Pretty much how I started cracking game copy protections in the late 80's/early 90's. I already owned the games I was cracking, it just became more interesting to me how these protections were implemented and how I'd defeat them. Sometimes I think that was more fun than the game itself. I just didn't want to have to look up pages in manuals or read maroon colored paper with dark blue ink.<p>I didn't have the luxury of Ida Pro back then, but I did find a disassembler. Using that I'd read through the game code until I found the conditional jumps and then patched the original file with 0xE8 (JEZ?), 0xEB (JMP?), or 0xCD 0x90 (NOP?). At one time I used to be able to recognize just the Opcodes in hex, so I might have those wrong today.<p>When I started working at Egghead, I was granted time by my manger to crack games for our demo station, so we wouldn't have to jump through hoops on the sales floor. For various professional reasons I've had the pleasure of bypassing my company's own protections. Most recently I used Smali/Baksmali to demonstrate how our company's Android beta timebomb was pretty easy to circumvent.<p>Once a hacker, always a hacker. I have no doubt that this low level tinkering was why I got into computers in the first place and why they still hold my fascination.
Seems to be down, Google webcache version: <a href="http://webcache.googleusercontent.com/search?q=cache:https://eaton-works.com/2016/07/31/reverse-engineering-and-removing-pokemon-gos-certificate-pinning/" rel="nofollow">http://webcache.googleusercontent.com/search?q=cache:https:/...</a>
Patching an APK like this would break parts of the app, specifically the parts that are arguably the most crucial to be followed by pinned API calls. For example, in-app purchases via Google Play that validate the app's signing would all fail. Similarly restoring any previous in app purchases would also fail. Finally, you wouldn't be able to install this APK without uninstalling the valid production APK first, again due to signature/signing mismatch.
Very cool workaround in the article, but it feels like it's just another hole that is going to be closed off. It's impossible to balance because on the one hand we want these fortresses to protect us from prying eyes (see apple vs fbi), but manufacturers are also using these fortresses to keep out owners who just want to hack on their own things.<p>I'm glad Apple is working to keep backdoors out of iOS, but I still prefer Android because I can get into it anyway I want, and do things like the OP without having to resort to backdooring my own device.
This seems like overly complicated. He could have made the public key extremely small by just placing 0x00s in it so that he could crack it. Easy patching.
it could also be done pretty trivially using an xposed module, such as:
<a href="http://repo.xposed.info/module/mobi.acpm.sslunpinning" rel="nofollow">http://repo.xposed.info/module/mobi.acpm.sslunpinning</a><p>i haven't personally tried this route yet though
What's the added value of using imgur's embed code rather than a good ol' <img>? Is this a trend? I would understand it for albums, but why would you do it for individual images? </rant>
As mentioned in the comments, this doesn't work when you try to sign in via Google because it checks the signature of the app. The PTC signon doesn't do this so it's currently allowed, but I'm sure Niantic will patch it soon.