search

NVISOsecurity / disable-flutter-tls-verification

A Frida script that disables Flutter's TLS verification
315 stars 54 forks source link

ssl_verify_peer_cert not found with myBmw #13

Closed TA2k closed 1 year ago

TA2k commented 1 year ago

the myBmw App https://play.google.com/store/apps/details?id=de.bmw.connected.mobile20.row&hl=en&gl=US log:

:de.bmw.connected.mobile20.row ]-> [+] libflutter.so loaded
[+] Flutter library found
[!] ssl_verify_peer_cert not found. Trying again...
[+] Flutter library found
[!] No memory ranges found in Flutter library. This is either a Frida bug, or the application is using some kind of RASP. Try using Frida as a Gadget or using an older Android version (https://github.com/frida/frida/issues/2266)
[+] libflutter.so loaded
[+] Flutter library found
[!] ssl_verify_peer_cert not found. Trying again...
rikroe commented 1 year ago

Works for me when using an arm64 phone but had the same issue using the x86_64 AVD. The x86_64 libflutter.so seems to be different:

(venv) PS .\disable-flutter-tls-verification\libflutter_samples> python .\verify.py
.\android\arm\241b43face4aa1841f83f2f2d2b12359.so >  OK
.\android\arm\31293a07e01ea12252dc9e4b46dd622a.so >  OK
.\android\arm\8250504daadfb160e0df194713afcee5.so >  OK
.\android\arm\ea04bf74e0f5f38eda6504a55abf013e.so >  OK
.\android\arm\f95237b685f59b6c2268bdd39c9e3746.so >  OK
.\android\arm\libflutter.so >  OK
.\android\arm64\1141d76ca461315566b6d6c7f49588f4.so >  OK
.\android\arm64\318a41dd065ff6c4c75f2bf3bc3b6638.so >  OK
.\android\arm64\4e7bf42e24dac3b1ff9737ea7a8351b6.so >  OK
.\android\arm64\7e26da4819a691259fead0d55f864849.so >  OK
.\android\arm64\7efcb7c2bab9095593080df40992a0ba.so >  OK
.\android\arm64\ce807409beac3685873273e91ae714c3.so >  OK
.\android\arm64\e23533b2eaee569af7ff6a61f86a6060.so >  OK
.\android\arm64\libflutter.so >  OK
.\android\x64\122d8246035d30c50485a533f593588f.so >  OK
.\android\x64\1ea4c0abb074508e5c379361963425d3.so >  OK
.\android\x64\2d9092cd3a69f0f0da4a545607fbf3d2.so >  OK
.\android\x64\79d8341ffbdfab8fa0d03127caa3e036.so >  OK
.\android\x64\c9017918e951e8ef8e3f08319a55a1ff.so >  OK
.\android\x64\f83af521252e355152c10052ea6724c7.so >  OK
.\android\x64\libflutter.so >  NOK
.\ios\arm64\09d65bac4f1d1c3cff42515a98c6ab16 >  OK
.\ios\arm64\12e69a185a77d4aeee79c63f6311cf94 >  OK
.\ios\arm64\2699def5c35cb065cd1fb5d0d3c8c99d >  OK
.\ios\arm64\54ee8eddf3247798fa7732ea1a32e3e5 >  OK
.\ios\arm64\57ad0ac7a50ec7155ae0ea983f6232a6 >  OK
.\ios\arm64\624f4c30f64429f21f067bcd71060f18 >  OK
.\ios\arm64\709f36d7fb7bbb5138f026e1f000349c >  OK
.\ios\arm64\dc0eb57bc8913c1e3a325b6cad0c4f2d >  OK

@TheDauntless could you maybe do your magic and figure out whats different? I've attached it here: libflutter_x86_64.zip

TA2k commented 1 year ago

Strange because I tried it also on an arm64 phone

rikroe commented 1 year ago

Strange - that worked yesterday evening for me. Did you also use 3.7.1?

TheDauntless commented 1 year ago

@rikroe I've added a new signature for x64 for the .so you gave. Can you please test?

rikroe commented 1 year ago

Yes, that helps with the libflutter.so. I now seem to have some other issues where I get cannot get the app to run (but this happens also on the non-patched APK, so I think it is rather related to my setup).