search

sensepost / objection

📱 objection - runtime mobile exploration
GNU General Public License v3.0
7.17k stars 825 forks source link

[bug] Objection gets pwned when trying to patch binance app from non rooted phone #634

Open ghost opened 10 months ago

ghost commented 10 months ago

I want to bypass SSL Pinning. Binance.com trafficked via burpsuite works but not its app. So, first I did

 adb shell pm list packages | grep binance
package:com.binance.dev

Then,

package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/base.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_agora.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_agora.config.arm64_v8a.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_agora.config.xxhdpi.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_cameraml.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_cameraml.config.arm64_v8a.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_cameraml.config.xxhdpi.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_config.arm64_v8a.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_config.en.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_config.xxhdpi.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_libMpcConnect.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_libMpcConnect.config.arm64_v8a.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_libMpcConnect.config.xxhdpi.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_libMpcTrustWallet.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_libMpcTrustWallet.config.arm64_v8a.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_libMpcTrustWallet.config.xxhdpi.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_major.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_major.config.arm64_v8a.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_major.config.xxhdpi.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_mpc.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_mpc.config.arm64_v8a.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_mpc.config.xxhdpi.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_trade.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_trade.config.xxhdpi.apk

Pulled apk using adb. Then, objection patchapk --source base.apk Now. It got pwned. Here's the video: https://streamable.com/c05zdt I followed from here: https://github.com/sensepost/objection/wiki/Patching-Android-Applications

ghost commented 10 months ago

image Leaving some pictures in case video isn't clear. image

image