-
Notifications
You must be signed in to change notification settings - Fork 438
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
issue running against GE application APK #88
Comments
some others like:
|
I'll need the file hash and how you executed simplify at minimum to reproduce. File would be better. |
I'm using this: https://apkpure.com/kitchen-ge-appliances/com.ge.kitchen. Thanks for looking into this! Really looking forward to seeing the output from this tool! |
I'll also need how you executed simplify at minimum to reproduce. While this is a valid issue, and is probably surfacing a valid bug, simplify is unlikely to help you because the app simply isn't obfuscated. This tool is mostly for hostile sample analysis. It's 99% of the time not useful for "whatever" you want to do with a commercial app. |
this app does appear to use string obfuscation. I simply ran:
|
Can you point out a class which uses string encryption? That should be simplify-able. |
I'm a newbie at this, but see com.ge.commonframework.c.c (array of base64 that decodes to binary), used in com.ge.commonframework.https.HttpsOAuthConnect.initSSLContext. Another suspicious string in com.ge.commonframework.dataModel.XMPPCredential where all the values are BuildConfig.FLAVOR. |
The array of base64 encoded strings looks like a certificate. It's used in The XMPPCredential stuff are all empty strings. If you're seeing the value as You might get a better understanding of what this app is doing by installing it and monitoring traffic. There are ways to disable cert pinning, both at the framework level and by modifying the app, and there are ways to monitor HTTPS traffic without cert pinning. I don't want to discuss the details of this process for any specific non-malware samples here though. |
thanks for your help! Ya I did SSL monitoring and they check for MITM so ya I'll have to figure a way to disable that. Closing issue since fixing this issue won't help me. |
If you don't mind, I'm going to leave this open since I have everything to repro and it's probably a legit bug. |
Also, to disable cert pinning, check out https://github.com/Fuzion24/JustTrustMe |
The problem is the A more general fix would be to somehow execute the I'm thinking this isn't a common problem, so I'm going to prioritize other fixes until something changes or there's nothing else to work on. |
Cool. Hopefully can get back to this soon. Right now in google API hell :) |
Got the following error:
The text was updated successfully, but these errors were encountered: