Static method
Once the APK has been disassembled we will need to locate where within the smali source code the certificate pinning checks are done. Searching the smali code for keywords such as “X509TrustManager”, “cert”, “pinning”, etc, should point you in the right direction.
In this case a search for “X509TrustManager” returned a result within the Ex:‘smali/com/TrustEveryoneTrustManager.smali’ file. This file contains methods named “checkClientTrusted”, “checkServerTrusted” and “getAcceptedIssuers”.
If you do not find X509TrustManager certificate in smali files Certificate Pinning is not implemented.
Please follow the link below to implement Certificate Pinning
https://moxie.org/blog/authenticity-is-broken-in-ssl-but-your-app-ha/
No comments:
Post a Comment