Not working with Facebook-204.0.0.24.101.apk (x86)

[ErrorEater]

libcoldstart.so patches but doesn't remove the pinning. Tested in Android Emulator but didn't work.

Download the APK: https://www.apkmirror.com/apk/facebook-2/facebook/facebook-204-0-0-24-101-release/facebook-204-0-0-24-101-6-android-apk-download/

[tsarpaul]

Hi, the new versions are using TLS 1.3. Many proxies do not support this protocol so I'm not sure whether they've changed the pinning mechanism or just using an unsupported protocol. Either way I'll be trying to find/make my own TLS 1.3 supporting proxy and find out.

[zoneofsoft]

The latest version for android 4.4 + x86 https://yadi.sk/d/7Xcb8AXz3aAQc3 I hope you will succeed. Thank you for your hard work.

[tsarpaul]

The latest version for android 4.4 + x86 https://yadi.sk/d/7Xcb8AXz3aAQc3 I hope you will succeed. Thank you for your hard work.

Hi, I'm working on an automatic solution for the newer versions. I think anything before March 2018 should work with the current patcher.

[tsarpaul]

Added a patch for TLS1.3 for x86! 🎆 Make sure you use a proxy supporting TLS1.3 (I use burpsuite+openjdk 11)

[zoneofsoft]

Thank you very much for your work. What version did you test? When I try the patch writes the following [+] Patching TLS1.3 stack! [!] Could not find the required code to patch!

[tsarpaul]

I'll let you know when I get home, only had the time to test it on 1 version

[zoneofsoft]

Excuse me. Another question is, which burpsuite do you use free or pro? The whole day looking for solution but not working TLS 1.3, tested on the website https://tls13.crypto.mozilla.org/ Getting Error Received fatal alert: protocol_version error/

[tsarpaul]

Free version with openjdk-11

[itdecc]

Thanks for work. Write please what version did you test?

[tsarpaul]

com.facebook.katana_210.0.0.43.119-143667991_minAPI26(x86)

I'll generalize the script for other versions soon.

[zoneofsoft]

You may be asked to share this version. And if you don't mind patched libcoldstart. What emulator do you use?

[tsarpaul]

https://www.apkmirror.com/apk/facebook-2/facebook/facebook-210-0-0-43-119-release/ Just follow the instructions... I use Genymotion - an x86 emulator for Android

[tsarpaul]

Should be fixed, let me know if you find a version where it's not working

[clipvui2512]

How to root my emulator device ?

[zoneofsoft]

Thank you. On 211 everything works well. Have you tried to watch the traffic Facebook lite? It is very interesting to see the traffic from this version. But sniffer does not see it unfortunately. Can I get in touch with you via github?

[clipvui2512]

Thank you. On 211 everything works well. Have you tried to watch the traffic Facebook lite? It is very interesting to see the traffic from this version. But sniffer does not see it unfortunately. Can I get in touch with you via github?

Hi What is your android emulator software?

[zoneofsoft]

Thank you. On 211 everything works well. Have you tried to watch the traffic Facebook lite? It is very interesting to see the traffic from this version. But sniffer does not see it unfortunately. Can I get in touch with you via github?

Hi What is your android emulator software?

https://www.memuplay.com/home/Home/V2?l=ru

[NaderMohammed20]

did I do something wrong !! I follow the steps over and over but still the same

[tsarpaul]

did I do something wrong !! I follow the steps over and over but still the same

Yes, you're not using OpenJDK 11 - your BurpSuite uses the Java stack to decode network protocols, and your version doesn't support TLS 1.3

Thank you. On 211 everything works well. Have you tried to watch the traffic Facebook lite? It is very interesting to see the traffic from this version. But sniffer does not see it unfortunately. Can I get in touch with you via github?

You can reach me via Twitter for DMs

Closing this for now - issue solved :)

[clipvui2512]

Hi How to setup BurpSuite with OpenJDK 11 ?

[NaderMohammed20]

Yes just download burp suite jar file + open sdk 11 And go on It worked for me It's just i didn't get respond for some requests

[theumairahmed]

The patcher frequently fails for Facebook Messenger (com.facebook.orca) versions, giving the error:

[+] Patching TLS1.3 stack! [!] Could not find the required code to patch!

Tried the script with following releases of Facebook Messenger: March 2019, Feb 2019, March 2018, Jan 2018. Has anyone tried the patching script successfully on Facebook messenger app?

[tsarpaul]

Hi, which version and architecture exactly?

[theumairahmed]

I am running Google Nexus 5X - API26 on Genymotion Emulator which is x86 based. The specific versions of Facebook Messenger that I tested the patcher with are:

1- com.facebook.orca_147.0.0.25.86-84175400_minAPI21(x86) 2- com.facebook.orca_170.0.0.39.87-113613144_minAPI21(x86) 3- com.facebook.orca_171.0.0.28.108-114359499_minAPI21(x86)

[tsarpaul]

Those are old versions, try with orca_200+ There's currently a known issue that patching old versions doesn't work

[theumairahmed]

Now getting this error. I AM running burpsuite with OpenJDK 11 and able to record traffic from other apps. What exact steps should I follow after replacing the patched 'libcoldstart.so' file in /data/data/com.facebook.orca/lib-xzs?

version of Facebook messenger: com.facebook.orca_202.0.0.14.107-141881924_minAPI21(x86)

[theumairahmed]

Same is happening with the Facebook app (Facebook 210.0.0.43.119 (x86)). The apps just lose internet connectivity when I connect to internet via Burpsuite proxy. I am sure that I am missing something during my unpinning procedure even after following every step in README.

[tsarpaul]

Same is happening with the Facebook app (Facebook 210.0.0.43.119 (x86)). The apps just lose internet connectivity when I connect to internet via Burpsuite proxy. I am sure that I am missing something during my unpinning procedure even after following every step in README.

Many things can go wrong with your setup, anyways lucky you - just a couple of days after I published this tool Facebook rolled out their own solution: https://thehackernews.com/2019/03/facebook-whitehat-setting-hackers.html

Not sure if you can sniff when you're logged out but I hope this works better for you :)

[theumairahmed]

Oh that’s cool! Can you share your personal email or any other platform where I can contact you? Thanks for your contribution in this tool and keeping it updated!

[tsarpaul]

You can contact me via Twitter :)

On Wed, Mar 27, 2019, 15:23 Umair Ahmed <notifications@github.com wrote:

Oh that’s cool! Can you share your personal email or any other platform where I can contact you? Thanks for your contribution in this tool and keeping it updated!

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/tsarpaul/FBUnpinner/issues/2#issuecomment-477151460, or mute the thread https://github.com/notifications/unsubscribe-auth/AUKrVNxymav2Y-rw7svXyTY_lX9WQfOgks5va3C2gaJpZM4aUVEz .