httptoolkit / frida-interception-and-unpinning

Frida scripts to directly MitM all HTTPS traffic from a target mobile application
https://httptoolkit.com/android/
GNU Affero General Public License v3.0
1.11k stars 198 forks source link

App com.stripe.android.dashboard not working #110

Open PiotrOssowski opened 2 months ago

PiotrOssowski commented 2 months ago

Hi, I have a problem with com.stripe.android.dashboard app on android 12.1. Can you help me with it?

$ frida -U -l ./config.js -l ./native-connect-hook.js -l ./android/android-proxy-override.js -l ./android/android-system-certificate-injection.js -l ./android/android-certificate-unpinning.js -l ./android/android-certificate-unpinning-fallback.js -f com.stripe.android.dashboard
     ____
    / _  |   Frida 16.4.8 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/
   . . . .
   . . . .   Connected to Galaxy S7 (id=127.0.0.1:6555)
Spawning `com.stripe.android.dashboard`...                              

== Redirecting all TCP connections to 192.168.0.220:9999 ==
Spawned `com.stripe.android.dashboard`. Resuming main thread!           
[Galaxy S7::com.stripe.android.dashboard ]-> Process crashed: SIGSEGV SI_KERNEL

***
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'google/vbox86p/vbox86p:12/SP2A.220505.008/221:userdebug/test-keys,p1'
Revision: '0'
ABI: 'x86_64'
Timestamp: 2024-08-21 07:16:57.335042679+0000
Process uptime: 0s
Cmdline: com.stripe.android.dashboard
pid: 3722, tid: 3739, name: Binder:3722_2  >>> com.stripe.android.dashboard <<<
uid: 10089
signal 11 (SIGSEGV), code 128 (SI_KERNEL), fault addr 0x0
    rax 0000000096b14070  rbx 0000766d60d7a8d0  rcx 000000000000b8f0  rdx 0000000000002020
    r8  0000000000001afb  r9  0000000000001af3  r10 0000000000001af7  r11 000000000001e9d3
    r12 fffffffff16fdf9f  r13 00000000000010f2  r14 012b9a75632d6281  r15 4f206cdfae6fd2e6
    rdi 4f206cdfae6fd2e6  rsi 00000000000000f0
    rbp 95cd3ab196b140f0  rsp 0000766d60d79f60  rip 0000766d5fdcd0fb
backtrace:
      #00 pc 00000000000420fb  /data/app/~~2cWWZD58lGMUvjC55UYTUg==/com.stripe.android.dashboard-F8t4eM_T_ol8TsfkQNrP9A==/split_config.x86_64.apk!libpairipcore.so
***
[Galaxy S7::com.stripe.android.dashboard ]->

Thank you for using Frida!
pimterry commented 2 months ago

It's hard to know I'm afraid. If you run the app with Frida without any scripts, does it still crash? Some apps try to detect Frida and/or root configurations and fail like this in those environments.

If not, it would be interesting to reduce the number of scripts you're using and comment out chunks bit by bit until you work out exactly what code is causing this.