niklashigi / apk-mitm

🤖 A CLI application that automatically prepares Android APK files for HTTPS inspection
https://npm.im/apk-mitm
MIT License
3.9k stars 349 forks source link

Bypass Firebase Signature? #161

Open DrewRidley opened 5 months ago

DrewRidley commented 5 months ago

Hey all,

For applications that use firebase as their primary analytics, authentication or database service, one might want to use apk-mitm to gather better insight into how these applications work.

Unfortunately, when using the patched APK, a production version of firebase can output:

{
    "error": {
        "code": 403,
        "message": "Requests from this Android client application com.someapp.android are blocked.",
        "status": "PERMISSION_DENIED",
        "details": [{
            "@type": "type.googleapis.com/google.rpc.ErrorInfo",
            "reason": "API_KEY_ANDROID_APP_BLOCKED",
            "domain": "googleapis.com",
            "metadata": {
                "service": "firebaseinstallations.googleapis.com",
                "consumer": "projects/some_project"
            }
        }]
    }
}

In these cases, is there any way to spoof the SHA-1 signature such that firebase accepts requests from the patched application?