Hello there, Lately I've been playing around with API's from games & it's pretty fun actually I thought, let's make a small guide/tutorial on an example game so maybe others can do awesome stuff too So I'm sure most of you have ever played or heard about the game Bike Race. Well, this game got me into hacking mobile games & whenever I re-hack this game, I get new features & this was also the game I started experimenting this on. Requirements for this: Flexible Jailbroken device Some knowledge about http requests? (or just read it for fun..) Flexible is one of the best tools out there if you're creating tweaks & need to debug something. Flex also has a "Network History" option, which logs all http requests that are being made by the app, in our cause Bike Race. What a http request does is the following: It sends requests to a server & if the request is valid it'll give you a response. For example when you clicked on this topic, you have send iOSGods a request to go to this topic, which returns this page as response. So the main thing in the game Bike Race, are bikes, obviously. Since I've played this game for a long time back in the days, I happen to know that the developers store bikes into your account so when you come back it will restore them. But let's not get ahead of it & first start the game & log some network history... So when I open up the game, stay on the main screen & look at my network history, I have like 36 requests being made by the game, most of them are stupid & not worth looking into, this is something you'll have to learn to recognize. But let's give you some examples for things that aren't interesting to look at: A request for a image a request to ad providers (may be interesting if you want to disable ads) a request to crashlytics etc etc. Some things that do seem interesting to me: A request being made to a url that actually has the name of the game in it A request being made with the word "player" in it See the picture below, where the request boxed with red does not seem interesting, and the ones with green do. Okay, so now think of what I've said: Whenever I come back to this game, it restores my bikes. To me, this sounds something like player related. So if you look at the third request in the green box: bikerace-backend.tfgapps.com/players --> the long number above is the given ID. This is a GET request, which means it's asking the url for data for this specific player. When I click on the arrow ('>'), I get some information about the request: Request URL: https://ift.tt/396SRGK Request Method: GET Status Code: 200 OK Response body: "Tab to view" And some other stuff, but I'm interested in the response. Remember, when you send a request you'd want some kind of response. Sometimes this response is just a Status Code (200 OK, 500 NOT OK etc etc). So when I click "Tab to view" I get this response in json: I've started a clean account to minimize the json response, as it's very long in my original account. Okay, so I've got some information about my account, as you can see my bikes is an empty array, because I do not have bikes yet. You can see some Id's for my account, my guest multiplayer name etc etc. So what now? Just change the bikes array right? Nope... this is sadly not how it works, this is the response from our GET request, we can't modify responses. If we could, then any game would get rekt. All we got now, is player information which we can't directly modify from our request. However, remember: The game restores your progress, so at some point we it must modify our bikes array. So let's earn a bike & check our network history... Ho-ly-sh!t, this seems interesting. The request method is a PUT, the name already explains what it does, it PUT's something into something... pls don't think about that kids . Jokes aside, this seems HUGE! We also got something new, a request body. When you send data to a server (POST, PUT, UPDATE/PATCH etc), you enter it in the body of the request. If I look at my request body, I see this: Alright, so let's go a little back. Our request method was PUT, and it was send to the url https://ift.tt/36YoSiw So it's sending this data, to the player with the ID "974a6dd2-f0d3-4d55-b66a-a8a860641e51" & it's sending it the the players bikes. Okay, so this is really huge then, as this is a PUT request, we know the url, the format of the data, meaning we can actually modify this. Now comes the tricky part however, there are so many ways to send requests, you got tools for this, you can do it with curl from your terminal, you can do it with lots of programming languages etc. I'm going to show you how I tested it: with Python. Below, you'll see my Python code with comments that explain what what does. # Importing the requests libary from Python import requests # Importing json, so we can print out the response in json. import json # Creating a function that takes one argument: The player ID. def putAllBikesIntoiOSAccount(accountID): # The URL we have to send the request to, we got this from the image in the topic! url = 'https://ift.tt/390WZbn' + accountID + '/bikes' # The headers, this is the same as MIME Type. Without the headers, it doesn't know what kind of data you're sending. headers = {"Content-Type": "application/json"} # The body, which will be ALL bikes (75 bikes total) body = {"bikes": [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75],} # The actual request being made. Notice the ".put", as we have to PUT bikes into /bikes. # First argument of 'put' is the URL it's being send to. Second the headers & lastly & most important: the body with our biks data. request = requests.put(url, headers=headers, json=body) # Printing our request, so we can see the result. print(request.json()) return request # Calling the function with my player ID putAllBikesIntoiOSAccount("974a6dd2-f0d3-4d55-b66a-a8a860641e51") Now when I run this python file, this is the response of the request we send: {'bikes': [6, 1, 2, 3, 4, 5, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75]} Wow! It seems to work, when I open the game: I got all bikes. Playing around with games like this is much different than modifying their code directly, so that's why prior knowledge about making requests is kinda required. The process of requests, I can't really explain. You will need some experience yourself, youtube has lot's of tutorials showing you how to retrieve(GET) data from a site, how to send(POST) data, how to update(UPDATE/PATCH) data etc etc. I know most likely no one will try or understand this, as cheaters on this forum only do code patching, but this might be interesting for a curious person. Also note that allot of games do have a proper API, where it will be very hard to find a request you can play around with.
from iOSGods RSS Feed https://ift.tt/2ZlWiVJ
Subscribe to:
Post Comments (Atom)
-
Yubo Yoti bypass Requirements: Yubo app Jailbroken iPhone Apps Manager Brain Steps: Open Apps Manager Locate Yubo in Apps Manager and open i...
-
Modded/Hacked App: Simply Guitar by JoyTunes by JoyTunes Bundle ID: com.joytunes.SimplyGuitar iTunes Store Link: https://ift.tt/2ANDd7d Mod ...
-
I don't know how this happened, i was trying to install Kinemaster modded version on my iPhone 7 running iOS 14.0.1, maybe it's beca...
-
Hey everyone I am running Ipad 6th generation running ios 14.0 32 gb capacity with 19.1 gb left I used sideloadly yesterday to install an ap...
-
Hello! I am using this for practice using a dummy Snapchat account I've made and created a My Eyes Only tab. Now, if you don't know ...
-
Hello, does anyone know why I cannot use my Apple password or password from apple servers? Sideloadly version 0.16.1 Checking iOS version......
-
As the title says upon installing Last Day on Earth with sideloadly i get this error ERROR: Guru Meditation 6020bc@89:f11511 Call to np_clie...
-
Hello friends, So I have a problem with Sideloadly, I installed it on my (32x bit Windows 7) laptop (SONY) and tried opening it, but when I ...
-
Hello, I am currently running with an iPhone XR on IOS 12.2. I am trying to install ipa files through cydia impactor but keep receiving this...
-
Netflix is now offering users a chance to win a free subscription for 83 years. The company calls it the “immortal” Netflix account. T...
No comments:
Post a Comment