Eltion/Instagram-SSL-Pinning-Bypass

[BUG] App Crash

mayaarX opened this issue · 2 comments

mayaarX commented

Describe the bug
after running the app it immediately crash for some reason ...

summary steps :

installed burp Certificates
downloaded IG app
downloaded js script
pushed frida and give it the permission
run frida
used the command frida -U -l .\instagram-ssl-pinning-bypass.js -f com.instagram.android
app starts then immediately crash

Method
Patched APK or Frida

App info

  • Version: instagram-v248.0.0.17.109
  • Arch: x86, x86_64,

Device info

  • Model: Samsung SM-N975F, memu emulator
  • Android Version: 7.1

Proxy tool
brup: v2022.5.2

logcat

--------- beginning of system
--------- beginning of crash
--------- beginning of main
01-27 16:46:19.785  3901  3901 V INSTAGRAM_SSL_PINNING_BYPASS: [*][*] Waiting for libliger...
01-27 16:46:19.790  3901  3901 V INSTAGRAM_SSL_PINNING_BYPASS: [*][+] Hooked checkTrustedRecursive
01-27 16:46:20.011  3901  3901 V INSTAGRAM_SSL_PINNING_BYPASS: [*][+] Hooked SSLContextInit
01-27 16:46:28.457  4057  4057 V INSTAGRAM_SSL_PINNING_BYPASS: [*][*] Waiting for libliger...
01-27 16:46:28.459  4057  4057 V INSTAGRAM_SSL_PINNING_BYPASS: [*][+] Hooked checkTrustedRecursive
01-27 16:46:28.534  4057  4057 V INSTAGRAM_SSL_PINNING_BYPASS: [*][+] Hooked SSLContextInit
01-27 16:48:06.974  5326  5326 V INSTAGRAM_SSL_PINNING_BYPASS: [*][*] Waiting for libliger...
01-27 16:48:06.975  5326  5326 V INSTAGRAM_SSL_PINNING_BYPASS: [*][+] Hooked checkTrustedRecursive
01-27 16:48:06.992  5326  5367 V INSTAGRAM_SSL_PINNING_BYPASS: [*][+] Found libliger at: 0xc3d42000
01-27 16:48:06.997  5326  5367 V INSTAGRAM_SSL_PINNING_BYPASS: [*][+] Hooked function: _ZN8proxygen15SSLVerification17verifyWithMetricsEbP17x509_store_ctx_stRKNSt6__ndk112basic_stringIcNS3_11char_traitsIcEENS3_9allocatorIcEEEEPNS0_31SSLFailureVerificationCallbacksEPNS0_31SSLSuccessVerificationCallbacksERKNS_15TimeUtilGenericINS3_6chrono12steady_clockEEERNS_10TraceEventE
01-27 16:48:07.031  5326  5326 V INSTAGRAM_SSL_PINNING_BYPASS: [*][+] Hooked SSLContextInit
01-27 16:48:07.468  5510  5510 V INSTAGRAM_SSL_PINNING_BYPASS: [*][*] Waiting for libliger...
01-27 16:48:07.472  5510  5510 V INSTAGRAM_SSL_PINNING_BYPASS: [*][+] Hooked checkTrustedRecursive
01-27 16:48:07.540  5510  5510 V INSTAGRAM_SSL_PINNING_BYPASS: [*][+] Hooked SSLContextInit
01-27 16:48:36.406  5707  5707 V INSTAGRAM_SSL_PINNING_BYPASS: [*][*] Waiting for libliger...
01-27 16:48:36.407  5707  5707 V INSTAGRAM_SSL_PINNING_BYPASS: [*][+] Hooked checkTrustedRecursive
01-27 16:48:36.450  5707  5707 V INSTAGRAM_SSL_PINNING_BYPASS: [*][+] Hooked SSLContextInit
01-27 16:48:36.960  5707  5720 V INSTAGRAM_SSL_PINNING_BYPASS: [*][+] Found libliger at: 0xcefd6000
01-27 16:48:36.971  5707  5720 V INSTAGRAM_SSL_PINNING_BYPASS: [*][+] Hooked function: _ZN8proxygen15SSLVerification17verifyWithMetricsEbP17x509_store_ctx_stRKNSt6__ndk112basic_stringIcNS3_11char_traitsIcEENS3_9allocatorIcEEEEPNS0_31SSLFailureVerificationCallbacksEPNS0_31SSLSuccessVerificationCallbacksERKNS_15TimeUtilGenericINS3_6chrono12steady_clockEEERNS_10TraceEventE

frd

Eltion commented

@mayaarX this is probably not a problem with the script. It could be because of the emulator, or a problem with frida.

  1. Test if the app is working without frida
  2. Test if the app is working with frida, without injecting the script
frida -U -f com.instagram.android
mayaarX commented

@Eltion you're a masterpiece
Just tried it without the injection and it works perfectly
Thanks !