-
Notifications
You must be signed in to change notification settings - Fork 345
-
Notifications
You must be signed in to change notification settings - Fork 345
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
javax.net.ssl.SSLPeerUnverifiedException: Hostname not verified #26
Comments
That could very well be the case.
This exception also comes from the
The app is using the OkHttp library, which has its own way of setting up certificate pinning. I found this guide on circumventing it, so maybe you could give that a try. The |
Thanks! I started with simple ignoring exception in okhttp3.Handshake class, changing |
This probably means that your changes to the Smali code were invalid (see relevant SO answer). Smali is a representation of Java bytecode, so it can be difficult to make changes without breaking things. (That's why Could you create a secret Gist with the relevant Smali files ( |
@shroudedcode Also: original pinner java source might be useful https://android.googlesource.com/platform/external/okhttp/+/bad0a11146d43955d3f3b949aa277f0dd7cc3abb/okhttp/src/main/java/com/squareup/okhttp/CertificatePinner.java I'll keep searching for smali modification that works |
The .method public check(Ljava/lang/String;Ljava/util/List;)V
.locals 0
return-void
.end method |
Apparently this is not the only place, https://github.com/1184893257/okhttp/blob/master/okhttp/src/main/java/com/squareup/okhttp/internal/io/RealConnection.java can also throw this SSLPeerUnverifiedException (and it does, when I fixed CertificatePinner). I managed to get the MITM to work replacing two verify() in connectTls: https://gist.github.com/anilatx/23ac1c41a2ad8301087d78ce51ae00b9 |
That's great news! OkHttp is pretty popular, so if we manage to find a way to apply these changes automatically we'd be able to make many more apps patchable using
Good point. It would be best if we could remove all "throws" of that exception using a single rule regardless of the library, but I doubt there's a way to do that reliably. Putting together a list of function signatures for OkHttp (similar to what I've already put together for To do that I would need an APK to investigate. I see you've censored the name of the app you're trying to patch in your comment, but could you privately share that APK (or a link to it on a site like APKPure) with me via Telegram or email (see my GitHub profile)? If that's not possible, could you find another APK that also uses OkHttp and has similar protections enabled? |
I've received your email, so I can now take a look at all the Smali sources.
Can you clarify what you mean by that? What did you replace these calls with? Also, did you make these changes in the Smali code or in Java (using something like jadx or smali2java)? |
The email included modified two already modified smali (I can upload them/diff somewhere public in the evening), I basically replaced calls to verify with setting unused variable to 0, directly in smali (I read Java code only as roadmap ) |
Whoops, totally missed the attachments. 😅 I'll take a look at your changes! |
I've taken a look at your changes and I even found a slightly more robust way to disable host name verification (which involves patching the I suspect that SandroProxy, which you seem to be using, might not correctly generate its certificates to include the "Common Name" and "Alternative Names" the verification logic is looking for. You could see if this is the case by opening a website in Chrome on Android (Firefox would probably work too) and viewing the certificate information before and after you've enabled the proxy. The domains in the two fields I mentioned should be the same in both cases. |
@anilatx Any updates on this? I'd be happy to implement a fix to disable host name verification, but I want to make sure I actually understand the issue and its cause first. |
This was fixed in 0f85c10. |
@shroudedcode I can confirm that v0.11.1 works out-of-the-box for same app |
2.I exported via SAI, patched resulting .apks, installed resulting .apks, and it app itself works, however MITM does not, seemingly there is some pinning that was missed by the apk-mitm (I noticed that briefly it has shown "no pinning detected").
How can I export log/debug that? So far I identified in logcat:
Originally posted by @anilatx in #23 (comment)
The text was updated successfully, but these errors were encountered: