poststore.blogg.se

1. THE VIRTUAL DEVICE GOT NO IP ADDRESS GENYMOTION ERROR PATCH
2. THE VIRTUAL DEVICE GOT NO IP ADDRESS GENYMOTION ERROR ANDROID
3. THE VIRTUAL DEVICE GOT NO IP ADDRESS GENYMOTION ERROR CODE

In my version of libflutter.so, this is FUN_0034b330. One of the functions takes 2 ints, 1 ‘undefined’ and contains a single call to OPENSSL_PUT_ERROR ( FUN_00316500). There are only 4 XREFs so it’s easy to go over them and find one that looks like the session_verify_cert_chain function: Only 4 xrefs So import the library into Ghidra, use Search -> Find Strings and search for. The OPENSSL_PUT_ERROR macro is called a few times in the session_verify_cert_chain function, which makes it easy to find the correct method using Ghidra. Now that we know which function we want to hook, we need to find it in libflutter.so. #define OPENSSL_PUT_ERROR(library, reason) \ĮRR_put_error(ERR_LIB_#library, 0, reason, _FILE_, _LINE_) The line numbers don’t match exactly, but this is most likely the result of a version difference.

THE VIRTUAL DEVICE GOT NO IP ADDRESS GENYMOTION ERROR CODE

The code at line 352 is shown below, and this is most likely the error we are seeing. is indeed part of the BoringSSL library and does contain logic to perform certificate validation. The error actually shows us where the error is triggered: :352. The first thing we need to do is find this error in the BoringSSL library. (dart:async/zone.dart:1112:29)Į/flutter (10371): #1 _microtaskLoop (dart:async/schedule_microtask.dart:41:21)Į/flutter (10371): #2 _startMicrotaskLoop (dart:async/schedule_microtask.dart:50:5)Į/flutter (10371): #3 _runPendingImmediateCallback (dart:isolate-patch/isolate_patch.dart:116:13)Į/flutter (10371): #4 _RawReceivePortImpl._handleMessage (dart:isolate-patch/isolate_patch.dart:173:5)

When sending HTTPS traffic to Burp, the Flutter application actually throws an error, which we can take as a starting point: E/flutter (10371): Unhandled exception:Į/flutter (10371): HandshakeException: Handshake error in client (OS Error:Į/flutter (10371): NO_START_LINE(pem_lib.c:631)Į/flutter (10371): PEM routines(by_file.c:146)Į/flutter (10371): CERTIFICATE_VERIFY_FAILED: self signed certificate in certificate chain(:352))Į/flutter (10371): #0 _rootHandleUncaughtError. Dart uses Google’s BoringSSL to handle everything SSL related, and luckily both Dart and BoringSSL are open source.

THE VIRTUAL DEVICE GOT NO IP ADDRESS GENYMOTION ERROR PATCH

To solve this we have to dig into libflutter.so and figure out what we need to patch or hook in order to validate our certificate. This means that we can’t bypass SSL validation by adding our proxy CA to the system CA store. This is weird since my device is set up to include my Burp certificate as a trusted root CA.Īfter some research, I ended up on a GitHub issue that explains the issue for Windows, but the same is applicable to Android: Dart generates and compiles its own Keystore using Mozilla’s NSS library.

If I change the URL to HTTPS, Burp complains that the SSL handshake fails. ProxyDroid with root access using iptables Intercepting HTTPS traffic A quick modification on my test application indeed shows that this configuration sends all HTTP data to my proxy:

It’s also possible to define a custom findProxy implementation that returns the preferred proxy.

THE VIRTUAL DEVICE GOT NO IP ADDRESS GENYMOTION ERROR ANDROID

Even if the application would be compiled with this implementation, it would be pretty useless on Android since all applications are children of the initial zygote process which does not have these environment variables. The application can set this property to HttpClient.findProxyFromEnvironment which searches for specific environment variables such as http_proxy and https_proxy. If this function is not set, direct connections will always be used. Sets the function used to resolve the proxy server to be used for opening a HTTP connection to the specified url. The HttpClient has a findProxy method and its documentation is pretty clear on this: By default all traffic is sent directly to the target server, without taking any proxy settings into account: Sending traffic to the proxy through ProxyDroid/iptables Unfortunately, Burp does not see any traffic passing through, even though the app logs indicate that the request was successful. On my device I have Frida installed through Magisk-Frida-Server and my Burp certificate is added to the system CA store with the MagiskTrustUserCerts module. Every time we press the button, a call is sent to and if it’s successful it is printed to the device logs.