Create new NativeFunction and use it then

Question

I am wondering: how can I allow self-signed certs while app using openssl library?

I saw that code which disables certificate validation StackOverflow question/answer hyperlink

static int always_true_callback(X509_STORE_CTX *ctx, void *arg)
{
  return 1;
}

This is the method, where I should put this new method, which always returns 1

But I don't have any idea how can I create that method using Frida

What is the proper way of doing this?

James W. · Accepted Answer

There are many ways to accomplish your goal

TL;DR

var SSL_CTX_set_cert_verify_callback = Module.findExportByName('libssl.so', 'SSL_CTX_set_cert_verify_callback');
Interceptor.attach(SSL_CTX_set_cert_verify_callback, {
  onEnter: function(args) { 
    Interceptor.replace(args[1], new NativeCallback((_arg1, _arg2) => {
      return 1;
    }, 'int', ['pointer', 'pointer']);
  },
});

Hook SSL_CTX_set_cert_verify_callback, once it's called intercept *cb and replace the return value.

Interceptor.attach(SSL_CTX_set_cert_verify_callback, {
  onEnter: function(args) { 
    Interceptor.attach(args[1]/* *cb */, {
      onLeave: function(retval) {
        retval.replace(1);
      }
    }); 
  },
});

replace the bytecode

Interceptor.attach(SSL_CTX_set_cert_verify_callback, {
  onEnter: function(args) { 
    // add a condition so you will patch only once
    Memory.patchCode(args[1], 64, code => { 
      const cw = new Arm64Writer(code, { pc: args[1] });
      cw.putMovRegU64('x0', 1);
      cw.putRet();
      cw.flush();
    });
  },
});

replace the function with CModule

const cm = new CModule(`
void ret1(void) {
  return 1;
}
`);


Interceptor.attach(SSL_CTX_set_cert_verify_callback, {
  onEnter: function(args) { 
    Interceptor.replace(args[1], cm.ret1);
  },
});

Create new NativeFunction and use it then

Answers (1)

Related Questions