Home

Awesome

Android Unpinner

This tool removes certificate pinning from APKs.

The goal was not to build yet another unpinning tool, but to explore some newer avenues for non-rooted devices. Please shamelessly copy whatever idea you like into other tools. :-)

Installation

$ git clone https://github.com/mitmproxy/android-unpinner.git
$ cd android-unpinner
$ pip install -e .

Usage

Connect your device via USB and run the following command.

$ android-unpinner all httptoolkit-pinning-demo.apk

screenshot

See android-unpinner --help for usage details.

You can pull APKs from your device using android-unpinner list-packages and android-unpinner get-apks. Alternatively, you can download APKs from the internet, for example manually from apkpure.com or automatically using apkeep.

Comparison

Compared to using a rooted device, android-unpinner...

🟥 requires APK patching.
🟩 does not need to hide from root detection.

Compared to apk-mitm, android-unpinner...

🟥 requires active instrumentation from a desktop machine when launching the app.
🟩 allows more dynamic patching at runtime (thanks to Frida).
🟩 does less invasive APK patching, e.g. classes.dex stays as-is.

Compared to objection, android-unpinner...

🟥 supports only one feature (disable pinning) and no interactive analysis shell.
🟩 is easier to get started with, does not require additional dependencies.
🟩 does less invasive APK patching, e.g. classes.dex stays as-is.

Compared to frida + LIEF, android-unpinner...

🟥 modifies AndroidManifest.xml
🟩 is easier to get started with, does not require additional dependencies.
🟩 Does not require that the application includes a native library.

Licensing

This tool stands on the shoulders of giants.