SSL Pinning 与破解

什么是 SSL Pinning

To view https traffic, you could sign your own root CA, and perform mitm attack to view the traffic. HPKP (http public key pinning) stops this sniffing by only trust given CA, thus, your self-signed certs will be invalid. To let given app to trust your certs, you will have to modify the apk file.

How to break it?

Introducing Xposed

decompile, modify and then recompile the apk file can be very diffcult. so you’d better hook to some api to let the app you trying to intercept trust your certs. xposed offers this kind of ability. moreover, a xposed module called JustTrustMe have done the tedious work for you. just install xposed and JustTrustMe and you are off to go. Here are the detaild steps:

  1. Install Xposed Installer

for android 5.0 above, use the xposed installer.

NOTE: 对于 MIUI,需要搜索 Xposed 安装器 MIUI 专版。

  1. Install Xposed from xposed installer, note, you have to give root privilege to xposed installer

  2. Install JustTrustMe

Android 反汇编 APK

使用 jadx[1]

编译和安装 jadx

mkdir jadx
git clone
cd jadx
./gradlew dist   # you might need to wait on this

或者直接 brew install jadx

decompile apk

  1. change apk to zip file and unzip it
  2. copy out the class.dex file
  3. build/jadx/bin/jadx -d OUTDIR PATH_TO_CLASS.DEX or jadxgui PATH


apk studio

如何 sign:

smali code tutorial:

一篇很好的pdf的文档,利用smali code:

安卓中 pinning 的原理

使用自己的keystore实例化 TrustManagerFactory


InputStream in = resources.openRawResource(certificateRawResource);//file name of res/raw keyStore = KeyStore.getInstance("BKS"); keyStore.load(resourceStream, password);

一些现成的 工具 xposed 插件,已测试不好用 需要cydia

豌豆荚商店中有一个 xposed installer miui专版,使用这个可以很好地安装 xposed



另外一些工具 需要cydia 一个基础工具,通过替换trust manager实现

arm 汇编教程