From 61de032932161660e25c14c518c69cb19514658f Mon Sep 17 00:00:00 2001 From: Curz0n Date: Sat, 15 Aug 2020 16:21:15 +0800 Subject: [PATCH 01/10] Add support for OkHttp4.2.0+ --- app/src/main/java/just/trust/me/Main.java | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/app/src/main/java/just/trust/me/Main.java b/app/src/main/java/just/trust/me/Main.java index ac14a66..e8a066d 100644 --- a/app/src/main/java/just/trust/me/Main.java +++ b/app/src/main/java/just/trust/me/Main.java @@ -502,6 +502,28 @@ protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Thr Log.d(TAG, "OKHTTP 3.x not found in " + currentPackageName + " -- not hooking OkHostnameVerifier.verify(String, X509)("); // pass } + + //https://github.com/square/okhttp/blob/okhttp_4.2.x/okhttp/src/main/java/okhttp3/CertificatePinner.kt + Log.d(TAG, "Hooking okhttp3.CertificatePinner.check(String,List) (4.2.0+) for: " + currentPackageName); + + try { + classLoader.loadClass("okhttp3.CertificatePinner"); + findAndHookMethod("okhttp3.CertificatePinner", + classLoader, + "check$okhttp", + String.class, + "kotlin.jvm.functions.Function0", + new XC_MethodReplacement() { + @Override + protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable { + return null; + } + }); + } catch (ClassNotFoundException e) { + Log.d(TAG, "OKHTTP 4.2.0+ not found in " + currentPackageName + " -- not hooking"); + // pass + } + } void processHttpClientAndroidLib(ClassLoader classLoader) { From f0aaebff62c5090ae15e97b4cbf9a16291cd0139 Mon Sep 17 00:00:00 2001 From: MagicWizz <63803959+MagicWizz@users.noreply.github.com> Date: Thu, 8 Oct 2020 01:29:42 +0200 Subject: [PATCH 02/10] Add other function to bypass These function aren't currently hooked by JustTrustMe, but they are used in some applications. --- app/src/main/java/just/trust/me/Main.java | 41 ++++++++++++++++++++--- 1 file changed, 37 insertions(+), 4 deletions(-) diff --git a/app/src/main/java/just/trust/me/Main.java b/app/src/main/java/just/trust/me/Main.java index e8a066d..2e3727d 100644 --- a/app/src/main/java/just/trust/me/Main.java +++ b/app/src/main/java/just/trust/me/Main.java @@ -2,6 +2,7 @@ import android.content.Context; import android.net.http.SslError; +import android.net.http.X509TrustManagerExtensions; import android.util.Log; import android.webkit.SslErrorHandler; import android.webkit.WebView; @@ -34,6 +35,7 @@ import javax.net.ssl.HostnameVerifier; import javax.net.ssl.KeyManager; import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLParameters; import javax.net.ssl.SSLSession; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; @@ -102,6 +104,20 @@ protected void afterHookedMethod(MethodHookParam param) throws Throwable { } }); + findAndHookMethod(X509TrustManagerExtensions.class, "checkServerTrusted", X509Certificate[].class, String.class, String.class, new XC_MethodReplacement() { + @Override + protected Object replaceHookedMethod(MethodHookParam param) throws Throwable { + return param.args[0]; + } + }); + + findAndHookMethod("android.security.net.config.NetworkSecurityTrustManager", lpparam.classLoader, "checkPins", List.class, new XC_MethodReplacement() { + @Override + protected Object replaceHookedMethod(MethodHookParam param) throws Throwable { + return null; + } + }); + /* external/apache-http/src/org/apache/http/conn/ssl/SSLSocketFactory.java */ /* public SSLSocketFactory( ... ) */ Log.d(TAG, "Hooking SSLSocketFactory(String, KeyStore, String, KeyStore) for: " + currentPackageName); @@ -303,6 +319,23 @@ protected Object replaceHookedMethod(MethodHookParam param) throws Throwable { return list; } }); + + findAndHookMethod("com.android.org.conscrypt.TrustManagerImpl", lpparam.classLoader, "checkTrusted", X509Certificate[].class, String.class, SSLSession.class, SSLParameters.class, boolean.class, new XC_MethodReplacement() { + @Override + protected Object replaceHookedMethod(MethodHookParam param) throws Throwable { + ArrayList list = new ArrayList(); + return list; + } + }); + + + findAndHookMethod("com.android.org.conscrypt.TrustManagerImpl", lpparam.classLoader, "checkTrusted", X509Certificate[].class, byte[].class, byte[].class, String.class, String.class, boolean.class, new XC_MethodReplacement() { + @Override + protected Object replaceHookedMethod(MethodHookParam param) throws Throwable { + ArrayList list = new ArrayList(); + return list; + } + }); } } // End Hooks @@ -556,10 +589,10 @@ public void checkClientTrusted(X509Certificate[] chain, String authType) throws public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { } - public List checkServerTrusted(X509Certificate[] chain, String authType, String host) throws CertificateException { - ArrayList list = new ArrayList(); - return list; - } + public List checkServerTrusted(X509Certificate[] chain, String authType, String host) throws CertificateException { + ArrayList list = new ArrayList(); + return list; + } @Override public X509Certificate[] getAcceptedIssuers() { From 9623835abb14bc5da801b08be7410a662afb4a9a Mon Sep 17 00:00:00 2001 From: Konrad Kollnig Date: Tue, 11 May 2021 18:12:06 +0200 Subject: [PATCH 03/10] Handle various errors on Android 7 and 11 --- app/src/main/java/just/trust/me/Main.java | 105 +++++++++++++--------- 1 file changed, 61 insertions(+), 44 deletions(-) diff --git a/app/src/main/java/just/trust/me/Main.java b/app/src/main/java/just/trust/me/Main.java index 2e3727d..bdf5c30 100644 --- a/app/src/main/java/just/trust/me/Main.java +++ b/app/src/main/java/just/trust/me/Main.java @@ -43,6 +43,7 @@ import de.robv.android.xposed.IXposedHookLoadPackage; import de.robv.android.xposed.XC_MethodHook; import de.robv.android.xposed.XC_MethodReplacement; +import de.robv.android.xposed.XposedHelpers; import de.robv.android.xposed.callbacks.XC_LoadPackage.LoadPackageParam; import static de.robv.android.xposed.XposedHelpers.callMethod; @@ -68,41 +69,43 @@ public void handleLoadPackage(final LoadPackageParam lpparam) throws Throwable { /* Apache Hooks */ /* external/apache-http/src/org/apache/http/impl/client/DefaultHttpClient.java */ /* public DefaultHttpClient() */ - Log.d(TAG, "Hooking DefaultHTTPClient for: " + currentPackageName); - findAndHookConstructor(DefaultHttpClient.class, new XC_MethodHook() { - @Override - protected void afterHookedMethod(MethodHookParam param) throws Throwable { + if (hasDefaultHTTPClient()) { + Log.d(TAG, "Hooking DefaultHTTPClient for: " + currentPackageName); + findAndHookConstructor(DefaultHttpClient.class, new XC_MethodHook() { + @Override + protected void afterHookedMethod(MethodHookParam param) throws Throwable { - setObjectField(param.thisObject, "defaultParams", null); - setObjectField(param.thisObject, "connManager", getSCCM()); - } - }); + setObjectField(param.thisObject, "defaultParams", null); + setObjectField(param.thisObject, "connManager", getSCCM()); + } + }); - /* external/apache-http/src/org/apache/http/impl/client/DefaultHttpClient.java */ - /* public DefaultHttpClient(HttpParams params) */ - Log.d(TAG, "Hooking DefaultHTTPClient(HttpParams) for: " + currentPackageName); - findAndHookConstructor(DefaultHttpClient.class, HttpParams.class, new XC_MethodHook() { - @Override - protected void afterHookedMethod(MethodHookParam param) throws Throwable { + /* external/apache-http/src/org/apache/http/impl/client/DefaultHttpClient.java */ + /* public DefaultHttpClient(HttpParams params) */ + Log.d(TAG, "Hooking DefaultHTTPClient(HttpParams) for: " + currentPackageName); + findAndHookConstructor(DefaultHttpClient.class, HttpParams.class, new XC_MethodHook() { + @Override + protected void afterHookedMethod(MethodHookParam param) throws Throwable { - setObjectField(param.thisObject, "defaultParams", (HttpParams) param.args[0]); - setObjectField(param.thisObject, "connManager", getSCCM()); - } - }); + setObjectField(param.thisObject, "defaultParams", (HttpParams) param.args[0]); + setObjectField(param.thisObject, "connManager", getSCCM()); + } + }); - /* external/apache-http/src/org/apache/http/impl/client/DefaultHttpClient.java */ - /* public DefaultHttpClient(ClientConnectionManager conman, HttpParams params) */ - Log.d(TAG, "Hooking DefaultHTTPClient(ClientConnectionManager, HttpParams) for: " + currentPackageName); - findAndHookConstructor(DefaultHttpClient.class, ClientConnectionManager.class, HttpParams.class, new XC_MethodHook() { - @Override - protected void afterHookedMethod(MethodHookParam param) throws Throwable { + /* external/apache-http/src/org/apache/http/impl/client/DefaultHttpClient.java */ + /* public DefaultHttpClient(ClientConnectionManager conman, HttpParams params) */ + Log.d(TAG, "Hooking DefaultHTTPClient(ClientConnectionManager, HttpParams) for: " + currentPackageName); + findAndHookConstructor(DefaultHttpClient.class, ClientConnectionManager.class, HttpParams.class, new XC_MethodHook() { + @Override + protected void afterHookedMethod(MethodHookParam param) throws Throwable { - HttpParams params = (HttpParams) param.args[1]; + HttpParams params = (HttpParams) param.args[1]; - setObjectField(param.thisObject, "defaultParams", params); - setObjectField(param.thisObject, "connManager", getCCM(param.args[0], params)); - } - }); + setObjectField(param.thisObject, "defaultParams", params); + setObjectField(param.thisObject, "connManager", getCCM(param.args[0], params)); + } + }); + } findAndHookMethod(X509TrustManagerExtensions.class, "checkServerTrusted", X509Certificate[].class, String.class, String.class, new XC_MethodReplacement() { @Override @@ -320,22 +323,27 @@ protected Object replaceHookedMethod(MethodHookParam param) throws Throwable { } }); - findAndHookMethod("com.android.org.conscrypt.TrustManagerImpl", lpparam.classLoader, "checkTrusted", X509Certificate[].class, String.class, SSLSession.class, SSLParameters.class, boolean.class, new XC_MethodReplacement() { - @Override - protected Object replaceHookedMethod(MethodHookParam param) throws Throwable { - ArrayList list = new ArrayList(); - return list; - } - }); + try { + findAndHookMethod("com.android.org.conscrypt.TrustManagerImpl", lpparam.classLoader, "checkTrusted", X509Certificate[].class, String.class, SSLSession.class, SSLParameters.class, boolean.class, new XC_MethodReplacement() { + @Override + protected Object replaceHookedMethod(MethodHookParam param) throws Throwable { + ArrayList list = new ArrayList(); + return list; + } + }); - findAndHookMethod("com.android.org.conscrypt.TrustManagerImpl", lpparam.classLoader, "checkTrusted", X509Certificate[].class, byte[].class, byte[].class, String.class, String.class, boolean.class, new XC_MethodReplacement() { - @Override - protected Object replaceHookedMethod(MethodHookParam param) throws Throwable { - ArrayList list = new ArrayList(); - return list; - } - }); + findAndHookMethod("com.android.org.conscrypt.TrustManagerImpl", lpparam.classLoader, "checkTrusted", X509Certificate[].class, byte[].class, byte[].class, String.class, String.class, boolean.class, new XC_MethodReplacement() { + @Override + protected Object replaceHookedMethod(MethodHookParam param) throws Throwable { + ArrayList list = new ArrayList(); + return list; + } + }); + } catch (NoSuchMethodError e) { + + } + } } // End Hooks @@ -352,6 +360,15 @@ public boolean hasTrustManagerImpl() { return true; } + public boolean hasDefaultHTTPClient() { + try { + Class.forName("org.apache.http.impl.client.DefaultHttpClient"); + } catch (ClassNotFoundException e) { + return false; + } + return true; + } + private javax.net.ssl.SSLSocketFactory getEmptySSLFactory() { try { SSLContext sslContext = SSLContext.getInstance("TLS"); @@ -552,7 +569,7 @@ protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Thr return null; } }); - } catch (ClassNotFoundException e) { + } catch (XposedHelpers.ClassNotFoundError | ClassNotFoundException e) { Log.d(TAG, "OKHTTP 4.2.0+ not found in " + currentPackageName + " -- not hooking"); // pass } From 266dbb8144eee59f000e318bf282e18737ff8ed3 Mon Sep 17 00:00:00 2001 From: Konrad Kollnig Date: Sat, 22 May 2021 11:05:19 +0200 Subject: [PATCH 04/10] Cleanup --- app/src/main/java/just/trust/me/Main.java | 70 ++++------------------- 1 file changed, 12 insertions(+), 58 deletions(-) diff --git a/app/src/main/java/just/trust/me/Main.java b/app/src/main/java/just/trust/me/Main.java index bdf5c30..1520877 100644 --- a/app/src/main/java/just/trust/me/Main.java +++ b/app/src/main/java/just/trust/me/Main.java @@ -46,6 +46,7 @@ import de.robv.android.xposed.XposedHelpers; import de.robv.android.xposed.callbacks.XC_LoadPackage.LoadPackageParam; +import static de.robv.android.xposed.XC_MethodReplacement.DO_NOTHING; import static de.robv.android.xposed.XposedHelpers.callMethod; import static de.robv.android.xposed.XposedHelpers.callStaticMethod; import static de.robv.android.xposed.XposedHelpers.findAndHookConstructor; @@ -114,12 +115,7 @@ protected Object replaceHookedMethod(MethodHookParam param) throws Throwable { } }); - findAndHookMethod("android.security.net.config.NetworkSecurityTrustManager", lpparam.classLoader, "checkPins", List.class, new XC_MethodReplacement() { - @Override - protected Object replaceHookedMethod(MethodHookParam param) throws Throwable { - return null; - } - }); + findAndHookMethod("android.security.net.config.NetworkSecurityTrustManager", lpparam.classLoader, "checkPins", List.class, DO_NOTHING); /* external/apache-http/src/org/apache/http/conn/ssl/SSLSocketFactory.java */ /* public SSLSocketFactory( ... ) */ @@ -165,12 +161,7 @@ protected Object replaceHookedMethod(MethodHookParam param) throws Throwable { /* external/apache-http/src/org/apache/http/conn/ssl/SSLSocketFactory.java */ /* public boolean isSecure(Socket) */ Log.d(TAG, "Hooking SSLSocketFactory(Socket) for: " + currentPackageName); - findAndHookMethod("org.apache.http.conn.ssl.SSLSocketFactory", lpparam.classLoader, "isSecure", Socket.class, new XC_MethodReplacement() { - @Override - protected Object replaceHookedMethod(MethodHookParam param) throws Throwable { - return true; - } - }); + findAndHookMethod("org.apache.http.conn.ssl.SSLSocketFactory", lpparam.classLoader, "isSecure", Socket.class, DO_NOTHING); /* JSSE Hooks */ /* libcore/luni/src/main/java/javax/net/ssl/TrustManagerFactory.java */ @@ -196,34 +187,17 @@ protected void afterHookedMethod(MethodHookParam param) throws Throwable { /* public void setDefaultHostnameVerifier(HostnameVerifier) */ Log.d(TAG, "Hooking HttpsURLConnection.setDefaultHostnameVerifier for: " + currentPackageName); findAndHookMethod("javax.net.ssl.HttpsURLConnection", lpparam.classLoader, "setDefaultHostnameVerifier", - HostnameVerifier.class, new XC_MethodReplacement() { - @Override - protected Object replaceHookedMethod(MethodHookParam param) throws Throwable { - return null; - } - }); + HostnameVerifier.class, DO_NOTHING); /* libcore/luni/src/main/java/javax/net/ssl/HttpsURLConnection.java */ /* public void setSSLSocketFactory(SSLSocketFactory) */ Log.d(TAG, "Hooking HttpsURLConnection.setSSLSocketFactory for: " + currentPackageName); - findAndHookMethod("javax.net.ssl.HttpsURLConnection", lpparam.classLoader, "setSSLSocketFactory", javax.net.ssl.SSLSocketFactory.class, - new XC_MethodReplacement() { - @Override - protected Object replaceHookedMethod(MethodHookParam param) throws Throwable { - return null; - } - }); + findAndHookMethod("javax.net.ssl.HttpsURLConnection", lpparam.classLoader, "setSSLSocketFactory", javax.net.ssl.SSLSocketFactory.class, DO_NOTHING); /* libcore/luni/src/main/java/javax/net/ssl/HttpsURLConnection.java */ /* public void setHostnameVerifier(HostNameVerifier) */ Log.d(TAG, "Hooking HttpsURLConnection.setHostnameVerifier for: " + currentPackageName); - findAndHookMethod("javax.net.ssl.HttpsURLConnection", lpparam.classLoader, "setHostnameVerifier", HostnameVerifier.class, - new XC_MethodReplacement() { - @Override - protected Object replaceHookedMethod(MethodHookParam param) throws Throwable { - return null; - } - }); + findAndHookMethod("javax.net.ssl.HttpsURLConnection", lpparam.classLoader, "setHostnameVerifier", HostnameVerifier.class, DO_NOTHING); /* WebView Hooks */ @@ -245,12 +219,7 @@ protected Object replaceHookedMethod(MethodHookParam param) throws Throwable { Log.d(TAG, "Hooking WebViewClient.onReceivedSslError(WebView, int, string, string) for: " + currentPackageName); findAndHookMethod("android.webkit.WebViewClient", lpparam.classLoader, "onReceivedError", - WebView.class, int.class, String.class, String.class, new XC_MethodReplacement() { - @Override - protected Object replaceHookedMethod(MethodHookParam param) throws Throwable { - return null; - } - }); + WebView.class, int.class, String.class, String.class, DO_NOTHING); //SSLContext.init >> (null,ImSureItsLegitTrustManager,null) findAndHookMethod("javax.net.ssl.SSLContext", lpparam.classLoader, "init", KeyManager[].class, TrustManager[].class, SecureRandom.class, new XC_MethodHook() { @@ -504,12 +473,7 @@ protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Thr "check", String.class, List.class, - new XC_MethodReplacement() { - @Override - protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable { - return null; - } - }); + DO_NOTHING); } catch (ClassNotFoundException e) { Log.d(TAG, "OKHTTP 3.x not found in " + currentPackageName + " -- not hooking"); // pass @@ -563,14 +527,9 @@ protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Thr "check$okhttp", String.class, "kotlin.jvm.functions.Function0", - new XC_MethodReplacement() { - @Override - protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable { - return null; - } - }); - } catch (XposedHelpers.ClassNotFoundError | ClassNotFoundException e) { - Log.d(TAG, "OKHTTP 4.2.0+ not found in " + currentPackageName + " -- not hooking"); + DO_NOTHING); + } catch (XposedHelpers.ClassNotFoundError | ClassNotFoundException | NoSuchMethodError e) { + Log.d(TAG, "OKHTTP 4.2.0+ (check$okhttp) not found in " + currentPackageName + " -- not hooking"); // pass } @@ -585,12 +544,7 @@ void processHttpClientAndroidLib(ClassLoader classLoader) { classLoader.loadClass("ch.boye.httpclientandroidlib.conn.ssl.AbstractVerifier"); findAndHookMethod("ch.boye.httpclientandroidlib.conn.ssl.AbstractVerifier", classLoader, "verify", String.class, String[].class, String[].class, boolean.class, - new XC_MethodReplacement() { - @Override - protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable { - return null; - } - }); + DO_NOTHING); } catch (ClassNotFoundException e) { // pass Log.d(TAG, "httpclientandroidlib not found in " + currentPackageName + "-- not hooking"); From b13d28e00c049227baeda139d29169588429bb2b Mon Sep 17 00:00:00 2001 From: Konrad Kollnig Date: Sat, 22 May 2021 11:05:29 +0200 Subject: [PATCH 05/10] Fix OKHTTP 4.2.0+ --- app/src/main/java/just/trust/me/Main.java | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/app/src/main/java/just/trust/me/Main.java b/app/src/main/java/just/trust/me/Main.java index 1520877..b7d6f6f 100644 --- a/app/src/main/java/just/trust/me/Main.java +++ b/app/src/main/java/just/trust/me/Main.java @@ -533,6 +533,19 @@ protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Thr // pass } + try { + classLoader.loadClass("okhttp3.CertificatePinner"); + findAndHookMethod("okhttp3.CertificatePinner", + classLoader, + "check", + String.class, + List.class, + DO_NOTHING); + } catch (XposedHelpers.ClassNotFoundError | ClassNotFoundException | NoSuchMethodError e) { + Log.d(TAG, "OKHTTP 4.2.0+ (check) not found in " + currentPackageName + " -- not hooking"); + // pass + } + } void processHttpClientAndroidLib(ClassLoader classLoader) { From 8cff1ae5516ac5a311b879cec3a3edef536eaaf1 Mon Sep 17 00:00:00 2001 From: Konrad Kollnig Date: Sat, 22 May 2021 11:21:46 +0200 Subject: [PATCH 06/10] Merge changes of #59 --- app/src/main/java/just/trust/me/Main.java | 68 ++++++++++++----------- 1 file changed, 35 insertions(+), 33 deletions(-) diff --git a/app/src/main/java/just/trust/me/Main.java b/app/src/main/java/just/trust/me/Main.java index b7d6f6f..749b6eb 100644 --- a/app/src/main/java/just/trust/me/Main.java +++ b/app/src/main/java/just/trust/me/Main.java @@ -119,44 +119,48 @@ protected Object replaceHookedMethod(MethodHookParam param) throws Throwable { /* external/apache-http/src/org/apache/http/conn/ssl/SSLSocketFactory.java */ /* public SSLSocketFactory( ... ) */ - Log.d(TAG, "Hooking SSLSocketFactory(String, KeyStore, String, KeyStore) for: " + currentPackageName); - findAndHookConstructor(SSLSocketFactory.class, String.class, KeyStore.class, String.class, KeyStore.class, - SecureRandom.class, HostNameResolver.class, new