Skip to content

SSL pinning not bypassed for boursobank app #130

New issue
New issue
Open
Open
SSL pinning not bypassed for boursobank app#130
@F-DXI

Description

@F-DXI
F-DXI
opened on Feb 7, 2025

Hello !

I'm trying to use your scripts to bypass the boursobank app. It seems that it doesn't work as mitmproxy shows that the API address disconnect during the SSL handshake

MITMProxy Events log :

info: [21:26:49.004][127.0.0.1:42465] client connect
info: [21:26:49.032][127.0.0.1:42465] error establishing server connection: Multiple exceptions: [Errno 111] Connect
call failed ('0.0.0.0', 443), [Errno 111] Connect call failed ('::', 443, 0, 0)
info: [21:26:49.034][127.0.0.1:42465] client disconnect
info: [21:26:49.181][127.0.0.1:48437] client connect
info: [21:26:49.218][127.0.0.1:48437] server connect api.boursobank.com:443 (193.41.83.8:443)
info: [21:26:49.283][127.0.0.1:48437] Client TLS handshake failed. The client disconnected during the handshake. If
this happens consistently for api.boursobank.com, this may indicate that the client does not trust the proxy's
certificate.
info: [21:26:49.284][127.0.0.1:48437] client disconnect
info: [21:26:49.285][127.0.0.1:48437] server disconnect api.boursobank.com:443 (193.41.83.8:443)
info: [21:26:53.082][127.0.0.1:39623] client connect
info: [21:26:53.100][127.0.0.1:39623] error establishing server connection: Multiple exceptions: [Errno 111] Connect
call failed ('0.0.0.0', 443), [Errno 111] Connect call failed ('::', 443, 0, 0)
info: [21:26:53.102][127.0.0.1:39623] client disconnect
info: [21:27:02.157][127.0.0.1:44177] client connect
info: [21:27:02.175][127.0.0.1:44177] error establishing server connection: Multiple exceptions: [Errno 111] Connect
call failed ('0.0.0.0', 443), [Errno 111] Connect call failed ('::', 443, 0, 0)
info: [21:27:02.177][127.0.0.1:44177] client disconnect

I'm using the scripts with the following command :

frida -U \ 
    -l ./config.js \
    -l ./native-connect-hook.js \
    -l ./android/android-proxy-override.js \
    -l ./android/android-system-certificate-injection.js \
    -l ./android/android-certificate-unpinning.js \
    -l ./android/android-certificate-unpinning-fallback.js \
    -f com.boursorama.android.clients

I had to stop using the script ./native-tls-hook.js because all the addresses return errors.

info: [21:16:00.881][127.0.0.1:38985] server connect api.boursobank.com:443 (193.41.83.8:443)
info: [21:16:00.930][127.0.0.1:38985] Client TLS handshake failed. The client disconnected during the handshake. If this happens consistently for api.boursobank.com, this may indicate that the client does not trust the proxy's
certificate.
info: [21:16:00.931][127.0.0.1:38985] client disconnect
info: [21:16:00.932][127.0.0.1:38985] server disconnect api.boursobank.com:443 (193.41.83.8:443)
info: [21:20:47.003][127.0.0.1:56201] client connect
info: [21:20:47.010][127.0.0.1:56201] error establishing server connection: Multiple exceptions: [Errno 111] Connect call failed ('0.0.0.0', 443), [Errno 111] Connect call failed ('::', 443, 0, 0)
info: [21:20:47.013][127.0.0.1:56201] client disconnect
info: [21:20:55.270][127.0.0.1:33501] client connect
info: [21:20:55.278][127.0.0.1:33501] error establishing server connection: Multiple exceptions: [Errno 111] Connect call failed ('0.0.0.0', 443), [Errno 111] Connect call failed ('::', 443, 0, 0)
info: [21:20:55.281][127.0.0.1:33501] client disconnect
info: [21:20:55.296][127.0.0.1:51469] client connect
warn: [21:20:55.310][127.0.0.1:51469] Client TLS handshake failed. The client does not trust the proxy's certificate for mobile-production.content-square.net (OpenSSL Error([('SSL routines', '', 'ssl/tls alert certificate unknown')]))
info: [21:20:55.312][127.0.0.1:51469] client disconnect
info: [21:20:55.314][127.0.0.1:42461] client connect
warn: [21:20:55.326][127.0.0.1:42461] Client TLS handshake failed. The client does not trust the proxy's certificate for mobile-production.content-square.net (OpenSSL Error([('SSL routines', '', 'ssl/tls alert certificate unknown')]))
info: [21:20:55.327][127.0.0.1:42461] client disconnect
info: [21:20:55.491][127.0.0.1:44831] client connect
info: [21:20:55.497][127.0.0.1:44831] error establishing server connection: Multiple exceptions: [Errno 111] Connect call failed ('0.0.0.0', 443), [Errno 111] Connect call failed ('::', 443, 0, 0)
info: [21:20:55.502][127.0.0.1:44831] client disconnect
info: [21:20:55.515][127.0.0.1:39209] client connect
warn: [21:20:55.522][127.0.0.1:39209] Client TLS handshake failed. The client does not trust the proxy's certificate for crashlyticsreports-pa.googleapis.com (OpenSSL Error([('SSL routines', '', 'ssl/tls alert certificate unknown')]))
info: [21:20:55.525][127.0.0.1:39209] client disconnect
info: [21:20:55.529][127.0.0.1:55651] client connect
warn: [21:20:55.539][127.0.0.1:55651] Client TLS handshake failed. The client does not trust the proxy's certificate for crashlyticsreports-pa.googleapis.com (OpenSSL Error([('SSL routines', '', 'ssl/tls alert certificate unknown')]))
info: [21:20:55.541][127.0.0.1:55651] client disconnect
info: [21:20:55.616][127.0.0.1:39853] client connect
info: [21:20:55.655][127.0.0.1:39853] server connect firebaseremoteconfig.googleapis.com:443 ([2a00:1450:4007:808::200a]:443)
warn: [21:20:55.689][127.0.0.1:39853] Client TLS handshake failed. The client does not trust the proxy's certificate for firebaseremoteconfig.googleapis.com (OpenSSL Error([('SSL routines', '', 'ssl/tls alert certificate unknown')]))
info: [21:20:55.690][127.0.0.1:39853] client disconnect

