Advice on reverse engineering Chinese app for BLE protocol

Question

Recently I got a Chinese clone of the Mi Band 2. The app it needs is horrible, though . So I wondered how to create another app that interprets the data from the band into something more useful (I know it's possible because even the mi band has alternative, user-created apps).

I started trying to reverse engineer the apk to find most of the code that is used to communicate with the BLE device. (Inspired by this thread on how someone did it with the mi fit app)

So I followed the accepted answer on this stackoverflow question.

(Note that I downloaded the apk from a page called APKTurbo as it was the only option I found, and I have no way of copying the app from my device.)

I followed the steps mentioned above, but I only found three files on the .jar file created ( screenshot ). All three can be found here:

• StubApp.class

• QHDialog.class

• Configuration.class

There are mentions of something like "com.qihoo360.crypt.entryRunApplication" . (Qihoo is a Chinese security company).

I must mention I have some experience with Java, I have developed very basic apps for Android, but I am no expert, unfortunately.

So from what I found my only guesses are that either the app is encrypted or the place from where I got it adds some way of protection.

Next I tried using this app called BLE Scanner to read the band. I found that the name of the BLE device is RB09_heart. I also found 4 services, if I recall correctly, 3 of them were custom and only one was for the data of the band (eg name of device).

I don't know what to do with this data, I think I still need to see the app's code to understand how messages are send to the band.

What should I do next? Or, where did I go wrong? Thanks in advance.

Answer 1

Rather than trying to reverse engineer an APK that's likely been minified/obfuscated, have you tried looking for an SDK for the bands? Checking git turned up both this and this as potential options, do these not provide what you need?