Certificate Pinning Bypass iOS

Mobile, iOS

SSL Unpinning

Prerequisite

  • Objection & Frida I already had some
  • javascript code

how the script works

  • it hooks SecTrustEvaluate function which evaluates the trust manager object and check the rule from object and check the certificate against the rule. If it is value it return 0 .

  • Here is how SecTrustEvaluate function

    1
    OSStatus SecTrustEvaluate(SecTrustRef trust, SecTrustResultType *result);

  • the script hook the function and edit return to 0.

1
frida -U -l sslKill.js Gadget