[Guide] Reverse Engineering Android Apps - A push in the right direction

unless someone know python or any other programming language then this will not be much helpful. I have done exactly same thing with Facebook app and then stuck with SSL Pinning. I later bypassed using facebook whitehat setting which allow ssl pinning bypass if you are the owner of that account.
 
unless someone know python or any other programming language then this will not be much helpful. I have done exactly same thing with Facebook app and then stuck with SSL Pinning. I later bypassed using facebook whitehat setting which allow ssl pinning bypass if you are the owner of that account.

Facebook hides information from what you see in that "whitehat" setting... it's a trick to distract. You can unpin the Facebook app by patching the libliger.so library (unpacked the first time you open the app in the apk directory) and see what I mean.
 
Nice guide, did reverse engineering but never used frida before, does is allow debugging dynamically?
 
Epic guide. Knew about all the other tools but never Frida nor that there even is an SSL Pinning bypass.

Thanks again. Bookmarked for future reference!
 
Nice! I'm on my phone but will do my best:

Any reason for Burp vs Fiddler?
Is there a need for Frida? I've never had any issue with emulating SSL handshakes thus I'm asking.

Great job with the guide nonetheless!

many apps don't work with fiddler you need burp or Charles to interpret it properly

Basically when using SSL Pinning, just using a self-assigned certificate won't cut it. To bypass this, we need Frida.

thanks bro for this I didn't knew about frida rest else I knew , btw do u also do reverse eng from source files I mean debug and solve generated values within app?
 
For note : Some apps using self or different ssl libraries. So have to disassemble library files (usually elf binary files in /lib folder)
 
Forgot about this thread, xd :)

hi bro, can you pm me for discussing reverse engineer for some social media app?
I need programmer like you and let me know how much will you charge please?
still being a newbie so cannot pm you though.
Sorry mate, I am currently not taking any work. Post in the HAF section here. There are quite a few good devs here.

unless someone know python or any other programming language then this will not be much helpful. I have done exactly same thing with Facebook app and then stuck with SSL Pinning. I later bypassed using facebook whitehat setting which allow ssl pinning bypass if you are the owner of that account.
I agree. That's why I posted this in the programming section. This is a guide for newbie programmers on where to start. :)
 
@javabro

i think you & me is in same way...
i want to an android play store app auto install

i am gone through same way as you ... but in some step i am confused ....so can you help me!!!
 
i want to auto install any play store app via url visit

just like we install facebook from play store & we found URL via burp suite...i just want URL that i send to any user & whenever user click on Link url than auto open playstore in there phone & auto install specific app... without user click on install button..

after some R&D found that playstore app URL & install URL is different how to combine that 2 URL function in one...!!
 
Burp is just a personal preference.

Well yes, many enterprise like apps (twitter, snapchat, tiktok, ....) enables ssl-pinning/certificate validation (validate the certificate after handshaking).
Since we are using a self-signed certificate, we won't be able to see these requests. Frida can inject code in runtime and (try to) bypass this validation.

The shared script doesn't work for all the checks. If the app uses okhttp3 for example, we may need to use something like the following.
https://codeshare.frida.re/@owen800q/okhttp3-interceptor/
Of course, the best way to do this is to decompile the app and look at the code.

Also, using an older version of an app may come in handy in some cases :D

Really detailed thread nice one. May I ask what exactly is the purpose of reverse engineering apps please? I’m not a coder or anything, I’m just intrigued that’s all.
 
Really detailed thread nice one. May I ask what exactly is the purpose of reverse engineering apps please? I’m not a coder or anything, I’m just intrigued that’s all.
Hi
If you have seen social media bots like Jarvee, Followliker etc. They automate social media actions (follow/unfollow) by all sorts of different ways.

One of the ways is to use the internal API social media use. What I've done in this post is to show you how to find those API endpoints so one can create bots like those.

 
Can't understand a single thing in the post but it looks lit! :D

Whenever someone in my family will ask me what I do, I will direct them to your post.
 
Hi
If you have seen social media bots like Jarvee, Followliker etc. They automate social media actions (follow/unfollow) by all sorts of different ways.

One of the ways is to use the internal API social media use. What I've done in this post is to show you how to find those API endpoints so one can create bots like those.


Cool thank you
 
Is there a way to export the captured request&response in realtime so I can use them in a python script for example? I just found that Burp provides a python API but that's just for the Burp Suite Professional or Enterprise and not really interested in buying this expensive license just for this.
 
I think, Xposed framework has module that bypass SSL Pining as well, never tried it. Frida works always for me. Hail Frida!
 
Good thread getting rid of ssl pinning though is where real game starts. You can get away with a catchall methods only for basic apps but gotta deal with the obfuscation and encrypted tokens too once you get rid of the pinning.
 
Thanks for this tutorial but could you please help me I'm getting ratelimitexception while I'm trying to do a specific task in forloop.
 
Back
Top
AdBlock Detected

We get it, advertisements are annoying!

Sure, ad-blocking software does a great job at blocking ads, but it also blocks useful features and essential functions on BlackHatWorld and other forums. These functions are unrelated to ads, such as internal links and images. For the best site experience please disable your AdBlocker.

I've Disabled AdBlock