Our great sponsors
-
proxychains
proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy. Supported auth-types: "user/pass" for SOCKS4/5, "basic" for HTTP.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
QuAPI
Library and tool to add assumption-support to generic SAT or QBF solver binaries using automated fork()ing and LD_PRELOAD (by maximaximal)
A great framework for doing something along those lines is Frida (https://github.com/frida/frida). Works on a bunch of stuff, including Android and iOS. Some global-ish certificate pinning bypasses work through Frida, by patching http libraries to not raise exceptions, accept system certificates, etc and just quietly hum along instead. Certificate unpinning in turn enables network MITM with mitmproxy, which makes it a lot quicker and easier to inspect, block, or modify network traffic.
Funnily enough, I've seen much stronger obfuscation from reverse engineering from my cheap Tuya IoT devices app than from my bank app.
Fun fact: proxychains uses LD_PRELOAD [0] to hook the necessary syscalls [1] for setting up a "proxy environment" for the wrapped program, e.g. `connect`, `gethostbyname`, `gethostbyaddr`, etc. Note this also implies that it could be leaky in some cases when applied to a program that uses alternative syscalls to make an external connection.
[0] https://github.com/haad/proxychains/blob/master/src/proxycha...
[1] https://github.com/haad/proxychains/blob/master/src/libproxy...
one of my favorite hacks, which started as a joke, is using LD PRELOAD to generate audio from memory allocation and read calls.
https://github.com/gordol/ld_preload-sounds
this started out as like 10-20 lines of terrible code originally, and a few people sent merge requests to improve it