrum/OnStarJS/blob/884b87cf488b3d6876e659a3ebb20d210bd1ada0/src/onStarAppConfig.json#L2-L3
How was this derived? It looks like it is an Android key, so I'm guessing load the APK in an enumerator and use tcpdump - is the key just in plaintext? Or.... how would one update this key, if the project ceased operations?