├── README.md
├── TTNetStartUpTask.h
├── TTNetStartUpTask.m
└── titokpass.js


/README.md:
--------------------------------------------------------------------------------
 1 | # TTNetworkManager
 2 | 
 3 | This script bypasses SSL pinning that TikTok/抖音 has and may change in the future.
 4 | 
 5 | This is for educational purposes only.
 6 | 
 7 | To run, run the following command:
 8 | 
 9 | ``` bash
10 | frida -U -f com.ss.iphone.ugc.Aweme -l titokpass.js
11 | ```
12 | 
13 | Please note this will only work on Jailbroken iOS devices. 
14 | 
15 | You must have frida installed prior to running this script.
16 | 


--------------------------------------------------------------------------------
/TTNetStartUpTask.h:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | //
 4 | //  TTNetStartUpTask.h
 5 | //  App
 6 | //
 7 | //
 8 | 
 9 | #import <OneKit/OKStartUpTask.h>
10 | NS_ASSUME_NONNULL_BEGIN
11 | 
12 | @interface TTNetStartUpTask : OKStartUpTask
13 | 
14 | @end
15 | 
16 | NS_ASSUME_NONNULL_END
17 | 


--------------------------------------------------------------------------------
/TTNetStartUpTask.m:
--------------------------------------------------------------------------------
 1 | //
 2 | //  TTNetStartUpTask.m
 3 | //  App
 4 | //
 5 | //
 6 | 
 7 | #import "TTNetStartUpTask.h"
 8 | #import <OneKit/OKStartUpFunction.h>
 9 | #import <TTNetworkManager/TTNetworkManager.h>
10 | 
11 | OKAppTaskAddFunction () {
12 |     [[TTNetStartUpTask new] scheduleTask];
13 | }
14 | 
15 | @implementation TTNetStartUpTask
16 | 
17 | - (void)startWithLaunchOptions:(NSDictionary<UIApplicationLaunchOptionsKey,id> *)launchOptions {
18 |     [TTNetworkManager setMonitorBlock:^(NSDictionary * json, NSString *logtype) {
19 |         //NSLog(@"json: %@, log type: %@", json, logtype);
20 |     }];
21 |     
22 |     [[TTNetworkManager shareInstance] setCommonParamsblock:^NSDictionary *{
23 |             NSMutableDictionary *commonParams = [NSMutableDictionary dictionary];
24 |             [commonParams setValue:@"99999" forKey:@"aid"];
25 |             return [commonParams copy];
26 |     }];
27 |     
28 |     [[TTNetworkManager shareInstance] setDomainHttpDns:@"xx.xx.xx"];
29 |     [[TTNetworkManager shareInstance] setDomainNetlog:@"xx.xx.xx"];
30 |     [[TTNetworkManager shareInstance] setDomainBoe:@"xxx"];
31 |     
32 | 
33 |     NSString *tnc_config =
34 |         @"{"
35 |         "    \"data\": {"
36 |         "         \"chromium_open\": 1,"                   // 开启cronet
37 |         "         \"ttnet_http_dns_enabled\": 0,"          // 关闭HttpDns
38 |         "         \"ttnet_quic_enabled\": 1,"              // 开启QUIC协议支持
39 |         "         \"ttnet_local_dns_time_out\":5,"         // 设置LocalDns超时
40 |         "         \"ttnet_h2_enabled\": 1,"                // 开启HTTP2协议支持
41 |         "         \"ttnet_socket_pool_param\": {"          // 设置一个Host对应的连接数
42 |         "             \"max_sockets_per_group\": 20"
43 |         "         },"
44 |         "         \"ttnet_preconnect_urls\": {"            // 设置预连接的域名以及连接数
45 |         "             \"https://www.xxx.com\": 1,"         // 预连接可以根据业务自身需求
46 |         "             \"https://www.xxx.com\": 2"          // 选择性配置（也可不配）
47 |         "         },"
48 |         "         \"ttnet_buffer_config\": {"              // 上传数据时的Buffer大小
49 |         "             \"ttnet_request_body_buffer_size\": 1048576,"
50 |         "         },"
51 |         "    },"
52 |         "    \"message\":\"success\""
53 |         "}";
54 |     [[TTNetworkManager shareInstance] setGetDomainDefaultJSON:tnc_config];
55 |     
56 |     [[TTNetworkManager shareInstance] start];
57 | }
58 | @end
59 | 


