About
Downloads
Blog
Documentation

'Coon Cave

Patrick’s blog about Android, apps and everything in betweent. May contain traces of rambling. Feedback and subscriptions welcome!
Sunday, February 2, 2020

Finally! Got past the login CAPTCHA - on Linux, this time

Yeah, I know, no blog updates in two months. Sorry about that, but there wasn't really anything to write about.

Full article »
Saturday, November 30, 2019

Ha! Success. Got past the CAPTCHA prompt

Good news is, I managed to log into my test account. Bad news are, it doesn't work on a PC (yet). But by trying to lock non-droids out, Google might have told us more about the login internals than intended.

Full article »
Friday, November 29, 2019

Bypassing phone verification for Google accounts.

For your security, Google wants to make sure that it's really you. Google will send a text message with a 6-digit verification code. Standard bullshit applies.

Full article »
Thursday, November 21, 2019

This whole CAPTCHA nonsense might, of course, be (in part) IP address related. At least there’s https://accounts.google.com/DisplayUnlockCaptcha. Not sure how that is actually suppose to work, no useful documentation on it either (surprise!). Anyway, I decided to work on proxy support in the setup wizard.

HTTP(S) is fairly unproblematic. Just a ton of boilerplate code, but you can easily switch between proxy hosts on a per request basis (e.g. if you want to bypass geo blocking). What’s giving me headaches is SOCKS5 (Tor, SSH tunnel). For this one you basically have to reboot the entire network code when switching hosts (killing transfers). I guess, I’ll postpone that for now, though SSH tunneling could be real handy.

Permalink »

I’m not sure if the HTTP User-Agent header matters for the login service (it does matter for market service), in case it makes a difference, here’s how to come up with one:

  APPNAME/VERSION (DEVICE ID)

Use either “GoogleLoginService” (earlier Android versions) or “GoogleAuth” (later Android versions) as APPNAME. I don’t know exactly when it got renamed, but it must have happened after SDK 16 and before SDK 19. VERSION may be “1.2” or “1.3” for “GoogleLoginService” and “1.4” for “GoogleAuth”.

DEVICE and ID are ro.product.device and ro.build.id from your 🗋 /system/build.prop file.

Permalink »
Monday, November 18, 2019

Progress report: Adding CAPTCHA Support to the Setup Wizard

Why the hell is it taking so long?!

Full article »
Tuesday, November 5, 2019

Progress report: adding CAPTCHA support to the setup wizard

Some of you might have found yourself being asked to solve a captcha when adding a new profile, with Raccoon providing no means to show the image nor accepting an answer.

Full article »
Tuesday, October 29, 2019

HTTP 402 Payment required. I wonder — if that one had been properly implemented from the beginning, would the web have become a better or a worse place?

Permalink »
Wednesday, October 23, 2019

I have been wondering for years why every market launch of every new smartphone model puts so much emphasis on improved cameras (I never cared much for photography, personally). Finally figured it out: The camera is what turns ordinary users into creators. The better the image quality, the larger the files, the sooner internal storage runs out of free space. Once it does, cloud storage comes to the rescue and the trap snaps shut. Uploads is easy, Downloading everything is tedious at best. Fear of loss (even for worthless selfies) is what keeps users then locked in to the service.

I feel stupid for not realizing this sooner, but hey, at least I’m not the only one. Bottom line: don’t buy a smartphone because it has a superior camera. This is not a selling, but an up-selling point.

Permalink »
Monday, October 21, 2019

Raccoon 4.11.0

  • Keep up with protocol changes

Google changed the app search protocol again, resulting in Raccoon v4.10 (and earlier) showing non app items for certain search terms. These are filtered away now.

Download »