This topic was archived here:

https://web.archive.org/web/20230000000000fw_/https://www.zenhax.com/viewtopic.php?t=12330

GoTPhonE, posted Wed Jul 31, 2019 4:41 am (50085)

---

Hi, I'm looking for some help decrying server response data for a mobile game below. Let me know if you guys need any additional info. Thanks!


Game: https://apkpure.com/chain-strike ... oid.common
Sample APTI Responses:

Quote:

User-Agent: ChainStrike/1.2.6.533 CFNetwork/897.15 Darwin/17.5.0
Connection: keep-alive
Accept: */*
Accept-Language: en-us
Content-Length: 162
Accept-Encoding: br, gzip, deflate
X-Unity-Version: 5.4.4p3

0 {"key":"a958306ec30b918a9cd02e82641354","seq":...........
HTTP/1.1 200 OK

Quote:

Date: Mon, 10 Dec 2018 01:21:58 GMT
Connection: keep-alive

K {"key":"a958306ec30b918a9cd02e82641354","seq":"3","error":"200","type":"0"NYe7si4i7

LokiReborn, posted Mon Aug 05, 2019 6:43 pm (50169)

---

GoTPhonE wrote:

Hi, I'm looking for some help decrying server response data for a mobile game below. Let me know if you guys need any additional info. Thanks!


Game: https://apkpure.com/chain-strike ... oid.common
Sample APTI Responses:

Quote:

User-Agent: ChainStrike/1.2.6.533 CFNetwork/897.15 Darwin/17.5.0
Connection: keep-alive
Accept: */*
Accept-Language: en-us
Content-Length: 162
Accept-Encoding: br, gzip, deflate
X-Unity-Version: 5.4.4p3

0 {"key":"a958306ec30b918a9cd02e82641354","seq":
HTTP/1.1 200 OK

Quote:

Date: Mon, 10 Dec 2018 01:21:58 GMT
Connection: keep-alive

K {"key":"a958306ec30b918a9cd02e82641354","seq":"3","error":"200","type":"0"

How did you retrieve that? Are you sure the information isn't just truncated and not encrypted?

GoTPhonE, posted Tue Aug 06, 2019 2:47 am (50173)

---

I'm using Fiddler( https://www.telerik.com/fiddler ) proxy server to read in and out traffic of the game. Doesn't seem like the response is truncated because the first one is really short, the 2nd one is longer but not big enough where it needed to be truncated.

there are bigger responses that it is obviously truncated that i could post that we can verify. lmk

LokiReborn, posted Tue Aug 06, 2019 9:18 pm (50183)

---

GoTPhonE wrote:

I'm using Fiddler( https://www.telerik.com/fiddler ) proxy server to read in and out traffic of the game. Doesn't seem like the response is truncated because the first one is really short, the 2nd one is longer but not big enough where it needed to be truncated.

there are bigger responses that it is obviously truncated that i could post that we can verify. lmk

Can you attach your saz file from fiddler.

GoTPhonE, posted Wed Aug 07, 2019 3:39 am (50185)

---

youre are right, they are truncated. whats the best way to combine them and decode?

saz file: https://easyupload.io/2a8n8m

GoTPhonE, posted Wed Aug 07, 2019 4:53 am (50186)

---

here are the game's SO files. i have no luck decompiling it. hopefully someone smarter can figure it out.

https://easyupload.io/bpz7sr

LokiReborn, posted Thu Aug 08, 2019 11:32 am (50207)

---

GoTPhonE wrote:

youre are right, they are truncated. whats the best way to combine them and decode?

saz file: https://easyupload.io/2a8n8m

Thanks. You can right click on the pane to disable auto truncating, in this case not usually useful however what does help when trying to view it all is the raw export feature. Looking at it in a hex editor it appears the first 2 bytes are a short to specify the length for the json response at the start then all of the additional data follows it afterwards, I did take a quick look at the APK file and it appears the game has been protected with NProtect AppGuard. Sadly mobile debugging isn't really my strong suite but hopefully it will give more context to anyone that might be able to help.

GoTPhonE, posted Sun Aug 18, 2019 4:11 am (50349)

---

bump to $75 if anyone can help solving this