API tools faq
paste
Guest User

Untitled

a guest
Oct 14th, 2025
158
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 23.90 KB | None | 0 0
raw download clone embed print report
  1. ## File Hashes
  2.  
  3. ```
  4. SHA256 (XAPK):
  5. 0fbe534a0d41e49612d89c767b7a818c2ece1d62320aca03e612e5753a659928
  6.  
  7. File Timestamps:
  8. All files: Dec 31, 1979 (Unix timestamp manipulation)
  9. ```
  10.  
  11. ---
  12.  
  13. ## Package Information
  14.  
  15. ```
  16. Package Name: app.astrodummy.android
  17. Application ID: 264
  18. User ID: 13
  19. Client ID: 10003628
  20. Internal Name: SamplecustomApp2
  21. Platform: AppMySite (WordPress-to-mobile converter)
  22. Created: 2023-05-16T13:05:23.791Z
  23. Updated: 2023-05-23T06:07:34.616Z
  24. ```
  25.  
  26. ---
  27.  
  28. ## Exposed API Keys & Credentials
  29.  
  30. ### 1. Sentry DSN (Crash Reporting)
  31. **Location:** `AndroidManifest.xml:65`
  32. ```xml
  33. <meta-data
  34. android:name="io.sentry.dsn"
  35. android:value="https://8d1fa268d0b140549112307aae2f5b0b@o4504772588535808.ingest.sentry.io/4504841286057984"/>
  36. ```
  37.  
  38. **Sentry Configuration:**
  39. ```xml
  40. <meta-data android:name="io.sentry.attach-screenshot" android:value="true"/>
  41. <meta-data android:name="io.sentry.attach-view-hierarchy" android:value="true"/>
  42. <meta-data android:name="io.sentry.traces.sample-rate" android:value="1.0"/>
  43. <meta-data android:name="io.sentry.traces.profiling.sample-rate" android:value="1.0"/>
  44. ```
  45.  
  46. ### 2. Google Ads Application ID
  47. **Location:** `AndroidManifest.xml:71`
  48. ```xml
  49. <meta-data
  50. android:name="com.google.android.gms.ads.APPLICATION_ID"
  51. android:value="ca-app-pub-3160617209434024~6057708477"/>
  52. ```
  53.  
  54. ### 3. Google Maps API Key
  55. **Location:** `AndroidManifest.xml:73`
  56. ```xml
  57. <meta-data
  58. android:name="com.google.android.geo.API_KEY"
  59. android:value="AIzaSyC6nwdv0CAV9mWS0NU2cI7pv5ooeXQgwrg"/>
  60. ```
  61.  
  62. ### 4. Facebook App ID
  63. **Location:** `res/values/strings.xml`
  64. ```xml
  65. <string name="facebook_app_id">454532105165574</string>
  66. ```
  67. **Manifest Reference:** `AndroidManifest.xml:74-75`
  68.  
  69. ### 5. Pusher WebSocket API Keys
  70. **Location:** `app/astrodummy/android/services/LoginService.java:57`
  71. ```java
  72. final b bVar = new b(
  73. !l.a(e.f3269u, "live") ?
  74. "422f30e59bee74b8578d" : // Non-live key
  75. "2ef6a31c84b594470a20", // Live key
  76. cVar
  77. );
  78. ```
  79.  
  80. **Pusher Host:** `ws-mt1.pusher.com`
  81. **Port:** 443 (WSS), 80 (WS fallback)
  82.  
  83. ### 6. Hardcoded Client Credentials
  84. **Location:** `bd/e.java:51-80`
  85. ```java
  86. public static String A = "g53E32QhURdGMzfnUK4LduW0bqQ58h0a6FvivHc5";
  87. public static String f3272x = "10628900";
  88. public static String f3273y = "rPK8ko8TDgh7zVio8jeScKxaVpqLf4dkCFHKeqok";
  89. public static String f3274z = "10322485";
  90. ```
  91.  
  92. ---
  93.  
  94. ## Network Endpoints
  95.  
  96. ### Primary Backend APIs
  97. **Location:** `a6/c.java:145-175`
  98.  
