Comments (7)
Hi @shoaibjahejo, do you have an example app that can be quickly installed and run to see this pinning in action?
In theory it should be easy enough to remove this, but I'm not familiar with Unity and I've never investigated it myself. I've written a general reverse engineering guide here that might help you though: https://httptoolkit.tech/blog/android-reverse-engineering/
from frida-interception-and-unpinning.
You could try Apps from Activision Blizzard like Wow Companion or Hearthstone
Niantic games like Ingress also rely on Unity.
from frida-interception-and-unpinning.
Hi @shoaibjahejo, do you have an example app that can be quickly installed and run to see this pinning in action?
In theory it should be easy enough to remove this, but I'm not familiar with Unity and I've never investigated it myself. I've written a general reverse engineering guide here that might help you though: https://httptoolkit.tech/blog/android-reverse-engineering/
Hello Tim Perry,
Thankyou for replying, I have tried each and everything, like reverse engineering the application, i did it, but couldn't find the code in java, because the validation itself is implemented in it's lib files in C# or C++(not sure), so i started dumping those lib files then i got dll files, then i opened AssemblyCsharp.dll in dnspy, and then i found the classes which were implementing ssl pinning, but still it didn't reverse the same code, hence it is showing code different, and implemented one is little different, there was little different.
Here is the below unity based game example, which is using the same validation of ssl pinning, you can check it out.
Link:- https://play.google.com/store/apps/details?id=com.micropets.runner&showAllReviews=true
from frida-interception-and-unpinning.
I've done some more research, it looks like as you say unpinning Unity with Frida is quite a bit more complicated due to the lib files involved. Somebody has create a Frida + Unity guide and tutorial video that you might find helpful here though: https://github.com/kylesmile1103/Learn-Frida
from frida-interception-and-unpinning.
I've done some more research, it looks like as you say unpinning Unity with Frida is quite a bit more complicated due to the lib files involved. Somebody has create a Frida + Unity guide and tutorial video that you might find helpful here though: https://github.com/kylesmile1103/Learn-Frida
@pimterry I have folllowed that tutorial already, but still i couldnt get upto that, i have searched like whole internet for past 15days but i'm not getting a success yet, as i have sent you the sample game application above, it is using the same validations, if in anyway you can try and get a solution for this? that would be really great, there is nothing i found like frida script or any working method for that, so it can be a great thing if you could find solution for this as well.
from frida-interception-and-unpinning.
Ah, OK. Sorry, I don't have a lot of time for a major investigation into this myself right now so I can't help much. It definitely seems like it will be possible with Frida, it's just much more complicated than merely patching normal Java APIs.
If you make any progress though, or you find any other articles/video that are actually helpful then do share them here so that other people interested in unpinning Unity can use that!
from frida-interception-and-unpinning.
Another game with cert pinning; Marvel Contest of Champions. Link: https://apkcombo.com/marvel-contest-of-champions/com.kabam.marvelbattle/
It throws an error "Failed to login"
Ah, OK. Sorry, I don't have a lot of time for a major investigation into this myself right now so I can't help much. It definitely seems like it will be possible with Frida, it's just much more complicated than merely patching normal Java APIs.
Maybe you can use Il2Cpp API script? https://github.com/vfsfitvnm/frida-il2cpp-bridge
from frida-interception-and-unpinning.
Related Issues (20)
- Disable jailbreak detection HOT 3
- I have an app that has certificate transparency failed, is there any script that I can use? HOT 1
- SSLPeerUnverifiedException: Certificate transparency failed HOT 1
- issues with unpinning of com.segway.mower and com.hansgrohe.poseidon HOT 5
- Frida: The 'argv' option is not supported when spawnin HOT 1
- Nigloland App: Certificate transparency failed HOT 5
- Hi
- Not Work = Raw Custom-Pinned Resquest HOT 3
- [FIXED] Not working with bereal HOT 3
- [ ] Unrecognized TLS error - this must be patched manually HOT 8
- Fishing Clash app. Some super-duper pinning protection. HOT 2
- Ignorar detectar VPN httptoolkit HOT 5
- Bypass la fijación SSL de IOS 15-16 con httptoolkit + script frida HOT 3
- Error: access violation accessing 0x5d8 HOT 1
- this script fails with com.audioteka but another works HOT 2
- Error with file : android-certificate-unpinning.js HOT 1
- error native-connect-hook.js HOT 1
- not able to sniff com.peacocktv.peacockandroid HOT 10
- Not working with com.bumble.app HOT 3
- Add Support for Intercept Flutter HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from frida-interception-and-unpinning.