Skip to content

update #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

update #5

wants to merge 1 commit into from

Conversation

scrapewww
Copy link

@scrapewww scrapewww commented Feb 9, 2018
edited
Loading

A few simple edits made this repo functional again.
What did you use to monitor the network requests? I haven't had any luck with Charles. The certificate isn't working for musical.ly

@scrapewww scrapewww closed this Feb 9, 2018
@scrapewww scrapewww reopened this Feb 9, 2018
@scrapewww scrapewww mentioned this pull request Feb 9, 2018
Open
@scrapewww
Copy link
Author

Any chance someone has an apk with ssl pinning removed so I can finish out this repo?

@scrapewww scrapewww mentioned this pull request Feb 9, 2018
Open
@ghost
Copy link

ghost commented Feb 9, 2018

There is Xposed modele called “Inspectage” but it didn’t disable ssl pinning for me - I tried, Musially says that my Internet is slow (ssl pinning error?).

I think that there is only one way: decompile -> force the app to not throw ssl pinning exceptions -> compile -> install and debug with Charles.
But I don’t have the APK, so...

Anyone know how to edit Android code? (iOS is native so I think that decompilation is not possible.)

@scrapewww
Copy link
Author

scrapewww commented Feb 12, 2018
edited
Loading

@Enter03 if you visit this URL you can scroll down to "Previous Versions" to download the APK. I've been using 5.7.1 https://musical-ly.en.uptodown.com/android

@scrapewww scrapewww closed this Feb 13, 2018
@mangledbottles
Copy link
Owner

I will review the pull request soon.
Musically API is SSL secured and SSL pinned. I bypassed SSL security with Charles Proxy SSL Certificate and bypassed SSL pinning with repository SSL KillSwitch: https://github.com/nabla-c0d3/ssl-kill-switch2
When substrate is released for iOS 11 I will install SSL KillSwitch and MITM Musically, in the mean time I will see what we can do with what we have!

@ghost
Copy link

ghost commented Feb 19, 2018

I will try this on my old jailbroken iPad 3 (iOS 9).
Thanks!

@mangledbottles
Copy link
Owner

Login functionality fixed: d1f2800

User search returns "403 Forbidden"

@charlie-niekirk
Copy link

charlie-niekirk commented Mar 1, 2018
edited
Loading

The SSL pinning on Android is happening in the native layer. At least it is for Lively anyway. It's gonna be tricky to disable it but I'll give it a go!

EDIT: Musically (and Lively) are not SSL pinned or secured. I can intercept all requests using a packet capture app on my Android device.

@scrapewww
Copy link
Author

@charlieAndroidDev which version do you claim lacks ssl pinning

@charlie-niekirk
Copy link

charlie-niekirk commented Mar 5, 2018
edited
Loading

@scrapewww The latest versions of both apps (on Android)

@Write
Copy link

Write commented Aug 8, 2018

Any update ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@scrapewww @mangledbottles @charlie-niekirk @Write @filesearchme