Reverse Engineering Asked by sitedude on August 4, 2021
I have an APK that uses pinning. I am having an unbelievable time trying to remove the SSL pinning so i figure it might be easier to modify the smali files and recompile to log the LoadURL events.
Below is the method I am trying to log the URL it loads. I have tried to use
invoke-static {v0, v1}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
but i get register errors in the Android studio logcat. Any ideas or a better way to see what urls this APK is loading along with the POST request?
.method public run()V
.locals 3
sget v0, Landroid/os/Build$VERSION;->SDK_INT:I
const/16 v1, 0x12
if-le v0, v1, :cond_0
iget-object v0, p0, Lcom/gigya/socialize/android/GSWebBridge$6;->this$0:Lcom/gigya/socialize/android/GSWebBridge;
invoke-static {v0}, Lcom/gigya/socialize/android/GSWebBridge;->access$100(Lcom/gigya/socialize/android/GSWebBridge;)Landroid/webkit/WebView;
move-result-object v0
iget-object v1, p0, Lcom/gigya/socialize/android/GSWebBridge$6;->val$invocation:Ljava/lang/String;
new-instance v2, Lcom/gigya/socialize/android/GSWebBridge$6$1;
invoke-direct {v2, p0}, Lcom/gigya/socialize/android/GSWebBridge$6$1;-><init>(Lcom/gigya/socialize/android/GSWebBridge$6;)V
invoke-virtual {v0, v1, v2}, Landroid/webkit/WebView;->evaluateJavascript(Ljava/lang/String;Landroid/webkit/ValueCallback;)V
goto :goto_0
:cond_0
iget-object v0, p0, Lcom/gigya/socialize/android/GSWebBridge$6;->this$0:Lcom/gigya/socialize/android/GSWebBridge;
invoke-static {v0}, Lcom/gigya/socialize/android/GSWebBridge;->access$100(Lcom/gigya/socialize/android/GSWebBridge;)Landroid/webkit/WebView;
move-result-object v0
iget-object v1, p0, Lcom/gigya/socialize/android/GSWebBridge$6;->val$invocation:Ljava/lang/String;
invoke-virtual {v0, v1}, Landroid/webkit/WebView;->loadUrl(Ljava/lang/String;)V
:goto_0
return-void
.end method
Another example, I tried to add a simple log on 2 consts and it errors out as well and crashes
move-result-object v1
const-string v2, "/"
const-string v3, ""
invoke-static {v2, v3}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I (this is the added line)
invoke-virtual {v1, v2, v3}, Ljava/lang/String;->replace(Ljava/lang/CharSequence;Ljava/lang/CharSequence;)Ljava/lang/String;
move-result-object v1
invoke-virtual {p1}, Landroid/net/Uri;->getEncodedQuery()Ljava/lang/String;
move-result-object p1
In log cat I get the following error
2019-10-13 13:52:46.823 14636-14636/? W/dex2oat: Verification error in boolean com.gigya.socialize.android.GSWebBridge.handleUrl(android.webkit.WebView, java.lang.String)
2019-10-13 13:52:46.823 14636-14636/? W/dex2oat: boolean com.gigya.socialize.android.GSWebBridge.handleUrl(android.webkit.WebView, java.lang.String) failed to verify: boolean com.gigya.socialize.android.GSWebBridge.handleUrl(android.webkit.WebView, java.lang.String): [0x29] Rejecting invocation, expected 1 argument registers, method signature has 2 or more
2019-10-13 13:53:56.296 14703-14703/? W/System.err: a.b.c.f: The exception could not be delivered to the consumer because it has already canceled/disposed the flow or the exception has nowhere to go to begin with. Further reading: https://github.com/ReactiveX/RxJava/wiki/What's-different-in-2.0#error-handling | java.lang.VerifyError: Verifier rejected class com.gigya.socialize.android.GSWebBridge: boolean com.gigya.socialize.android.GSWebBridge.handleUrl(android.webkit.WebView, java.lang.String) failed to verify: boolean com.gigya.socialize.android.GSWebBridge.handleUrl(android.webkit.WebView, java.lang.String): [0x29] Rejecting invocation, expected 1 argument registers, method signature has 2 or more (declaration of 'com.gigya.socialize.android.GSWebBridge' appears in base.apk)
2019-10-13 13:53:56.297 14703-14703/? W/System.err: Caused by: java.lang.VerifyError: Verifier rejected class com.gigya.socialize.android.GSWebBridge: boolean com.gigya.socialize.android.GSWebBridge.handleUrl(android.webkit.WebView, java.lang.String) failed to verify: boolean com.gigya.socialize.android.GSWebBridge.handleUrl(android.webkit.WebView, java.lang.String): [0x29] Rejecting invocation, expected 1 argument registers, method signature has 2 or more (declaration of 'com.gigya.socialize.android.GSWebBridge' appears in base.apk)
2019-10-13 13:53:56.297 14703-14703/? W/System.err: at com.gigya.socialize.android.GSWebBridge.attach(Unknown Source:0)
2019-10-13 13:53:56.399 14703-14703/? E/AndroidRuntime: FATAL EXCEPTION: main
Then the app crashes as well.
2019-10-13 13:52:46.823 14636-14636/? W/dex2oat: Verification error
Looks like dex2oat
which is a DEX code compilation tool failed bytecode verification. At first in may seem odd this happens only at runtime, but keep in mind that Android preforms Just-in-time and Ahed-of-time compilation, and both tactics are performed on device.
com...GSWebBridge.handleUrl(android.webkit.WebView, java.lang.String): [0x29] Rejecting invocation, expected 1 argument registers, method signature has 2 or more
I would guess that you called a function that expects two argument with only one arguments. That function does not appear in your snippet so it might indicate you edited some other code. Try to include the erroring function and the code that calls it so we can better understand what is going on.
Hope It helps!
Answered by Gal on August 4, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP