DavidBuchanan314

from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes

KEY = bytes.fromhex("5c0e349a27dc46034c7b6744a378bd17")
IV = bytes.fromhex("a0b0924686447109f2d51dcddc93458a")

img = open("gz_a.bin", "rb")
img.seek(4)
length = int.from_bytes(img.read(4), "little")
img.seek(0x34)
offset = int.from_bytes(img.read(4), "little")

DavidBuchanan314

Unofficial Rabbit R1 APK Changelog

Executive Summary

The APK is stored in the firmware system partition, and gets updated as a side-effect of OTA firmware updates. Thus, a certain OS version implies a particular APK version. The OS version numbers are more compact, so I'll use them to identify APK versions below.

v0.8.50 seems like a pre-prod version that accidentally got shipped on some early devices. Like all future versions, it sends the device's IMEI during account activation.

v0.8.67 is the "launch day" firmware. It sets the OS-Version and App-Version HTTP headers. It also sends the device's IMEI during authentication.

DavidBuchanan314

Docs/Notes:

• R1 Boot Notes (notes on the boot process, and also a WIP "jailbreak" tool)
• R1 API Docs
• OTA API Notes
• APK Changelog
• zShield APK Protector Notes

Scripts:

DavidBuchanan314

Zimperium zShield RE Notes

Newer versions of the Rabbit R1's APK are protected by https://www.zimperium.com/zshield/ (I don't know this for certain, somebody told me it is but I haven't really seen any identifying marks in the code yet)

Interesting assets within the APK:

lib/arm64-v8a/liboptipkawfn.so    ~3MB packed/encrypted ELF
assets/optipkawfn/0.odex          only 41 bytes (EDIT: I think this is part of an asset obfuscation scheme, the real file contents are likely elsewhere - inside the .szip maybe?)
assets/optipkawfn.szip ~8MB - I predict containing encrypted+compressed bytecode

DavidBuchanan314

import os
from cryptography.hazmat.primitives.ciphers.aead import AESGCM
from cryptography.hazmat.primitives.ciphers import algorithms
from cryptography.hazmat.primitives.kdf.kbkdf import (
	CounterLocation, KBKDFCMAC, Mode
)

# https://github.com/C2SP/C2SP/blob/main/XAES-256-GCM.md
class XAES256GCM:
	# sizes in bytes

DavidBuchanan314

import base64
import time
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import padding
import ctypes

libc = ctypes.CDLL("libc.so.6") # glibc needed

OS_VERSION = "rabbit_OS_v0.8.99_20240606175556"

DavidBuchanan314

The Rabbit R1 uses a few custom APIs to talk to The Cloud™. Almost nothing happens on-device, and all the AI magic happens on servers.

Consequently, you don't really need the physical device.

TLS Client Fingerprinting

In lieu of an authentication scheme, Rabbit's servers attempt to verify device authenticity by checking the TLS client's JA3 fingerprint, presumably enforced by AWS WAF.

If your TLS client doesn't match an expected fingerprint, you'll get HTTP 403 errors. This fingerprint works:

DavidBuchanan314

The R1 checks for updates by querying https://ota.transactional.pub/qa/{Build.DISPLAY}.json, where {Build.DISPLAY} is the current build.

The JSON file returns metadata for a delta update package.

Known values of Build.DISPLAY:

• rabbit_OS_v0.8.50_20240407162326

• rabbit_OS_v0.8.67_20240420094131

DavidBuchanan314

"""
31-round sha256 collision.

Not my research, just a PoC script I put together with numbers plugged in from the slide at
https://twitter.com/jedisct1/status/1772647350554464448 from FSE2024

SHA256 impl follows FIPS 180-4
https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
"""

DavidBuchanan314

This is my best attempt at generating complete test vectors for the ML-KEM compress() and decompress() functions described by the FIPS 203 IPD.

This is has not (yet) been subject to cross-referencing against any other implementation. It may be incorrect!!!

If your implementation doesn't match up, please let me know.

["compress"][d][x] holds the result of compress_d(x)

["decompress"][d][y] holds the result of decompress_d(y)