-
Enable USB debugging on the phone
-
Enable adb on PC
-
Connect phone to PC via USB
-
Pull roomba apks from the phone
$ adb devices List of devices attached RF8M81QSMMJ device $ adb shell pm list packages ... $ adb shell pm path com.irobot.home package:/data/app/.../base.apk package:/data/app/.../split_config.arm64_v8a.apk package:/data/app/.../split_config.xxhdpi.apk $ adb pull /data/app/.../base.apk com.irobot.home.apk $ adb pull /data/app/.../split_config.arm64_v8a.apk config.arm64_v8a.apk $ adb pull /data/app/.../split_config.xxhdpi.apk config.xxhdpi.apk
-
Download
xapk
from https://apkpure.com/irobot-home/com.irobot.home, extract files intoirobot-xapk
folder -
Copy
manifest.json
$ cp irobot-xapk/manifest.json manifest.json
-
Create new xapk
$ apack irobot.zip com.irobot.home.apk config.arm64_v8a.apk config.xxhdpi.apk manifest.json $ mv irobot.zip irobot.xapk
-
Patch
irobot.xapk
withapk-mitm
$ apk-mitm irobot.xapk
-
Extract patched apks from xapk
$ aunpack irobot-patched.xapk
-
Uninstall irobot application from the phone
adb uninstall com.irobot.home
-
Install apks with install-multiple
$ adb install-multiple com.irobot.home.apk config.arm64_v8a.apk config.xxhdpi.apk
-
Install and run
mitmproxy
$ mitmproxy
-
Open port 8080
$ sudo iptables -I INPUT 1 -p tcp --dport 8080 -j ACCEPT
-
Follow instuctions to configure proxy on the phone with installed CA: https://medium.com/testvagrant/intercept-ios-android-network-calls-using-mitmproxy-4d3c94831f62
-
Run irobot application, login
-
Select request to
/v2/login
inmitmproxy
: checkrobots
dict in response, BLID is entry's key and password is in thepassword
field
I am stuck on step 7. Also where do you get apk-mitm from?