How to bypass cert pinning without root

Tools

Apktool - How to Install (ibotpeaches.github.io)

Android APK Signing Tool (APK Signer) – Shatter-Box (shatter-box.com)

pip install Frida objection frida-tools

Apk re-package

1. apktool d myapp.apk -o extractedFolder

2. Download frida-gadget from Releases · frida/frida · GitHub

3. copy the gadget into /lib/[armeabi or arm64-v8a]/

4. Insert the smali code just before return of main activity

   const-string v0, "frida-gadget"
   invoke-static {v0}, Ljava/lang/System;->loadLibrary(Ljava/lang/String;)V
   

5. Add the Internet permission to the manifest if it’s not there already

    <uses-permission android:name="android.permission.INTERNET" />
   

6. Repackage

   apktool b -o repackaged.apk out_dir/
   

7. Sign the apk

Reference

https://blackhat.app.swapcard.com/event/black-hat-europe-2020/planning/UGxhbm5pbmdfMjQ4NzAw

https://fadeevab.com/frida-gadget-injection-on-android-no-root-2-methods/#check-whether-injection-succeeded

https://koz.io/using-frida-on-android-without-root/

https://github.com/dpnishant/appmon