haxrob

import Queue
import random
import string
import time
import Queue
from threading import Thread, Event
import signal

q = Queue.Queue()   
threads = []

haxrob

#!/bin/bash
# Expects GMT
curl -v --silent https://google.com 2>&1 | grep date | tail -1 | sed -e 's/< date: //'  > date

haxrob

1. Ensure your certificate for the MITM application is in PEM format. For example, Burp Suite generates the certificate in DER, so in this case, to convert from DER to PEM:

openssl x509 -inform der -in cacert.der -out cacert.pem

Note this certificate needs to also be installed on the Android device. Android expects DER format with the file extension .crt. If in doubt, consult google.com.

2. Extract all three APKs. To avoid issues, -r is used.

apktool d -f -r au.gov.health.covidsafe.apk
apktool d -f -r config.xxhdpi.apk

haxrob

#!/usr/bin/python3
import asyncio
import sys
from bleak import BleakClient

import binascii
from Crypto.Cipher import AES
from datetime import datetime

key = bytearray([(b&255) for b in [108,101,97,103,101,110,100,-1,-2,49,56,56,50,52,54,54]])

haxrob

Java.perform(function () {
    let RequestBody = Java.use("okhttp3.RequestBody");
    RequestBody["create"].overload('okhttp3.MediaType', '[B').implementation = function (mediaType, bArr) {
        console.log("\n");
        var ssresult = "";
        for(var i = 0; i < bArr.length; ++i) {
            ssresult+= (String.fromCharCode(bArr[i] & 0xff));
        }
        console.log(ssresult);
        let result = this["create"](mediaType, bArr);

haxrob

Java.perform(function () {
    let RequestBody = Java.use("okhttp3.RequestBody");
    RequestBody["create"].overload('okhttp3.MediaType', '[B').implementation = function (mediaType, bArr) {
        console.log("\n");
        var ssresult = "";
        for(var i = 0; i < bArr.length; ++i) {
            ssresult+= (String.fromCharCode(bArr[i] & 0xff));
        }
        console.log(ssresult);
        let result = this["create"](mediaType, bArr);