![]() Next, setup your Fiddler to decrypt HTTPS traffic through SSL proxying (follow this tutorial).Īfter that, configure your mobile device to pass their HTTPS traffic to Fiddler (follow this tutorial for iOS devices or this tutorial for Android devices). At the time of this writing, I was using Fiddler v5.0 (and it is working for Battle Cats v9.7).įirstly, connect your mobile device (or emulator) to your computer's Internet connection (possibly through the Mobile Hotspot feature). and I would assume that the steps would be similar. Of course, you could use Wireshark, Firebug, Charles Proxy, mitmproxy, etc. ![]() We will be using Fiddler from Telerik since it is free, so download and install Fiddler on your computer. gif tutorial video recordings when I am less busy and have more time. I will develop the autohack.sh script further (with maybe a Python script add-on) and maybe add some clearer. This method allows users to specifically curate the list of items or/and cats (including expendables like Rare Tickets, Treasure Radars, EXP and Cat Food) that they desire to obtain (such as retrieving cat units locked based on story progress or past limited-edition cat units). This method would not require any jailbreaking, rooting or any game cheating/hacking software, except for cases of usage with Android versions beyond Nougat (>= 7.0).Īs far as I know, this method is also region-insensitive since it just utilizes the main Internet connection to, instead of taking advantage of region-specific package names and hash salts. The latter would be more easily detected by the corresponding servers if playing online. This hack follows a Man-in-the-Middle (MITM) network approach instead of the usual save data modification (using transfer code and confirmation code). I will post more updates if they get back to me with any kind of statements/news/notices/messages/reports/accounts. I am currently contacting PONOS Games through email and through their contact/inquiry page to check with them and update them regarding this MitM vulnerability. UPDATE (): I kindly raised an issue regarding this MITM vulnerability to PONOS through an in-game inquiry (for the purpose of responsible disclosure) with an added suggestion of encrypting the data being transmitted but they just simply banned my savegame file, so. Please support the developers of Battle Cats so that they can add more content for the players of Battle Cats! ヾ(°∇°*) If PONOS were to approach me to take down, archive or privatise this repository, I will be obliged to follow their will. I am not personally responsible in any way for any unethical malpractices because of this tool. This repository was made only for research and educational purposes. ![]() The legacy descriptions below will be kept as is for archival and posterity reasons. They might have figured it out internally by themselves and decided to not inform me about it at all (or forgot to inform me). That said, PONOS had never informed me formally/officially about this patch, even after I had responsibly disclosed this issue to them. If someone else is able to conduct further investigations into this, feel free to report your findings and maybe put up an issue/PR about it. Unfortunately, I do not currently possess any rooted/jailbroken devices, and thus, I am unable to test this theory out. If Certificate Pinning was implemented, it might be possible to remove the pinned certificate or replace it with a self-signed certificate from Fiddler from the APK/IPA binary file of the application, but this requires root/jailbreak access (and it might be too difficult for the layperson to execute without some kind of automation script to help them do it). This method DOES NOT SEEM TO WORK ANY MORE for versions v11.1.0 and above as mentioned here (at least not without root/jailbreak access), possibly due to either Certificate Pinning or usage of nonces to prevent replay attacks. This mailbox hack allows players to acquire items and/or cats of their choice.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |