ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Fri Oct 18, 2019 1:15 pm

All times are UTC




Post new topic  Reply to topic  [ 8 posts ] 
Author Message
PostPosted: Wed Jul 31, 2019 4:41 am 

Joined: Wed Jul 31, 2019 4:36 am
Posts: 5
Hi, I'm looking for some help decrying server response data for a mobile game below. Let me know if you guys need any additional info. Thanks!


Game: https://apkpure.com/chain-strike%E2%84% ... oid.common
Sample APTI Responses:

Quote:
User-Agent: ChainStrike/1.2.6.533 CFNetwork/897.15 Darwin/17.5.0
Connection: keep-alive
Accept: */*
Accept-Language: en-us
Content-Length: 162
Accept-Encoding: br, gzip, deflate
X-Unity-Version: 5.4.4p3

0 {"key":"a958306ec30b918a9cd02e82641354","seq":2}ÑÝ•e7šî4]ï7©<Hè›olZãS„‡7£¿Q£€n<—Ý* uu$´4€2‹÷niØ&Ù°³Žû;3ªGÙŽMÕÆ|Ens€œõU;ØmtMiVˆ{¨ãOˆø?¸6¸ë,'ðl^s…þ
HTTP/1.1 200 OK



Quote:
Date: Mon, 10 Dec 2018 01:21:58 GMT
Connection: keep-alive

K {"key":"a958306ec30b918a9cd02e82641354","seq":"3","error":"200","type":"0"}ÑÝ•e7šî4]ï7©<Hè›olZãS„‡7£¿Q£€n<—Ý* uu$´4€2‹G7–à…îÁ<˜vká‡W'¼¤Þ¨wÇŠ_¥•ˆB«C£ânû¹?õ×Wc_¼À3»Òé¹¥Rʇá·'ž Gî7ža:æ
õÇ» ‰Ç º"Õ
òÜÀÊ›-Ë{i7í¿‘A"¹mö¥AM“V#ÜïLµ-14îèE
€2ÎÏCšíÏ×\À•I«ø<œÑèÔ%Þtâ¤J9N~&3;Åù„tò’s„ ¾ßÔÚ¡GõPEäNM‚ì÷â°P.:÷ãÚ <õmÒ¨ÕƁ2ÛqdÖÃ~WUˆÆ‰ÝƒL.¤z ×}‹w¦Kz.;ýVÌeƒÝ¬è¶¦œ®º2š¼µ„ZãXžVJMôâ#Cm]ô÷M]©Ô5—BÚGïÆÒbœrÆŒ­¤OAÁl
M—EÇK¾;·›Ø¬¨Ìù«kÄ;jÏ)UF(_õgñë<¿# Gs+b»`u•XTCí)Þý±…—‚X^ú/U· ý°ÖÉ8=냥–›vÔ Úº_ÿÜÙÐþêöø­©÷ae—÷¢én Ÿí
ƒH¯ŽíŠ—ä
­´(‹ªÁ3r•=‹7F†%ìŒ3Û“ò CÓtÂ1'2ÙnLÊùî¹ùpY¹¾*Û_MÂC·¡2LÀ=Ax €jâRšqŒ#d_ªxd°ÜßšEŸèæb%l…«6‘Ïù§M×$hÔn&å—KKðª€eáI›0ºÂäýPûéÓ Ð`o·%&CJè
jÈgÕ *P;#9Ÿ|­K1D3Œ±-4´¸…êU?uãQnPèŠvB\Fæ4PË ËBrwš{ÛÞNÌLrÆd/´…“衾—"…Àò¿ÄD:l)¢“—´Á(Èαëq‹’Z’z­ø]bI€I+
ºA•+-R[.xÈA×ëýå{X‹züQhdË"¿ iö+.‡õy´XmP‡[!ÚÙ‚é @Êî'Q˜bDƒþQ=!Ûþ¤ ܉ßXÂӏÛÃÈý½õœ¬Ž†Ûþ32XÄ`)ʼ›äjhz†³;ñ.þ»Ì­
hA,\LÐ3»¤Ú ÜÿJÔƒó2áóq$㉑?ÿû³ûóßðŠJX:g>êÉPïÈôSÈžR+Þë Çš‘æüCóAîNfK7• ¶®4¸Tg¡n]ì.>Îˆ·[ŒçR$Ò¿™ÌäÕ€•'µ<G$sê\n·uø€¿¼=ŒÍdZpµ¡â”ë°¿Óáùõs+Æ; £%B
^¤òÎœ‰3RÏÛóÄe3‡[Bל—«s_H'Á’.Z'YrU …
ªûbQ~2×}ß[I©jcJºÂ Û±ÿ^(Ã…@Žªx…8ë€uJ—9‰‘"Ø…Šª;ߧ!×R­…X…Ô¤ÕiÚÊÍ,äx´ ÞY™A¤C©¨¬d¨Ìè


Last edited by GoTPhonE on Sun Aug 18, 2019 4:11 am, edited 1 time in total.

Top
   
PostPosted: Mon Aug 05, 2019 6:43 pm 

Joined: Fri Aug 26, 2016 3:11 pm
Posts: 61
GoTPhonE wrote:
Hi, I'm looking for some help decrying server response data for a mobile game below. Let me know if you guys need any additional info. Thanks!


Game: https://apkpure.com/chain-strike%E2%84% ... oid.common
Sample APTI Responses:

Quote:
User-Agent: ChainStrike/1.2.6.533 CFNetwork/897.15 Darwin/17.5.0
Connection: keep-alive
Accept: */*
Accept-Language: en-us
Content-Length: 162
Accept-Encoding: br, gzip, deflate
X-Unity-Version: 5.4.4p3

0 {"key":"a958306ec30b918a9cd02e82641354","seq":2}ÑÝ•e7šî4]ï7©<Hè›olZãS„‡7£¿Q£€n<—Ý* uu$´4€2‹÷niØ&Ù°³Žû;3ªGÙŽMÕÆ|Ens€œõU;ØmtMiVˆ{¨ãOˆø?¸6¸ë,'ðl^s…þ
HTTP/1.1 200 OK



Quote:
Date: Mon, 10 Dec 2018 01:21:58 GMT
Connection: keep-alive

K {"key":"a958306ec30b918a9cd02e82641354","seq":"3","error":"200","type":"0"}ÑÝ•e7šî4]ï7©<Hè›olZãS„‡7£¿Q£€n<—Ý* uu$´4€2‹G7–à…îÁ<˜vká‡W'¼¤Þ¨wÇŠ_¥•ˆB«C£ânû¹?õ×Wc_¼À3»Òé¹¥Rʇá·'ž Gî7ža:æ
õÇ» ‰Ç º"Õ
òÜÀÊ›-Ë{i7í¿‘A"¹mö¥AM“V#ÜïLµ-14îèE
€2ÎÏCšíÏ×\À•I«ø<œÑèÔ%Þtâ¤J9N~&3;Åù„tò’s„ ¾ßÔÚ¡GõPEäNM‚ì÷â°P.:÷ãÚ <õmÒ¨ÕƁ2ÛqdÖÃ~WUˆÆ‰ÝƒL.¤z ×}‹w¦Kz.;ýVÌeƒÝ¬è¶¦œ®º2š¼µ„ZãXžVJMôâ#Cm]ô÷M]©Ô5—BÚGïÆÒbœrÆŒ­¤OAÁl
M—EÇK¾;·›Ø¬¨Ìù«kÄ;jÏ)UF(_õgñë<¿# Gs+b»`u•XTCí)Þý±…—‚X^ú/U· ý°ÖÉ8=냥–›vÔ Úº_ÿÜÙÐþêöø­©÷ae—÷¢én Ÿí
ƒH¯ŽíŠ—ä
­´(‹ªÁ3r•=‹7F†%ìŒ3Û“ò CÓtÂ1'2ÙnLÊùî¹ùpY¹¾*Û_MÂC·¡2LÀ=Ax €jâRšqŒ#d_ªxd°ÜßšEŸèæb%l…«6‘Ïù§M×$hÔn&å—KKðª€eáI›0ºÂäýPûéÓ Ð`o·%&CJè
jÈgÕ *P;#9Ÿ|­K1D3Œ±-4´¸…êU?uãQnPèŠvB\Fæ4PË ËBrwš{ÛÞNÌLrÆd/´…“衾—"…Àò¿ÄD:l)¢“—´Á(Èαëq‹’Z’z­ø]bI€I+
ºA•+-R[.xÈA×ëýå{X‹züQhdË"¿ iö+.‡õy´XmP‡[!ÚÙ‚é @Êî'Q˜bDƒþQ=!Ûþ¤ ܉ßXÂӏÛÃÈý½õœ¬Ž†Ûþ32XÄ`)ʼ›äjhz†³;ñ.þ»Ì­
hA,\LÐ3»¤Ú ÜÿJÔƒó2áóq$㉑?ÿû³ûóßðŠJX:g>êÉPïÈôSÈžR+Þë Çš‘æüCóAîNfK7• ¶®4¸Tg¡n]ì.>Îˆ·[ŒçR$Ò¿™ÌäÕ€•'µ<G$sê\n·uø€¿¼=ŒÍdZpµ¡â”ë°¿Óáùõs+Æ; £%B
^¤òÎœ‰3RÏÛóÄe3‡[Bל—«s_H'Á’.Z'YrU …
ªûbQ~2×}ß[I©jcJºÂ Û±ÿ^(Ã…@Žªx…8ë€uJ—9‰‘"Ø…Šª;ߧ!×R­…X…Ô¤ÕiÚÊÍ,äx´ ÞY™A¤C©¨¬d¨Ìè


How did you retrieve that? Are you sure the information isn't just truncated and not encrypted?


Top
   
PostPosted: Tue Aug 06, 2019 2:47 am 

Joined: Wed Jul 31, 2019 4:36 am
Posts: 5
I'm using Fiddler( https://www.telerik.com/fiddler ) proxy server to read in and out traffic of the game. Doesn't seem like the response is truncated because the first one is really short, the 2nd one is longer but not big enough where it needed to be truncated.

there are bigger responses that it is obviously truncated that i could post that we can verify. lmk


Top
   
PostPosted: Tue Aug 06, 2019 9:18 pm 

Joined: Fri Aug 26, 2016 3:11 pm
Posts: 61
GoTPhonE wrote:
I'm using Fiddler( https://www.telerik.com/fiddler ) proxy server to read in and out traffic of the game. Doesn't seem like the response is truncated because the first one is really short, the 2nd one is longer but not big enough where it needed to be truncated.

there are bigger responses that it is obviously truncated that i could post that we can verify. lmk


Can you attach your saz file from fiddler.


Top
   
PostPosted: Wed Aug 07, 2019 3:39 am 

Joined: Wed Jul 31, 2019 4:36 am
Posts: 5
youre are right, they are truncated. whats the best way to combine them and decode?

saz file: https://easyupload.io/2a8n8m


Top
   
PostPosted: Wed Aug 07, 2019 4:53 am 

Joined: Wed Jul 31, 2019 4:36 am
Posts: 5
here are the game's SO files. i have no luck decompiling it. hopefully someone smarter can figure it out.

https://easyupload.io/bpz7sr


Top
   
PostPosted: Thu Aug 08, 2019 11:32 am 

Joined: Fri Aug 26, 2016 3:11 pm
Posts: 61
GoTPhonE wrote:
youre are right, they are truncated. whats the best way to combine them and decode?

saz file: https://easyupload.io/2a8n8m


Thanks. You can right click on the pane to disable auto truncating, in this case not usually useful however what does help when trying to view it all is the raw export feature. Looking at it in a hex editor it appears the first 2 bytes are a short to specify the length for the json response at the start then all of the additional data follows it afterwards, I did take a quick look at the APK file and it appears the game has been protected with NProtect AppGuard. Sadly mobile debugging isn't really my strong suite but hopefully it will give more context to anyone that might be able to help.


Top
   
PostPosted: Sun Aug 18, 2019 4:11 am 

Joined: Wed Jul 31, 2019 4:36 am
Posts: 5
bump to $75 if anyone can help solving this


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 8 posts ] 

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited