-
Pokemon Go - 0.31.0 apk - Remove Certificate Pinning
Uses:
This is only useful for those individuals who enjoy packet inspection/manipulation.
That being said, previously there was not an issue using your MITM proxy of choice to monitor/manipulate pokemon go traffic from your phone or otherwise. As of 0.31.0, certificate pinning has been enabled. There are already apps out there that allow you to bypass most certificate pinning without having to modify the APK it's self and are good for devices dedicated for testing, such as : https://github.com/iSECPartners/Android-SSL-TrustKiller
However, if your device is not solely a testing device, your next best option is to manually disable certificate pinning within the disassembled APK and then reassemble / sign it. Those instructions are below.
_______________________________________
Known Issues:
Google sign-in will not work, as the application has been modified and self-signed. It is considered invalid and your requests for login/auth fail
Pokemon club account is the go-to route for login and monitoring of packets
When first accessing the game, catching your first pokemon, naming your character, etc, do all of this without a MITM proxy enabled, or over 4g or similar. Once you are finished with the initial tutorial etc, you can then enable your MITM proxy and capture as normal.
________________________________________
Requirements:
apktool - used for disassembling apk and reassembling modified apk's
https://ibotpeaches.github.io/Apktool/install/
keytool - included in java sdk
Java SE - Downloads | Oracle Technology Network | Oracle
________________________________________
Disassemble
poke.apk is name of pokemon apk
folder/location is where you want the folder containing disassembled apk to go *example C:\Users\Example\Desktop\poke-dis*
apktool d poke.apk -o folder/location
_________________________________________
EDIT
The file that we want to edit is located here : C:\Users\Example\Desktop\poke-dis\smali\com\nianticlabs\nia\network\NianticTrustManager.smali
This is where certificate pinning is enforced on checkServerTrusted and checkClientTrusted methods
To fix this, each method should return void by default like shown below:
.method public checkServerTrusted([Ljava/security/cert/X509Certificate;Ljava/lang/String;)V
return-void
.locals 2
...
.method public checkClientTrusted([Ljava/security/cert/X509Certificate;Ljava/lang/String;)V
return-void
.locals 2
...
All code can be left alone inside the methods, just add return-void directly above the first instruction, as shown above.
_________________________________________
Rebuild
This will reassemble the apk with the modified code
locations can be renamed ofc
apktool b C:\Users\Example\Desktop\poke-dis -o C:\Users\Example\Desktop\poke-mod.apk
_________________________________________
SIGN APK
You have to have Java SDK installed for this to work
Typically found here *C:\Program Files (x86)\Java\your-jdk-installed-version-here\bin*
you are going to want to cd to the jdk bin folder for this in command prompt
**-keystore name-of-your-key.keystore can be modified if you choose to whatever name you choose, however if you change it the other commands will need to reflect this
keytool -genkey -v -keystore name-of-your-key.keystore -alias ownedcore -keyalg RSA -keysize 2048 -validity 10000
Going to ask you for some info after this, nothing matters other than the password, which you WILL use again
This signs your newly rebuilt apk with the key you generated with the previous command
jarsigner -verbose -sigalg SHA1withRSA -d igestalg SHA1 -keystore name-of-your-key.keystore C:\Users\Example\Desktop\poke-mod.apk ownedcore
_________________________________________
INSTALL
At this point you should be good to go ahead and install your newly created apk. From here, as stated at the begining of this post, a few known issues exist. Stay away from google sign-in, it simply will not work with a self-signed application. Using pokemon club account, make sure you finish initial tutorial, catch your first pokemon and name your character prior to enabling MITM proxy and capturing traffic. My recommedation would be to do all starting tuts and naming over 4g, then enable wifi, close/reopen game and you should auto-signin and be good to go capturing traffic with your favorite MITM proxy.
-
Post Thanks / Like - 1 Thanks
ibere (1 members gave Thanks to netops for this useful post)