fix: set DEBUG_MODE variable and add Conscrypt bypass

[digiz3d]

Issue

This PR #38 broke the tools, at least on my setup: DEBUG_MODE is not defined, causing a reference error.

Replicate the issue

android-unpinner all -l -f ./apks/xxxxx.apk
then
frida -U -l tools/android-unpinner/android_unpinner/scripts/hide-debugger.js -l tools/android-unpinner/android_unpinner/scripts/httptoolkit-unpinner.js MyApp
gives

Explanation

Unlike https://github.com/httptoolkit/frida-interception-and-unpinning, we don't have a config file in this project

Defining the variable fixes it and properly allows to apply patches

Bonus

Also added brought back another common bypass (inspired by objection https://github.com/sensepost/objection/blob/master/agent/src/android/pinning.ts#L244)
edit: turns out it was also deleted in #38 , see https://github.com/mitmproxy/android-unpinner/pull/38/files#diff-523754949d164f3759f5cfd8712b416590e6e9cf60810aa1e7ddf19346428793L147

I can make a dedicated PR for the bonus if you prefer

[injust]

The re-added bypass was removed upstream in httptoolkit/frida-interception-and-unpinning@6279e6e.

Note the commit message:

Remove overly lax hook on TrustManagerImpl

This isn't required, because our system certificate injection prepopulates the index used by all trust managers anyway, so they trust our cert regardless. As configured, the previous hook just trusted all certificates, exposing 3rd party MitM risk - better to keep it strict for just our certificate where we can.

(I haven't thought about this, nor am I context loaded -- I only dug up the commit.)

[mhils]

Thanks, @injust! I've somehow missed this PR when it was posted. I'll merge now anyway to get the error away, but if this is indeed not needed I'm happy to accept a PR that removes the extra hook.

[digiz3d]

I'll merge now anyway to get the error away

No worries ! Thanks for merging @mhils

The re-added bypass was removed upstream

Oki that makes sense, thanks for the explanation @injust 👌