Comment by benmmurphy

Comment by benmmurphy 2 days ago

2 replies

View on Hacker News

If you jailbreak your phone then you are able to remove certificate pinning. If you just want to do this for research purposes then you can buy an old iPhone6s, iPhone8 or iPhoneX and use checkra1n which uses a bug early in the bootchain in order to jailbreak the phone. I think palera1n is based on checkra1n and might have better support for newer iOS versions: https://palera.in/

saagarjha a day ago

No need to jailbreak to remove pinning; you just need to patch the app itself (for example, by replacing the certificate it verifies against or the code that does the verification).

Reply View 1 reply
  • benmmurphy a day ago

    you need some way to decrypt the app store app so you know what you are modifying and so you can resign which usually involves a jailbreak. maybe there are these apps that only have the first page encrypted so potentially you don't need to decrypt these apps because you can guess what the first page is.

    Reply View 0 replies