I want to test the behavior of a recompiled APK on an Android Device without any changes.
After I decompiled using Apktool 2.4.1 with default flags, then compiled without any errors/warning I signed the recompiled Apk and installed it on a non-rooted device.
I tried to run the Apk on the device but sadly it failed, it has stuck on the loading of the main screen.
I think maybe it fails to load the main activity, which I’ve seen some weird logs via Logcat.
As part of a project, I need to bypass SSL Pinning on this mobile App, I’m on my baby steps of learning some tools and reversing.
sadly atm in my company there is no one who can help.
That’s why I’m trying to research for a solution on the internet and trying to figure out maybe if you guys can help me.
This app got SSL pinning, root detection, and emulator detection (pictures can be attached if needed).
already tried to install on a different rooted device with Xposed and SSL pinning bypass package.
I had some ideas for reversing that I wanted to test on the app with specific changes like adding libraries of Frida to the source files of the Apk and recompile or try to change the source code and make the Apk accept any cert or something like that.
From a short surf on the web, I have found a post that describes 3 ways that were possible to implement SSL Pinning,
While I was using Jadx to search for OkHttp and CertificatePinner I have not found any reference for these.
tried to look in the manifest and in the resource for XML "Network Security Configuration" didn’t find as well
what leaves us with the last option which is TrustManager.
I have attached some pictures and info about my process,
I would be more than glad to receive any help or suggestions from you!
d2j-apk-sign.bat from Dex-tools-2.1-snapshot
Samsung J7 Android 8.1
using Burp proxy and generated my own Certificate ( NVISO ) will be seen in the logs of logcat
I have changed in the logcat Pastebin the name of the original package name to "com.original.noncompiled.mobile"
and in the recompiled Pastebin to "com.re.compiled.mobile" for the customer’s privacy.
Logcat after I executed the Original Application and got the SSL Pinning issue.
In addition, Burp never showed me a certificate error for the Application URL, which means it never tried to communicate. I’m pretty sure we can see something that may refer to it in the log.
Logcat after I executed the Recompiled Application and seen the stuck window of the Apk.
Source: Android Questions