Do you know how to bypass ssl pinning by modifying TLS SSL hand shake without having to install a server or inject the frida gadget in the app with objection I need that method

@user-yy2wp9ys6d u could modify and downgrade the max sdk version of the apk to sdk 23 (might be 21 idk, I forgot)

@@rhen4610 what do you mean by that would it require having access to the app before installation on the device or would it be while the app is already installed on the device

@@user-yy2wp9ys6d before installation

I don't have a lot of experience working with multiple devices connected at the same time, but I believe the -S or --serial flag should work for that. You should be able to run adb devices to get the identifier for the device you are working with and then add -S and that identifier to your command.

and how do i fix it

@@songlyrics1944 do you have your phone or emulator connected over USB? that error most likely means that it can't find your device with ADB. you need to have USB debugging enabled and have it connected over USB.

U needed to have adb connect

You need to use the option -a and giving the architecture as an argument. For example objection patchapk -s filename.apk -a x86 or objection patchapk -s filename.apk -a x86_64 The value of the argument depends on the target architecture. For me it is x86_64 since my android emulator used this architecture. Hope that helps you and others that stumble upon the same issue.

I have much more experience with Android than iOS. I'll put it on my list of video ideas though and maybe I will make some videos about iOS as well.

Most of the apps I work with either come from the Play Store or are provided in APK format, so I don't have a lot of experience working with XAPKs. My best suggestion would be to convert the XAPK to an APK and then proceed with the normal process using that APK. I found this website that has some instructions for XAPK conversion: openxapkfile.net/convert-xapk-to-apk.html And I also found this standalone Python script to convert an XAPK to an APK: github.com/LuigiVampa92/xapk-to-apk Like I said, I don't have a lot of experience working with XAPKs, so I haven't really looked into either of these methods. These were just some options that came up from some initial research. I may end up making a video about working with XAPKs in the future after I learn more about them. I hope this helps!

@@CorSecure Thanks for the reply! I'll try converting to an APK again, I've had difficulty because some apps have really weird xapk setups, but we'll see. Thanks for continuing to make good content!

there may be a way to do it using objection or frida, but I would patch the apk to allow the app to use user certificates and install the burp cert as a user cert on the device. I might actually make another video about how to do that pretty soon.

You don't need rooted device to install the burp cert. Just copy it to the device and install it in the Android settings like described in this video. kzbin.info/www/bejne/eXu1kHWJfrino6c

I don't think I have ever had this issue before, but it could be due to some anti-tampering protections on the app, which take some more extensive research to figure out how to bypass. I did find these two threads on github that might have some comments that could be helpful. github.com/sensepost/objection/issues/64 github.com/sensepost/objection/issues/119

@@CorSecure ok thank you I'll get back to you if I find anything thanks!

@@CorSecure Hey I used a separate tool to manage the split apks and combined them into one and saved it. The tools known for handling objection split apk files so after that I used the objection command on the new combined apk file and I keep getting this error and I have no idea how to fix it I looked online everywhere and couldn't find a place where the issue was solved this was the command and output: objection patchapk -s SAVE_APK No architecture specified. Determining it using `adb`... Detected target device architecture as: arm64-v8a Using latest Github gadget version: 16.1.3 Patcher will be using Gadget version: 16.1.3 Detected apktool version as: 2.8.1 Running apktool empty-framework-dir... I: Removing 1.apk framework file... Unpacking SAVE_APK App already has android.permission.INTERNET Target class not specified, searching for launchable activity instead... Reading smali from: /tmp/tmpezqieai3.apktemp/smali/es/socialpoint/hydra/permissions/PermissionsActivity.smali Injecting loadLibrary call at line: 16 Attempting to fix the constructors .locals count Current locals value is 0, updating to 1: Writing patched smali back to: /tmp/tmpezqieai3.apktemp/smali/es/socialpoint/hydra/permissions/PermissionsActivity.smali Copying Frida gadget to libs path... Rebuilding the APK with the frida-gadget loaded... Rebuilding the APK may have failed. Read the following output to determine if apktool actually had an error: ../../../tmp/tmpezqieai3.apktemp/smali_assets/javax/annotation/Nonnull.smali[29,20] Class Ljavax/annotation/Nonnull; has already been interned Could not smali file: javax/annotation/Nonnull.smali Built new APK with injected loadLibrary and frida-gadget Performing zipalign Zipalign completed Signing new APK. Signed the new APK Copying final apk from /tmp/tmpezqieai3.apktemp.aligned.objection.apk to SAVE_APK in current directory... Cleaning up temp files...

This happened to me as well. I just edited the dex of the apk to avoid checking if it is modified

Thanks! :)

Did that work?

@@misterge3169 unfortunately no. Though everything was successful, the still could not allow me to bypass ssl pinning.

i want to mention that objection was not able to bypass SSL pinning in the app i was testing, but with root access and with frida i was able to bypass SSL pinning here is the video from CorSecure kzbin.info/www/bejne/eILaqqxpaJ2Nl8k the frida is what worked for my case.

The app may have some sort of tampering protection in place that prevents tools like Objection and Frida to be used. It may be possible to bypass those types of protections as well, but it would probably take some additional reverse engineering to determine how they were implemented.

frida is a prerequisite for objection and must be installed on your computer, but the frida-server does not need to be installed on the mobile device, which is the part that requires root. in the "patchapk" step you are essentially baking the frida-server into the apk itself. at what step is objection failing for you?

@@CorSecure After objection explore, I'm getting this error: "Using USB device `xxx` Unable to connect to the frida server: need Gadget to attach on jailed Android; its default location is:"

@@fatiherdogan3838 did you run the app on the device first? if you try to open the app on the device after it is patched, it should hang like mine did at 10:10. then you can run "objection explore" and the app will continue.

@@CorSecure It does not somehow hang and get this error: "Unable to connect to the frida server: need Gadget to attach on jailed Android; its default location is: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\frida\gadget-android-arm64.so". I'm trying with snapchat apk btw

@@CorSecure helloo , me too i was having the same problem its showing i cant connect to the frida server , i will try to run it on a rooted emulator later to find out , btw your content is wayyy cool 😎 keep up

I don't believe that I have ever run into that error while using objection, but I found this issue on github that has some potential fixes. I hope that helps. github.com/sensepost/objection/issues/498

just disconnect and reconnect your device. should work

It looks like you are facing the same issue that is mentioned in this thread: github.com/sensepost/objection/issues/332 I haven't faced this error myself, but according to the response in that thread, the solution is to use the --target-class flag and specify a class. Some more info on using that flag can be found on the wiki here: github.com/sensepost/objection/wiki/Android-APK-Patching#custom-target-classes

Oh thanks very much, i really appreciate. By the way i love your video

The issue I'm facing is probably my fault I actually watched this video yesterday and I came across an issue where I modified aapt files this is my error /usr/bin/aapt: error while loading shared libraries: libunwind.so.0: cannot open shared object file: No such file or directory

Hey is there more tools like this which I can use for multiple ssl bypassing

Thanks! it worked for me after using other version of apk-tools (The default version was causing errors.)

I have never run into this error before, but I found this issue on github. looks it could possibly be a version mismatch. github.com/sensepost/objection/issues/456

Objection -g explore, this fixed my issue

@@deathpoolxrs3494 great! I'm glad you were able to figure it out.

Is the issue fixed now?