Pokemon Go - 0.31.0 apk - Remove Certificate Pinning menu

These ads disappear when you log in.

Results 1 to 1 of 1
  1. #1
    netops's Avatar Elite User CoreCoins User
    Reputation
    345
    Join Date
    Aug 2012
    Posts
    71
    Thanks G/R
    0/30
    Trade Feedback
    0 (0%)

    Pokemon Go - 0.31.0 apk - Remove Certificate Pinning

    Uses:

    This is only useful for those individuals who enjoy packet inspection/manipulation.

    That being said, previously there was not an issue using your MITM proxy of choice to monitor/manipulate pokemon go traffic from your phone or otherwise. As of 0.31.0, certificate pinning has been enabled. There are already apps out there that allow you to bypass most certificate pinning without having to modify the APK it's self and are good for devices dedicated for testing, such as : https://github.com/iSECPartners/Android-SSL-TrustKiller

    However, if your device is not solely a testing device, your next best option is to manually disable certificate pinning within the disassembled APK and then reassemble / sign it. Those instructions are below.

    _______________________________________

    Known Issues:

    Google sign-in will not work, as the application has been modified and self-signed. It is considered invalid and your requests for login/auth fail

    Pokemon club account is the go-to route for login and monitoring of packets

    When first accessing the game, catching your first pokemon, naming your character, etc, do all of this without a MITM proxy enabled, or over 4g or similar. Once you are finished with the initial tutorial etc, you can then enable your MITM proxy and capture as normal.

    ________________________________________

    Requirements:

    apktool - used for disassembling apk and reassembling modified apk's
    https://ibotpeaches.github.io/Apktool/install/

    keytool - included in java sdk
    Java SE - Downloads | Oracle Technology Network | Oracle

    ________________________________________

    Disassemble

    poke.apk is name of pokemon apk
    folder/location is where you want the folder containing disassembled apk to go *example C:\Users\Example\Desktop\poke-dis*

    apktool d poke.apk -o folder/location

    _________________________________________

    EDIT

    The file that we want to edit is located here : C:\Users\Example\Desktop\poke-dis\smali\com\nianticlabs\nia\network\NianticTrustManager.smali

    This is where certificate pinning is enforced on checkServerTrusted and checkClientTrusted methods

    To fix this, each method should return void by default like shown below:

    .method public checkServerTrusted([Ljava/security/cert/X509Certificate;Ljava/lang/String;)V
    return-void
    .locals 2
    ...

    .method public checkClientTrusted([Ljava/security/cert/X509Certificate;Ljava/lang/String;)V
    return-void
    .locals 2
    ...
    All code can be left alone inside the methods, just add return-void directly above the first instruction, as shown above.

    _________________________________________

    Rebuild

    This will reassemble the apk with the modified code

    locations can be renamed ofc

    apktool b C:\Users\Example\Desktop\poke-dis -o C:\Users\Example\Desktop\poke-mod.apk


    _________________________________________

    SIGN APK

    You have to have Java SDK installed for this to work
    Typically found here *C:\Program Files (x86)\Java\your-jdk-installed-version-here\bin*

    you are going to want to cd to the jdk bin folder for this in command prompt

    **-keystore name-of-your-key.keystore can be modified if you choose to whatever name you choose, however if you change it the other commands will need to reflect this

    keytool -genkey -v -keystore name-of-your-key.keystore -alias ownedcore -keyalg RSA -keysize 2048 -validity 10000

    Going to ask you for some info after this, nothing matters other than the password, which you WILL use again


    This signs your newly rebuilt apk with the key you generated with the previous command

    jarsigner -verbose -sigalg SHA1withRSA -d igestalg SHA1 -keystore name-of-your-key.keystore C:\Users\Example\Desktop\poke-mod.apk ownedcore

    _________________________________________

    INSTALL

    At this point you should be good to go ahead and install your newly created apk. From here, as stated at the begining of this post, a few known issues exist. Stay away from google sign-in, it simply will not work with a self-signed application. Using pokemon club account, make sure you finish initial tutorial, catch your first pokemon and name your character prior to enabling MITM proxy and capturing traffic. My recommedation would be to do all starting tuts and naming over 4g, then enable wifi, close/reopen game and you should auto-signin and be good to go capturing traffic with your favorite MITM proxy.

  2. Thanks ibere (1 members gave Thanks to netops for this useful post)

Similar Threads

  1. [Guide] Pokemon Go APK for those unable to find it on the Play Store
    By hackerlol in forum Pokemon GO Hacks|Cheats
    Replies: 16
    Last Post: 11-18-2016, 02:51 AM
  2. [How-To] How to remove ban (updated) worked for me (flee pokemon)
    By gunnora in forum Pokemon GO Hacks|Cheats
    Replies: 17
    Last Post: 09-16-2016, 01:30 AM
  3. [How-To] [Android] Malicious Pokemon GO .apks
    By Laykith in forum Pokemon GO Hacks|Cheats
    Replies: 0
    Last Post: 07-15-2016, 02:35 AM
  4. [Exploit] Remove all debuffs
    By Matt in forum World of Warcraft Exploits
    Replies: 15
    Last Post: 10-15-2006, 10:01 PM
  5. FYI: Plaza/Store/Site Points Removed
    By Matt in forum Suggestions
    Replies: 17
    Last Post: 07-07-2006, 08:27 AM
All times are GMT -5. The time now is 09:29 PM. Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved. Digital Point modules: Sphinx-based search