💾 Archived View for snowcode.ovh › tech › mitmproxy.gmi captured on 2022-01-08 at 13:44:44. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
I initially wanted to reverse engineer CovidScanBE but I discovered something surprising. Finding out that CovidScan is an Android App Bundle (AAB) took me hours, and that's the reason why the install always failed: it missed other files.
Now it's fixed but I really don't understand what happens.
The requirements for this tutorial are as follow:
adb (android-tools and android-sdk)
This part is only for Android 7.0 and above. Because of a change in Android's API, apps don't trust user certificates by default, so we need to edit the app to change that.
First we need to install CovidScan on the device from the PlayStore.
Then, let's create a directory for our project:
mkdir covidscan/ cd covidscan/
Once it's done, we can connect the phone to the computer and extract the APKs. Make sure to have USB Debugging and developper options enabled.
adb devices adb shell pm list packages
This will list all the packages, among those, one of them is covidscan. The name is "be.fgov.ehealth.DGC.scan". So let's get the path to all the APKs and extract them
for file in $(adb shell pm path be.fgov.ehealth.DGC.scan | sed 's/package://')
do
adb pull $file .
done
Now we need to patch "base.apk" and re-build the file.
apktool d base.apk sed -i 's|<application |<application android:networkSecurityConfig="@xml/network_security_config" |' base/AndroidManifest.xml nano base/res/xml/network_security_config.xml # Paste the config there apktool b base -o base.apk
Here's the config you need to paste:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config>
<trust-anchors>
<certificates src="system" />
<certificates src="user" />
</trust-anchors>
</base-config>
</network-security-config>
Now let's put all the APK files into a zip .apks file
zip covidscan.apks *.apk
Now send this file to your device and open it with SAI (make sure to have the Zip and Sign options enabled in the settings of SAI)
python3 -m http.server
Now uninstall the app you installed using the playstore and open the .apks with SAI to install it. And tada!
First let's run the daemon:
mitmproxy
Now let's add this to the phone and include the certificate:
1. Go into Settings > Wireless > Wifi and long press on a wifi then click on "modify"
2. Click on show advanced options > Proxy > Manual and enter the IP of your computer as hostname and 8080 as port
3. Open mitm.it on your phone, click to download the android cert, open it and add it as "VPN" with the name "mitmproxy"
Now you can open the app and start using it while looking at what's happening on your laptop's log. And that's where things get weird... Nothing happens. It kind of like this app is working offline and I really don't understand that.
I never thought about trying to open the app in airplane mode, as I never expected something like this could work in such a way.
How can it check the validity of a vaccine certificate without access to the internet? It seems it only needs 1 request per day, all the rest of time it's offline.