Open ghost opened 10 months ago
I want to bypass SSL Pinning. Binance.com trafficked via burpsuite works but not its app. So, first I did
adb shell pm list packages | grep binance package:com.binance.dev
Then,
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/base.apk package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_agora.apk package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_agora.config.arm64_v8a.apk package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_agora.config.xxhdpi.apk package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_cameraml.apk package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_cameraml.config.arm64_v8a.apk package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_cameraml.config.xxhdpi.apk package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_config.arm64_v8a.apk package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_config.en.apk package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_config.xxhdpi.apk package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_libMpcConnect.apk package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_libMpcConnect.config.arm64_v8a.apk package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_libMpcConnect.config.xxhdpi.apk package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_libMpcTrustWallet.apk package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_libMpcTrustWallet.config.arm64_v8a.apk package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_libMpcTrustWallet.config.xxhdpi.apk package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_major.apk package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_major.config.arm64_v8a.apk package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_major.config.xxhdpi.apk package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_mpc.apk package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_mpc.config.arm64_v8a.apk package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_mpc.config.xxhdpi.apk package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_trade.apk package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_trade.config.xxhdpi.apk
Pulled apk using adb. Then, objection patchapk --source base.apk Now. It got pwned. Here's the video: https://streamable.com/c05zdt I followed from here: https://github.com/sensepost/objection/wiki/Patching-Android-Applications
objection patchapk --source base.apk
Leaving some pictures in case video isn't clear.
I want to bypass SSL Pinning. Binance.com trafficked via burpsuite works but not its app. So, first I did
Then,
Pulled apk using adb. Then,
objection patchapk --source base.apk
Now. It got pwned. Here's the video: https://streamable.com/c05zdt I followed from here: https://github.com/sensepost/objection/wiki/Patching-Android-Applications