search

Eltion / Tiktok-SSL-Pinning-Bypass

Bypass Tiktok SSL pinning on Android devices.
GNU General Public License v3.0
620 stars 153 forks source link

[Question] ByPass SSL in old versions #10

Closed Evil0ctal closed 1 year ago

Evil0ctal commented 1 year ago

I tried to use this project to bypass the old version of TikTok APK (version12-16), but all failed, the following is the error.

Created config_file at:  /home/evil0ctal/Desktop/Tiktok-SSL-Pinning-Bypass/temp/libgadget.config.so
Created script_file at:  /home/evil0ctal/Desktop/Tiktok-SSL-Pinning-Bypass/temp/libsslbypass.js.so

Patching for armeabi-v7a
Downloading firda-gadget-16.0.8-armeabi-v7a.so.xz
[==================================================]

Traceback (most recent call last):
  File "/home/evil0ctal/Desktop/Tiktok-SSL-Pinning-Bypass/patch_apk.py", line 287, in <module>
    main()
  File "/home/evil0ctal/Desktop/Tiktok-SSL-Pinning-Bypass/patch_apk.py", line 275, in main
    download_frida_gadget(arch)
  File "/home/evil0ctal/Desktop/Tiktok-SSL-Pinning-Bypass/patch_apk.py", line 166, in download_frida_gadget
    return extract_frida_gadget(archive_path, arch)
  File "/home/evil0ctal/Desktop/Tiktok-SSL-Pinning-Bypass/patch_apk.py", line 142, in extract_frida_gadget
    with open(filepath, "wb") as f:
FileNotFoundError: [Errno 2] No such file or directory: '/home/evil0ctal/Desktop/Tiktok-SSL-Pinning-Bypass/temp/lib/armeabi-v7a/libgadget.so'

Is there any way to bypass the old version of SSL?

demon071 commented 1 year ago

The old TikTok version may not need to bypass SSL, but the old APIs no longer work

Evil0ctal commented 1 year ago

Oh I see, cause we are trying to reverse engineering the old api, somehow the old API will work, but most features don't work anymore, when I try to capture the packet, it will shows network error.

Eltion commented 1 year ago

@Evil0ctal you should change this line in patch_apk.py script:

- libs = ["libbytehook.so"]
+ libs = ["libsscronet.so"]

After that it should work :)

Evil0ctal commented 1 year ago

Great! I will test it out, thank you!

Evil0ctal commented 1 year ago

update:

By change the so file name, the issue had been resolved. Thanks for your help!

@Eltion @demon071

Eltion commented 1 year ago

@Evil0ctal did the SSL pinning bypass work on the old version?

Evil0ctal commented 1 year ago

Yes, it worked, but seems like TikTok shutdown the login interface and I can't login now, but the ssl had been bypassed!

Eltion commented 1 year ago

Thanks for confirming that!

Evil0ctal commented 1 year ago

No problem, thanks again for this great work:)