maybe we will meet in anothe world line. if washing machine acts like a microwave in this world line.
it all started with just curiosity,
wanted to make my own client, back then(6 months ago) i used to be so naive compared to now,i used to day dream about my own stuff,which i still do but not that often,thanks to you know you.turns out i live in world which kinda punishes that part of me, lets. not get into that
anyways i though of capturing apps traffic so i can see requests ,but my mobile was non-root, so i couldn't i tried options like pcapdroid which act like vpn and capture traffic, but it couldnt give me anything meaningful as it couldn't do much with https, though there were ways but limited in their scope.to emulate stuff my 4gb laptop couldnt handle itself, so avd was just another dreamy option back then.
arond end of last year i bought thinkad(refurbished one ,obvious right? who buys new thinkpad) and 16GBBBBB ram,
now it was time to carry out all those curious experiments i had in back of my mind ,in reality of my own small world,
done with setup qemu+kvm+virt_manager, and started exploring os, (i earlier also used to experiment with os but virtually it fast to prototype ,no burning pendrives ,and partitions), later downloaded android studio,
then i did small porting experiment just to port sl(steam locomotive) binary to native android environment,i spent pretty much time on it,
then this time i tried installing mrhi app in avd ,and guess?
installated successfully but not opening ,
i tried all possible permutation and combiantions of android versions ,api versions ,
nothing worked.. :(
since apk files are not architecture specific
then after reading roaming internet idea came to see within app ,
then what .apk --> .zip and extract it ,after then got to know there are libraries in lib/
and heres how lib/ was
lib --> arm64-v8a
lib --> armeabi
lib --> armeabi-v7a
lib --> x86
lib --> x86_64
arm64-v8a --> liball-in-one.so
arm64-v8a --> libcoreMesh.so
arm64-v8a --> libcronet.76.0.3809.111.so
armeabi --> liball-in-one.so
armeabi --> libcoreMesh.so
armeabi-v7a --> liball-in-one.so
armeabi-v7a --> libcoreMesh.so
armeabi-v7a --> libcronet.76.0.3809.111.so
x86 --> libcronet.76.0.3809.111.so
x86_64 --> libcronet.76.0.3809.111.sono liball-in-one.so for x86 , felt like an idiot then jounrey started on how to emulate arm on x86 ,it was going to be slower for sure but i spent most of my days with that(4gb ram) stack overflow, reddit ,stack exchange ,internet archieve there were recommendations for specific version of android which supported arm emulation ,but nothing worked for me , when i tried doing it android studio also by explicitly selecting arm image ,it just threw error at me, and i tried hell of api version ,android versions ,and again blank.
then on internet archieve i found something called libhoudini files, which can emulate arm layer for androidx86, i thought yeah androidx86
but turned out it aint android still its android ,its an iso file os for desktops, then i fired virt-manager ,setup my little android pie (9), and added libhoudini files ,and
app still didint worked ,cause it was detecting that we have android libs , so got jadx running removed x86 folder completely and packed it pack , signed it
voilla!! for first time apk got running.
and then typically i installed burpsuite community version setup an mitm proxy, added certificates to android user,system certificates(thanks internet)
and i couldnt do adb into my x86android( it was very later when i found that i need to do .adb connect <virt-machine-ip>:5555) till then i was using physical
usb stick to put file from host then forwaring usb to virt-machine ,
managed to get my apk ,certs in it
first launch apk it says location access required ,then setup developer options, got location faking app running ,
opened bursuite no capture :(
again after here and there got it running
and all netowork payloads were encrypted ,so https was clear i could see traffic cleary, but still there was app level encryption
now it was JADX time again searched for retData and then linking one thing to another keep going on
found some keys,methods,hit n trial went on ,
and finally was able to decode payload which was beign recieved from response ,
now it was time to sent our requests , and other things were turned out but bizcotent was smth which took time it was payload sending changing for every api, even at same end point , here perm and combn also failed ,it was b64 encoded and encrypted string
now it was time to go inside x86android, and here comes frida , i pushed adb-server inside android via adb, chmod 755 it and it just kept gaslighting me saying file is there when i do ls but when i do execute it say file aint there tried options like remouting /data with rw permissions in various locations, again wall in face , then downgraded from frida17 to 16, 12 and 12 got running ,but couldnt find frida-python whl to get it running ,says my python3.14 is too new for it after here and there frida15.1.15 with python3.11 got it running got some js hooks on methods which were encrypting data(m0.b), and now i could see payload , and now i was able to send my own requests,
last hurdle was paymentgatewayapi ,which was post request based, and just wont open beacuse of my mitm and custom self-certs , then again i created new virtual machine ,and all steps excepts self-certs and no mitm attached to it.
now i went for frida hook to payment gateway running, and now managed to understand overall flow of app to certain extent , was too mentally exhauted with help of some help from llm i managed to mimick application to allow payment stuff ,now i can order stuff from terminal pop payment window in browser and complete payment to gateway provider.
obviously there would be many things i forgot to metion here, cause i am very good at that forgetting things :)
this is very raw writing ,and want to keep it that way sorry if its diffcult to read due to grammatical erratas. bye.
maybe we will meet in anothe world line.
if washing machine acts like a microwave in this world line.