Xamarin
Reverse Engineering
- Unpack the apk
- Inside the unkown assemblies folder use tools/Xamarin_XALZ_decompress.py at master ยท x41sec/tools ยท GitHub to parse the headers from XLZ to PE so you can decrypt it with DnSpy
Traffic Interception
One technique to rule them all
AVD does not utilise the built in proxy settings of Android Devices, it utilises some magic under the hood to proxy traffic. Works on non-proxy aware applications 1. Set up an Pixel 3a XL android emulated device (needs to have SDK < 29). 2. Use Android Studio Virtual Device Manager with the following command line args. 3. Drag and drop the APK to the device to install it. 4. Install burp certificate on the device by following the guide: https://secabit.medium.com/how-to-configure-burp-proxy-with-an-android-emulator-31b483237053
Intercept Traffic using tooling
Use ProxyDroid โ Apps on Google Play and Burp NoPE Intercepting Non-HTTP Request Using Burp Suite + Extension (NoPE Proxy) | by #Ujan | Medium
SSL Unpinning
Resources
- Intercepting Xamarin Mobile App Traffic (triskelelabs.com)
- https://deepsec.net/docs/Slides/2021/Intercepting_Mobile_App_Network_Traffic_aka_%E2%80%9CThe_Squirrel_in_the_Middle%E2%80%9D_Sven_Schleier%20.pdf
- Invisible proxying - PortSwigger
- GitHub - helviojunior/xamarin_sslunpinning
- GitHub - GoSecure/frida-xamarin-unpin: A Frida script to bypass Xamarin certificate pinning implementations