Erik Johnson EkriirkE

I have a cheap chinese USB WiFi dongle identifying as 0bda:c811 Realtek Semiconductor Corp. 802.11ac NIC, using the rtw_8821cu drivers/firmware.
It tries to appear as a drivers "CD" every boot/insertion but usb_modeswitch takes care of that.
It works great, except when it doesn't; it will randomly go offline/disappear and dmesg looks something like this every time:

[94250.702748] rtw_8821cu 4-1:1.0: unused phy status page (6)
[99560.537336] rtw_8821cu 4-1:1.0: unused phy status page (8)
[101755.068962] rtw_8821cu 4-1:1.0: unused phy status page (10)
[102762.647001] rtw_8821cu 4-1:1.0: failed to get urb length:32768
[102762.647788] rtw_8821cu 4-1:1.0: unused phy status page (8)

On-device SSL Unpinning with Frida

I like mitmproxy, it worked great until apps started pinning SSL certs.
Then LSposed module SSLUnpinning was found and worked great until apps started using more broad detection.
Then I read about Frida but could not figure out how to get it to work. Most examples involve USB + ADB which I was not too keen on.
I wanted to have it all working on-device with termux. frida-server seemed to run fine, but frida (frida-tools) itself was not cooperating.
Eventually I got to the point where frida seems to want to run but was running into a permission issue with Magisk and the zygote process:
# frida --codeshare Q0120S/bypass-ssl-pinning -f com.theapp.name results in Failed to spawn: unable to access PID 20107 (zygote) while preparing for app launch; try disabling Magisk Hide in case it is active

After searching around there was a hint to use the PID of the app instead - what seems to happen is if you pass the app name it attempts to launch and attach via zyg

Keybase proof

I hereby claim:

I am ekriirke on github.
I am ekriirke (https://keybase.io/ekriirke) on keybase.
I have a public key ASBXC5QHiladK9MOompV0WvaZ5AeEoWSAVOUj6Wdd9wljgo

To claim this, I am signing this object:

	#EkriirkE stats
	IGNORE=("." ".stats")
	if [ -f .statsignore ]; then
	while read -r l; do
	[[ ! -z "$l" ]] && IGNORE+=("$l")
	done < .statsignore
	fi
	if [ -f .gitignore ]; then
	while read -r l; do
	[[ ! -z "$l" ]] && IGNORE+=("$l")

	import os
	import pathlib

	#For every file and folder found in "old", check if it exists in "new". If it does, update the "new" timestamp to the "old" couterpart.
	old="/home/erik/Development.new/"
	new="/home/erik/Development/"

	i=e=0
	for f in pathlib.Path(old).rglob("*"):
	lf=os.path.join(new,f.as_posix()[len(old):])

	#Android app was storing settings in a binary format. I don't know the name of this format but this is what I deduced and worked for my usecase

	prefs={}
	with open("shared_preferences.preferences_pb","rb") as x:
	while True:
	if len(x.read(1))<1: break#0A
	l=x.read(1)[0]
	if l & 0x80: l=(l&0x7F)\|(x.read(1)[0]<<7)
	t=x.read(l)
	if len(t)<1: break

	#!/usr/bin/env python3

	BACKUP_FILE = 'backup.ab'

	# Constants
	# ref: https://github.com/omnirom/android_bootable_recovery/blob/android-7.1/adbbu/twadbstream.h
	TWRP = b'TWRP' + b'\x00\x00\x00\x00'

	TWSTREAMHDR = b'twstreamheader'
	TWFN = b'twfilename'