Issue setting up PaaK

[kennelh]

If you're so inclined, would you mind installing HTTP Toolkit on your phone and PC to capture the URL the app is requesting when you're trying to set up PaaK? I'm curious to see what it's doing.

I downloaded HTTP Toolkit, but the versions after 3.22.0 are not trusting the CA certificate. I tried some things to get around this but I wasn't successful.

Sponsored

 

[kltye]

I downloaded HTTP Toolkit, but the versions after 3.22.0 are not trusting the CA certificate. I tried some things to get around this but I wasn't successful.

Oh right, the initial app login attempt uses certificate pinning, so it won't trust any other cert. What I did was to login first (by launching the app), then hit up the link that says "Set up PaaK". Just before you hit the "Continue setup" button, start HTTP Toolkit and intercept that request. Fortunately, that request isn't protected by cert pinning, so the MiTM attack should succeed

 

[kennelh]

Oh right, the initial app login attempt uses certificate pinning, so it won't trust any other cert. What I did was to login first (by launching the app), then hit up the link that says "Set up PaaK". Just before you hit the "Continue setup" button, start HTTP Toolkit and intercept that request. Fortunately, that request isn't protected by cert pinning, so the MiTM attack should succeed

Got it. getprop ro.build.fingerprint reports "google/sunfish/sunfish:11/RQ3A.210605.005/7349499:user/release-keys", but the URL sent is still for an Essential phone ("https://www.fordpass.com/content/dam/cal/mfg/essential products.json"). So it must be using one of the "ro.product.*" properties.

 

[kltye]

Got it. getprop ro.build.fingerprint reports "google/sunfish/sunfish:11/RQ3A.210605.005/7349499:user/release-keys", but the URL sent is still for an Essential phone ("https://www.fordpass.com/content/dam/cal/mfg/essential products.json"). So it must be using one of the "ro.product.*" properties.

I'm not quite as familiar with magisk - which plugin/module did you use to alter the build properties?

 

[kennelh]

I'm not quite as familiar with magisk - which plugin/module did you use to alter the build properties?

I'm using the MagiskHide Props Config module to change the fingerprint, and Magisk's resetprop applet to change the build properties.

 

[kennelh]

I created a Magisk module which changed all the manufacturer and model values to appear as a Google Pixel 5 and it gets past the network error. ?

 

[kltye]

I created a Magisk module which changed all the manufacturer and model values to appear as a Google Pixel 5 and it gets past the network error. ?

Excellent! I used the props applet to set the signature and update the relevant ro.product.* properties - I'm emulating a Pixel 3a on Android 9, and the app says it has "limited support" for PaaK - which isn't unexpected.

Either way, it's too bad the phone needs to be rooted for this to work. I'm not about to root my daily driver (I'm too old to live this dangerously ?). I will have to try and see if this will make PaaK work at least more reliably than my Xperia.

 

[PaaK_Android]

Hello all, Just wanted to let everyone know that we have removed this restriction. If you upgrade to 3.35.2 you should be able to get through setup without the extra effort. If you are experiencing the issue on 3.35.2 then please let me know, because this is not intended.

 

[kltye]

Hello all, Just wanted to let everyone know that we have removed this restriction. If you upgrade to 3.35.2 you should be able to get through setup without the extra effort. If you are experiencing the issue on 3.35.2 then please let me know, because this is not intended.

Thanks very much! (For this, and all the other posts you've made on the forum)

 

[PaaK_Android]

Thanks very much! (For this, and all the other posts you've made on the forum)

Happy to help where I can!

Sponsored