Unable to log TLS keys or traffic with an android app about fritap HOT 5 OPEN

I guess we have another game engine (LibGDX) here that , like Unity, comes with its own network stack. (https://libgdx.com/wiki/networking)
It is just not supported at this point in time .

from fritap.

On some Android devices the following code will return since SSL_get_fd return -1

        Interceptor.attach(this.addresses["SSL_write"],
        {
            onEnter: function (args: any) {
                if (!ObjC.available){
                this.fd = OpenSSL_BoringSSL.SSL_get_fd(args[0])
                if(this.fd < 0) {
                    return
                }
                var message = getPortsAndAddresses(this.fd as number, false, lib_addesses)
                message["ssl_session_id"] = OpenSSL_BoringSSL.getSslSessionId(args[0])
                message["function"] = "SSL_write"
                message["contentType"] = "datalog"

I don't know if it is because of the lack of permission or some Android OEM quirks. The google ssl_logger just ignore this so they can log traffic without ip/port.

from fritap.

Hi,

On some Android devices the following code will return since SSL_get_fd return -1

        Interceptor.attach(this.addresses["SSL_write"],
        {
            onEnter: function (args: any) {
                if (!ObjC.available){
                this.fd = OpenSSL_BoringSSL.SSL_get_fd(args[0])
                if(this.fd < 0) {
                    return
                }
                var message = getPortsAndAddresses(this.fd as number, false, lib_addesses)
                message["ssl_session_id"] = OpenSSL_BoringSSL.getSslSessionId(args[0])
                message["function"] = "SSL_write"
                message["contentType"] = "datalog"

I don't know if it is because of the lack of permission or some Android OEM quirks. The google ssl_logger just ignore this so they can log traffic without ip/port.

Originally, friTap was designed with live forensics in mind, aiming to preserve socket information for thorough analysis. We've since introduced a new feature, --enable_default_fd, which supplies default socket information when writing to the pcap file. This enhancement ensures that users have access to essential data, even when specific socket details are unavailable, thereby maintaining the utility and effectiveness of forensic investigations.

from fritap.

I am testing the app "Rucoy Online" for http data upon character login. Fritap spawns the app just fine, but it does not log any TLS traffic or keys relating to the log in.

It does however, log firebase TLS keys when you first install the app, but these keys are unrelated to the actual game server connection. I assume the hooked functions correspond to this.

This app is on the playstore, feel free to give it a try!

Can you retry it with the latest friTap version (1.1.0.5). Also consider the following:
https://github.com/fkie-cad/friTap?tab=readme-ov-file#problems

from fritap.

Hello,

Thank you for the update, I tried using the new version of Fritap on the same app, but now I am receiving these errors:

As you can see, I have run the command for both key logging and pcap traffic, with and without the --enable_default_fd flag for each case. Do you know what these errors mean?

The device I am using is a Genymotion emulated Google Nexus 4. If anyone can somehow succesfully log the TLS keys/traffic for this app, help would be appreciated. Thanks!

from fritap.