iSEC Research Labs

SSL pinning bypass and other Android tools

13 Dec 2013 - Marc Blanchou

iSEC is releasing several Cydia Substrate extensions to facilitate the black box testing of Android applications:

Android-SSL-TrustKiller

This tool hooks various methods in order to disable SSL certificate pinning, by forcing the Android application to accept any SSL certificate. Once installed, it works across all applications on a device. See the project page.

Android-KillPermAndSigChecks

This tool disables signature and permission checks for Android IPCs. This can be useful to test internal or restricted IPCs in specific cases/scenarios. See the project page.

Android-OpenDebug

This extension makes all applications running on the device debuggable; once installed, any application will accept a debugger to attach to them. We originally wrote a different version that hooked on the android.content.pm.PackageParser class; however, MWR released a new technique last week involving a faster way to do it, which is what this Cydia Extension now uses. See the project page.