frida-interception-and-unpinning icon indicating copy to clipboard operation
frida-interception-and-unpinning copied to clipboard

Published 20 hours ago verified publisher icon httptoolkit

Apple TV App unpinning

Open BeAtS85 opened this issue 3 years ago • 6 comments
trafficstars

Any success with the Apple TV app on an Amazon Firetv 4k?

BeAtS85 avatar Nov 24 '21 15:11 BeAtS85

Never tried it, and I don't have a FireTV to test with I'm afraid. If you want to share results that'd be interesting though, and of course any new PRs to add support for that (if it's not supported already) would be happily accepted.

pimterry avatar Nov 24 '21 17:11 pimterry

As soon as you run the app with the frida script and mitm it, it fails to connect. What results would you want shared?

BeAtS85 avatar Nov 24 '21 19:11 BeAtS85

That's useful info in itself :smile:. If you can share the output from the Frida script that would be helpful, since there's often clues there.

The output from ADB might also be interesting. You can watch that with adb logcat -T1.

Making this work will probably require some reverse engineering and maybe new additions to the script. There's a guide here: https://httptoolkit.tech/blog/android-reverse-engineering/

pimterry avatar Nov 25 '21 08:11 pimterry

C:\Android>frida --no-pause -U -l frida-script.js -f com.apple.atve.amazon.appletv ____ / _ | Frida 15.1.12 - A world-class dynamic instrumentation toolkit | (_| | > _ | Commands: /_/ |_| help -> Displays the help system . . . . object? -> Display information about 'object' . . . . exit/quit -> Exit . . . . . . . . More info at https://frida.re/docs/home/ Spawned com.apple.atve.amazon.appletv`. Resuming main thread! [AFTMM::com.apple.atve.amazon.appletv]-> --- Unpinning Android app... [+] SSLPeerUnverifiedException auto-patcher [+] HttpsURLConnection (setDefaultHostnameVerifier) [+] HttpsURLConnection (setSSLSocketFactory) [+] HttpsURLConnection (setHostnameVerifier) [+] SSLContext [+] TrustManagerImpl [ ] OkHTTPv3 (list) [ ] OkHTTPv3 (cert) [ ] OkHTTPv3 (cert array) [ ] OkHTTPv3 ($okhttp) [ ] Trustkit OkHostnameVerifier(SSLSession) [ ] Trustkit OkHostnameVerifier(cert) [ ] Trustkit PinningTrustManager [ ] Appcelerator PinningTrustManager [+] OpenSSLSocketImpl Conscrypt [ ] OpenSSLEngineSocketImpl Conscrypt [ ] OpenSSLSocketImpl Apache Harmony [ ] PhoneGap sslCertificateChecker [ ] IBM MobileFirst pinTrustedCertificatePublicKey (string) [ ] IBM MobileFirst pinTrustedCertificatePublicKey (string array) [ ] IBM WorkLight HostNameVerifierWithCertificatePinning (SSLSocket) [ ] IBM WorkLight HostNameVerifierWithCertificatePinning (cert) [ ] IBM WorkLight HostNameVerifierWithCertificatePinning (string string) [ ] IBM WorkLight HostNameVerifierWithCertificatePinning (SSLSession) [+] Conscrypt CertPinManager [ ] CWAC-Netsecurity CertPinManager [ ] Worklight Androidgap WLCertificatePinningPlugin [ ] Netty FingerprintTrustManagerFactory [ ] Squareup CertificatePinner (cert) [ ] Squareup CertificatePinner (list) [ ] Squareup OkHostnameVerifier (cert) [ ] Squareup OkHostnameVerifier (SSLSession) [+] Android WebViewClient (SslErrorHandler) [ ] Android WebViewClient (WebResourceError) [ ] Apache Cordova WebViewClient [ ] Boye AbstractVerifier Unpinning setup completed

Process terminated [AFTMM::com.apple.atve.amazon.appletv]->

Thank you for using Frida!`

ADB Logcat: https://www.file.io/download/FseILT3xM2OJ

BeAtS85 avatar Nov 25 '21 10:11 BeAtS85

The APK: https://file.io/iT7Idrru2i6Z

BeAtS85 avatar Nov 25 '21 10:11 BeAtS85