Post APz8wu3HvqDnlHbNOC by zhuowei@notnow.dev
(DIR) More posts by zhuowei@notnow.dev
(DIR) Post #APqk2wk0nL49ijgu7k by zhuowei@notnow.dev
2022-11-22T03:46:13.125385Z
0 likes, 0 repeats
I am too stupid to reverse engineer Hive Social.Maybe it's their use of Flutter or "Login with Firebase" or how it issues CONNECT requests to my proxy with an IP address instead of a host.Whatever it is, Mitmproxy refuses to work with an "sslv3 alert certificate unknown" error.I'll set up a custom DNS server, since I'm guessing Flutter doesn't work with Mitmproxy in proxy mode: Mitmproxy in reverse proxy mode should work.
(DIR) Post #APqkhNWuc9CeO5qLGS by HenkPoley@mastodon.nl
2022-11-22T03:50:39Z
0 likes, 0 repeats
@zhuowei Does it have it's own TLS libraries, or would it be a point of entry if 'the libs lied to them' ? (unsure how easy it is to pull off on Android)
(DIR) Post #APqkhNzctOAhp9HH1M by zhuowei@notnow.dev
2022-11-22T03:53:31.850636Z
0 likes, 0 repeats
@HenkPoley It's totally doable (https://blog.nviso.eu/2019/08/13/intercepting-traffic-from-android-flutter-applications/), but after patching Minecraft's Android native library for six years, I never want to see another .so file in my lifetime. So no, I'm gonna try doing this without modifying the APK if possible.
(DIR) Post #APqpB1vZtXBttTm6c4 by zhuowei@notnow.dev
2022-11-22T04:43:43.034782Z
0 likes, 0 repeats
I'll try adding the Mitmproxy cert to Android's system store (https://docs.mitmproxy.org/stable/howto-install-system-trusted-ca-android/) tomorrow; maybe that'd fix it.If that doesn't work I'll use iOS. The iOS version is also Flutter, but Flutter does read from the user certificate store there.
(DIR) Post #APz6Gs1Etu4HNxTO1w by zhuowei@notnow.dev
2022-11-26T04:32:57.137454Z
0 likes, 0 repeats
Hive Social on Android won't let me create an account with a password, but Login with Google works.After installing Mitmproxy cert as a system cert in emulator, I captured Firebase Auth login traffic, but then it hangs because it's...built entirely on Firebase Firestore!!No wonder they only have two devs: they're using a serverless database.I've worked with Firestore in the past and liked it, but then we wrapped it in a Node.js frontend and used it only as a backend.They're using Firebase Firestore directly from their app with no server in-between. This is the correct way to use Firebase Firestore, but requires that they configured their Firestore security configs correctly.Mitmproxy have limited gRPC decoding, so I can see they're writing to projects/hivecopy-508e2/databases/(default)/documents with my username and password to create a user.However, Mitmproxy doesn't seem to handle the real-time streaming, so the app hangs on launch.
(DIR) Post #APz6lUyOdP98t3kQkK by zhuowei@notnow.dev
2022-11-26T04:38:29.309464Z
0 likes, 0 repeats
Hive Social is using Firebase Firestore directly from their app with no server in-between.This is the correct way to use Firebase Firestore, but requires that they configured their Firestore security configs correctly.... nobody ever configures their Firestore security configs correctly.Anybody here knows infosec?
(DIR) Post #APz81R96jQnvbXvDI8 by zhuowei@notnow.dev
2022-11-26T04:52:34.269761Z
0 likes, 0 repeats
OK, restarting Hive Social didn't help: the app opens, but Firestore still can't start its streaming connection, so I can't search for users to follow. If I make a post, it tries to write it but fails; when I restart the app, it's gone. Mitmproxy doesn't capture anything.According to Mitmproxy, Firestore uses grpc-java-okhttp/1.48.1, so I can probably use existing Firestore and gRPC debugging tools without reverse enginerring Flutter. Too bad I don't know any Firestore or Java gRPC debugging tools: anybody have suggestions?
(DIR) Post #APz8wu3HvqDnlHbNOC by zhuowei@notnow.dev
2022-11-26T05:02:57.161014Z
0 likes, 0 repeats
Oh, nice: Firestore has a built-in debug command:FirebaseFirestore.setLoggingEnabled(true);https://gist.github.com/katowulf/0475fb7a5907ed757f687aab6ed15878I don’t need to capture traffic: I can attach to the app in the Android Emulator with a debugger, turn it on and get logs! Or put breakpoints to grab more data.
(DIR) Post #APzIdoRZYgVgPJUpfc by zhuowei@notnow.dev
2022-11-26T06:51:33.521575Z
0 likes, 0 repeats
End of day update for reverse engineering Hive Social:- The Firebase API keys from the Android APK work for Firebase Auth and Firebase Firestore- I can login and read public user profile data using my own web client- I still need to figure out how they handle creating a post.
(DIR) Post #APzLTQVG0uut7ixW2y by zhuowei@notnow.dev
2022-11-26T07:23:17.147653Z
0 likes, 1 repeats
For what it's worth, I don't recommend Hive Social.In addition to its sketchy background, it just... doesn't work well.I've been unable to sign up for an account after trying for like four hours. It always freezes on a spinner after I put in a birthday.
(DIR) Post #APzLaQIr9is8WwUjyK by Zerglingman@freespeechextremist.com
2022-11-26T07:24:35.002797Z
0 likes, 0 repeats
@zhuowei Sounds like javashit problems.
(DIR) Post #APzWeAnNqzYR5XlSFs by zhuowei@notnow.dev
2022-11-26T09:28:28.387594Z
0 likes, 0 repeats
I switched Android emulators.After waiting 10 min, it got past account name screen and let me make an account.I made a postran an `adb backup`opened Firestore's cache sqliteselect * from remote_documents:posts have path `posts/ID` (e.g. 1669453725.031, from share link)
(DIR) Post #AQ6rYg1QIeFJLGGs8O by zhuowei@notnow.dev
2022-11-29T22:25:46.133840Z
0 likes, 0 repeats
OK, I figured out how to read replies as well (comments are stored under posts/<post ID>/comments/<comment ID>).Next: figure out how to actually post. This is harder than you think, since in a NoSQL database, everything is denormalized: I need to post to:posts/<post ID>users/<myself>/posts/post IDusers/<my followers>/feed/<post ID>categories/<categories>/posts/post IDI don't know if their app makes one write, then server-side Firebase Functions copies it to the rest, or whether the app creates all these directly.