Alban Diquet
Alban Diquet
Trying to run a build with no changes to the code base returns an error: https://github.com/nabla-c0d3/nassl/runs/4338996771?check_suite_focus=true ``` /opt/rh/devtoolset-9/root/usr/libexec/gcc/aarch64-redhat-linux/9/ld: /project/deps/openssl-OpenSSL_1_0_2e/libcrypto.a(sha512-armv8.o): relocation R_AARCH64_PREL64 against symbol `OPENSSL_armcap_P' which may bind externally can not...
Hello, I just tried and can confirm that is not working. There are a few network calls initiated by classes that explicitly check the certificate (`GCDAsyncSocket`, `FBMQTTNativeClient`, `RCTSRWebSocket`). I will...
Yes, it is specific APIs.
`GCDAsyncSocket` actually does SSL pinning with the usual SecureTransportAPI that's already taken care of by SSL Kill Switch ( https://github.com/robbiehanson/CocoaAsyncSocket/blob/master/Source/GCD/GCDAsyncSocket.m#L6794 ) The remaining classes to patch are `FBMQTTNativeClient`and `RCTSRWebSocket` (most...
I tried disabling pinning in `FBMQTTNativeClientand`, `RCTSRWebSocket` and `FBSSLPinningVerifier` but it still wasn't enough. I'll look into again when I have time.
This is still on my TODO list, I just haven't had time to look at this again.
It's not used in the flows that I have seen. Same with FBMQTTNativeClientand, RCTSRWebSocket and FBSSLPinningVerifier. Overall it's unclear to me where the pinning validation logic is happening during the...
That's very helpful, thanks!
I also pushed my fb-experiments branch with all the hooks I tried (but that were unsuccessful).
@karek314 That's the nuclear option haha. @Naituw I've never done it for C++ code but I know it can be done (as the symbols for the pinning functions must be...