New OTA from 20 minutes ago already secured, dumped and patched. Seemingly the only API security that changed is that the C++ file now outputs a different string, nothing else. Cringe. Tweet added by Marcel @MarcelD505

Marcel

1 month

New OTA from 20 minutes ago already secured, dumped and patched. Seemingly the only API security that changed is that the C++ file now outputs a different string, nothing else. Cringe.

1

4

41

Jack Rhysider 🏴‍☠️

@JackRhysider

1 month

@MarcelD505 Can you elaborate? Were there problems with the API security?

1

0

3

Marcel

@MarcelD505

1 month

@JackRhysider The way the API checks for if you actually own an r1 device, and not run the dumped APK like we have been doing on different devices, is to check a few request headers. These headers are set by the app and include device credentials like IMEI, OS version and App version. These…

1

0

11

Replies