Skip to navigation Skip to main content Skip to footer

Tool Release: SSL pinning bypass and other Android tools

13 December 2013

By Aaron Haymore

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below.

SSL pinning bypass and other Android tools

13 Dec 2013 – Marc Blanchou

iSEC is releasing several Cydia Substrate extensions to facilitate the black box testing of Android applications:

Android-SSL-TrustKiller

This tool hooks various methods in order to disable SSL certificate pinning, by forcing the Android application to accept any SSL certificate. Once installed, it works across all applications on a device. See the project page.

Android-KillPermAndSigChecks

This tool disables signature and permission checks for Android IPCs. This can be useful to test internal or restricted IPCs in specific cases/scenarios. See the project page.

Android-OpenDebug

This extension makes all applications running on the device debuggable; once installed, any application will accept a debugger to attach to them. We originally wrote a different version that hooked on the android.content.pm.PackageParser class; however, MWR released a new technique last week involving a faster way to do it, which is what this Cydia Extension now uses. See the project page.