- Cat lover
- AKA ProgrammeerMeneer
- Web, App and WebApp developer
- Just doing some dumb shit as always
- Studying IT at Hanze University of Applied Sciences
Ok so people already cracked the rabbit R1 and found out its android. People dumped the apk and i got it working (with root and a few mods) on a standard ass phone lmaoo
Ok so people already cracked the rabbit R1 and found out its android. People dumped the apk and i got it working (with root and a few mods) on a standard ass phone lmaoo
Guess who’s back on android phones? That’s right! Our little rabbit friend!
We have fought through:
⁃ “IMEI checks”
We discovered these literally don’t exist and you still can just use any string as IMEI
⁃ Other header checks
These are obfuscated across a few files and even
More rabbit shenanigans, got lineage up and running for myself + google play services. Also rooted with magisk!
I also bricked it like 3 times in the process but fortunately recovered, however i don’t know what specifically did the trick to unbrick it lol
@JackRhysider
@thel3l
I pinky promise this is not a photoshop, we will do a writeup eventually, here is a short video. Note that this isn't my video and device but from someone in our team. We do all have the knowledge on how to do it.
@Michaelbolloz
I got the apk from someone that dumped it, rooted and upgraded my phone to android 14. The app only runs on 13 and up and as a system app. I then used a flipper zero to emulate the scroll wheel and set it up with a rabbit account. Now it’s like this lol
Interesting development on the latest OTA, seems like rabbit fixed terminal mode for other android devices. Previously it would just rotate the small rabbit instead of displaying the terminal. Thanks for fixing it i guess??😅
We will try other things like calling in a bit. I am not the owner of this device but it is someone else in the team which needs to come back from work.
What doesn’t work confirmed:
The motor for the camera, it’s stuck pointing down, but the camera works. So it’s just only gonna
@KaziAhmedDev
@thel3l
That’s entirely possible, even in the stock rom if it isn’t updated yet or you prepared and installed overlaying apps before updating.
Apk version number to prove it. The full version number of the apk is 20240424.1-1-gc10355b9-dirty and the ota version is rabbit_OS_v0.8.78_2024050219525.
You will see this as the first part of the os version in the about screen.
@GokuInnovates
@WillHobick
@FlutterDev
@flutterflow
The rabbit servers are real and the apk is definitely real. However this app is probably just connecting to openai instead of rabbit directly. (which is basically the same thing rabbit does lmao)
you can navigate menus in rabbit app with a tv remote instead of a scroll wheel! should work on actual device too
that’s because the “scroll wheel” sends dpad actions, just like tv remotes, keyboards, or other accessories
Full setup in glorious twitter compression, setup before this was rooting and having android 13 or higher. Then adding the app to have system level permissions.
Ok so people already cracked the rabbit R1 and found out its android. People dumped the apk and i got it working (with root and a few mods) on a standard ass phone lmaoo
Got my own r1 first batch! And wow this thing is indeed orange 😅
Time to have some more fun with it!
From now on all API requests i will do will have my own IMEI attributed instead of the random invalid ones we used before.
We reversed the Rabbit R1 🐇 and got it to run on our phones!
This gives us future OTA updates, access to new features without a device + works perfectly without root/system perms!
(Blog post below)
@RKBDI
We see, we might have gotten confused with ip bans. Anyways we have it fully patched now so if they decide to check for more specific headers we got them
Rabbit now also checks if the IMEI is remotely valid, if not, gives the user a delay that is about 5 minutes long before it answers. However, we can still register any IMEI and even used IMEIs because devices are linked to specific user accounts and are not only identified by
@AryaTheOpossum
The rabbit runs regular android 13. (at least the ASOP variant without all the fancy google apps and things). You could break out of it on the first firmware version but they have patched it. So until someone finds a new exploit you can't currently exit the app on the rabbit.
New OTA from 20 minutes ago already secured, dumped and patched. Seemingly the only API security that changed is that the C++ file now outputs a different string, nothing else. Cringe.
Confirmed that rabbit just uses openai for their answers or at least in some way. Vision kept working so that might use a different model. But it's slowly all falling apart. Progress on finding a new way to get it running under normal android hasn't lacked too!
Some corrections + additions:
We think we are wrong about the certificate pinning part, we can still see requests made by the app but they get blocked by the server if using an http inspector tool. Something else is going on.
Our rabbit reponses are currently REALLY slow, mine
Guess who’s back on android phones? That’s right! Our little rabbit friend!
We have fought through:
⁃ “IMEI checks”
We discovered these literally don’t exist and you still can just use any string as IMEI
⁃ Other header checks
These are obfuscated across a few files and even
@Bringus_Studios
Doom and minecraft have been ran! However the person privated the videos after threats from the rabbit CEO. We are now in a discord server trying to get the updated files working.
Rabbit now checks (we think) the JA3 fingerprint on every request via cloudfront, it isn't possible anymore to http inspect the api requests without getting everything EXACTLY right.
This is actually a good thing security wise. 😊
Btw with these tweets, i, or the team have no intentions to defame the company. All the things stated in our tweets are directly from our research and compared against statements rabbit has made in the past. We will also not distribute any files including but not limited to the
— about the rabbit incident —
I will not be sharing files. I have found some great people and we are trying to get things working again. Please don’t ask me or others (if you find them) for apks. Thank you for reading! 🙏
@cheyclough
@EmilyLShepherd
@rabbit_hmi
@AndroidAuth
Not even then, you could just use a valid imei in your request anyways, a lot get shared accidentally. The best thing would be is to bind an imei to a user account and MAKE SURE that only that user can use it though that link. But as of now you can use any imei in the known
My parents took our family to a computer museum for my dad's birthday. Safe to say they didn't lock down their systems that well. Could ctrl alt delete most of them and shut them down or open task manager lol
We will also not provide tutorials on how to obtain these files yourself, valid server communication details, and any server urls or vulnerabilities we may find.
I and a couple other people are now at the same stage
@MishaalRahman
is in terms of rabbit research. We have the ota image but it is a delta image, not a full rom. We really need someone with an exploitable r1 to continue.
@MishaalRahman
I accomplished this too, pretty funny. Vision crashes and notes don't seem to save to rabbithole. With the new update that just came out, i think they are checking IMEI numbers to verify that it can access the online service. But i would need to somehow get the updated app.
@JackRhysider
The way the API checks for if you actually own an r1 device, and not run the dumped APK like we have been doing on different devices, is to check a few request headers.
These headers are set by the app and include device credentials like IMEI, OS version and App version. These
Google ads metamask blocked suspended pancakeswap coinbase hacked blocked instagram hacked banned twitch hacked suspended i forgot my private key hardware key password lost help my gmail hacked crypto stolen lost buy bitcoin dogecoin ethereum stolen and lost
@app_settings
No, that would not be responsible. We aren’t sharing any files, guides, or valid credentials. Also it requires A LOT of tinkering if you want to get to the point we are.
Samen met
@OfficialMorrog
heb ik de aller eerste Nederlandse AI TTS gemaakt. Voor nu kun je meerdere stemmen gebruiken waaronder Morrog. In de toekomst willen we nog meer stemmen van streamers toevoegen!
Check hier:
En hier:
@NietRickBroers
Ik zeg altijd gelijk op nadat de trail ingaat, eigenlijk altijd heb je dan gewoon toegang zolang de trial dat toestaat en hoef je je niet zorgen te maken dat je het per ongeluk niet opzegt.