From e9bbd648b61cd153dea1ffe843a67e27a0631407 Mon Sep 17 00:00:00 2001 From: Jake Valletta Date: Mon, 19 Jun 2017 13:40:37 -0700 Subject: [PATCH] Updated TrustManagerImpl Support The previous versions were only hooking 1 of 3 methods used to perform server certificate checks. This commit adds the remaining 2 methods. --- app/src/main/java/just/trust/me/Main.java | 85 +++++++++++++++-------- 1 file changed, 55 insertions(+), 30 deletions(-) diff --git a/app/src/main/java/just/trust/me/Main.java b/app/src/main/java/just/trust/me/Main.java index 6e84d4c..ec6cf59 100644 --- a/app/src/main/java/just/trust/me/Main.java +++ b/app/src/main/java/just/trust/me/Main.java @@ -6,38 +6,38 @@ import android.webkit.SslErrorHandler; import android.webkit.WebView; +import org.apache.http.conn.ClientConnectionManager; +import org.apache.http.conn.scheme.HostNameResolver; +import org.apache.http.conn.scheme.PlainSocketFactory; +import org.apache.http.conn.scheme.Scheme; +import org.apache.http.conn.scheme.SchemeRegistry; +import org.apache.http.conn.ssl.SSLSocketFactory; +import org.apache.http.impl.client.DefaultHttpClient; +import org.apache.http.impl.conn.SingleClientConnManager; +import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager; +import org.apache.http.params.HttpParams; + import java.io.IOException; import java.net.Socket; import java.net.UnknownHostException; -import java.util.ArrayList; -import java.util.List; - -import java.security.SecureRandom; +import java.security.KeyManagementException; import java.security.KeyStore; import java.security.KeyStoreException; -import java.security.cert.CertificateException; -import java.security.cert.X509Certificate; -import java.security.KeyManagementException; import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; import java.security.UnrecoverableKeyException; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.List; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.KeyManager; import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSession; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; -import org.apache.http.conn.ClientConnectionManager; -import org.apache.http.conn.scheme.HostNameResolver; -import org.apache.http.conn.scheme.PlainSocketFactory; -import org.apache.http.conn.scheme.SchemeRegistry; -import org.apache.http.conn.scheme.Scheme; -import org.apache.http.conn.ssl.SSLSocketFactory; -import org.apache.http.impl.client.DefaultHttpClient; -import org.apache.http.impl.conn.SingleClientConnManager; -import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager; -import org.apache.http.params.HttpParams; - import de.robv.android.xposed.IXposedHookLoadPackage; import de.robv.android.xposed.XC_MethodHook; import de.robv.android.xposed.XC_MethodReplacement; @@ -47,10 +47,10 @@ import static de.robv.android.xposed.XposedHelpers.callStaticMethod; import static de.robv.android.xposed.XposedHelpers.findAndHookConstructor; import static de.robv.android.xposed.XposedHelpers.findAndHookMethod; +import static de.robv.android.xposed.XposedHelpers.findClass; import static de.robv.android.xposed.XposedHelpers.getObjectField; import static de.robv.android.xposed.XposedHelpers.newInstance; import static de.robv.android.xposed.XposedHelpers.setObjectField; -import static de.robv.android.xposed.XposedHelpers.findClass; public class Main implements IXposedHookLoadPackage { @@ -251,21 +251,46 @@ protected void afterHookedMethod(MethodHookParam param) throws Throwable { /* Only for newer devices should we try to hook TrustManagerImpl */ if (hasTrustManagerImpl()) { + /* TrustManagerImpl Hooks */ + /* external/conscrypt/src/platform/java/org/conscrypt/TrustManagerImpl.java */ + Log.d(TAG, "Hooking com.android.org.conscrypt.TrustManagerImpl for: " + currentPackageName); + + /* public void checkServerTrusted(X509Certificate[] chain, String authType) */ + findAndHookMethod("com.android.org.conscrypt.TrustManagerImpl", lpparam.classLoader, + "checkServerTrusted", X509Certificate[].class, String.class, + new XC_MethodReplacement() { + @Override + protected Object replaceHookedMethod(MethodHookParam param) throws Throwable { + return 0; + } + }); - /* external/conscrypt/src/platform/java/org/conscrypt/TrustManagerImpl.java#217 */ /* public List checkServerTrusted(X509Certificate[] chain, String authType, String host) throws CertificateException */ - Log.d(TAG, "Hooking com.android.org.conscrypt.TrustManagerImpl.checkServerTrusted(X509Certificate[]) for: " + currentPackageName); findAndHookMethod("com.android.org.conscrypt.TrustManagerImpl", lpparam.classLoader, - "checkServerTrusted", X509Certificate[].class, String.class, - String.class, new XC_MethodReplacement() { - @Override - protected Object replaceHookedMethod(MethodHookParam param) throws Throwable { - ArrayList list = new ArrayList(); - return list; - } - }); - } + "checkServerTrusted", X509Certificate[].class, String.class, + String.class, new XC_MethodReplacement() { + @Override + protected Object replaceHookedMethod(MethodHookParam param) throws Throwable { + ArrayList list = new ArrayList(); + return list; + } + }); + + + /* public List checkServerTrusted(X509Certificate[] chain, + String authType, SSLSession session) throws CertificateException */ + findAndHookMethod("com.android.org.conscrypt.TrustManagerImpl", lpparam.classLoader, + "checkServerTrusted", X509Certificate[].class, String.class, + SSLSession.class, new XC_MethodReplacement() { + @Override + protected Object replaceHookedMethod(MethodHookParam param) throws Throwable { + ArrayList list = new ArrayList(); + return list; + } + }); + } + } // End Hooks /* Helpers */