TransWikia.com

LOG Urls that APK requests using smali

Reverse Engineering Asked by sitedude on August 4, 2021

I have an APK that uses pinning. I am having an unbelievable time trying to remove the SSL pinning so i figure it might be easier to modify the smali files and recompile to log the LoadURL events.

Below is the method I am trying to log the URL it loads. I have tried to use

invoke-static {v0, v1}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I

but i get register errors in the Android studio logcat. Any ideas or a better way to see what urls this APK is loading along with the POST request?

.method public run()V
    .locals 3

    sget v0, Landroid/os/Build$VERSION;->SDK_INT:I

    const/16 v1, 0x12

    if-le v0, v1, :cond_0

    iget-object v0, p0, Lcom/gigya/socialize/android/GSWebBridge$6;->this$0:Lcom/gigya/socialize/android/GSWebBridge;

    invoke-static {v0}, Lcom/gigya/socialize/android/GSWebBridge;->access$100(Lcom/gigya/socialize/android/GSWebBridge;)Landroid/webkit/WebView;

    move-result-object v0

    iget-object v1, p0, Lcom/gigya/socialize/android/GSWebBridge$6;->val$invocation:Ljava/lang/String;

    new-instance v2, Lcom/gigya/socialize/android/GSWebBridge$6$1;

    invoke-direct {v2, p0}, Lcom/gigya/socialize/android/GSWebBridge$6$1;-><init>(Lcom/gigya/socialize/android/GSWebBridge$6;)V

    invoke-virtual {v0, v1, v2}, Landroid/webkit/WebView;->evaluateJavascript(Ljava/lang/String;Landroid/webkit/ValueCallback;)V

    goto :goto_0

    :cond_0
    iget-object v0, p0, Lcom/gigya/socialize/android/GSWebBridge$6;->this$0:Lcom/gigya/socialize/android/GSWebBridge;

    invoke-static {v0}, Lcom/gigya/socialize/android/GSWebBridge;->access$100(Lcom/gigya/socialize/android/GSWebBridge;)Landroid/webkit/WebView;

    move-result-object v0

    iget-object v1, p0, Lcom/gigya/socialize/android/GSWebBridge$6;->val$invocation:Ljava/lang/String;

    invoke-virtual {v0, v1}, Landroid/webkit/WebView;->loadUrl(Ljava/lang/String;)V


    :goto_0
    return-void
.end method

Another example, I tried to add a simple log on 2 consts and it errors out as well and crashes

    move-result-object v1

    const-string v2, "/"

    const-string v3, ""

    invoke-static {v2, v3}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I (this is the added line)


    invoke-virtual {v1, v2, v3}, Ljava/lang/String;->replace(Ljava/lang/CharSequence;Ljava/lang/CharSequence;)Ljava/lang/String;

    move-result-object v1

    invoke-virtual {p1}, Landroid/net/Uri;->getEncodedQuery()Ljava/lang/String;

    move-result-object p1

In log cat I get the following error

2019-10-13 13:52:46.823 14636-14636/? W/dex2oat: Verification error in boolean com.gigya.socialize.android.GSWebBridge.handleUrl(android.webkit.WebView, java.lang.String)
2019-10-13 13:52:46.823 14636-14636/? W/dex2oat: boolean com.gigya.socialize.android.GSWebBridge.handleUrl(android.webkit.WebView, java.lang.String) failed to verify: boolean com.gigya.socialize.android.GSWebBridge.handleUrl(android.webkit.WebView, java.lang.String): [0x29] Rejecting invocation, expected 1 argument registers, method signature has 2 or more
2019-10-13 13:53:56.296 14703-14703/? W/System.err: a.b.c.f: The exception could not be delivered to the consumer because it has already canceled/disposed the flow or the exception has nowhere to go to begin with. Further reading: https://github.com/ReactiveX/RxJava/wiki/What's-different-in-2.0#error-handling | java.lang.VerifyError: Verifier rejected class com.gigya.socialize.android.GSWebBridge: boolean com.gigya.socialize.android.GSWebBridge.handleUrl(android.webkit.WebView, java.lang.String) failed to verify: boolean com.gigya.socialize.android.GSWebBridge.handleUrl(android.webkit.WebView, java.lang.String): [0x29] Rejecting invocation, expected 1 argument registers, method signature has 2 or more (declaration of 'com.gigya.socialize.android.GSWebBridge' appears in base.apk)
2019-10-13 13:53:56.297 14703-14703/? W/System.err: Caused by: java.lang.VerifyError: Verifier rejected class com.gigya.socialize.android.GSWebBridge: boolean com.gigya.socialize.android.GSWebBridge.handleUrl(android.webkit.WebView, java.lang.String) failed to verify: boolean com.gigya.socialize.android.GSWebBridge.handleUrl(android.webkit.WebView, java.lang.String): [0x29] Rejecting invocation, expected 1 argument registers, method signature has 2 or more (declaration of 'com.gigya.socialize.android.GSWebBridge' appears in base.apk)
2019-10-13 13:53:56.297 14703-14703/? W/System.err:     at com.gigya.socialize.android.GSWebBridge.attach(Unknown Source:0)
2019-10-13 13:53:56.399 14703-14703/? E/AndroidRuntime: FATAL EXCEPTION: main

Then the app crashes as well.

android

One Answer

2019-10-13 13:52:46.823 14636-14636/? W/dex2oat: Verification error

Looks like dex2oat which is a DEX code compilation tool failed bytecode verification. At first in may seem odd this happens only at runtime, but keep in mind that Android preforms Just-in-time and Ahed-of-time compilation, and both tactics are performed on device.

com...GSWebBridge.handleUrl(android.webkit.WebView, java.lang.String): [0x29] Rejecting invocation, expected 1 argument registers, method signature has 2 or more

I would guess that you called a function that expects two argument with only one arguments. That function does not appear in your snippet so it might indicate you edited some other code. Try to include the erroring function and the code that calls it so we can better understand what is going on.

Hope It helps!

Answered by Gal on August 4, 2021

Add your own answers!

Ask a Question

Get help from others!

Recent Questions

Recent Answers

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP