Hacking the Dash Button

There are quite a few projects out there, helping you getting started with programming your dash button. As there is no easy way of flashing the button with a patched firmware you have to come up with creative solutions.

After testing some projects out there I went for the project node-dash-button. This project basically does two things:

  1. It helps you getting the MAC-address from your dash button

  2. It provides basic APIs to execute code whenever your button is pressed

As soon as you have the MAC-address of your dash-button this project is listening for ARP packages coming from your dash button – such packages are sent over the network as you press your button.

As there are no documented APIs available for our favorite team-shopping-list app Bring! I had to reverse-engineer the app itself and see what requests are going out when you add an item to your shopping list. As all of the requests are using HTTPS that was quite some try and error until I could see the request data being sent between my phone and the Bring APIs.

  1. Easy, I’ve done that before on my computer. Let’s just use Fiddler on my computer and set the proxy address on my Android phone and basically do a MITM attack (Fiddler and tools like that do a great job – they can dynamically generate certificates on the fly if you install their root certificate)

  2. Sh**! The user certificate store (where you install the root certificate of Fiddler) is not considered for requests done in apps, just inside your browser. Meh!

  1. Let’s try it on my Ubuntu machine by using an android emulator with mitmproxy.

  2. Gosh! Proxy settings are not respected by all apps. That makes it impossible to intercept those requests :-/

  3. After reading about older API levels in android I grabbed an older phone and voila – both the user certificate store + the proxy settings were used by the Bring app and I could finally see which requests were sent over the network.

After all the hassle I packaged everything into a docker image running on our in-house infrastructure.