Building Android versions of RFD

[frostyyyy1]

Ive been looking into whether this can work on Android. just collecting what might block it.
What I’ve been told / noticed
I was told it’s “hard” because the Roblox APK only accepts domains/IPs that are ≤ 10 characters. That means ngrok / no-ip hostnames won’t work. But I wasn’t told why this is hard, is it just baked-in checks, parsing limits, or something else in the native code?

The domains are inside libroblox.so. Id probably need to patch them, but then there’s also signature/public-key/integrity checks that I dont fully get.

I’m testing with an unmodded 2016 APK just to have a starting point.
(Want to get 2018 and 2021 working)

Ideas / questions

Could you bypass the domain length issue with /etc/hosts on Android? That would need root, but it might trick the APK into resolving a short fake domain to the right server. (I cant get root on my devices, so ill stick to modifying the libroblox.so file)
If not, then libroblox.so probably has to be patched. Has anyone found where the 10-char enforcement actually happens?

About the Join string: from the screenshot, it looks like it might be the payload the app expects. Would you inject that into the login flow (like simulating a Join button press), or is it smarter to hook the intent/URL the app normally uses?

The screenshot I attached looks like it might be the Join payload the client expects. My questions: is the Join flow handled purely client-side (so we can inject a payload during login), or does it require an authenticated session and server-side validation first?

Could the Join string be injected into the login flow (simulate pressing Join / overlay the UI), or is it cleaner to hook the intent/URL that launches a game?
My gut: even if we patch domains, the client will still need a proper login handshake (tokens, session setup) before Join will actually work so domain patching might not be the only work required. You don’t get the full game listing UI unless the client successfully talks to the real services.

Login/auth: wouldn’t the APK also expect some kind of login handshake before Join works? I don’t know if that’s handled in the same place as the domain stuff or if it’s a whole extra layer to patch.

Main questions

Why exactly is it “hard” to use >10 char domains on Android?

Has anyone mapped out the domain checks in libroblox.so

How much of the login/auth would break if we only patched the domains, is there more work needed to make Join actually function?
Cuz you dont really have a webserver where you can look at the games and stuff.

Did anyone start working on a android version and could help on this?

Is Android support even realistic right now to be comeing anytime soon?

[Windows81]

I can't say about the 10-character limit. It probably comes from the length of roblox.com, which most revival systems change by replacing all the strings in Windows exe files. This is why many revivals' names comprise of six letters: Syntax, Pekōra, Kōrone, Finobe.

RFD doesn't rely on hard-coded domain changes to work. Instead, I patch any "trust checks" that Rōblox clients use. Refer here for perhaps some more information.

You can articulate these changes to ARM-compiled Rōblox binaries.

[LazVaz12]

can't you just host your own site? you can do like rfdrfd, winrfd (windows rfd)

[Windows81]

RFD's purpose is to allow anyone to host a server on any domain or IP address. What you proposed will not work.

[frostyyyy1]

@Windows81 Oh okay thanks for the tips, if i get something to work, ill tell you guys, im rather unsure tho if i can get something to work but ill try some stuff

[abricoshka]

I have a lot of experience with APK reverse engineering. I can try to get as many information as i can from libroblox.so.

[Windows81]

Also feel free to refer to my guides. Some are easier to translate to ARM than others. Some are more thorough than others.

[abricoshka]

i don't think the domains are in libroblox.so; i found some config fields in DEX bytecode (baseUrl, version, releaseChannel and more).
I still don't quite understand how RFD & RCC work; should i replace roblox.com with my localhost link? (my phone is connected to the same network)

[frostyyyy1]

@abricoshka We have a Matrtix channel for getting android working, i got a 2015 apk to talk to my webserver, add me to Matrix and ill show you what to edit, i havent messed with 2021 lots. @frostttt1:matrix.org

[Windows81]

@abricoshka: RFD works basically in the following way:

1. a web server is established, accepting unsigned HTTPS connections via TCP port 2005
2. an instance of RCCService.exe is made on the same machine, which accepts connections over UDP port 2005 and interacts with the web server in (1)

Clients need to establish connection with both TCP and UDP port 2005 to function properly.