Maybe the adb logs on the app process can help ?

02-07 21:43:57.312 10894 10894 W android.client: Unexpected CPU variant for X86 using defaults: x86_64
02-07 21:43:57.315   344   344 D Zygote  : Forked child process 10894
02-07 21:43:57.316   543   572 I ActivityManager: Start proc 10894:com.boursorama.android.clients/u0a145 for pre-top-activity {com.boursorama.android.clients/android.app.src.main.kotlin.com.boursorama.android.clients.MainActivity}
02-07 21:43:57.319  2033  2044 I adbd    : jdwp connection from 10894
02-07 21:43:57.634 10894 10894 D CompatibilityChangeReporter: Compat change id reported: 171979766; UID 10145; state: ENABLED
02-07 21:43:58.024 10894 10894 V GraphicsEnvironment: ANGLE Developer option for 'com.boursorama.android.clients' set to: 'default'
02-07 21:43:58.025 10894 10894 V GraphicsEnvironment: Neither updatable production driver nor prerelease driver is supported.
02-07 21:43:58.025 10894 10894 D NetworkSecurityConfig: No Network Security Config specified, using platform default
02-07 21:43:58.026 10894 10894 D NetworkSecurityConfig: No Network Security Config specified, using platform default
02-07 21:43:58.036 10894 10894 D SessionsDependencies: Dependency to CRASHLYTICS added.
02-07 21:43:58.038 10894 10894 I FirebaseApp: Device unlocked: initializing all Firebase APIs for app [DEFAULT]
02-07 21:43:58.042 10894 10894 I FirebaseCrashlytics: Initializing Firebase Crashlytics 18.6.3 for com.boursorama.android.clients
02-07 21:43:58.049 10894 10894 D SessionsDependencies: Subscriber CRASHLYTICS registered.
02-07 21:43:58.054 10894 10922 I DynamiteModule: Considering local module com.google.android.gms.measurement.dynamite:105 and remote module com.google.android.gms.measurement.dynamite:87
02-07 21:43:58.055 10894 10922 I DynamiteModule: Selected local version of com.google.android.gms.measurement.dynamite
02-07 21:43:58.073 10894 10925 I FirebaseCrashlytics: No version control information found
02-07 21:43:58.080 10894 10930 I FA      : App measurement initialized, version: 87000
02-07 21:43:58.080 10894 10930 I FA      : To enable debug logging run: adb shell setprop log.tag.FA VERBOSE
02-07 21:43:58.081 10894 10930 I FA      : To enable faster debug mode event logging run:
02-07 21:43:58.081 10894 10930 I FA      :   adb shell setprop debug.firebase.analytics.app com.boursorama.android.clients
02-07 21:43:58.087 10894 10894 D FirebaseSessions: Initializing Firebase Sessions SDK.
02-07 21:43:58.089 10894 10894 I FirebaseInitProvider: FirebaseApp initialization successful
02-07 21:43:58.089 10894 10894 D FLTFireContextHolder: received application context.
02-07 21:43:58.089 10894 10947 D LifecycleServiceBinder: Binding service to application.
02-07 21:43:58.101 10894 10954 D libEGL  : loaded /vendor/lib64/egl/libEGL_emulation.so
02-07 21:43:58.103 10894 10954 D libEGL  : loaded /vendor/lib64/egl/libGLESv1_CM_emulation.so
02-07 21:43:58.106 10894 10954 D libEGL  : loaded /vendor/lib64/egl/libGLESv2_emulation.so
02-07 21:43:58.118   543   603 D ConnectivityService: requestNetwork for uid/pid:10145/10894 activeRequest: null callbackRequest: 204 [NetworkRequest [ REQUEST id=204, [ Capabilities: NOT_RESTRICTED&TRUSTED&NOT_VPN&NOT_VCN_MANAGED Uid: 10145 RequestorUid: 10145 RequestorPkg: com.boursorama.android.clients] ]] callback flags: 0 priority: 2147483647