--------------------------------------------------------------------------------
/titokpass.js:
--------------------------------------------------------------------------------
 1 | /*
 2 | 	This script bypasses SSL pinning that TikTok has and may change in the future.
 3 | 	This is for educational purposes only.
 4 | 	
 5 | 	To run, run the following command:
 6 | 	frida -U -f com.ss.iphone.ugc.Aweme -l titokpass.js
 7 | 	Please note this will only work on Jailbroken iOS devices. You must have frida installed prior to running this script.
 8 | */
 9 | 
10 | Interceptor.attach(ObjC.classes.TTHttpTask["- skipSSLCertificateError"].implementation, {
11 | 	onEnter: function (args) {
12 | 
13 | 	},
14 | 	onLeave: function (retval) {
15 | 		retval.replace(0x1);
16 | 	}
17 | });
18 | 
19 | Interceptor.attach(ObjC.classes.TTNetworkManager["- ServerCertificate"].implementation, {
20 | 	onEnter: function (args) {
21 | 
22 | 	},
23 | 	onLeave: function (retval) {
24 | 		retval.replace(0x0);
25 | 	}
26 | });
27 | 
28 | Interceptor.attach(ObjC.classes.TTNetworkManagerChromium["- ServerCertificate"].implementation, {
29 | 	onEnter: function (args) {
30 | 
31 | 	},
32 | 	onLeave: function (retval) {
33 | 		retval.replace(0x0);
34 | 	}
35 | });
36 | 
37 | Interceptor.attach(ObjC.classes.TTNetworkManagerChromium["- setServerCertificate:"].implementation, {
38 | 	onEnter: function (args) {
39 | 		var sss = ObjC.classes.NSString.stringWithString_("MIIFXDCCBESgAwIBAgIGAYGOKcYoMA0GCSqGSIb3DQEBCwUAMIGyMUMwQQYDVQQDDDpDaGFybGVzIFByb3h5IENBICgyMyBKdW4gMjAyMiwgWW91c3NlZmRlTWFjQm9vay1Qcm8ubG9jYWwpMSUwIwYDVQQLDBxodHRwczovL2NoYXJsZXNwcm94eS5jb20vc3NsMREwDwYDVQQKDAhYSzcyIEx0ZDERMA8GA1UEBwwIQXVja2xhbmQxETAPBgNVBAgMCEF1Y2tsYW5kMQswCQYDVQQGEwJOWjAeFw0yMjA2MjIwMTI1MTFaFw0yMzA2MjIwMTI1MTFaMIGyMUMwQQYDVQQDDDpDaGFybGVzIFByb3h5IENBICgyMyBKdW4gMjAyMiwgWW91c3NlZmRlTWFjQm9vay1Qcm8ubG9jYWwpMSUwIwYDVQQLDBxodHRwczovL2NoYXJsZXNwcm94eS5jb20vc3NsMREwDwYDVQQKDAhYSzcyIEx0ZDERMA8GA1UEBwwIQXVja2xhbmQxETAPBgNVBAgMCEF1Y2tsYW5kMQswCQYDVQQGEwJOWjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIIRTyl+TdSJ/+/yjWJi7CYC90jhlSoUAG4jRG9rAMWW2Kow/9uBtNJRLT5sRCgDQrJPxuGC2og8ProvglfbxeERrvE6YMXVdJcTBDZqPfR+lfA+iQi/fC6R4R5QfRF4ojX9DYAR9u62DQ6ZA4cMRyugwkQfaFzBzxLeXFpYq/kZLhd20XhtMrX6DRITh+FPKJcY7Ff67vcN5AdoGtOefJxjAKvmuAeDGOFnANQN6cAyKYxCdumFRofKAg82KkNalJD3gbAJwYyOg+SvFa1WQSRGVWemAqwXXBKJeg2CB2nOMqOFHI3WUZ5HBJBpofJRxXNct9y97uYmAjtAnhuY9W0CAwEAAaOCAXQwggFwMA8GA1UdEwEB/wQFMAMBAf8wggEsBglghkgBhvhCAQ0EggEdE4IBGVRoaXMgUm9vdCBjZXJ0aWZpY2F0ZSB3YXMgZ2VuZXJhdGVkIGJ5IENoYXJsZXMgUHJveHkgZm9yIFNTTCBQcm94eWluZy4gSWYgdGhpcyBjZXJ0aWZpY2F0ZSBpcyBwYXJ0IG9mIGEgY2VydGlmaWNhdGUgY2hhaW4sIHRoaXMgbWVhbnMgdGhhdCB5b3UncmUgYnJvd3NpbmcgdGhyb3VnaCBDaGFybGVzIFByb3h5IHdpdGggU1NMIFByb3h5aW5nIGVuYWJsZWQgZm9yIHRoaXMgd2Vic2l0ZS4gUGxlYXNlIHNlZSBodHRwOi8vY2hhcmxlc3Byb3h5LmNvbS9zc2wgZm9yIG1vcmUgaW5mb3JtYXRpb24uMA4GA1UdDwEB/wQEAwICBDAdBgNVHQ4EFgQU09mFvszseWzHrZbi8QYd4Q3efjMwDQYJKoZIhvcNAQELBQADggEBAHvtkKadKVffLXWVP0n0B+mfJxBAzmTGTn+Cva9/9f9z1zAtyhK5NPx5l1CIHLAUiaC2dPc549G9aAPPOUdsFQvOa2cejQubBwwnVfMpdrV2if6mTA1U5mehQ0PbuiZrA7W2GYaNIBDfpMsTVfDX6zlNq8STf4tOIuAIaWVRaULyu01y8Prk+Kg/EI+K8UJwA9UeZPNmuYQaT1EhETgmuuukLfeUBy75ZrCwgEge8mitl4DWPPEdZja/GIu/hyAZrSJ6zVPkq1kB6W5FGmsRjhvM3rJQEhXbUmxkK58CeNvr1di8ayQ4d68RWV1kpx8EuYOx58eYMVVkZ9Qu8zdxFKE=");
40 | 		var data = ObjC.classes.NSData.alloc().initWithBase64EncodedString_options_(sss, 0x0);
41 | 		var array = ObjC.classes.NSMutableArray.arrayWithArray_(new ObjC.Object(args[2]));
42 | 		array.addObject_(data);
43 | 		args[2] = array;
44 | 	},
45 | 	onLeave: function (retval) {
46 | 		
47 | 	}
48 | });
49 | 
50 | console.log('Successfully Initalized SSL Bypass...');
51 | 


--------------------------------------------------------------------------------