  99. **Environment Routing:**
  100. ```java
  101. switch (str.hashCode()) {
  102. case 99349: // "dev"
  103. bd.e.r = "https://custom.api.appmysite.com/api/";
  104. bd.e.f3268s = "https://admin.appmysite.com/api/";
  105. bd.e.t = "https://dev.app.appmysite.com/";
  106. break;
  107. case 3322092: // "live"
  108. bd.e.r = "https://custom.api.appmysite.com/api/";
  109. bd.e.f3268s = "https://admin.appmysite.com/api/";
  110. bd.e.t = "https://app.appmysite.com/";
  111. break;
  112. case 3556498: // "test"
  113. bd.e.r = "https://custom.api.appmysite.com/api/";
  114. bd.e.f3268s = "https://admin.appmysite.com/api/";
  115. bd.e.t = "https://test.app.appmysite.com/";
  116. break;
  117. case 109757182: // "stage"
  118. bd.e.r = "https://custom.api.appmysite.com/api/";
  119. bd.e.f3268s = "https://admin.appmysite.com/api/";
  120. bd.e.t = "https://stage.app.appmysite.com/";
  121. break;
  122. }
  123. ```
  124.  
  125. **Active Environment:** `live` (default)
  126.  
  127. ### CDN Endpoint
  128. **Location:** `assets/default.json:458`
  129. ```json
  130. "aws_url": "https://d33cfg8bjlyn3i.cloudfront.net"
  131. ```
  132.  
  133. ### Pusher WebSocket
  134. ```
  135. Host: ws-mt1.pusher.com
  136. Protocol: WebSocket (WSS on 443, WS on 80)
  137. Channel Pattern: "AppMySite" + ANDROID_ID
  138. Event: "App/Events/Senddatatoapp"
  139. ```
  140.  
  141. ---
  142.  
  143. ## Critical Code Snippets
  144.  
  145. ### 1. Remote Credential Delivery (LoginService)
  146. **File:** `app/astrodummy/android/services/LoginService.java`
  147. **Lines:** 48-136
  148.  
  149. **WebSocket Connection Setup:**
  150. ```java
  151. @Override
  152. public final int onStartCommand(Intent intent, int i5, int i10) {
  153. c.g("Inside the Login Service----------");
  154.  
  155. // Get device ANDROID_ID
  156. l.e(Settings.Secure.getString(
  157. getApplicationContext().getContentResolver(),
  158. "android_id"), "UDID");
  159.  
  160. // Configure WebSocket
  161. ef.c cVar = new ef.c();
  162. cVar.b();
  163. cVar.f6819c = 443;
  164. cVar.f6818b = 80;
  165. cVar.f6820d = true;
  166. cVar.f6817a = "ws-mt1.pusher.com";
  167.  
  168. // Create Pusher client with API key
  169. final b bVar = new b(
  170. !l.a(e.f3269u, "live") ?
  171. "422f30e59bee74b8578d" :
  172. "2ef6a31c84b594470a20",
  173. cVar
  174. );
  175.  
  176. bVar.b(new g6.c(bVar), hf.b.ALL);
  177. bVar.a();
  178.  
  179. // Subscribe to device-specific channel
  180. String b10 = com.google.android.gms.ads.internal.client.a.b(
  181. "AppMySite",
  182. Settings.Secure.getString(
  183. getApplicationContext().getContentResolver(),
  184. "android_id")
  185. );
  186.  
  187. // ... channel subscription code ...
  188. }
  189. ```
  190.  
  191. **Credential Reception Handler:**
  192. ```java
  193. ff.e eVar = new ff.e() {
  194. @Override
  195. public final void c(ff.d dVar) {
  196. try {
  197. // Parse received JSON
  198. PusherResponse pusherResponse = (PusherResponse) new Gson()
  199. .fromJson(dVar.a().toString(), PusherResponse.class);
  200.  
  201. // Extract access token
  202. String str2 = RequestConfiguration.MAX_AD_CONTENT_RATING_UNSPECIFIED;
  203. if (pusherResponse != null &&
  204. (token = pusherResponse.getToken()) != null &&
  205. (accessToken = token.getAccessToken()) != null) {
  206. str2 = accessToken;
  207. }
  208.  
