一
flutter的证书校验
adb install --abi armeabi-v7a <path to apk>
二
写脚本绕过
function hook_ssl_verify_result(address) {
Interceptor.attach(address, {
onEnter: function(args) {
console.log("Disabling SSL validation")
},
onLeave: function(retval) {
console.log("Retval: " + retval);
retval.replace(0x1);
}
});
}
function hookFlutter() {
var m = Process.findModuleByName("libflutter.so");
var pattern = "2D E9 F0 4F 85 B0 06 46 50 20 10 70";
var res = Memory.scan(m.base, m.size, pattern, {
onMatch: function(address, size){
console.log('[+] ssl_verify_result found at: ' + address.toString());
hook_ssl_verify_result(address.add(0x01));
},
onError: function(reason){
console.log('[!] There was an error scanning memory');
},
onComplete: function() {
console.log("All done")
}
});
}
.text:0000000000596870 FF C3 01 D1 SUB SP, SP,
.text:0000000000596874 FD 7B 01 A9 STP X29, X30, [SP,
.text:0000000000596878 FC 6F 02 A9 STP X28, X27, [SP,
.text:000000000059687C FA 67 03 A9 STP X26, X25, [SP,
.text:0000000000596880 F8 5F 04 A9 STP X24, X23, [SP,
.text:0000000000596884 F6 57 05 A9 STP X22, X21, [SP,
.text:0000000000596888 F4 4F 06 A9 STP X20, X19, [SP,
.text:000000000059688C 08 0A 80 52 MOV W8,
.text:0000000000596890 48 00 00 39 STRB W8, [X2]
function hook_ssl_verify_result(address) {
Interceptor.attach(address, {
onEnter: function(args) {
console.log("Disabling SSL validation")
},
onLeave: function(retval) {
console.log("Retval: " + retval);
retval.replace(0x1);
}
});
}
function hookFlutter() {
var m = Process.findModuleByName("libflutter.so");
var pattern = "FF C3 01 D1 FD 7B 01 A9 FC 6F 02 A9FA 67 03 A9 F8 5F 04 A9 F6 57 05 A9 F4 4F 06 A9 08 0A 80 52 48 00 00 39";
var res = Memory.scan(m.base, m.size, pattern, {
onMatch: function(address, size){
console.log('[+] ssl_verify_result found at: ' + address.toString());
hook_ssl_verify_result(address.add(0x01));
},
onError: function(reason){
console.log('[!] There was an error scanning memory');
},
onComplete: function() {
console.log("All done")
}
});
}
三
参考资料
看雪ID:puppet_w
https://bbs.kanxue.com/user-home-929264.htm
# 往期推荐
2、在Windows平台使用VS2022的MSVC编译LLVM16
3、神挡杀神——揭开世界第一手游保护nProtect的神秘面纱
球分享
球点赞
球在看
点击阅读原文查看更多