Do you think this could be extended to Instagram ssl unpinning?

the app always crashes saying "messenger is not responding" please what can I do??

Hi,

I'm trying to patch the Facebook for Android & Messenger x86 but it seem like the old method not work any more. I tried to modify method "...verifyWithMetrics..." but the patched app not connect under proxy.

Do you have any idea, could you give another new version ?

Thanks in advanced.

Can you build a modified APK like "Instagram_SSL_Pinning" ? I don't know why I can not find "/data/data/com.facebook.katana/lib-xzs"

Here is My Environment :
-My Device is Running Android Oreo 8.1.0 [Rooted], Oneplus 5T.
-Custom CA Certificate Installed, Unpacked the apk and modified the manifest to Trust the User CA Certificate.
-Replaced the libcoldstart.so [arm]
-Using Burp proxy to intercept
-Checked whether i'm able to intercept the https connections [Chrome Browser][Working]
-app crashed on the startup
-Checke the logcat, but couldnt able to identify the issues

Do any one faced the same problem ??

I successfully installed the APK and pasted the lib file. Setup Charles Proxy then I started sniffing but the requests do not have parameters included. Anyone having this issue as well?

Here's the error I get from Facebook.

{
	"error": {
		"message": "(#100) Neither query_id nor query string specified",
		"type": "OAuthException",
		"code": 100,
		"fbtrace_id": "G7xQ95xUXYT"
	}
}

OR

{
	"error": {
		"message": "(#100) Missing message",
		"type": "OAuthException",
		"code": 100,
		"fbtrace_id": "Gq6C+DhjndK"
	}
}

Is the solution still working? I'm getting the error "Client SSL handshake failed - no cipher suites in common" using Charles Proxy and I can't use the application.

Hi
Thanks for this hard work
Could you explain the procedure to how replace the .so file
I decompiled .apk file but there is no .so file in there
If you could just upload the compiled ssl pinned version to bypass CA check
Thanks

meta_inf_fbmeta=NO_FILE&adid=564f4a7f-f937-4cec-a07e-e9d32b0a1538&format=json&device_id=d5e4cf07-d65f-47d7-9232-f3db77060a42&email=username&password=pass&cpl=true&family_device_id=1a62e0ab-a52a-406b-8eb5-80b9c5b411a3&generate_session_cookies=1&generate_machine_id=1&locale=en_US&client_country_code=EG&method=auth.login&fb_api_req_friendly_name=authenticate&fb_api_caller_class=com.facebook.auth.login.AuthOperations$PasswordAuthOperation&api_key=256002347743983&sig=8b8a15e2ecd2d93410884e5c1bf4beba

i try to login facebook from C#
but i get message incorrect signature

i extract secret key from messanger = 374e60f8b9bb6b8cbb30f78030438895
now i can't get sig value ???

how to resolve this problem?

Tried to appy latest available version on a real phone (arm).
Forgot to change owner and permissions on the file which caused an error when running the app first, after chown and chmod it works w/o using a proxy, but as soon as I proxy the connection it stops any network traffic just like the unpatched app.

What am I missing?

Steps taken: downloaded latest APK (January 11, 2018), installed it, run it once, closed it, replaced libcoldstart in /data/data/com.facebook.katana/lib-xzs, chmod and chown the file, run app again

Thank you very much for making this bypass. Could you please make another bypass for Facebook Messenger app as well.

Hello, I tested it on app facebook ver 161.0.0.35.91 on chip x86 but no working...

Hi Pouya Darabi,

Thank you so much on your effort to create a patch for Facebook app. I'm trying to follow your step to patch the Facebook app x86 version, to run it on BlueStack. Unfortunately I got no luck as I have very little knowledge on ASM. Could you please help me to patch the version x86 to?

Thanks in advance.

r u have messanger ssl pinning?

It works some limited time - when first launch app - enter password and ... end
facebook shows "changing language" and it seems restart app
Hmm... seems facebook checks and downloads update automatically.

I was trying this on the newest version of Facebook and it doesn't work as I expected, but is there a simple way to get this working with the newest version?

can you update it to last version please
and bypass for messenger as well
Thanks

Worked fine couple of days, on the next day charles failed to decode trafic. Looks like fb app self-apdated and replaced cracked libcoldstart.so. I tried again replacing the file, but after that fb-app keeps constantly crashing.