Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is really incredible. With a rooted android phone and these tools, plus a couple others [1,2,3], you can get a skeleton to implement a backend for any app you want.

[1]: https://github.com/koxudaxi/fastapi-code-generator

[2]: https://github.com/ioxiocom/openapi-to-fastapi

[3]: https://infosecwriteups.com/hail-frida-the-universal-ssl-pin...



That's interesting, but it won't work with native code that statically links a SSL implementation.


In many applications you can bypass built-in verifications with some Frida [1] code. It requires more effort to do so, of course, as you'd need to find the OpenSSL methods (with a script like this [2] and bypass the verification in there.

If you're really intent on getting it to work, downloading the binary, patching out the verification function and putting it back is also possible if you're root.

[1]: https://frida.re/docs/android/

[2]: https://mobsecguys.medium.com/exploring-native-functions-wit...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: