10 augustus 2019
From the category: Hacks

Let's hack the T-Mobile app using adb

I've been playing around with my T-Mobile 4G for home for a while. Now I am one step closer to automatically topping up my data credit.

This is a script that checks every 40 seconds whether the credit has run out and then replenishes it fully automatically if necessary.

It works because I keep an old Android phone connected to my computer without a SIM card. Every 40 seconds the script checks whether the credit has run out by downloading an image from a website. If this fails, he assumes that the credit has run out.
Then the script starts the T-Mobile app and supplements the credit. The script simulates the user by entering the pin code and clicking on the various buttons of the app. A real hack. Very nice! Now I can leave my PC on for download and I don't have to worry about it anymore.

The script:
#Dit script werkt als je het ikoontje van de T-mobile-app iets boven het midden op het homescherm staat
while true
#Download plaatje van 100kb.
T=$(date +"%T")
echo "[$T] Ophalen..."
r=`wget --timeout=4 --tries=2 "https://www.ziggo.nl/content/dam/www.ziggo.nl/img/chatbg.png" &> /dev/null`
if [ $? -ne 0 ]
echo "Lage snelheid!"
#Ga naar home
echo "Home"
adb shell input keyevent 3
sleep 3
#App opstarten vanaf home scherm
echo "App opstarten"
adb shell input tap 355 512
sleep 5
#Pincode intypen
echo "Pincode intypen"
adb shell input text 12345
sleep 6
#MB's aanvullen
echo "Knop MB's aanvullen"
adb shell input tap 400 500
sleep 5
echo "Knop MB's aanvullen 2"
adb shell input tap 724 1218
sleep 2
echo "Knop aanvullen"
adb shell input tap 612 1224
sleep 4
# Bevestigen knop
echo "Knop Bevestigen"
adb shell input tap 600 1218
sleep 8
#App afsluiten
echo "App afsluiten"
adb shell am force-stop nl.oberon.tmobile.my
echo "2 minuten slapen"
sleep 120
echo "Snelheid OK, slapen..."
sleep 40

Scriptkiddie hacks

My favorite hacks are hacks that scrape a website or similar hacks like the one above that controls an Android app. They are real hacks because they break into existing sites or apps. You will never see this type of hack in commercial apps because they think that a script hack is not maintainable.






(C) 2019, 2020 marcelv
Should a website to which I refer fail, I always have a backup.