Apple TV App unpinning

[BeAtS85]

Any success with the Apple TV app on an Amazon Firetv 4k?

[pimterry]

Never tried it, and I don't have a FireTV to test with I'm afraid. If you want to share results that'd be interesting though, and of course any new PRs to add support for that (if it's not supported already) would be happily accepted.

[BeAtS85]

As soon as you run the app with the frida script and mitm it, it fails to connect. What results would you want shared?

[pimterry]

That's useful info in itself :smile:. If you can share the output from the Frida script that would be helpful, since there's often clues there.

The output from ADB might also be interesting. You can watch that with adb logcat -T1.

Making this work will probably require some reverse engineering and maybe new additions to the script. There's a guide here: https://httptoolkit.tech/blog/android-reverse-engineering/

[BeAtS85]

`C:\Android>frida --no-pause -U -l frida-script.js -f com.apple.atve.amazon.appletv

---

/ _  |   Frida 15.1.12 - A world-class dynamic instrumentation toolkit

| (_| |

| Commands: // |_| help -> Displays the help system . . . . object? -> Display information about 'object' . . . . exit/quit -> Exit . . . . . . . . More info at https://frida.re/docs/home/ Spawned com.apple.atve.amazon.appletv. Resuming main thread! [AFTMM::com.apple.atve.amazon.appletv]-> --- Unpinning Android app... [+] SSLPeerUnverifiedException auto-patcher [+] HttpsURLConnection (setDefaultHostnameVerifier) [+] HttpsURLConnection (setSSLSocketFactory) [+] HttpsURLConnection (setHostnameVerifier) [+] SSLContext [+] TrustManagerImpl [ ] OkHTTPv3 (list) [ ] OkHTTPv3 (cert) [ ] OkHTTPv3 (cert array) [ ] OkHTTPv3 ($okhttp) [ ] Trustkit OkHostnameVerifier(SSLSession) [ ] Trustkit OkHostnameVerifier(cert) [ ] Trustkit PinningTrustManager [ ] Appcelerator PinningTrustManager [+] OpenSSLSocketImpl Conscrypt [ ] OpenSSLEngineSocketImpl Conscrypt [ ] OpenSSLSocketImpl Apache Harmony [ ] PhoneGap sslCertificateChecker [ ] IBM MobileFirst pinTrustedCertificatePublicKey (string) [ ] IBM MobileFirst pinTrustedCertificatePublicKey (string array) [ ] IBM WorkLight HostNameVerifierWithCertificatePinning (SSLSocket) [ ] IBM WorkLight HostNameVerifierWithCertificatePinning (cert) [ ] IBM WorkLight HostNameVerifierWithCertificatePinning (string string) [ ] IBM WorkLight HostNameVerifierWithCertificatePinning (SSLSession) [+] Conscrypt CertPinManager [ ] CWAC-Netsecurity CertPinManager [ ] Worklight Androidgap WLCertificatePinningPlugin [ ] Netty FingerprintTrustManagerFactory [ ] Squareup CertificatePinner (cert) [ ] Squareup CertificatePinner (list) [ ] Squareup OkHostnameVerifier (cert) [ ] Squareup OkHostnameVerifier (SSLSession) [+] Android WebViewClient (SslErrorHandler) [ ] Android WebViewClient (WebResourceError) [ ] Apache Cordova WebViewClient [ ] Boye AbstractVerifier Unpinning setup completed

Process terminated [AFTMM::com.apple.atve.amazon.appletv]->

Thank you for using Frida!`

ADB Logcat: https://www.file.io/download/FseILT3xM2OJ

[BeAtS85]

The APK: https://file.io/iT7Idrru2i6Z