objection icon indicating copy to clipboard operation
objection copied to clipboard
verified publisher icon sensepost

[bug] Objection gets pwned when trying to patch binance app from non rooted phone

Open ghost opened this issue 2 years ago • 1 comments

I want to bypass SSL Pinning. Binance.com trafficked via burpsuite works but not its app. So, first I did

 adb shell pm list packages | grep binance
package:com.binance.dev

Then,

package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/base.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_agora.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_agora.config.arm64_v8a.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_agora.config.xxhdpi.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_cameraml.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_cameraml.config.arm64_v8a.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_cameraml.config.xxhdpi.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_config.arm64_v8a.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_config.en.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_config.xxhdpi.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_libMpcConnect.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_libMpcConnect.config.arm64_v8a.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_libMpcConnect.config.xxhdpi.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_libMpcTrustWallet.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_libMpcTrustWallet.config.arm64_v8a.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_libMpcTrustWallet.config.xxhdpi.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_major.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_major.config.arm64_v8a.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_major.config.xxhdpi.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_mpc.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_mpc.config.arm64_v8a.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_mpc.config.xxhdpi.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_trade.apk
package:/data/app/~~stNoEBTRdai0futTDdB8UQ==/com.binance.dev-KGThLZV1gaJuO3nfXI8pIg==/split_trade.config.xxhdpi.apk

Pulled apk using adb. Then, objection patchapk --source base.apk Now. It got pwned. Here's the video: https://streamable.com/c05zdt I followed from here: https://github.com/sensepost/objection/wiki/Patching-Android-Applications

ghost avatar Sep 06 '23 08:09 ghost

image Leaving some pictures in case video isn't clear. image

image

ghost avatar Sep 06 '23 08:09 ghost

Stale issue, appears to also be related to zipalign similar to some of the other open issues.

IPMegladon avatar Jul 10 '24 16:07 IPMegladon