tsarpaul / fbunpinner Goto Github PK
View Code? Open in Web Editor NEWBypass Facebook/Instagram Certificate Pinning for Android
Bypass Facebook/Instagram Certificate Pinning for Android
It would be great to have this ported to patch iOS binaries. In a jailbroken environment, it's easy to obtain the decrypted binary, and I am guessing FB will be using similar techniques for both iOS and Android.
[+] Patching TLS1.3 stack!
[+] Found TLS1.3 verifier at 0x24d7f0
[+] 2 bytes were overwritten!
[+] Found function at address 0x32b7ab
[+] 4 bytes were overwritten!
when i replace the so the messanger is crash! i have chomd 777 for the so!
SoLoader: couldn't find DSO to load: libcoldstart.so caused by: /data/user/0/com.facebook.orca/lib-xzs/libcoldstart.so: open failed: EACCES (Permission denied)
Hi tzarpaul, first & foremost, thank for the amazing contribution.
just ran into a problem with Instagram app, trying to analyze traffic for some requests i need to clone in other project.
wondering if x86 comparability will be supported soon :)
[+] Patching TLS1.3 stack!
[!] Could not find the required code to patch!
This is the error I am getting
Support for amr64 would be great.thanks in advance :)
Hi, just to point out that the libcoldstart.so and/or libliger.so seems to not longer exist in the facebook and instagram apps respectively.
is there a workaround?
Followed the steps, but had difficulties. I was able to find the libcoldstart.so file in /data/data/com.facebook.katana/lib-compressed, but got this error message.
ERROR: Failed to patch ARM TLS 1.3 stack, something has gone wrong!
please help me thanks ๐
Hello,
I tried to patch the latest version of Messenger (Messenger_v_301_274784557.apk) with no success. Since Facebook is not supporting any more old versions, can you please guide me to patch the latest version?
I am using CharlesProxy (and MITMPROXY), and was able to patch Facebook APK.
Many thanks!
[+] Patching TLS1.3 stack!
Traceback (most recent call last):
File "patch.py", line 183, in <module>
patcher13.patch()
File "patch.py", line 118, in patch
if blob[i+1] == 0b01000111 \
IndexError: index out of range
The libliger.so
in question is released as over the air update between after 24 May, before 27 May.
try to patch instagram v78
python3 patch.py libliger.so libliger-patched.so
[+] Patching TLS1.3 stack!
Traceback (most recent call last):
File "patch.py", line 183, in <module>
patcher13.patch()
File "patch.py", line 118, in patch
if blob[i+1] == 0b01000111 \
IndexError: index out of range
Can you please explain which android devices or versions use ARM TLS1.3?
In addition to this I tested it with Facebook Version: 212.0.0.28.110 x86 TLS1.3 it does not work.
Also patcher do not work for old versions of facebook so you might be write which versions supported.
Thank you very much I am really excited to see ARM TLS1.3 and new usage documents.
Any luck with capturing messages requests
I keep sending messages but still can't find any request
libcoldstart.so patches but doesn't remove the pinning. Tested in Android Emulator but didn't work.
Download the APK:
https://www.apkmirror.com/apk/facebook-2/facebook/facebook-204-0-0-24-101-release/facebook-204-0-0-24-101-6-android-apk-download/
On arm-v7a version older than 336.0.0.20.117, I get an error
if blob [i + 1] == 0b01000111
IndexError: index out of range
Everything works well on x86. Can I fix it under the latest version for arm-v7a?
Thanks!
I followed your guide but:
cp: bad '/data/data/com.facebook.katana/lib-superpack-xz/libcoldstart.so': No such file or directory
Reproduce:
Any plans for Facebook Page Manager ?
Emulator: Genymotion (Google Nexus 5X - API 26)
Proxy Software: Fiddler
Followed the steps as mentioned in the README, replacing the libcoldstart.so file. However, when I apply the fiddler proxy to my emulator WiFi, Facebook Messenger stops getting internet access and nothing is loaded in the app. It works fine without applying the proxy though.
Do I have to follow any other steps apart from what is mentioned in the REAMDE, like decompiling the application apk and adding a permission for user installed certificates in Android Manifest file? Also, which version of Facebook messenger have you tested for so far?
still working ?
I tried to follow the instructions but it did not work. Can you help me or send me the patched file? Thanks.
You can creat video tutorial demo FBUnpinner step by step. Thanks you
Not working on 312.0.0.45.117 x86 android emulator
Hi.
What version fb I need to use to use your path?
Not working with Facebook_212.0.0.28.110.apk (x86)
[+] Patching TLS1.3 stack!
[+] Found TLS1.3 verifier at 0x2fb18e
[+] 22 bytes were overwritten!
[+] Found function at address 0x86829a
[+] 6 bytes were overwritten!
I am can't sniff packet and reject when start with Charlesproxy
error cert pinning can you help ?
[+] Patching TLS1.3 stack!
[!] Could not find the required code to patch!
On Instagram apk:
com.instagram.android_72.0.0.21.98-132081655_minAPI19(x86)(nodpi)_apkmirror.com
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.