home changelog blog misc

intercepting cosmo

requirements

create a device

  1. install android studio and android SDK
    2. yay -S android-studio android-sdk-platform-tools
  2. run android-studio
  3. open the virtual device manager
  4. create a new device with the following settings
    5. device:         pixel 8
API:            API 34 android 14.0
services:       google play store
system image:	recommended x86_64 image
default boot:	cold
camera:         none
graphics:       hardware acceleration
  5. boot the device
  6. open the play store and install cosmo

root the device

  1. download rootAVD
    2. git clone https://gitlab.com/newbit/rootAVD && cd rootAVD
  2. run the script
    3. ./rootAVD.sh ~/Android/Sdk/system-images/android-34/google_apis_playstore/x86_64/ramdisk.img
  3. restart the device (cold boot)

become a superuser

  1. download magisk
    2. curl -L https://github.com/topjohnwu/Magisk/releases/latest/download/app-release.apk -o magisk.apk
  2. sideload magisk onto the device
    3. adb install magisk.apk
  3. open magisk on the device, then update and reboot if required
  4. ask for root access
    5. adb shell
su
  5. switch to the superuser tab in the magisk app and grant permissions when prompted

monitor network traffic

  1. install httptoolkit
    2. yay -S httptoolkit
  2. run httptoolkit and select Android Device via ADB
  3. confirm access on the device, ensuring system trust is enabled
  4. open cosmo and create an account
  5. monitor traffic inside httptoolkit to find tokens in a request response

example response

{
  "user": {
    "id": 123456,
    "email": "cosmo@mail.com",
    "address": "0x3xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
    "nickname": "cosmo",
    "guid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
  },
  "credentials": {
    "accessToken": "eyJxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
    "refreshToken": "eyJxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
  }
}

refreshing tokens

to my knowledge tokens expire after approximately one week. once expired, tokens can be refreshed using cosmo-refresh. this simple script saves you from having to open up an emulator and monitor the network traffic to get your new tokens every time the old ones expire.