XC_MethodHook() { - @Override - protected void afterHookedMethod(MethodHookParam param) throws Throwable { + try { + Log.d(TAG, "Hooking SSLSocketFactory(String, KeyStore, String, KeyStore) for: " + currentPackageName); + findAndHookConstructor(SSLSocketFactory.class, String.class, KeyStore.class, String.class, KeyStore.class, + SecureRandom.class, HostNameResolver.class, new XC_MethodHook() { + @Override + protected void afterHookedMethod(MethodHookParam param) throws Throwable { - String algorithm = (String) param.args[0]; - KeyStore keystore = (KeyStore) param.args[1]; - String keystorePassword = (String) param.args[2]; - SecureRandom random = (SecureRandom) param.args[4]; + String algorithm = (String) param.args[0]; + KeyStore keystore = (KeyStore) param.args[1]; + String keystorePassword = (String) param.args[2]; + SecureRandom random = (SecureRandom) param.args[4]; - KeyManager[] keymanagers = null; - TrustManager[] trustmanagers = null; + KeyManager[] keymanagers = null; + TrustManager[] trustmanagers = null; - if (keystore != null) { - keymanagers = (KeyManager[]) callStaticMethod(SSLSocketFactory.class, "createKeyManagers", keystore, keystorePassword); - } + if (keystore != null) { + keymanagers = (KeyManager[]) callStaticMethod(SSLSocketFactory.class, "createKeyManagers", keystore, keystorePassword); + } - trustmanagers = new TrustManager[]{new ImSureItsLegitTrustManager()}; + trustmanagers = new TrustManager[]{new ImSureItsLegitTrustManager()}; - setObjectField(param.thisObject, "sslcontext", SSLContext.getInstance(algorithm)); - callMethod(getObjectField(param.thisObject, "sslcontext"), "init", keymanagers, trustmanagers, random); - setObjectField(param.thisObject, "socketfactory", - callMethod(getObjectField(param.thisObject, "sslcontext"), "getSocketFactory")); - } + setObjectField(param.thisObject, "sslcontext", SSLContext.getInstance(algorithm)); + callMethod(getObjectField(param.thisObject, "sslcontext"), "init", keymanagers, trustmanagers, random); + setObjectField(param.thisObject, "socketfactory", + callMethod(getObjectField(param.thisObject, "sslcontext"), "getSocketFactory")); + } - }); + }); - /* external/apache-http/src/org/apache/http/conn/ssl/SSLSocketFactory.java */ - /* public static SSLSocketFactory getSocketFactory() */ - Log.d(TAG, "Hooking static SSLSocketFactory(String, KeyStore, String, KeyStore) for: " + currentPackageName); - findAndHookMethod("org.apache.http.conn.ssl.SSLSocketFactory", lpparam.classLoader, "getSocketFactory", new XC_MethodReplacement() { - @Override - protected Object replaceHookedMethod(MethodHookParam param) throws Throwable { - return (SSLSocketFactory) newInstance(SSLSocketFactory.class); - } - }); + /* external/apache-http/src/org/apache/http/conn/ssl/SSLSocketFactory.java */ + /* public static SSLSocketFactory getSocketFactory() */ + Log.d(TAG, "Hooking static SSLSocketFactory(String, KeyStore, String, KeyStore) for: " + currentPackageName); + findAndHookMethod("org.apache.http.conn.ssl.SSLSocketFactory", lpparam.classLoader, "getSocketFactory", new XC_MethodReplacement() { + @Override + protected Object replaceHookedMethod(MethodHookParam param) throws Throwable { + return (SSLSocketFactory) newInstance(SSLSocketFactory.class); + } + }); + } catch (NoClassDefFoundError e) { + Log.d(TAG, "NoClassDefFoundError SSLSocketFactory HostNameResolver for: " + currentPackageName); + } /* external/apache-http/src/org/apache/http/conn/ssl/SSLSocketFactory.java */ /* public boolean isSecure(Socket) */ @@ -343,9 +347,7 @@ private javax.net.ssl.SSLSocketFactory getEmptySSLFactory() { SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, new TrustManager[]{new ImSureItsLegitTrustManager()}, null); return sslContext.getSocketFactory(); - } catch (NoSuchAlgorithmException e) { - return null; - } catch (KeyManagementException e) { + } catch (NoSuchAlgorithmException | KeyManagementException e) { return null; } } From f010b76d8fcd6805c4b9412730a5c666aafe5bad Mon Sep 17 00:00:00 2001 From: tenwx Date: Fri, 3 Sep 2021 19:47:22 +0800 Subject: [PATCH 07/10] support java11 sdk30 compile --- app/build.gradle | 6 ++++-- build.gradle | 8 +++++--- gradle/wrapper/gradle-wrapper.properties | 2 +- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/app/build.gradle b/app/build.gradle index 86234f0..74691e9 100644 --- a/app/build.gradle +++ b/app/build.gradle @@ -1,12 +1,12 @@ apply plugin: 'com.android.application' android { - compileSdkVersion 22 + compileSdkVersion 30 buildToolsVersion '25.0.2' defaultConfig { applicationId 'just.trust.me' minSdkVersion 16 - targetSdkVersion 23 + targetSdkVersion 30 versionCode 3 versionName '.3' } @@ -18,8 +18,10 @@ android { } productFlavors { } + useLibrary 'org.apache.http.legacy' } dependencies { provided fileTree(dir: 'libs', include: ['*.jar']) + compile 'org.apache.httpcomponents:httpcore:4.4.2' } diff --git a/build.gradle b/build.gradle index 5966013..7d1886b 100644 --- a/build.gradle +++ b/build.gradle @@ -2,10 +2,11 @@ buildscript { repositories { - jcenter() + google() + jcenter() } dependencies { - classpath 'com.android.tools.build:gradle:2.3.3' + classpath 'com.android.tools.build:gradle:4.2.2' // NOTE: Do not place your application dependencies here; they belong // in the individual module build.gradle files @@ -14,6 +15,7 @@ buildscript { allprojects { repositories { - jcenter() + google() + jcenter() } } diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index 3710617..966aa8e 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -2,4 +2,4 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-3.3-all.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-7.2-all.zip From 78a4fd50842fca908e63cf34a1e9565ceea25ba3 Mon Sep 17 00:00:00 2001 From: Konrad Kollnig <5175206+kasnder@users.noreply.github.com> Date: Fri, 27 May 2022 18:12:10 +0100 Subject: [PATCH 08/10] Update gradle --- app/build.gradle | 5 ++--- build.gradle | 2 +- gradle/wrapper/gradle-wrapper.properties | 2 +- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/app/build.gradle b/app/build.gradle index 74691e9..4711347 100644 --- a/app/build.gradle +++ b/app/build.gradle @@ -2,7 +2,6 @@ apply plugin: 'com.android.application' android { compileSdkVersion 30 - buildToolsVersion '25.0.2' defaultConfig { applicationId 'just.trust.me' minSdkVersion 16 @@ -22,6 +21,6 @@ android { } dependencies { - provided fileTree(dir: 'libs', include: ['*.jar']) - compile 'org.apache.httpcomponents:httpcore:4.4.2' + compileOnly fileTree(dir: 'libs', include: ['*.jar']) + implementation 'org.apache.httpcomponents:httpcore:4.4.2' } diff --git a/build.gradle b/build.gradle index 7d1886b..7b51aa0 100644 --- a/build.gradle +++ b/build.gradle @@ -6,7 +6,7 @@ buildscript { jcenter() } dependencies { - classpath 'com.android.tools.build:gradle:4.2.2' + classpath 'com.android.tools.build:gradle:7.2.1' // NOTE: Do not place your application dependencies here; they belong // in the individual module build.gradle files diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index 966aa8e..f338a88 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -2,4 +2,4 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-7.2-all.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-7.3.3-all.zip From 3a523b84532c1f3ed1ee0e8bc798084f40f8ab5c Mon Sep 17 00:00:00 2001 From: "kiber.io" Date: Tue, 19 Mar 2024 15:02:27 +0300 Subject: [PATCH 09/10] Support X509ExtendedTrustManager for sdk >= 24 --- app/src/main/java/just/trust/me/Main.java | 59 +++++++++++++++++++++-- 1 file changed, 55 insertions(+), 4 deletions(-) diff --git a/app/src/main/java/just/trust/me/Main.java b/app/src/main/java/just/trust/me/Main.java index 749b6eb..d44cd01 100644 --- a/app/src/main/java/just/trust/me/Main.java +++ b/app/src/main/java/just/trust/me/Main.java @@ -1,9 +1,12 @@ package just.trust.me; +import android.annotation.TargetApi; import android.content.Context; import android.net.http.SslError; import android.net.http.X509TrustManagerExtensions; +import android.os.Build; import android.util.Log; +import android.util.Pair; import android.webkit.SslErrorHandler; import android.webkit.WebView; @@ -35,9 +38,11 @@ import javax.net.ssl.HostnameVerifier; import javax.net.ssl.KeyManager; import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLParameters; import javax.net.ssl.SSLSession; import javax.net.ssl.TrustManager; +import javax.net.ssl.X509ExtendedTrustManager; import javax.net.ssl.X509TrustManager; import de.robv.android.xposed.IXposedHookLoadPackage; @@ -138,7 +143,7 @@ protected void afterHookedMethod(MethodHookParam param) throws Throwable { keymanagers = (KeyManager[]) callStaticMethod(SSLSocketFactory.class, "createKeyManagers", keystore, keystorePassword); } - trustmanagers = new TrustManager[]{new ImSureItsLegitTrustManager()}; + trustmanagers = new TrustManager[]{getTrustManager()}; setObjectField(param.thisObject, "sslcontext", SSLContext.getInstance(algorithm)); callMethod(getObjectField(param.thisObject, "sslcontext"), "init", keymanagers, trustmanagers, random); @@ -183,7 +188,7 @@ protected void afterHookedMethod(MethodHookParam param) throws Throwable { return; } - param.setResult(new TrustManager[]{new ImSureItsLegitTrustManager()}); + param.setResult(new TrustManager[]{getTrustManager()}); } }); @@ -232,7 +237,7 @@ protected Object replaceHookedMethod(MethodHookParam param) throws Throwable { protected void beforeHookedMethod(MethodHookParam param) throws Throwable { param.args[0] = null; - param.args[1] = new TrustManager[]{new ImSureItsLegitTrustManager()}; + param.args[1] = new TrustManager[]{getTrustManager()}; param.args[2] = null; } @@ -345,7 +350,7 @@ public boolean hasDefaultHTTPClient() { private javax.net.ssl.SSLSocketFactory getEmptySSLFactory() { try { SSLContext sslContext = SSLContext.getInstance("TLS"); - sslContext.init(null, new TrustManager[]{new ImSureItsLegitTrustManager()}, null); + sslContext.init(null, new TrustManager[]{getTrustManager()}, null); return sslContext.getSocketFactory(); } catch (NoSuchAlgorithmException | KeyManagementException e) { return null; @@ -566,6 +571,44 @@ void processHttpClientAndroidLib(ClassLoader classLoader) { } } + @TargetApi(Build.VERSION_CODES.N) + private class ImSureItsLegitExtendedTrustManager extends X509ExtendedTrustManager { + @Override + public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException { + + } + + @Override + public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException { + + } + + @Override + public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException { + + } + + @Override + public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException { + + } + + @Override + public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { + + } + + @Override + public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { + + } + + @Override + public X509Certificate[] getAcceptedIssuers() { + return new X509Certificate[0]; + } + } + private class ImSureItsLegitTrustManager implements X509TrustManager { @Override public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { @@ -586,6 +629,14 @@ public X509Certificate[] getAcceptedIssuers() { } } + private X509TrustManager getTrustManager() { + if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) { + return new ImSureItsLegitExtendedTrustManager(); + } else { + return new ImSureItsLegitTrustManager(); + } + } + private class ImSureItsLegitHostnameVerifier implements HostnameVerifier { @Override From cccf6e95d80f13d82f8efd9fe49e7c6c3fb06d42 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=A1=8C=E6=97=85=E9=80=94?= Date: Tue, 16 Jul 2024 23:01:33 +0800 Subject: [PATCH 10/10] chore: comment proxy config This is an infrequently used configuration introduced from commit ad5c3dd, which can lead to unknowingly troubleshooting non-existent network problems all the time. --- gradle.properties | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gradle.properties b/gradle.properties index cba9565..3bb8ecc 100644 --- a/gradle.properties +++ b/gradle.properties @@ -13,5 +13,5 @@ # http://www.gradle.org/docs/current/userguide/multi_project_builds.html#sec:decoupled_projects # org.gradle.parallel=true #Mon Jun 26 14:34:35 CST 2017 -systemProp.http.proxyHost=127.0.0.1 -systemProp.http.proxyPort=1080 +#systemProp.http.proxyHost=127.0.0.1 +#systemProp.http.proxyPort=1080