Tiktok-SSL-Pinning-Bypass
Tiktok-SSL-Pinning-Bypass copied to clipboard
Eltion
[Fixed] Can you bypass the Douyin(Chinese version TikTok)
APK link: https://douyin.en.uptodown.com/android I tried your python script, but it doesn't work.
Hi @Evil0ctal. I just tested and the current script works with the apk you shared.
Oh is it?
I tried to capture the packet with fidder and the app was keep crashing.
Emulator, the android version is 7.1 and 64bit, every time I try to open the app it keep saying this app stop working and back to the desktop.
Here is the console log:
root@TikTokAPIV2:/www/wwwroot/APK/Tiktok-SSL-Pinning-Bypass-main# python3 patch_apk.py -i douyin-22-7-0.apk -o douyin.apk App ABIs: ['armeabi-v7a'] Supported ABIs: ['armeabi-v7a'] Generating keystore... Generating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 8,000 days for: CN=com.leftenter.android, OU=ID, O=APK, L=Unknown, ST=Unknown, C=XK [Storing /www/wwwroot/APK/Tiktok-SSL-Pinning-Bypass-main/temp/release.keystore] Created config_file at: /www/wwwroot/APK/Tiktok-SSL-Pinning-Bypass-main/temp/libgadget.config.so Created script_file at: /www/wwwroot/APK/Tiktok-SSL-Pinning-Bypass-main/temp/libsslbypass.js.so
Patching for armeabi-v7a Extracting: lib/armeabi-v7a/libbytehook.so Downloading firda-gadget-16.0.1-armeabi-v7a.so.xz [==================================================]
Patching: /www/wwwroot/APK/Tiktok-SSL-Pinning-Bypass-main/temp/lib/armeabi-v7a/libbytehook.so Rebuilding apk file... Running zipalign... Signing apk... Sucessful. Patched file at: douyin.apk
Here is the output file:
http://45.58.38.21:8888/down/2BVX22qTKOuS
Yes It won't work with an emulator. So emulators use x86/x64 ABI and there is no version of tiktok for x86/x64. The reason your able to run the tiktok in Nox is because it uses some arm translation which allows to run arm but it won't work with the patch script. I was able to create a version which works on Nox of the normal tiktok app here tiktok-v26.3.2-x86-arm-translation.apk.
I think the same should work also with the chinese version but It needs to be patched manually. The patch python script is only for armeabi-v7a and arm64-v8a
Oh oh, I understand, the original problem is here, I thought it was the crash caused by SSL Pinning, thank you very much for your reply and help, I will now find an Android device and install the APK file to try it out, Thanks again for your work, your repository will definitely have many stars in the future :)
Thanks for the kind words :) . Let me know if it works for you. In the next release I plan to also create a patched version for the chinese version.
Yeah, I just bought an android phone and it will be delivery in a couple days, once I get it, I will test it out to see if it work or not. Thx 😋
@Eltion Hi, I tried to install the douyin apk(Used the script to bypass SSL Pinning), and it keep crashing, this is a Samsung S20 FE, running on Android 12, haven't Root yet.
@Evil0ctal Interesting :( . Can you test this build I made https://send.vis.ee/download/80415d0a99b204ac/#iMLkhRH_yQeKtTsetoRxXw
This is working for me on Samsung A52 Android 12. Also may be worth mentioning that frida-gadget (which is used for this patch) is having some problems with android 12 that are having a Google play system update patch for July 1, 2022.
I just installed this apk. Looks like it still keep crashing when I click it. Do you think I can downgrade my S20FE to Android 11 to see if it work?
Can you check the in which Google Play system update are you? It should be under About Phone -> System information
Sure, this is the screenshot link: https://user-images.githubusercontent.com/20760448/195952263-cb423290-447b-4c62-ae0c-123aad574b93.jpg https://user-images.githubusercontent.com/20760448/195952266-57f6defa-9e84-4f33-8e79-8cc5f6b7945b.jpg
Thanks! Can you check if the English version of tiktok works for you: https://github.com/Eltion/Tiktok-SSL-Pinning-Bypass/releases/download/v26.3.2/tiktok-v26.3.2.apk
If not it's possible that this is a problem with frida-gadget
Hi, for this TikTok build, Im able to install and run it, But Looks like I cant ByPass the SSL Pin on it, good news is it didnt keep crashing like the Douyin apk. I can see the packet in Fiddler but its HTTPS cant see the plain text.
I think it may be the Android version problem, the ting Im going to try is downgrade this phone to Android 11, to see if it help or not.
Okay. that's interesting if it doesn't work again we could investigate the adb logcat. I believe that will be quite helpful. Also I strongly recommend using a different proxy tool to capture the packets. I think Fiddler has some problems with TLS1.3 so would suggest using mitmproxy or brup suite
Oh yeah, Let me try to use burp suit first to see if it work or not, if not, I will downgrade the phone to 11(Hopefuly it will make the douyin apk work).
Thank you very much for your help, I will keep update under this issue.
❤️
@Eltion Hi, I just downgrade my S20FE to Android 12, and I found out one you update the google play, the apps will keep crashing and cant bypass SSL, but if you dont update google play, everythong will be working perfectly.
I will leave this issue open, let you decide close it or not, because it may be helpful for the other people. This script is very good! thanks for your work! Cheer!!!!!!!! 💯
@Evil0ctal thanks a lot for confirming this. Frida just released version 16.0.1 which solves one of these problems with Android 12. I will leave this open until I've tested it.
