TransWikia.com

Android app Viber (com.viber.voip) mitm

Reverse Engineering Asked by Thabit.exe on May 4, 2021

I want to see what viber is sending out of my android phone, I’m using mitm proxy (custom server) but the app is using certificate pining to detect the proxy and close the connection after the handshake is done.

I know the basic method of patching OkHttp’s CertificatePinner.
The problem with viber is that they went to extreme lengths to hide the pinning.
Most apps I have seen were easy to patch, and the signature or the cert was not hidden.

I found around 7 keystores (bks) in the app, but no calls to CertificatePinner, no sha1/ or sha256/ signatures. am I missing something?

I also looked for Custom TrustManagers but could not find anything useful, mostly because the app is full of ads, (google, facebook, yandex, adjust.com, …) some of these ad libraries have their own certificates and keystores

Any ideas on how the app is pinning the certificate? did I miss something?

(PS: this is for research purposes only)

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP