From e9bbd648b61cd153dea1ffe843a67e27a0631407 Mon Sep 17 00:00:00 2001 From: Jake Valletta Date: Mon, 19 Jun 2017 13:40:37 -0700 Subject: [PATCH] Updated TrustManagerImpl Support The previous versions were only hooking 1 of 3 methods used to perform server certificate checks. This commit adds the remaining 2 methods. --- app/src/main/java/just/trust/me/Main.java | 93 ++++++++++++++--------- 1 file changed, 59 insertions(+), 34 deletions(-) diff --git a/app/src/main/java/just/trust/me/Main.java b/app/src/main/java/just/trust/me/Main.java index 6e84d4c..ec6cf59 100644 --- a/app/src/main/java/just/trust/me/Main.java +++ b/app/src/main/java/just/trust/me/Main.java @@ -6,38 +6,38 @@ import android.util.Log; import android.webkit.SslErrorHandler; import android.webkit.WebView; -import java.io.IOException; -import java.net.Socket; -import java.net.UnknownHostException; -import java.util.ArrayList; -import java.util.List; - -import java.security.SecureRandom; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.cert.CertificateException; -import java.security.cert.X509Certificate; -import java.security.KeyManagementException; -import java.security.NoSuchAlgorithmException; -import java.security.UnrecoverableKeyException; - -import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.KeyManager; -import javax.net.ssl.SSLContext; -import javax.net.ssl.TrustManager; -import javax.net.ssl.X509TrustManager; - import org.apache.http.conn.ClientConnectionManager; import org.apache.http.conn.scheme.HostNameResolver; import org.apache.http.conn.scheme.PlainSocketFactory; -import org.apache.http.conn.scheme.SchemeRegistry; import org.apache.http.conn.scheme.Scheme; +import org.apache.http.conn.scheme.SchemeRegistry; import org.apache.http.conn.ssl.SSLSocketFactory; import org.apache.http.impl.client.DefaultHttpClient; import org.apache.http.impl.conn.SingleClientConnManager; import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager; import org.apache.http.params.HttpParams; +import java.io.IOException; +import java.net.Socket; +import java.net.UnknownHostException; +import java.security.KeyManagementException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; +import java.security.UnrecoverableKeyException; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.List; + +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.KeyManager; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSession; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; + import de.robv.android.xposed.IXposedHookLoadPackage; import de.robv.android.xposed.XC_MethodHook; import de.robv.android.xposed.XC_MethodReplacement; @@ -47,10 +47,10 @@ import static de.robv.android.xposed.XposedHelpers.callMethod; import static de.robv.android.xposed.XposedHelpers.callStaticMethod; import static de.robv.android.xposed.XposedHelpers.findAndHookConstructor; import static de.robv.android.xposed.XposedHelpers.findAndHookMethod; +import static de.robv.android.xposed.XposedHelpers.findClass; import static de.robv.android.xposed.XposedHelpers.getObjectField; import static de.robv.android.xposed.XposedHelpers.newInstance; import static de.robv.android.xposed.XposedHelpers.setObjectField; -import static de.robv.android.xposed.XposedHelpers.findClass; public class Main implements IXposedHookLoadPackage { @@ -251,21 +251,46 @@ public class Main implements IXposedHookLoadPackage { /* Only for newer devices should we try to hook TrustManagerImpl */ if (hasTrustManagerImpl()) { + /* TrustManagerImpl Hooks */ + /* external/conscrypt/src/platform/java/org/conscrypt/TrustManagerImpl.java */ + Log.d(TAG, "Hooking com.android.org.conscrypt.TrustManagerImpl for: " + currentPackageName); + + /* public void checkServerTrusted(X509Certificate[] chain, String authType) */ + findAndHookMethod("com.android.org.conscrypt.TrustManagerImpl", lpparam.classLoader, + "checkServerTrusted", X509Certificate[].class, String.class, + new XC_MethodReplacement() { + @Override + protected Object replaceHookedMethod(MethodHookParam param) throws Throwable { + return 0; + } + }); - /* external/conscrypt/src/platform/java/org/conscrypt/TrustManagerImpl.java#217 */ /* public List checkServerTrusted(X509Certificate[] chain, String authType, String host) throws CertificateException */ - Log.d(TAG, "Hooking com.android.org.conscrypt.TrustManagerImpl.checkServerTrusted(X509Certificate[]) for: " + currentPackageName); findAndHookMethod("com.android.org.conscrypt.TrustManagerImpl", lpparam.classLoader, - "checkServerTrusted", X509Certificate[].class, String.class, - String.class, new XC_MethodReplacement() { - @Override - protected Object replaceHookedMethod(MethodHookParam param) throws Throwable { - ArrayList list = new ArrayList(); - return list; - } - }); - } + "checkServerTrusted", X509Certificate[].class, String.class, + String.class, new XC_MethodReplacement() { + @Override + protected Object replaceHookedMethod(MethodHookParam param) throws Throwable { + ArrayList list = new ArrayList(); + return list; + } + }); + + + /* public List checkServerTrusted(X509Certificate[] chain, + String authType, SSLSession session) throws CertificateException */ + findAndHookMethod("com.android.org.conscrypt.TrustManagerImpl", lpparam.classLoader, + "checkServerTrusted", X509Certificate[].class, String.class, + SSLSession.class, new XC_MethodReplacement() { + @Override + protected Object replaceHookedMethod(MethodHookParam param) throws Throwable { + ArrayList list = new ArrayList(); + return list; + } + }); + } + } // End Hooks /* Helpers */