As I was exploring cert pinning for the first time, I went through steps and posted it in this [ http://delowar.me/starting-with-android-app-testing/ ] blog post.
But I had some issue with my target application.

Couldn’t install app from Google Play.
So, I tried adb install target.apk and the app got installed. To get the apk, what I did was, extract the apk from my mobile [where app was installed] and then export it to my local machine.
But the problem was, when I tried to launch the app, it got me an error, telling me to properly install the app from Google Play Store and I couldn’t install it as GPlay showed an error App not compatible with your device.
I installed the App several times but failed to run it. Then, I come across a blog post [ https://pentester.land/tips-n-tricks/2018/10/19/installing-arm-android-apps-on-genymotion-devices.html ] about ARM Translation and tried it but still couldn’t run the app.

I had no intention to root my phone. So, I started searching for alternative methods available for cert pinning and I came across [ https://blog.it-securityguard.com/the-stony-path-of-android-%F0%9F%A4%96-bug-bounty-bypassing-certificate-pinning/ ] and I thought to grab apk from [ https://apk-dl.com/ ] as https://twitter.com/itsecurityguard post suggested.
Strangely I saw the apk size is around 33mb+ but it was only 27mb++ when I exported from my phone.

Let's dig deep -_-
I uninstalled the app from my phone and tried to reinstall it from phone generated apk and it did not even install. I tried several times but it failed every times.
Then I tried to install the apk from apk-dl and it installed and ran without any issue.

Then, I thought about using this apk on my Genymotion and I did so. And surprisingly, it worked with charm. 2+ days debugging paid off.

Categories: Uncategorized

0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *