-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Question #5
Comments
Login fails with the latest server, to fix this I would need to install MSM and capture login traffic with the new client version. Will look into this during new year holidays. |
okay. |
The latest client uses SSL certificate pinning, it will take more time to bypass this |
okay |
Wow, When you said it takes more time, You wernt kidding |
Yeah, its me again after 2 years. I think this is abandoned. |
Same
…On Sun, Aug 16, 2020, 11:19 PM TheRealPiggyWiggy ***@***.***> wrote:
Yeah, its me again after 2 years. I think this is abandoned.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#5 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AGJF6XLOU3ANTGBPLCDTKZ3SBCVUDANCNFSM4EJODQAQ>
.
|
Hi, owner here. After seeing activity here, I was going to confirm this thing as abandoned, however before doing so I decided to give another try to remove SSL trust anchor pinning in the game binaries (which I failed to do earlier), and this time I succeeded, so I can now see the new authentication flow and implement in in the bot. In case the actual game protocol (after authorization) did not change very much, this will be enough to make the bot working in a reasonable time. |
Oh nice! I can't for this to work! |
The bot now can successfully authenticate, fetch player's state (XP, gold, ETH, list of monsters and their state etc.) with current version of the game server. Didn't test if automatic food making and gold collection work yet. |
Hi, I was thinking of rebuilding this project from the ground up in a language I'm better at, and just had some quick questions on getting started if you have some time to reply. Mostly I just wanted to know what your toolset is for getting the SSL pinning removed and intercepting the traffic flow? Are you using an emulator, or rooted hardware? Thanks in advance for your reply. |
I want to clarify, I've been trying to crack this with rooted bluestacks and mitmproxy (and similar) since before your return in August with no luck. I'm just looking for the names of tools you're using to get me pointed in the right direction and will pick up from there. |
@cadatoiva if you want to study the protocol yourself, then in order to defeat certificate pinning you need to replace the issuer used to verify the server certificate with your mitmproxy CA certificate in libmonsters.so (search for few base64-encoded certificates there and decode using openssl to find which one to replace). After this modification the patched game will no longer be able to connect to game server without mitmproxy, and will only work with mitmproxy. Rooted hardware is not needed, I've used my Android phone with a specially set up VPN connection, which, when connected, routes all traffic through mitmproxy. |
Can i develop for it? Right now im trying to figure out how to run it and how to get a oudid.
The text was updated successfully, but these errors were encountered: