AFAIK HSTS doesn't break TLS MITM. A valid x509 certificate is generated by the attacker (using a Certificate Authority trusted by the victim's browser) for the domain the victim is visiting and all is well for both TLS sessions (Client<->Attacker, Attacker<->Server). This all relies on the attacker having access to sign certs from the trusted CA.
Certificate pinning in the HTTPS client would mitigate TLS MITM (HPKP).
Certificate pinning in the HTTPS client would mitigate TLS MITM (HPKP).