  209. // Store in static variable
  210. bd.e.C = str2;
  211.  
  212. // Store in SharedPreferences (PLAINTEXT)
  213. SharedPreferences.Editor edit = loginService
  214. .getSharedPreferences("CMS_SHARED_PREFERENCES", 0)
  215. .edit();
  216. edit.putString("admin_token", str2);
  217. edit.apply();
  218.  
  219. // Launch AuthActivity with token
  220. intent2.setFlags(335544320);
  221. loginService.startActivity(intent2);
  222. loginService.stopForeground(true);
  223. } catch (Exception e10) {
  224. e10.printStackTrace();
  225. }
  226. }
  227. };
  228. ```
  229.  
  230. ### 2. Duplicate Background Worker
  231. **File:** `app/astrodummy/android/services/WorkerClass.java`
  232. **Lines:** 37-118
  233.  
  234. **Identical WebSocket Logic:**
  235. ```java
  236. @Override
  237. public final o.a doWork() {
  238. // Get ANDROID_ID
  239. l.e(Settings.Secure.getString(
  240. getApplicationContext().getContentResolver(),
  241. "android_id"), "UDID");
  242.  
  243. // Same Pusher configuration as LoginService
  244. c cVar = new c();
  245. cVar.b();
  246. cVar.f6819c = 443;
  247. cVar.f6818b = 80;
  248. cVar.f6820d = true;
  249. cVar.f6817a = "ws-mt1.pusher.com";
  250.  
  251. final b bVar = new b(
  252. !l.a(e.f3269u, "live") ?
  253. "422f30e59bee74b8578d" :
  254. "2ef6a31c84b594470a20",
  255. cVar
  256. );
  257.  
  258. // ... identical credential reception and storage ...
  259.  
  260. // Store both token and token type
  261. SharedPreferences.Editor edit = context
  262. .getSharedPreferences("CMS_SHARED_PREFERENCES", 0)
  263. .edit();
  264. edit.putString("admin_token", str4);
  265. edit.apply();
  266.  
  267. SharedPreferences.Editor edit2 = context
  268. .getSharedPreferences("CMS_SHARED_PREFERENCES", 0)
  269. .edit();
  270. edit2.putString("admin_token_type", str5);
  271. edit2.apply();
  272.  
  273. return new o.a.c();
  274. }
  275. ```
  276.  
  277. ### 3. Device Identifier Collection
  278. **File:** `app/astrodummy/android/MainActivity.java`
  279. **Lines:** 102-104
  280.  
  281. ```java
  282. String string = Settings.Secure.getString(
  283. getContentResolver(),
  284. "android_id"
  285. );
  286. l.e(string, "getString(contentResolve…ttings.Secure.ANDROID_ID)");
  287. e.f3271w = string;
  288. ```
  289.  
  290. ### 4. Network Security Configuration
  291. **File:** `res/xml/network_security_config.xml`
  292. **Lines:** 1-10
  293.  
  294. ```xml
  295. <?xml version="1.0" encoding="utf-8"?>
  296. <network-security-config>
  297. <base-config cleartextTrafficPermitted="true">
  298. <trust-anchors>
  299. <certificates src="system" />
  300. <certificates src="user" />
  301. <certificates src="@raw/cloudflare" />
  302. </trust-anchors>
  303. </base-config>
  304. </network-security-config>
  305. ```
  306.  
  307. **Manifest Declaration:**
  308. ```xml
  309. <application
  310. android:networkSecurityConfig="@xml/network_security_config"
  311. android:usesCleartextTraffic="true">
  312. ```
  313.  
  314. ### 5. Firebase Notification Processing
  315. **File:** `app/astrodummy/android/services/CustomFirebaseService.java`
  316. **Lines:** 79-131
  317.  
  318. ```java
  319. public final void g(w wVar) {
  320. try {
  321. NotificationHandler notificationHandler = new NotificationHandler(
  322. null, null, null, null, null, null, null, 127, null
  323. );
  324.  
  325. // Extract notification data
  326. notificationHandler.setItem_title(
  327. String.valueOf(((v.a) wVar.getData()).get("item_title"))
  328. );
  329. notificationHandler.setItem_id(
  330. String.valueOf(((v.a) wVar.getData()).get("item_id"))
  331. );
  332. notificationHandler.setSlug(
  333. String.valueOf(((v.a) wVar.getData()).get("slug"))
  334. );
  335. notificationHandler.setItem_type(
  336. String.valueOf(((v.a) wVar.getData()).get("item_type"))
  337. );
  338. notificationHandler.setWeb_view_url(
  339. String.valueOf(((v.a) wVar.getData()).get("web_view_url"))
  340. );
  341. notificationHandler.setPost_type(
  342. String.valueOf(((v.a) wVar.getData()).get("post_type"))
  343. );
  344. notificationHandler.setRest_base(
  345. String.valueOf(((v.a) wVar.getData()).get("image"))
  346. );
  347.  
  348. Intent intent = new Intent(this, (Class<?>) HomeActivity.class);
  349.  
  350. // Store notification data globally
  351. if (/* notification has data */) {
  352. c.f290f = true;
  353. c.f291g = notificationHandler;
  354. }
  355.  
  356. // Create and display notification
  357. PendingIntent activity = PendingIntent.getActivity(
  358. this, 0, intent, 201326592
  359. );
  360.  
  361. // ... notification creation code ...
  362. } catch (Exception e11) {
  363. a.v("Error", String.valueOf(e11.getMessage()));
  364. }
  365. }
  366. ```
  367.  
  368. ---
  369.  
  370. ## Permissions Analysis
  371.  
  372. ### High-Risk Permissions
  373. **Location:** `AndroidManifest.xml:2-46`
  374.  
  375. ```xml
  376. <!-- Device Identification -->
  377. <uses-permission android:name="android.permission.READ_PHONE_STATE"/>
  378.  
  379. <!-- Network -->
  380. <uses-permission android:name="android.permission.INTERNET"/>
  381. <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/>
  382. <uses-permission android:name="android.permission.ACCESS_WIFI_STATE"/>
  383.  
  384. <!-- Background Execution -->
  385. <uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED"/>
  386. <uses-permission android:name="android.permission.WAKE_LOCK"/>
  387.  
  388. <!-- Notifications -->
  389. <uses-permission android:name="android.permission.ACCESS_NOTIFICATION_POLICY"/>
  390. <uses-permission android:name="android.permission.POST_NOTIFICATIONS"/>
  391.  
  392. <!-- Advertising -->
  393. <uses-permission android:name="com.google.android.gms.permission.AD_ID"/>
  394.  
  395. <!-- Push Notifications -->
  396. <uses-permission android:name="com.google.android.c2dm.permission.RECEIVE"/>
  397.  
  398. <!-- Badge Permissions (Multiple Manufacturers) -->
  399. <uses-permission android:name="com.sec.android.provider.badge.permission.READ"/>
  400. <uses-permission android:name="com.sec.android.provider.badge.permission.WRITE"/>
  401. <uses-permission android:name="com.htc.launcher.permission.READ_SETTINGS"/>
  402. <uses-permission android:name="com.htc.launcher.permission.UPDATE_SHORTCUT"/>
  403. <uses-permission android:name="com.sonyericsson.home.permission.BROADCAST_BADGE"/>
  404. <uses-permission android:name="com.sonymobile.home.permission.PROVIDER_INSERT_BADGE"/>
  405. <uses-permission android:name="com.anddoes.launcher.permission.UPDATE_COUNT"/>
  406. <uses-permission android:name="com.majeur.launcher.permission.UPDATE_BADGE"/>
  407. <uses-permission android:name="com.huawei.android.launcher.permission.CHANGE_BADGE"/>
  408. <uses-permission android:name="com.huawei.android.launcher.permission.READ_SETTINGS"/>
  409. <uses-permission android:name="com.huawei.android.launcher.permission.WRITE_SETTINGS"/>
  410. <uses-permission android:name="android.permission.READ_APP_BADGE"/>
  411. <uses-permission android:name="com.oppo.launcher.permission.READ_SETTINGS"/>
  412. <uses-permission android:name="com.oppo.launcher.permission.WRITE_SETTINGS"/>
  413. <uses-permission android:name="me.everything.badger.permission.BADGE_COUNT_READ"/>
  414. <uses-permission android:name="me.everything.badger.permission.BADGE_COUNT_WRITE"/>
  415. ```
  416.  
  417. ---
  418.  
  419. ## Exported Components (Attack Surface)
  420.  
  421. ### Boot Receivers
  422. **Lines:** `AndroidManifest.xml:96-101`
  423. ```xml
  424. <receiver
  425. android:exported="true"
  426. android:name="com.onesignal.notifications.receivers.BootUpReceiver">
  427. <intent-filter>
  428. <action android:name="android.intent.action.BOOT_COMPLETED"/>
  429. <action android:name="android.intent.action.QUICKBOOT_POWERON"/>
  430. </intent-filter>
  431. </receiver>
  432. ```
  433.  
  434. **Lines:** `AndroidManifest.xml:146-152`
  435. ```xml
  436. <receiver
  437. android:directBootAware="false"
  438. android:enabled="false"
  439. android:exported="false"
  440. android:name="androidx.work.impl.background.systemalarm.RescheduleReceiver">
  441. <intent-filter>
  442. <action android:name="android.intent.action.BOOT_COMPLETED"/>
  443. <action android:name="android.intent.action.TIME_SET"/>
  444. <action android:name="android.intent.action.TIMEZONE_CHANGED"/>
  445. </intent-filter>
  446. </receiver>
  447. ```
  448.  
  449. ### Package Monitoring
  450. **Lines:** `AndroidManifest.xml:102-106`
  451. ```xml
  452. <receiver
  453. android:exported="true"
  454. android:name="com.onesignal.notifications.receivers.UpgradeReceiver">
  455. <intent-filter>
  456. <action android:name="android.intent.action.MY_PACKAGE_REPLACED"/>
  457. </intent-filter>
  458. </receiver>
  459. ```
  460.  
  461. ### Foreground Service Declaration
  462. **Lines:** `AndroidManifest.xml:58`
  463. ```xml
  464. <service
  465. android:exported="false"
  466. android:foregroundServiceType="dataSync"
  467. android:name="app.astrodummy.android.services.LoginService"/>
  468. ```
  469.  
  470. ### Firebase Messaging Service
  471. **Lines:** `AndroidManifest.xml:59-63`
  472. ```xml
  473. <service
  474. android:exported="false"
  475. android:name="app.astrodummy.android.services.CustomFirebaseService">
  476. <intent-filter>
  477. <action android:name="com.google.firebase.MESSAGING_EVENT"/>
  478. </intent-filter>
  479. </service>
  480. ```
  481.  
  482. ### FCM Broadcast Receiver
  483. **Lines:** `AndroidManifest.xml:79-84`
  484. ```xml
  485. <receiver
  486. android:exported="true"
  487. android:name="com.onesignal.notifications.receivers.FCMBroadcastReceiver"
  488. android:permission="com.google.android.c2dm.permission.SEND">
  489. <intent-filter android:priority="999">
  490. <action android:name="com.google.android.c2dm.intent.RECEIVE"/>
  491. <category android:name="app.astrodummy.android"/>
  492. </intent-filter>
  493. </receiver>
  494. ```
  495.  
  496. ---
  497.  
  498. ## Data Storage Locations
  499.  
  500. ### SharedPreferences Keys
  501. **Preference File:** `CMS_SHARED_PREFERENCES`
  502.  
  503. **Stored Values:**
  504. ```
  505. admin_token - Authentication token (plaintext)
  506. admin_token_type - Token type (e.g., "Bearer")
  507. langLocal - Language locale setting
  508. defaultLang - Default language code
  509. ```
  510.  
  511. **Preference File:** `MY_NEW_PREFERENCES`
  512. ```
  513. AMS_CLIENT_ID - Client identifier
  514. AMS_CLIENT_SECRET - Client secret key
  515. ```
  516.  