02-07 21:43:58.134 10894 10894 I CSLIB   : Contentsquare SDK 4.27.1 starting in app: com.boursorama.android.clients
02-07 21:43:58.162 10894 10894 W android.clients: type=1400 audit(0.0:92): avc: denied { read } for name="max_map_count" dev="proc" ino=8756185 scontext=u:r:untrusted_app:s0:c145,c256,c512,c768 tcontext=u:object_r:proc_max_map_count:s0 tclass=file permissive=0 app=com.boursorama.android.clients
02-07 21:43:58.170 10894 10894 D HostConnection: createUnique: call
02-07 21:43:58.170 10894 10894 D HostConnection: HostConnection::get() New Host Connection established 0x7aa5e7099c50, tid 10894
02-07 21:43:58.175 10894 10894 D HostConnection: HostComposition ext ANDROID_EMU_CHECKSUM_HELPER_v1 ANDROID_EMU_native_sync_v2 ANDROID_EMU_native_sync_v3 ANDROID_EMU_native_sync_v4 ANDROID_EMU_dma_v1 ANDROID_EMU_direct_mem ANDROID_EMU_host_composition_v1 ANDROID_EMU_host_composition_v2 ANDROID_EMU_vulkan ANDROID_EMU_deferred_vulkan_commands ANDROID_EMU_vulkan_null_optional_strings ANDROID_EMU_vulkan_create_resources_with_requirements ANDROID_EMU_YUV_Cache ANDROID_EMU_vulkan_ignored_handles ANDROID_EMU_has_shared_slots_host_memory_allocator ANDROID_EMU_vulkan_free_memory_sync ANDROID_EMU_vulkan_shader_float16_int8 ANDROID_EMU_vulkan_async_queue_submit ANDROID_EMU_vulkan_queue_submit_with_commands ANDROID_EMU_sync_buffer_data ANDROID_EMU_vulkan_async_qsri ANDROID_EMU_read_color_buffer_dma GL_OES_EGL_image_external_essl3 GL_OES_vertex_array_object GL_KHR_texture_compression_astc_ldr ANDROID_EMU_host_side_tracing ANDROID_EMU_gles_max_version_3_1 
02-07 21:43:58.178 10894 10894 D EGL_emulation: eglCreateContext: 0x7aa5e7099650: maj 3 min 1 rcv 4
02-07 21:43:58.179 10894 10894 D EGL_emulation: eglCreateContext: 0x7aa5e7099590: maj 3 min 1 rcv 4
02-07 21:43:58.180 10894 10970 D HostConnection: createUnique: call
02-07 21:43:58.181 10894 10970 D HostConnection: HostConnection::get() New Host Connection established 0x7aa5e709d3d0, tid 10970
02-07 21:43:58.187 10894 10970 D HostConnection: HostComposition ext ANDROID_EMU_CHECKSUM_HELPER_v1 ANDROID_EMU_native_sync_v2 ANDROID_EMU_native_sync_v3 ANDROID_EMU_native_sync_v4 ANDROID_EMU_dma_v1 ANDROID_EMU_direct_mem ANDROID_EMU_host_composition_v1 ANDROID_EMU_host_composition_v2 ANDROID_EMU_vulkan ANDROID_EMU_deferred_vulkan_commands ANDROID_EMU_vulkan_null_optional_strings ANDROID_EMU_vulkan_create_resources_with_requirements ANDROID_EMU_YUV_Cache ANDROID_EMU_vulkan_ignored_handles ANDROID_EMU_has_shared_slots_host_memory_allocator ANDROID_EMU_vulkan_free_memory_sync ANDROID_EMU_vulkan_shader_float16_int8 ANDROID_EMU_vulkan_async_queue_submit ANDROID_EMU_vulkan_queue_submit_with_commands ANDROID_EMU_sync_buffer_data ANDROID_EMU_vulkan_async_qsri ANDROID_EMU_read_color_buffer_dma GL_OES_EGL_image_external_essl3 GL_OES_vertex_array_object GL_KHR_texture_compression_astc_ldr ANDROID_EMU_host_side_tracing ANDROID_EMU_gles_max_version_3_1 
02-07 21:43:58.188 10894 10970 D EGL_emulation: eglMakeCurrent: 0x7aa5e7099590: ver 3 1 (tinfo 0x7aa803202100) (first time)
02-07 21:43:58.197 10894 10894 W Adjust  : Adjust not initialized, can't perform onResume
02-07 21:43:58.221 10894 10978 I DynamiteModule: Considering local module com.google.mlkit.dynamite.barcode:10000 and remote module com.google.mlkit.dynamite.barcode:0
02-07 21:43:58.221 10894 10978 I DynamiteModule: Selected local version of com.google.mlkit.dynamite.barcode
02-07 21:43:58.250 10894 10894 D PathProviderPlugin: Don't use TaskQueues.
02-07 21:43:58.253   543   603 W ServiceManager: Permission failure: android.permission.HIGH_SAMPLING_RATE_SENSORS from uid=10145 pid=10894
02-07 21:43:58.261 10894 10968 I flutter : [start app in Environment{environmentLevel: Instance of 'Env'.environmentLevel, defaultLocale: fr_FR}] with native mode release
02-07 21:43:58.277 10894 10930 I FA      : Tag Manager is not found and thus will not be used
02-07 21:43:58.280 10894 10942 D SessionLifecycleClient: Queued message 1. Queue size 1
02-07 21:43:58.290 10894 10894 D SessionLifecycleService: Service bound to new client on process 10894
02-07 21:43:58.291 10894 10986 D SessionLifecycleService: App has not yet foregrounded. Using previously stored session: null
02-07 21:43:58.291 10894 10986 D SessionLifecycleService: Client android.os.Messenger@3880792 bound at 6249485. Clients: 1
02-07 21:43:58.299 10894 10952 D HostConnection: createUnique: call
02-07 21:43:58.300 10894 10952 D HostConnection: HostConnection::get() New Host Connection established 0x7aa5e709d250, tid 10952
02-07 21:43:58.304 10894 10969 I Gralloc4: mapper 4.x is not supported
02-07 21:43:58.305 10894 10969 D HostConnection: createUnique: call
02-07 21:43:58.305 10894 10969 D HostConnection: HostConnection::get() New Host Connection established 0x7aa5e709be10, tid 10969
02-07 21:43:58.306 10894 10952 D HostConnection: HostComposition ext ANDROID_EMU_CHECKSUM_HELPER_v1 ANDROID_EMU_native_sync_v2 ANDROID_EMU_native_sync_v3 ANDROID_EMU_native_sync_v4 ANDROID_EMU_dma_v1 ANDROID_EMU_direct_mem ANDROID_EMU_host_composition_v1 ANDROID_EMU_host_composition_v2 ANDROID_EMU_vulkan ANDROID_EMU_deferred_vulkan_commands ANDROID_EMU_vulkan_null_optional_strings ANDROID_EMU_vulkan_create_resources_with_requirements ANDROID_EMU_YUV_Cache ANDROID_EMU_vulkan_ignored_handles ANDROID_EMU_has_shared_slots_host_memory_allocator ANDROID_EMU_vulkan_free_memory_sync ANDROID_EMU_vulkan_shader_float16_int8 ANDROID_EMU_vulkan_async_queue_submit ANDROID_EMU_vulkan_queue_submit_with_commands ANDROID_EMU_sync_buffer_data ANDROID_EMU_vulkan_async_qsri ANDROID_EMU_read_color_buffer_dma GL_OES_EGL_image_external_essl3 GL_OES_vertex_array_object GL_KHR_texture_compression_astc_ldr ANDROID_EMU_host_side_tracing ANDROID_EMU_gles_max_version_3_1 
02-07 21:43:58.306 10894 10952 W OpenGLRenderer: Failed to choose config with EGL_SWAP_BEHAVIOR_PRESERVED, retrying without...
02-07 21:43:58.306 10894 10952 W OpenGLRenderer: Failed to initialize 101010-2 format, error = EGL_SUCCESS
02-07 21:43:58.308 10894 10952 D EGL_emulation: eglCreateContext: 0x7aa5e709ca10: maj 3 min 1 rcv 4
02-07 21:43:58.331 10894 10969 D goldfish-address-space: allocate: Ask for block of size 0x100
02-07 21:43:58.332 10894 10969 D goldfish-address-space: allocate: ioctl allocate returned offset 0x3fbffe000 size 0x2000
02-07 21:43:58.359 10894 10952 D EGL_emulation: eglMakeCurrent: 0x7aa5e709ca10: ver 3 1 (tinfo 0x7aa803202180) (first time)
02-07 21:43:58.360 10894 10969 W Gralloc4: allocator 4.x is not supported
02-07 21:43:58.365 10894 10987 I TRuntime.CctTransportBackend: Making request to: https://crashlyticsreports-pa.googleapis.com/v1/firelog/legacy/batchlog
02-07 21:43:58.367 10894 10969 D HostConnection: HostComposition ext ANDROID_EMU_CHECKSUM_HELPER_v1 ANDROID_EMU_native_sync_v2 ANDROID_EMU_native_sync_v3 ANDROID_EMU_native_sync_v4 ANDROID_EMU_dma_v1 ANDROID_EMU_direct_mem ANDROID_EMU_host_composition_v1 ANDROID_EMU_host_composition_v2 ANDROID_EMU_vulkan ANDROID_EMU_deferred_vulkan_commands ANDROID_EMU_vulkan_null_optional_strings ANDROID_EMU_vulkan_create_resources_with_requirements ANDROID_EMU_YUV_Cache ANDROID_EMU_vulkan_ignored_handles ANDROID_EMU_has_shared_slots_host_memory_allocator ANDROID_EMU_vulkan_free_memory_sync ANDROID_EMU_vulkan_shader_float16_int8 ANDROID_EMU_vulkan_async_queue_submit ANDROID_EMU_vulkan_queue_submit_with_commands ANDROID_EMU_sync_buffer_data ANDROID_EMU_vulkan_async_qsri ANDROID_EMU_read_color_buffer_dma GL_OES_EGL_image_external_essl3 GL_OES_vertex_array_object GL_KHR_texture_compression_astc_ldr ANDROID_EMU_host_side_tracing ANDROID_EMU_gles_max_version_3_1 
02-07 21:43:58.367 10894 10969 D HostConnection: createUnique: call
02-07 21:43:58.368 10894 10969 D HostConnection: HostConnection::get() New Host Connection established 0x7aa5e709d010, tid 10969
02-07 21:43:58.377 10894 10969 D HostConnection: HostComposition ext ANDROID_EMU_CHECKSUM_HELPER_v1 ANDROID_EMU_native_sync_v2 ANDROID_EMU_native_sync_v3 ANDROID_EMU_native_sync_v4 ANDROID_EMU_dma_v1 ANDROID_EMU_direct_mem ANDROID_EMU_host_composition_v1 ANDROID_EMU_host_composition_v2 ANDROID_EMU_vulkan ANDROID_EMU_deferred_vulkan_commands ANDROID_EMU_vulkan_null_optional_strings ANDROID_EMU_vulkan_create_resources_with_requirements ANDROID_EMU_YUV_Cache ANDROID_EMU_vulkan_ignored_handles ANDROID_EMU_has_shared_slots_host_memory_allocator ANDROID_EMU_vulkan_free_memory_sync ANDROID_EMU_vulkan_shader_float16_int8 ANDROID_EMU_vulkan_async_queue_submit ANDROID_EMU_vulkan_queue_submit_with_commands ANDROID_EMU_sync_buffer_data ANDROID_EMU_vulkan_async_qsri ANDROID_EMU_read_color_buffer_dma GL_OES_EGL_image_external_essl3 GL_OES_vertex_array_object GL_KHR_texture_compression_astc_ldr ANDROID_EMU_host_side_tracing ANDROID_EMU_gles_max_version_3_1 
02-07 21:43:58.377 10894 10969 D EGL_emulation: eglMakeCurrent: 0x7aa5e7099650: ver 3 1 (tinfo 0x7aa803202200) (first time)
02-07 21:43:58.379 10894 10969 D EGL_emulation: eglCreateContext: 0x7aa5e709da90: maj 3 min 1 rcv 4
02-07 21:43:58.387 10894 10894 W FlutterWebRTCPlugin: audioFocusChangeListener [Speakerphone(name=Speakerphone)] Speakerphone(name=Speakerphone)
02-07 21:43:58.387 10894 10894 D SessionLifecycleClient: Connected to SessionLifecycleService. Queue size 1
02-07 21:43:58.389 10894 10942 D SessionLifecycleClient: Sending lifecycle 1 to service
02-07 21:43:58.393 10894 10986 D SessionLifecycleService: Activity foregrounding at 6249585.
02-07 21:43:58.393 10894 10986 D SessionLifecycleService: Cold start detected.
02-07 21:43:58.394 10894 10986 D SessionLifecycleService: Generated new session 9729e7014b3f49c19c17ad2cf641cc2f
02-07 21:43:58.394 10894 10986 D SessionLifecycleService: Broadcasting new session: SessionDetails(sessionId=9729e7014b3f49c19c17ad2cf641cc2f, firstSessionId=9729e7014b3f49c19c17ad2cf641cc2f, sessionIndex=0, sessionStartTimestampUs=1738961038394000)
02-07 21:43:58.395 10894 10938 D SessionFirelogPublisher: Data Collection is enabled for at least one Subscriber
02-07 21:43:58.398 10894 10894 D SessionLifecycleClient: Session update received: 9729e7014b3f49c19c17ad2cf641cc2f
02-07 21:43:58.399 10894 10927 D SessionLifecycleClient: Notified CRASHLYTICS of new session 9729e7014b3f49c19c17ad2cf641cc2f
02-07 21:43:58.399 10894 10947 D EventGDTLogger: Session Event: {"eventType":1,"sessionData":{"sessionId":"9729e7014b3f49c19c17ad2cf641cc2f","firstSessionId":"9729e7014b3f49c19c17ad2cf641cc2f","sessionIndex":0,"eventTimestampUs":1738961038394000,"dataCollectionStatus":{"performance":1,"crashlytics":2,"sessionSamplingRate":1.0},"firebaseInstallationId":"fgy7OZefRNmyOh4mkwXZTa","firebaseAuthenticationToken":"eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJhcHBJZCI6IjE6NjY2MDk5NTQ0MjAxOmFuZHJvaWQ6NmZhMDhjOTJhOGIyZWVjMiIsImV4cCI6MTczOTU1NjY2NSwiZmlkIjoiZmd5N09aZWZSTm15T2g0bWt3WFpUYSIsInByb2plY3ROdW1iZXIiOjY2NjA5OTU0NDIwMX0.AB2LPV8wRgIhALKc-494XuT60oGDOpbdWMXKZuNJnU6oh5FpzfIqZ7efAiEAuHQrfe3jPQ6Bxo1oRZ1fx24XInFNPl0D9-IHfozAUpY"},"applicationInfo":{"appId":"1:666099544201:android:6fa08c92a8b2eec2","deviceModel":"sdk_gphone64_x86_64","sessionSdkVersion":"1.2.3","osVersion":"12","logEnvironment":3,"androidAppInfo":{"packageName":"com.boursorama.android.clients","versionName":"7.33.1","appBuildVersion":"158500100","deviceManufacturer":"Google","currentProcessDetails":{"processName":"com.boursorama.android.clients","pid":10894,"importance":100,"defaultProcess":true},"appProcessDetails":[{"processName":"com.boursorama.android.clients","pid":10894,"importance":100,"defaultProcess":true}]}}}
02-07 21:43:58.399 10894 10947 D SessionFirelogPublisher: Successfully logged Session Start event: 9729e7014b3f49c19c17ad2cf641cc2f
02-07 21:43:58.460 10894 10894 D SplashScreenView: Building from parcel drawable: android.graphics.drawable.BitmapDrawable@3c5f877
02-07 21:43:58.461 10894 10894 D SplashScreenView: Build android.window.SplashScreenView{d4954d V.E...... ......ID 0,0-0,0}
02-07 21:43:58.461 10894 10894 D SplashScreenView: Icon: view: android.widget.ImageView{68f3802 V.ED..... ......I. 0,0-0,0 #10204a7 android:id/splashscreen_icon_view} drawable: android.graphics.drawable.BitmapDrawable@3c5f877 size: 192
02-07 21:43:58.461 10894 10894 D SplashScreenView: Branding: view: android.view.View{197a513 G.ED..... ......I. 0,0-0,0 #10204a6 android:id/splashscreen_branding_view} drawable: null size w: 0 h: 0
02-07 21:43:58.479 10894 10894 D SplashScreenView: remove starting view
02-07 21:43:58.628 10894 10968 I flutter : Override form remote config env APICLIENT_CERTPINNING_DISABLED with false
02-07 21:43:58.628 10894 10968 I flutter : Override form remote config env APPAUTH_RETRY_LIMIT with 2
02-07 21:43:58.628 10894 10968 I flutter : Override form remote config env STARTUP_CERTIFPINNING_ENABLED with false
02-07 21:43:58.628 10894 10968 I flutter : Override form remote config env CONTENT_SQUARE_SDK_ENABLED with false
02-07 21:43:58.628 10894 10968 I flutter : Override app config APPAUTH_DISABLED for app with false
02-07 21:43:58.705 10894 10968 I flutter : WE ARE USING 127.0.0.1:9999
02-07 21:43:59.127 10894 10968 I flutter : WE ARE USING 127.0.0.1:9999
02-07 21:43:59.161 10894 10968 I flutter : WE ARE USING 127.0.0.1:9999
02-07 21:43:59.214 10894 10967 W FlutterJNI: FlutterJNI.loadLibrary called more than once
02-07 21:43:59.214 10894 11008 W FlutterJNI: FlutterJNI.prefetchDefaultFontManager called more than once
02-07 21:43:59.215 10894 10894 W FlutterJNI: FlutterJNI.init called more than once
02-07 21:43:59.215 10894 10894 I FLTFireBGExecutor: Creating background FlutterEngine instance, with args: []
02-07 21:43:59.218 10894 10894 D EGL_emulation: eglCreateContext: 0x7aa5e70a2890: maj 3 min 1 rcv 4
02-07 21:43:59.220 10894 10894 D EGL_emulation: eglCreateContext: 0x7aa5e70a0490: maj 3 min 1 rcv 4
02-07 21:43:59.222 10894 11011 D HostConnection: createUnique: call
02-07 21:43:59.222 10894 11011 D HostConnection: HostConnection::get() New Host Connection established 0x7aa5e70a48d0, tid 11011
02-07 21:43:59.226 10894 11011 D HostConnection: HostComposition ext ANDROID_EMU_CHECKSUM_HELPER_v1 ANDROID_EMU_native_sync_v2 ANDROID_EMU_native_sync_v3 ANDROID_EMU_native_sync_v4 ANDROID_EMU_dma_v1 ANDROID_EMU_direct_mem ANDROID_EMU_host_composition_v1 ANDROID_EMU_host_composition_v2 ANDROID_EMU_vulkan ANDROID_EMU_deferred_vulkan_commands ANDROID_EMU_vulkan_null_optional_strings ANDROID_EMU_vulkan_create_resources_with_requirements ANDROID_EMU_YUV_Cache ANDROID_EMU_vulkan_ignored_handles ANDROID_EMU_has_shared_slots_host_memory_allocator ANDROID_EMU_vulkan_free_memory_sync ANDROID_EMU_vulkan_shader_float16_int8 ANDROID_EMU_vulkan_async_queue_submit ANDROID_EMU_vulkan_queue_submit_with_commands ANDROID_EMU_sync_buffer_data ANDROID_EMU_vulkan_async_qsri ANDROID_EMU_read_color_buffer_dma GL_OES_EGL_image_external_essl3 GL_OES_vertex_array_object GL_KHR_texture_compression_astc_ldr ANDROID_EMU_host_side_tracing ANDROID_EMU_gles_max_version_3_1 
02-07 21:43:59.227 10894 11011 D EGL_emulation: eglMakeCurrent: 0x7aa5e70a0490: ver 3 1 (tinfo 0x7aa803202280) (first time)
02-07 21:43:59.232 10894 10894 D PathProviderPlugin: Don't use TaskQueues.
02-07 21:43:59.234 10894 10894 W FlutterWebRTCPlugin: audioFocusChangeListener [Speakerphone(name=Speakerphone)] Speakerphone(name=Speakerphone)
02-07 21:43:59.270   543  2037 W ServiceManager: Permission failure: android.permission.HIGH_SAMPLING_RATE_SENSORS from uid=10145 pid=10894
02-07 21:43:59.271   543  2037 W ServiceManager: Permission failure: android.permission.HIGH_SAMPLING_RATE_SENSORS from uid=10145 pid=10894
02-07 21:43:59.292 10894 10894 I FLTFireMsgService: FlutterFirebaseMessagingBackgroundService started!
02-07 21:43:59.304 10894 10968 I flutter : WE ARE USING 127.0.0.1:9999
02-07 21:43:59.462 10894 10969 D EGL_emulation: app_time_stats: avg=94.11ms min=1.68ms max=756.38ms count=11
02-07 21:43:59.517 10894 10987 I TRuntime.CctTransportBackend: Status Code: 200
02-07 21:44:00.466 10894 10969 D EGL_emulation: app_time_stats: avg=1.49ms min=0.93ms max=9.31ms count=61
02-07 21:44:03.776 10894 11026 D ProfileInstaller: Skipping profile installation for com.boursorama.android.clients

And from one of the request to crashanalytics, I saw some logs and it speaks about the certificate not passing the verification. Here a part of those logs :

[apiclient][log] Api transport error: HandshakeException: Handshake error in client (OS Error:  tCERTIFICATE_VERIFY_FAILED: unable to get local issuer certificate(handshake.cc:393))n2920 [api][error] ApiRequestMethod.post 598 https://api.boursorama.com/appregistry/services/api/v1.7/_public_/bearer/app/challenge/com.boursorama.android.clients?_build=158500100 n2932 [appauth][error] You are trying to use contextless navigation without       a GetMaterialApp or Get.key.       If you are testing your app, you can use:       [Get.testMode = true], or if you are running your app on       a physical device or emulator, you must exchange your [MaterialApp]       for a [GetMaterialApp].       n2933 [tracking][info] event://application::ext.unknown_route::event_appregistry_fallback_bearer_usedn3090 [routing][info] /ext.splashscreenn3091 [routing][info] current feature id ext.splashscreenn3091 [tracking][info] screen://application::ext.splashscreenn3109 [splashscreen_controller][info] set user id: 70f79eec-e790-5331-ab9a-12d2f6292fc2n3121 $A$:{"name":"_vs","parameters":{"manufacturer":"Google","device":"Google emulator64_x86_64_arm64 sdk_gphone64_x86_64","appName":"application_fr_android_06","_o":"app","_et":2856,"_pc":"MainActivity","_pi":-815438454296637730,"_sc":"MainActivity","_si":-815438454296637729,"_sn":"ext.splashscreen","appVersion":"7.33.1","osVersion":"12 31"}}n3151 $A$:{"name":"tracking","parameters":{"manufacturer":"Google","trackingType":"screen","device":"Google emulator64_x86_64_arm64 sdk_gphone64_x86_64","feature":"ext.splashscreen","fullPageId":"application::ext.splashscreen","appName":"application_fr_android_06","_o":"app","_sc":"MainActivity","_si":-815438454296637729,"_sn":"ext.splashscreen","appVersion":"7.33.1","osVersion":"12 31"}}n3176 [boot_network_error_genericsocketerror][error] Instance of 'NetworkError'n3179 [splash_screen_controller][error] Instance of 'ErrorMessage' Une erreur est survenue, veuillez réessayer plus tard.n"}},{"timestamp":1738957221,"type":"error","app":{"execution":{"threads":[{"name":"pool-29-thread-5","importance":4,"frames":[{"pc":0,"symbol":"NetworkMonitorService.checkInternet","file":"package:shared/src/core/services/network_monitor_service.dart","offset":32,"importance":4},{"pc":0,"symbol":"InitializationService._bootServicesAndStore","file":"package:shared/src/initialize/services/initialization_service.dart","offset":102,"importance":4},{"pc":0,"symbol":"InitializationService.boot","file":"package:shared/src/initialize/services/initialization_service.dart","offset":44,"importance":4},{"pc":0,"symbol":"SplashScreenController.boot","file":"package:shared/src/initialize/controllers/splashscreen_controller.dart","offset":46,"importance":4}]}],"exception":{"type":"io.flutter.plugins.firebase.crashlytics.FlutterError","reason":"[brs_initialization] error(NetworkError) errorInstance: Instance of 'NetworkError'. Error thrown brs_initialization.","frames":[{"pc":0,"symbol":"NetworkMonitorService.checkInternet","file":"package:shared/src/core/services/network_monitor_service.dart","offset":32,"importance":4},{"pc":0,"symbol":"InitializationService._bootServicesAndStore","file":"package:shared/src/initialize/services/initialization_service.dart","offset":102,"importance":4},{"pc":0,"symbol":"InitializationService.boot","file":"package:shared/src/initialize/services/initialization_service.dart","offset":44,"importance":4},{"pc":0,"symbol":"SplashScreenController.boot","file":"package:shared/src/initialize/controllers/splashscreen_controller.dart","offset":46,"importance":4}],"overflowCount":0},"signal":{"name":"0","code":"0","address":0},"binaries":[{"baseAddress":0,"size":0,"name":"com.boursorama.android.clients","uuid":"ZGExZWY0MDNhMzg5NDAwZThjMGNlMDcyZjNlODI4MjY="}]},"customAttributes":[{"key":"brs_exception_class","value":"NetworkError"},{"key":"brs_tag","value":"initialization"},{"key":"feature_id","value":"ext.splashscreen"},{"key":"flutter_error_exception","value":"[brs_initialization] error(NetworkError) errorInstance: Instance of 'NetworkError'"},{"key":"flutter_error_reason","value":"thrown brs_initialization"}],"internalKeys":[],"background":false,"currentProcessDetails":{"processName":"com.boursorama.android.clients","pid":7697,"importance":100,"defaultProcess":true},"appProcessDetails":[{"processName":"com.boursorama.android.clients","pid":7697,"importance":100,"defaultProcess":true}],"uiOrientation":1},"device":{"batteryLevel":1.0,"batteryVelocity":1,"proximityOn":false,"orientation":1,"ramUsed":1032945664,"diskUsed":1204371456},

I also tried to find with jadx and frida-trace how it was made and if I was able bypass that by mylself. Looks like it's too hard for a noob in reverse engineering !

The app is available in the play store as Boursobank and you will receive the error at the opening of this app when you use a proxy.

Can you let me know if I'm using right your scripts ? If yes, can you help me with this app ?

Thank you !

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions