'Coon Cave

Raccoon 4.13.0

• Added hungarian translation
• Don’t hang when importing (no longer existing) apps
• Fixed an ordering issue that would keep apps from getting updates.

Preview: Dummydroid 2.0 - The new app compatibility checker and GSF ID generator

We all know the problem: Google Play only allows us to download apps, compatible with our device and accessible from our current location. Well, that can be helped.

Hm, a lot of people come to the blog lately, looking for a split APK merge tool. I actually just had an idea how to make one. The stupid thing just is that it would not work on Android versions that don’t support App Bundles, so I don’t quite see the point.

Made a bit of progress on the bypass sms verification code when signing up for a new Google account. The whole system is breathtaking from a technical, legal as well as a psychological persepective.

At least on Android, the user is deliberately steered into a “sunk cost falacy” type of situation that suggests that s/he just wasted a couple hundred bucks on a toy that won’t work properly unless connected with a Google Account. Of course, the phone screen is too small to read the terms compfortably and the default is to skip reading your contract anyway. If you want to know what you actually agree to, you pretty much have to look at the wire protocol (it is a lot). How on earth is it that we don’t have laws against this?!

Of course, DummyDroid is pretty much unfixable for various reasons. It’s cheaper/faster to rewrite it from scratch. The main problem here is that in order to spoof an Android device, you need to supply 29 data points:

• From 🗋 /system/build.prop : manufacturer, brand, device, hardware, product, model, id, fingerprint, releaseversion, sdk version, bootloader, abi list.
• Open GL version and list of supported extensions.
• Supported locales
• Obsolete stuff: support for hardware keyboard, 5 way nav input and touchscreen type.
• Screen layout, size, density
• Installed libraries
• List of system available features (e.g. bluetooth, sensors, …)
• List of installes shared libraries
• Version information of certain important apps (com.android.vending).
• Other nonsense: timestamps, OTA installed

Some items (e.g. fingerprint, timestamps, locales) can be calculated or set to sane defaults, but that still leaves around 20 things that must be collected by the user. The challenge is coming up with a userfriendly interface for that.

K, Google came up with a new shitty idea to make sideloading difficult: uncompressed native libraries in the APK. The story here is that it will save space on the device if native libraries don’t have to be extracted, but can directly be mapped from inside the APK file. So now we are in the happy situation, that based on the SDK version (or more precisely: the version of the finsky app), we can get the very same app in three different variants:

• As a traditional, “contains everything and the kitchensink” APK.
• As an app bundle consisting of several APK modules
• As an app bundle consisting of several APK modules where the native code module contains uncompressed files.

Well, it’s not an immediate problem with Raccoon, but I should probably focus on fixing DummyDroid now.

Finally done! Raccoon v4.12 should solve the CAPTCHA issue. Next stop: rewriting/replacing DummyDroid.

Raccoon 4.12.0

• Latest APK Downloader should no longer be stuck on “CAPTCHA required” message in the Login Dialog.

Done! Bouncycastle does the trick. The rest is a diligent but routine piece of work. Should take only a few more days.

Gosh, I hate SSL/TLS. What most people don’t know is that it’s not a cryptographic protocol in itself, but rather a means for negotiating which cryptographic protocol you want to use. Of course, you have to be an expert in the field to choose wisely, so the general advice is to stick with the defaults. Obviously, I can’t do that, so now it’s Passierschein A38 hell.