  517. ### Storage Implementation
  518. **Location:** `app/astrodummy/android/MainApplication.java:20-32`
  519. ```java
  520. SharedPreferences sharedPreferences = getApplicationContext()
  521. .getSharedPreferences("MY_NEW_PREFERENCES", 0);
  522. l.e(sharedPreferences, "applicationContext.getSh…S\", Context.MODE_PRIVATE)");
  523. this.r = sharedPreferences;
  524.  
  525. sharedPreferences.getString("AMS_CLIENT_ID",
  526. RequestConfiguration.MAX_AD_CONTENT_RATING_UNSPECIFIED);
  527.  
  528. SharedPreferences sharedPreferences2 = this.r;
  529. sharedPreferences2.getString("AMS_CLIENT_SECRET",
  530. RequestConfiguration.MAX_AD_CONTENT_RATING_UNSPECIFIED);
  531. ```
  532.  
  533. **Mode:** `Context.MODE_PRIVATE` (0) - No encryption
  534.  
  535. ---
  536.  
  537. ## Network Traffic Indicators
  538.  
  539. ### WebSocket Connection Pattern
  540. ```
  541. 1. DNS query: ws-mt1.pusher.com
  542. 2. TCP handshake to port 443 or 80
  543. 3. WebSocket upgrade request
  544. 4. Connection header: Upgrade: websocket
  545. 5. Pusher-specific handshake with API key
  546. 6. Channel subscription: "AppMySite<ANDROID_ID>"
  547. 7. Event binding: "App/Events/Senddatatoapp"
  548. 8. Persistent connection maintained
  549. ```
  550.  
  551. ### HTTP/HTTPS Endpoints
  552. ```
  553. Primary:
  554. - custom.api.appmysite.com/api/*
  555. - admin.appmysite.com/api/*
  556. - app.appmysite.com/*
  557.  
  558. CDN:
  559. - d33cfg8bjlyn3i.cloudfront.net/*
  560.  
  561. Telemetry:
  562. - o4504772588535808.ingest.sentry.io/*
  563.  
  564. Advertising:
  565. - Various Google Ads endpoints (dynamic)
  566.  
  567. Push Notifications:
  568. - Firebase Cloud Messaging endpoints
  569. - OneSignal endpoints
  570. ```
  571.  
  572. ### Expected User-Agent Pattern
  573. ```
  574. Standard Android WebView user agent with:
  575. - Android version
  576. - Device model
  577. - WebKit version
  578. - Chrome version
  579. ```
  580.  
  581. ---
  582.  
  583. ## Decompilation Artifacts
  584.  
  585. ### Java Package Structure
  586. ```
  587. app/astrodummy/android/
  588. ├── MainActivity.java (9.1 KB)
  589. ├── MainApplication.java (1.6 KB)
  590. ├── base/
  591. ├── network/
  592. │ ├── models/
  593. │ │ └── NotificationHandler.java
  594. │ └── response/
  595. │ ├── PusherResponse.java
  596. │ ├── Token.java
  597. │ └── (various response models)
  598. ├── services/
  599. │ ├── LoginService.java (6.3 KB)
  600. │ ├── CustomFirebaseService.java (6.3 KB)
  601. │ └── WorkerClass.java (6.0 KB)
  602. └── ui/
  603. └── activities/
  604. ├── AuthActivity.java
  605. ├── HomeActivity.java
  606. ├── GalleryActivity.java
  607. └── EmptyActivity.java
  608.  
  609. Obfuscated packages:
  610. a/, a0/, a1/, a2/, a3/, a4/, a5/, a6/, a7/, a8/
  611. (+/-100 obfuscated package directories)
  612. ```
  613.  
  614. ### Veri inmorntant Obfuscated Classes
  615. ```
  616. a6/c.java - Utility class with API endpoint configuration
  617. a6/a.java - Large utility class (53 KB)
  618. a6/h.java - Large utility class (53 KB)
  619. bd/e.java - Static configuration holder (credentials, endpoints)
  620. ```
  621.  
  622. ### Native Libraries (ARM64)
  623. ```
  624. lib/arm64-v8a/
  625. ├── liblanguage_id_l2c_jni.so (1.0 MB) - Google ML Kit
  626. ├── libsentry-android.so (15 KB) - Sentry SDK
  627. ├── libsentry.so (1.2 MB) - Sentry Native
  628. └── libtranslate_jni.so (16 MB) - Google ML Kit Translation
  629. ```
  630.  
  631. ---
  632.  
  633. ## Asset Files
  634.  
  635. ### Configuration Files
  636. ```
  637. assets/
  638. ├── default.json (1.9 KB) - Main app configuration
  639. ├── sentry-debug-meta.properties
  640. ├── sentry-external-modules.txt
  641. └── dexopt/
  642. ├── baseline.prof
  643. └── baseline.profm
  644. ```
  645.  
  646. ### Key Configuration (default.json)
  647. **Lines:** 2-66
  648. ```json
  649. {
  650. "_id": "64637f93121795db5703240c",
  651. "app_id": 264,
  652. "user_id": 13,
  653. "client_id": 10003628,
  654. "service": 3,
  655. "general": {
  656. "title": "SamplecustomApp2"
  657. },
  658. "aws_directory": {
  659. "CountriesFlagUrl": {
  660. "flag_url": "https://d33cfg8bjlyn3i.cloudfront.net/assets/images/flags/100x100/"
  661. },
  662. "Icons": {
  663. "light": "icons/96w/light",
  664. "regular": "icons/96w/regular",
  665. "bold": "icons/96w/bold"
  666. },
  667. "CustomCms": {
  668. "CustomCms": "custom-cms-media"
  669. }
  670. },
  671. "aws_url": "https://d33cfg8bjlyn3i.cloudfront.net"
  672. }
  673. ```
  674.  
  675. ---
  676.  
  677. ## DEX String Indicators
  678.  
  679. ### From classes.dex (strings utility output)
  680.  
  681. **Pusher-related:**
  682. ```
  683. $pusher
  684. pusher:connection_established
  685. pusher:error
  686. ws-mt1.pusher.com
  687. {"event": "pusher:ping"}
  688. An exception was thrown by the websocket
  689. acceptHandshakeAsServer - Wrong websocket version.
  690. ```
  691.  
  692. **Authentication-related:**
  693. ```
  694. $accessToken
  695. $accessTokenAppId
  696. admin_token
  697. access_token
  698. client_secret
  699. refresh_token
  700. refreshToken
  701. authenticationToken
  702. token_type
  703. ```
  704.  
  705. **Service identifiers:**
  706. ```
  707. LoginService
  708. CustomFirebaseService
  709. WorkerClass
  710. Inside the Login Service----------
  711. Inside Notification
  712. Pusher Response -----
  713. ```
  714.  
  715. ---
  716.  
  717. ## Build Information
  718.  
  719. ### APKTool Output (apktool.yml)
  720. ```yaml
  721. version: "1.0.0"
  722. apkFileName: app.astrodummy.android.apk
  723. isFrameworkApk: false
  724. usesFramework:
  725. ids:
  726. - 1
  727. sdkInfo:
  728. minSdkVersion: '24'
  729. targetSdkVersion: '34'
  730. packageInfo:
  731. forcedPackageId: '127'
  732. versionInfo:
  733. versionCode: '1'
  734. versionName: 1.0.0
  735. ```
  736.  
  737. ### Gradle Build Properties (inferred from unknown/)
  738. ```
  739. buildType: release
  740. obfuscation: enabled (ProGuard/R8)
  741. minification: enabled
  742. optimization: enabled
  743. ```
  744.  
  745. ---
  746.  
  747. ## Detection Signatures
  748.  
  749. ### YARA-style Pattern Indicators
  750.  
  751. ```
  752. rule AstroDummy_Pusher_Keys {
  753. strings:
  754. $pusher_live = "2ef6a31c84b594470a20"
  755. $pusher_dev = "422f30e59bee74b8578d"
  756. $pusher_host = "ws-mt1.pusher.com"
  757. condition:
  758. any of them
  759. }
  760.  
  761. rule AstroDummy_Package {
  762. strings:
  763. $pkg = "app.astrodummy.android"
  764. $service = "LoginService"
  765. $channel = "AppMySite"
  766. condition:
  767. all of them
  768. }
  769.  
  770. rule AstroDummy_Endpoints {
  771. strings:
  772. $api1 = "custom.api.appmysite.com"
  773. $api2 = "admin.appmysite.com"
  774. $cdn = "d33cfg8bjlyn3i.cloudfront.net"
  775. condition:
  776. any of them
  777. }
  778. ```
  779.  
  780. ### File Path Indicators
  781. ```
  782. /data/data/app.astrodummy.android/
  783. /data/data/app.astrodummy.android/shared_prefs/CMS_SHARED_PREFERENCES.xml
  784. /data/data/app.astrodummy.android/shared_prefs/MY_NEW_PREFERENCES.xml
  785. /data/data/app.astrodummy.android/files/
  786. /data/data/app.astrodummy.android/cache/
  787. ```
  788.  
  789. ---
  790.  
  791. ## Intent Filter Patterns
  792.  
  793. ### Deep Link Handling
  794. **Location:** `AndroidManifest.xml:169-176`
  795. ```xml
  796. <activity
  797. android:exported="true"
  798. android:name="com.facebook.CustomTabActivity">
  799. <intent-filter>
  800. <action android:name="android.intent.action.VIEW"/>
  801. <category android:name="android.intent.category.DEFAULT"/>
  802. <category android:name="android.intent.category.BROWSABLE"/>
  803. <data
  804. android:host="cct.app.astrodummy.android"
  805. android:scheme="fbconnect"/>
  806. </intent-filter>
  807. </activity>
  808. ```
  809.  
  810. **URL Pattern:** `fbconnect://cct.app.astrodummy.android`
  811.  
  812. ---
  813.  
  814. ## Certificate Information
  815.  
  816. ### Network Security - Trusted Certificates
  817. ```xml
  818. <certificates src="system" /> <!-- System CA store -->
  819. <certificates src="user" /> <!-- User-installed certs -->
  820. <certificates src="@raw/cloudflare" /> <!-- Custom cert -->
  821. ```
  822.  
  823. **Custom Certificate Location:** `res/raw/cloudflare` (referenced but not extracted)
  824.  
  825. ---
  826.  
  827. ## Gradle Dependencies (Inferred from Code)
  828.  
  829. ```gradle
  830. dependencies {
  831. // Firebase
  832. implementation 'com.google.firebase:firebase-messaging'
  833. implementation 'com.google.firebase:firebase-analytics'
  834. implementation 'com.google.firebase:firebase-crashlytics'
  835.  
  836. // Pusher
  837. implementation 'com.pusher:pusher-websocket-java'
  838.  
  839. // OneSignal
  840. implementation 'com.onesignal:OneSignal'
  841.  
  842. // Sentry
  843. implementation 'io.sentry:sentry-android'
  844.  
  845. // Google Ads
  846. implementation 'com.google.android.gms:play-services-ads'
  847.  
  848. // Google ML Kit
  849. implementation 'com.google.mlkit:translate'
  850. implementation 'com.google.mlkit:language-id'
  851.  
  852. // Facebook
  853. implementation 'com.facebook.android:facebook-android-sdk'
  854.  
  855. // Image Loading
  856. implementation 'com.github.bumptech.glide:glide'
  857.  
  858. // Networking
  859. implementation 'com.squareup.okhttp3:okhttp' (inferred)
  860. implementation 'com.squareup.retrofit2:retrofit' (inferred)
  861.  
  862. // JSON
  863. implementation 'com.google.code.gson:gson'
  864.  
  865. // AndroidX
  866. implementation 'androidx.work:work-runtime-ktx'
  867. implementation 'androidx.core:core-ktx'
  868. // ... (numerous AndroidX dependencies)
  869. }
  870. ```
  871.  
  872.  
  873.  
  874. **Note:** All values, keys, endpoints, and code snippets extracted directly from static analysis. No dynamic execution performed.
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!