Twitter | Search | |
Elliot Alderson
Reverse engineering of a Huawei P20 from China - Episode 2 Thread ⬇️
Reply Retweet Like More
Elliot Alderson Oct 14
Replying to @fs0c131y
I intercepted the communications made by the Huawei P20 and this is not good...
Reply Retweet Like
Elliot Alderson Oct 14
Replying to @fs0c131y
The phone sends a request to all these websites. The 1st observation, we can do is that almost all communications are unencrypted.
Reply Retweet Like
Elliot Alderson Oct 14
Replying to @fs0c131y
This request to the subdomain to the endpoint collect seems interesting
Reply Retweet Like
OverSoft Oct 14
Replying to @fs0c131y
Hey look, more Baidu. BitFi's also connect to there. Who needs "supermicro tiny hack chips" when every device that is made in China is riddles with callbacks to China?
Reply Retweet Like
Elliot Alderson Oct 14
Replying to @fs0c131y
In this request, the phone is sending - your country - your province - your city - phone locale - the website you requested (here )
Reply Retweet Like
Elliot Alderson Oct 14
Replying to @OverSoftNL
Ok I will!
Reply Retweet Like
Elliot Alderson Oct 14
Replying to @fs0c131y
They didn't enforce the strict transport security aka is working... 🤦‍♂️
Reply Retweet Like
Elliot Alderson Oct 14
Replying to @fs0c131y
This domain is the property of UCWeb Inc. the company behind the UC Browser
Reply Retweet Like
Elliot Alderson Oct 14
Replying to @fs0c131y
Well, this request is not shady at all :sarcasm:
Reply Retweet Like
Elliot Alderson Oct 14
Replying to @fs0c131y
It sending a lot of thing I cannot read for now, I need to find the corresponding code.
Reply Retweet Like
Elliot Alderson Oct 14
Replying to @fs0c131y
If you open with chrome, you will have a warning
Reply Retweet Like
Elliot Alderson Oct 14
Replying to @fs0c131y
This endpoint is part of the Huawei Cloud from the "Object Storage Service" family
Reply Retweet Like
Elliot Alderson Oct 14
Replying to @fs0c131y
Not shady at all...
Reply Retweet Like
Elliot Alderson Oct 14
Replying to @fs0c131y
Reminder: I didn't use the phone, these requests are done without any user interactions
Reply Retweet Like
Elliot Alderson Oct 14
Replying to @fs0c131y
According to virustotal, 8.37.232.1 is a subdomain of which the property of MILEWEB, INC
Reply Retweet Like
Elliot Alderson Oct 14
Replying to @fs0c131y
Wow this is the number of requests done when I did airplane mode on/off!
Reply Retweet Like
Elliot Alderson Oct 14
Replying to @fs0c131y
There is a lot of thing to find in this phone but now I need to sleep 😄. End of the episode 2, see you for the episode 3!
Reply Retweet Like
Jane Manchun Wong Oct 14
Replying to @fs0c131y
That doesn't seem to be in the correct encoding system. Try GB2312, the one used commonly in China for Simplified Chinese. I can read and write Chinese fwiw
Reply Retweet Like
Elliot Alderson Oct 14
Replying to @wongmjane
Ok I will! Thanks my Chinese is pretty bad 😁
Reply Retweet Like