A great framework for doing something along those lines is Frida (https://github... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		pedrovhb on Sept 8, 2023 \| parent \| context \| favorite \| on: Using LD_PRELOAD to cheat, inject features and inv... A great framework for doing something along those lines is Frida (https://github.com/frida/frida). Works on a bunch of stuff, including Android and iOS. Some global-ish certificate pinning bypasses work through Frida, by patching http libraries to not raise exceptions, accept system certificates, etc and just quietly hum along instead. Certificate unpinning in turn enables network MITM with mitmproxy, which makes it a lot quicker and easier to inspect, block, or modify network traffic. Funnily enough, I've seen much stronger obfuscation from reverse engineering from my cheap Tuya IoT devices app than from my bank app.

LoganDark on Sept 9, 2023 [–]

> Funnily enough, I've seen much stronger obfuscation from reverse engineering from my cheap Tuya IoT devices app than from my bank app.

IMHO, if the client-side of an IoT service is obfuscated, I'd take that as a sign that they're trying to hide some really insecure API endpoints.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact