Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
foxbarrington
on Nov 12, 2024
|
parent
|
context
|
favorite
| on:
All the data can be yours: reverse engineering API...
I tried to use Charles on Robin Hood, but it looks like they use cert pinning to prevent it.
mdaniel
on Nov 12, 2024
|
next
[–]
It reminds me of the expression "locks are to keep honest people out," in that code which runs on a device you control is code that you control:
https://github.com/shroudedcode/apk-mitm#readme
animuchan
on Nov 12, 2024
|
prev
|
next
[–]
[Frida](
https://frida.re/
) is fantastic for de-pinning certs in applications. Can be fiddly, but when it works, it just works™.
danielvaughn
on Nov 12, 2024
|
prev
[–]
yeah I'm sure it's much harder today. I did this work like 8 or 9 years ago and I think fewer controls were in place at the time.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
