frida-xamarin-unpin icon indicating copy to clipboard operation
frida-xamarin-unpin copied to clipboard

Published 20 hours ago verified publisher icon GoSecure

AOT files not being unpinned

Open freyta opened this issue 3 years ago • 1 comments

Hello.

I'm not sure how I can help, but I have an APK with AOT files that isn't getting unpinned. Any tips or assistance I can offer? Looking at the "libaot-System.Net.Http.dll.so" with Ghidra, they have the same functions being exported..

Edit: When running the script, this is the output:

[+] Hooked HttpMessageInvoker.SendAsync with DefaultHttpClientHandler technique
[-] ServicePointManager validation callback not found.
[+] Done!
Make sure you have a valid MITM CA installed on the device and have fun.

but if you do make a request, nothing else pops up like it should with the sample app

freyta avatar Jan 25 '22 21:01 freyta

Support for AOT was not done as part of this research as you can read here: https://www.gosecure.net/blog/2020/04/06/bypassing-xamarin-certificate-pinning-on-android/

The person who built this PoC left our company so unless you are willing to provide a test case and make it work there's not much we can do, unfortunately.

obilodeau avatar Jan 25 '22 21:01 obilodeau