Category : certificate-pinning

Recently, I’ve been testing the certificate pinning implementation provided by OkHttp using version 4.9.0 + Retrofit 2.9.0; And I’ve noticed that the hash check is not conjunctive but rather disjunctive. According to the example implementation the certificate chain of publicobject.com: Peer certificate chain: sha256/afwiKY3RxoMmLkuRW1l7QsPZTJPwDS2pdDROQjXw8ig=: CN=publicobject.com, OU=PositiveSSL sha256/klO23nT2ehFDXCfx3eHTDRESMz3asj1muO+4aIdjiuY=: CN=COMODO RSA Secure Server CA sha256/grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME=: CN=COMODO RSA ..

Read more

I want to test the behavior of a recompiled APK on an Android Device without any changes. After I decompiled using Apktool 2.4.1 with default flags, then compiled without any errors/warning I signed the recompiled Apk and installed it on a non-rooted device. I tried to run the Apk on the device but sadly it ..

Read more

I am using OkHttpClient library for HTTP requests and having two ‘.bks’ files in the ‘res/raw’ folder for doing SSL pinning. I have written the following code for fetching the one ‘.bks’ file. But how to add the multiple files? dkhymnow.bks dpsandroid.bks I hope somebody can help me! private OkHttpClient getOkHttpClient() { try { OkHttpClient.Builder ..

Read more