Help/Support SSL Kill switch Questions - Related to App Revokes

Z4R0S · April 16, 2020

Greetings to you all,

I've been researching information about Certificate pinning and ssl verification bypasses ...

Yet truth be told, I'm not so familiar to iOS hacking... for now at least, so I'm turning to this community for more help and guidance to understand it better.

My "simple" question is, by using SSL Kill Switch, is it possible to bypass certification revokes and untrusted certificates issues?

Would it allow iOS users to run apps indefinitely?

This can be turned into a discussion and if admins believe I posted it in the wrong forum section, I ask of you to either transfer it in the right section or guide me to where I should post this.

Thank you!

Rook · April 16, 2020

Hey!

I don’t see how this would?

What idea do you have in mind?

Z4R0S · April 16, 2020

I may be confused about the type of certificates discussed here... Yet I'm willing to learn some more.

When an app gets revoked, it's actually its Certificate that gets unsupported, is it not?

Based on that idea, I've been researching methods to Bypass the Apple Certificates/Authorization to launch an App, but that research is hard to go through...

Pretty much the only information I'd find is information about SSL certificates and SSL Kill Switch to allow the user, if done properly, to use "any" certificate for the selected application.

I may be wrong about the whole thing, but the idea is similar to running a Steam game without going through Steam to launch it. Isn't there a way to launch an app without having Apple's certificate verification?

Quote

The Kill Switch uses the Cydia Substrate which hooks the iOS functions used for certificate validation and modifies them so that they accept any certificate. It becomes more complicated when the app uses the OpenSSL library instead of the native iOS frameworks since they are not affected by the Kill Switch’s hooking.

Source: https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2015/january/bypassing-openssl-certificate-pinning-in-ios-apps/

As stated above, I may be wrong about the whole thing, but if on the contrary it opens a door to a possible revoke solve, I'm willing to learn more about it.