Bypass Workplace SSL Pinning on Android
(ARM64) Version 378.0.0.18.113-387536606
(ARM) Version 378.0.0.18.113-387536589
(x86) Version 378.0.0.18.113-387536613
Do you like this project? Support it by donating
Paypal: Donate or paypal.me/michelerenzullo
Bitcoin: 1K9RF3s4aocmaRbh2Zu2FuHjrcg5BNeDxU
Install
- Non-rooted devices: uninstall Workplace and Work Chat because the signature is different, install the patched Workplace app
- Rooted devices, just replace the patched lib in /data/data/com.facebook.work/lib-compressed/
For devs
Due to the new obfuscation of "libs" archive:
-
For arm64 it seems hardly obfuscated, I found a way to patch the bytes using RandomAccessFile in the source code:
Read this article on Medium for more information about the process. -
For arm the archive is still obfuscated but less heavier therefore we can still find the bytes to patch, update it and the calculate the new SHA256 in metadata.txt
-
For x86 the archive isn't obfuscated