Here is the issue in frida: https://github.com/frida/frida/issues/2176
Hi, I tried to patch Douyin which the version is 26.0.0
I run the cmd: python patch_apk.py -i douyin.apk -o douyin-patched.apk,
The last log was Sucessful. Patched file at: douyin-patched.apk.
Next, I run the cmd: frida -U -l .\tiktok-ssl-pinning-bypass.js -f com.ss.android.ugc.aweme
The main error was Error: libsscronet.so: unable to find export 'SSL_CTX_set_custom_verify'.
The new version of Douyin seems to have repaired libsscronet.so?
Hi, currently won't work with new versions Douyin Apk file, we probably need to re-open this issue.
Hi, I tried to patch Douyin which the version is 26.0.0 I run the cmd:
python patch_apk.py -i douyin.apk -o douyin-patched.apk, The last log wasSucessful. Patched file at: douyin-patched.apk. Next, I run the cmd:frida -U -l .\tiktok-ssl-pinning-bypass.js -f com.ss.android.ugc.awemeThe main error wasError: libsscronet.so: unable to find export 'SSL_CTX_set_custom_verify'. The new version of Douyin seems to have repaired libsscronet.so?
I abandoned Frida Script and tested the mitmproxy to capture douyin-patched https package, It worked for me. By the way, some packages of TLS1.3 handshake failure.
Hi, I tried to patch Douyin which the version is 26.0.0 I run the cmd:
python patch_apk.py -i douyin.apk -o douyin-patched.apk, The last log wasSucessful. Patched file at: douyin-patched.apk. Next, I run the cmd:frida -U -l .\tiktok-ssl-pinning-bypass.js -f com.ss.android.ugc.awemeThe main error wasError: libsscronet.so: unable to find export 'SSL_CTX_set_custom_verify'. The new version of Douyin seems to have repaired libsscronet.so?I abandoned Frida Script and tested the mitmproxy to capture douyin-patched https package, It worked for me. By the way, some packages of TLS1.3 handshake failure.
Hi, can you tell me which version the test was successful on? v26.0.0 my test failed
Hi, I tried to patch Douyin which the version is 26.0.0 I run the cmd:
python patch_apk.py -i douyin.apk -o douyin-patched.apk, The last log wasSucessful. Patched file at: douyin-patched.apk. Next, I run the cmd:frida -U -l .\tiktok-ssl-pinning-bypass.js -f com.ss.android.ugc.awemeThe main error wasError: libsscronet.so: unable to find export 'SSL_CTX_set_custom_verify'. The new version of Douyin seems to have repaired libsscronet.so?I abandoned Frida Script and tested the mitmproxy to capture douyin-patched https package, It worked for me. By the way, some packages of TLS1.3 handshake failure.
Hi, can you tell me which version the test was successful on? v26.0.0 my test failed
Hello, I tried to use mitmproxy to test v26.0.0 successfully.
APK link: https://douyin.en.uptodown.com/android I tried your python script, but it doesn't work.
bro i checked your repo douyin downloader but there is problem fetching user all video, when im fatching using max_cursor = 0 then it give me result but when im using max_cursour from requests and sending it as cursor then its give error, ` def sx(): import requests, json p = [] from html import unescape from requests import Session as sess douyin_headers = {'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36', 'referer': 'https://www.douyin.com/', 'accept-encoding': None, 'Cookie': 'msToken=BoDVBS2gapgTse=B0NWCxqmCBTvvyZ7PSHPYI2wOXfT1fk2Fz=LlG5KS6PwrykRsVIdVavAEn5zpNNiS5Zs7ZQGP4Qit5HkIsv0ZLEHt1g9; ttwid=1%7CVh3bH-QR2gdkLmop5pjdrmQiu__HxM0lTrVDXBA9LPs%7C1703845413%7C2dc30c379b0b65d985552c1c5e682ed41e65a31e11cc983a22c7921675493602; odin_tt=324fb4ea4a89c0c05827e18a1ed9cf9bf8a17f7705fcc793fec935b637867e2a5a9b8168c885554d029919117a18ba69; passport_csrf_token=f61602fc63757ae0e4fd9d6bdcee4810;'} params = { 'sec_user_id': 'MS4wLjABAAAAbDuVaWeG5MsoxMclLyfwAi2sSwLvB7aBeWBWzd8t-Ck4ICUwmZq9gNuHIbeNYBd_', 'count': 33, 'max_cursor': 0, 'device_platform': 'webapp', 'aid': 6383, 'X-Bogus': 'DFSzswVOaF0AN9ILtNT5RKXAIQRd' } while True: try: link = 'https://www.douyin.com/aweme/v1/web/aweme/post/' response = sess().get(url=link, params=params, headers=douyin_headers) JsonData = unescape(json.loads(response.text)) for jsonAllUserData in JsonData['aweme_list']: p.append( jsonAllUserData["video"]["play_addr"]["url_list"][0]) print(len(p)) with open('aaa.json', 'a') as json_file: json.dump(JsonData, json_file, indent=4) params["max_cursor"] = JsonData['max_cursor'] hsmor = JsonData["has_more"] unique_list = list(set(p)) print(len(unique_list)) print(hsmor) if hsmor == 0 or hsmor == False: print('finish ',JsonData['max_cursor']) break
else:
pass
print(' not finish ',JsonData['max_cursor'])
except Exception as e:
print(e)
sx()`
