Update to v27.8.1

Eltion · Jan 11, 2023 · 2fe2089 · 2fe2089
1 parent a417445
commit 2fe2089
Show file tree

Hide file tree

Showing 3 changed files with 51 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -10,7 +10,7 @@ If you like this project:
 ## Patched APK (No Root)
 
 Download the latest patched APK: 
-+ [tiktok-v26.7.5.apk](https://github.com/Eltion/Tiktok-SSL-Pinning-Bypass/releases/download/v26.7.5/tiktok-v26.7.5.apk)
++ [tiktok-v27.8.1.apk](https://github.com/Eltion/Tiktok-SSL-Pinning-Bypass/releases/download/v27.8.1/tiktok-v27.8.1.apk)
 + [tiktok-v26.7.5-x86-arm-translation.apk](https://github.com/Eltion/Tiktok-SSL-Pinning-Bypass/releases/download/v26.7.5/tiktok-v26.7.5-x86-arm-translation.apk) (Tested on Nox emulator 32bit Android 7.0)
 + [douyin-v23.0.0.apk](https://github.com/Eltion/Tiktok-SSL-Pinning-Bypass/releases/download/v26.7.5/douyin-v23.0.0.apk)  
 [See all versions](https://github.com/Eltion/Tiktok-SSL-Pinning-Bypass/releases/)

diff --git a/patch_apk.py b/patch_apk.py
@@ -10,6 +10,9 @@
 import argparse
 from shutil import which
 import subprocess
+from cryptography.hazmat.primitives.serialization import pkcs7
+from cryptography.hazmat.primitives.serialization import Encoding
+import binascii
 
 
 TEMP_FOLDER = os.getcwd() + "/temp"
@@ -181,11 +184,33 @@ def patch_apk(apk):
     apk_out.close()
     return apk_out.filename
 
+def get_signature_file(apk):
+    with ZipFile(apk, "r") as apk_in:
+        files = apk_in.infolist()
+        for file in files:
+            if file.filename.startswith("META-INF") and file.filename.endswith("RSA"):
+                return apk_in.read(file.filename)
 
-def copy_script_temp():
+
+def extract_original_signature(apk):
+    singature_file_content = get_signature_file(apk)
+    certificate = pkcs7.load_der_pkcs7_certificates(singature_file_content)[0]
+    certificate_bytes = certificate.public_bytes(Encoding.DER)
+    return binascii.hexlify(certificate_bytes).decode()
+
+def copy_script_temp(apk):
+    signature = extract_original_signature(apk)
     src = os.path.join(os.getcwd(), "tiktok-ssl-pinning-bypass.js")
     dest = os.path.join(TEMP_FOLDER, "libsslbypass.js.so")
-    return shutil.copy(src, dest)
+    f_src = open(src, "r")
+    script_content = f_src.read()
+    f_src.close()
+    script_content = script_content.replace("<ORIGINAL_APK_SIGNATURE>", signature)
+    script_content = script_content.replace("//spoofSigniature()", "spoofSigniature()")
+    f_dest = open(dest, "w")
+    f_dest.write(script_content)
+    f_dest.close()
+    return dest
 
 
 def create_config_file():
@@ -241,7 +266,7 @@ def main():
 
     config_file = create_config_file()
     print("Created config_file at: ", config_file)
-    script = copy_script_temp()
+    script = copy_script_temp(temp_apk)
     print("Created script_file at: ", script)
     for arch in archs:
         print("\nPatching for", arch)

diff --git a/tiktok-ssl-pinning-bypass.js b/tiktok-ssl-pinning-bypass.js
@@ -10,6 +10,28 @@ function waitForModule(moduleName) {
     });
 }
 
+//Only needed when apk is patched with frida-gadget
+//spoofSigniature() 
+
+function spoofSigniature() {
+    const originalSignature = "<ORIGINAL_APK_SIGNATURE>" //This will be set by patch_apk.py
+    Java.perform(() => {
+        const PackageManager = Java.use("android.app.ApplicationPackageManager");
+        const Signature = Java.use("android.content.pm.Signature");
+        const ActivityThread = Java.use('android.app.ActivityThread');
+        PackageManager.getPackageInfo.overload('java.lang.String', 'int').implementation = function (a, b) {
+            const packageInfo = this.getPackageInfo(a, b);
+            const context = ActivityThread.currentApplication().getApplicationContext();
+            const name = context.getPackageName();
+            if (a == name && b == 64) {
+                const signature = Signature.$new(originalSignature);
+                packageInfo.signatures.value = Java.array('android.content.pm.Signature', [signature]);
+            }
+            return packageInfo;
+        }
+    });
+}
+
 function hook_callback(callback) {
     const f = new NativeFunction(callback, "int", ["pointer", "pointer"]);
     Interceptor.attach(f, {