Cause#
This matter cannot be summed up in a few words, so I wrote a long title because I really don't know how to summarize it briefly.
To put it simply, I created a modified cheat version of a game and released it for free on the internet. However, someone plagiarized my game installation package and added a restriction that requires entering their password to play the game. This password can only be obtained by completing tasks such as forwarding advertising QR codes to more than 500 people in 3 group chats (a typical thing). I was annoyed when I saw this. I worked hard to crack it overnight, and he easily took it for himself?
So I downloaded his installation package to study it:
Wow, this is the interface that appears when the game starts. It seems like I got it right.
He didn't even remove the watermark I added to the game version number. I wonder what he was thinking.
Start researching and try to unpack#
First, let's compare my original installation package with the one he modified:
Newly added files:
==============================
classes2.dex
Modified files:
==============================
AndroidManifest.xml
META-INF/ANDROID.RSA
META-INF/ANDROID.SF
META-INF/MANIFEST.MF
I thought the secret was in these classes, so I quickly searched for the keyword "password" inside them, but found nothing.
Even after going through all the modified files, I still had no clue. I hadn't found the real answer yet when evening self-study started.
While daydreaming during self-study, I suddenly thought: Every time the game is opened, the images inside need to be reloaded. If the images are stored locally, they don't need to be reloaded. It's possible that the images are hosted on a website. Since the images are displayed using a website, maybe he also embedded the website into the apk for the password input interface. So I can't find it in the installation package because it's not inside the package!
Now the case is solved. The next step is to find this website. I originally wanted to use a bug in the Android application (Disclaimer: I have limited knowledge and don't really understand whether this can be considered a bug in the application. It's more accurate to say it's a bug in HTML. If any experts see this, please correct me in the comments. Thank you): If the network is suddenly disconnected while running, it will display "xxx" (the specific website address) cannot be connected. This way, I can obtain his website address and uncover the password. However, when I entered this application without an internet connection, it displayed "Failed to retrieve data." It seems that he didn't rely on this method to obtain it.
Attempt to capture packets and discover the password#
I don't know if you guys have heard of a tool called "黄鸟抓包" (Yellow Bird Packet Capture). It was popular a few years ago, and it's quite useful (although I haven't used it before this). I used "黄鸟抓包" to capture two websites, as follows:
http://imgurl.xiaok1.com/imgs/2022/04/13/b36c1b16e3de9b6d.jpg
↑ The website used to display images, as mentioned above.
http://acgzlm.xyz/acg/config.json
↑ The main part for entering the password.
Among them, I found the following code in the second website:
It seems that this 6952 is the final password. It's unexpectedly simple.
Subsequent miscellaneous discussions | I am the separator~
I didn't expect that obtaining the password for this game would be so easy... I overestimated it.
This article should have been written on September 27th, but unfortunately, my computer broke down at that time.
He modified my game on September 25th, and I managed to uncover the password on the second day after he made the modifications. It can be considered as a slap in his face.
I release my games for free. Currently, the game collection is available at https://huaji.xlog.app/youxi. I will not and cannot participate in reselling. If you bought a game, please report the seller.
Say no to reselling, everyone has a responsibility, and the resellers will perish.