- Cat lover
- AKA ProgrammeerMeneer
- Web, App and WebApp developer
- Just doing some dumb shit as always
- Collector and hacker of deranged android devices
Ok so people already cracked the rabbit R1 and found out its android. People dumped the apk and i got it working (with root and a few mods) on a standard ass phone lmaoo
Turns out i didn’t try hard enough. However still need to find a way to install other apps. The default browser blocks downloads and the dev options are disabled.
(I know there is a far better way with mtkclient etc but this might become an on device solution again lol)
Ok so people already cracked the rabbit R1 and found out its android. People dumped the apk and i got it working (with root and a few mods) on a standard ass phone lmaoo
Guess who’s back on android phones? That’s right! Our little rabbit friend!
We have fought through:
⁃ “IMEI checks”
We discovered these literally don’t exist and you still can just use any string as IMEI
⁃ Other header checks
These are obfuscated across a few files and even
More rabbit shenanigans, got lineage up and running for myself + google play services. Also rooted with magisk!
I also bricked it like 3 times in the process but fortunately recovered, however i don’t know what specifically did the trick to unbrick it lol
@JackRhysider
@thel3l
I pinky promise this is not a photoshop, we will do a writeup eventually, here is a short video. Note that this isn't my video and device but from someone in our team. We do all have the knowledge on how to do it.
There is a new Judy.apk in the rabbit rom, it's only purpose is to disable adb and delete any custom apps. This only triggers on the production rom.
There is also new code in a native .so library to further obfuscate the server request header values.
They really want to make it
@Michaelbolloz
I got the apk from someone that dumped it, rooted and upgraded my phone to android 14. The app only runs on 13 and up and as a system app. I then used a flipper zero to emulate the scroll wheel and set it up with a rabbit account. Now it’s like this lol
Got recommended to try InnerTune on this thing, and actually, it’s a pretty cromulent music player!
(Dankpods will be proud)
Mapped the scroll to volume and the ptt to pause/skip when any other app apart from the rabbit app is open.
Please
@rabbit_hmi
make a toggle or
I have rebuilt the entire lineage rom just to ignore the power key and make it broadcast it’s keyevent to the app. This also means i can now use both volume keys for the scrollwheel!
Interesting development on the latest OTA, seems like rabbit fixed terminal mode for other android devices. Previously it would just rotate the small rabbit instead of displaying the terminal. Thanks for fixing it i guess??😅
@ek0synx
This device is locked down and shouldn’t normally be able to access settings. That’s why it’s so difficult to reach. Normally you ofc just press the app icon.
@misaalanshori03
I would have thought too, but no they removed the entire app and replaced it with a placeholder app that just kicks you back to the launcher.
Rabbit has fixed this in the latest update in the most hilarious way possible, by injecting JAVASCRIPT???
I might actually go insane, i added my own javascript that just reverts the css and yep exploit works again. Too bad it isn't that useful of an exploit.
Rabbit has heavily (and natively) obfuscated the apps in the newest ota. This will make things more difficult in terms of patching the app.
After flashing the updated image to my jailbroken r1, the app didn't launch. It seems to detect if the device is rooted or not, cause
Turns out i didn’t try hard enough. However still need to find a way to install other apps. The default browser blocks downloads and the dev options are disabled.
(I know there is a far better way with mtkclient etc but this might become an on device solution again lol)
We will try other things like calling in a bit. I am not the owner of this device but it is someone else in the team which needs to come back from work.
What doesn’t work confirmed:
The motor for the camera, it’s stuck pointing down, but the camera works. So it’s just only gonna
@KaziAhmedDev
@thel3l
That’s entirely possible, even in the stock rom if it isn’t updated yet or you prepared and installed overlaying apps before updating.
App works on phone again kinda, they have (we think) purposefully broken the volume up key for interacting. On a normal android phone you can’t broadcast the power key event without the phone turning off.
So terminal mode works but we can’t initiate voice. It gets blocked by a
Yes, this watch runs full android. Here is the full rabbit setup progress that is modified to not require a network entry and a QR code.
The battery life on this thing is shit, it burns my wrist if you do anything intensive, and it doesn’t want to boot anything higher than
the panels app is very poorly made and all payments are verified on client side
links to all wallpapers (hd/sd) are preloaded right after the app is launched, all you need are basic mitm skills to get them for free. the file with links isn’t authenticated or protected *at all*
@GokuInnovates
@WillHobick
@FlutterDev
@flutterflow
The rabbit servers are real and the apk is definitely real. However this app is probably just connecting to openai instead of rabbit directly. (which is basically the same thing rabbit does lmao)
Apparently that one ai device company that really looks like and basically is an aliexpress dropship is dming people who are in the rabbit r1 server unasked for....
you can navigate menus in rabbit app with a tv remote instead of a scroll wheel! should work on actual device too
that’s because the “scroll wheel” sends dpad actions, just like tv remotes, keyboards, or other accessories
Full setup in glorious twitter compression, setup before this was rooting and having android 13 or higher. Then adding the app to have system level permissions.
Ok so people already cracked the rabbit R1 and found out its android. People dumped the apk and i got it working (with root and a few mods) on a standard ass phone lmaoo
Got my own r1 first batch! And wow this thing is indeed orange 😅
Time to have some more fun with it!
From now on all API requests i will do will have my own IMEI attributed instead of the random invalid ones we used before.
Btw this will probably my last tweet of running the rabbit app on other devices, i don’t think there is a better option than this and i think everyone gets the point already lol