Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error downloading paid app #12

Open
txs- opened this issue Dec 6, 2012 · 11 comments
Open

Error downloading paid app #12

txs- opened this issue Dec 6, 2012 · 11 comments

Comments

@txs-
Copy link

@txs- txs- commented Dec 6, 2012

I am getting errors when downloading a non-free application from the app store using download.py

My account is funded with cash and should be able to download the application. I have actually already purchased the application using the normal google play store methods so that shouldn't be the hangup either.

Is this a bug?

[xxx@mobile-shell-1]$ python download.py com.qo.android.am3
Downloading 12.3MB...
Traceback (most recent call last):
File "download.py", line 38, in
data = api.download(packagename, vc, ot)
File "/home/xxx/source/trunk/yyyy/googleplay.py", line 252, in download
cookie = message.payload.buyResponse.purchaseStatusResponse.appDeliveryData.downloadAuthCookie[0]
File "build/bdist.linux-x86_64/egg/google/protobuf/internal/containers.py", line 64, in getitem
IndexError: list index out of range

@txs-
Copy link
Author

@txs- txs- commented Dec 6, 2012

Added print self.toStr(message) on line 250 of googleplay.py and received the following output:

displayErrorMessage: "Error retrieving information from server. [DF-BPA-21]"

@egirault
Copy link
Owner

@egirault egirault commented Dec 6, 2012

Hi,
Hard to say... I've never tried to download paid apps with the API. I guess
the server response is a bit different than the one sent when downloading a
free app. One could investigate this issue by sniffing the HTTPS traffic
sent by the phone when purchasing an app, and then protobuf-decode it.

2012/12/6 Zach Lanier notifications@github.com

On Dec 5, 2012, at 20:59, Tyler Shields notifications@github.com wrote:

Added print self.toStr(message) on line 250 and received the following
output:

displayErrorMessage: "Error retrieving information from server.
[DF-BPA-21]"


Reply to this email directly or view it on
GitHub<
https://github.com/egirault/googleplay-api/issues/12#issuecomment-11070163>.


Reply to this email directly or view it on GitHubhttps://github.com//issues/12#issuecomment-11070296.

@zhicai
Copy link

@zhicai zhicai commented Jan 30, 2013

i can help to investigate that issue ,so, how to sniff the HTTPS traffic sent by the phone, any tools or docs?

@egirault
Copy link
Owner

@egirault egirault commented Jan 30, 2013

Hi,

You will need to run an interception proxy such as Burp on a machine
connected on the same wireless network as your phone. After configuring
Android to use this machine as a proxy, you need to install Burp's CA on
the phone. This can be done by putting the root .crt file generated by Burp
on the phone's SD card, and then install it using the Settings > Security >
Install from SD Card option. Here are some resources:
http://portswigger.net/burp/help/proxy_using.html
http://forum.portswigger.net/index.cgi?board=how&action=display&thread=300

Then you look at HTTPS connections that are established to Google' servers,
and search for protobuf-encoded messages (I didn't find any generic way
yet). After dumping the encoded messages to a file, you can use protoc --decode with the given .proto file to decode it.

I will try to have a look at this issue as soon as I find some time.

2013/1/30 zxia10x notifications@github.com

i can help to investigate that issue ,so, how to sniff the HTTPS traffic
sent by the phone, any tools or docs?


Reply to this email directly or view it on GitHubhttps://github.com//issues/12#issuecomment-12878004.

@eonghk
Copy link

@eonghk eonghk commented Jan 30, 2013

Fiddler is a better choice for http/https man-in-middle sniff.
They have detailed document on their website to tell you how to use it with
android phone. The key problem is to decode the Google protobuf msg. It's
binary encoded and you will need to do some reverse engineer work to decode
it.

Best regards,
Eong

2013/1/30 egirault notifications@github.com

Hi,

You will need to run an interception proxy such as Burp on a machine
connected on the same wireless network as your phone. After configuring
Android to use this machine as a proxy, you need to install Burp's CA on
the phone. This can be done by putting the root .crt file generated by
Burp
on the phone's SD card, and then install it using the Settings > Security

Install from SD Card option. Here are some resources:
http://portswigger.net/burp/help/proxy_using.html
http://forum.portswigger.net/index.cgi?board=how&action=display&thread=300

Then you look at HTTPS connections that are established to Google'
servers,
and search for protobuf-encoded messages (I didn't find any generic way
yet). After dumping the encoded messages to a file, you can use protoc --decode with the given .proto file to decode it.

I will try to have a look at this issue as soon as I find some time.

2013/1/30 zxia10x notifications@github.com

i can help to investigate that issue ,so, how to sniff the HTTPS traffic
sent by the phone, any tools or docs?


Reply to this email directly or view it on GitHub<
https://github.com/egirault/googleplay-api/issues/12#issuecomment-12878004>.


Reply to this email directly or view it on GitHubhttps://github.com//issues/12#issuecomment-12886761.

@egirault
Copy link
Owner

@egirault egirault commented Jan 30, 2013

Yes but the nice thing about Burp is that it supports customs plugins
written in Python/Ruby/Java. You can write a simple one that detects
potential protobuf messages and decode them. This plugin API is pretty new
and I haven't got the time to write such a plugin yet, but I plan to do it.
Anyway, Burp/Paros/Fiddler... I guess it is only a matter of habit.

2013/1/30 eonghk notifications@github.com

Fiddler is a better choice for http/https man-in-middle sniff.
They have detailed document on their website to tell you how to use it
with
android phone. The key problem is to decode the Google protobuf msg. It's
binary encoded and you will need to do some reverse engineer work to
decode
it.

Best regards,
Eong

2013/1/30 egirault notifications@github.com

Hi,

You will need to run an interception proxy such as Burp on a machine
connected on the same wireless network as your phone. After configuring
Android to use this machine as a proxy, you need to install Burp's CA on
the phone. This can be done by putting the root .crt file generated by
Burp
on the phone's SD card, and then install it using the Settings >
Security

Install from SD Card option. Here are some resources:
http://portswigger.net/burp/help/proxy_using.html

http://forum.portswigger.net/index.cgi?board=how&action=display&thread=300

Then you look at HTTPS connections that are established to Google'
servers,
and search for protobuf-encoded messages (I didn't find any generic way
yet). After dumping the encoded messages to a file, you can use protoc --decode with the given .proto file to decode it.

I will try to have a look at this issue as soon as I find some time.

2013/1/30 zxia10x notifications@github.com

i can help to investigate that issue ,so, how to sniff the HTTPS
traffic
sent by the phone, any tools or docs?


Reply to this email directly or view it on GitHub<

https://github.com/egirault/googleplay-api/issues/12#issuecomment-12878004>.


Reply to this email directly or view it on GitHub<
https://github.com/egirault/googleplay-api/issues/12#issuecomment-12886761>.


Reply to this email directly or view it on GitHubhttps://github.com//issues/12#issuecomment-12901512.

@eonghk
Copy link

@eonghk eonghk commented Jan 31, 2013

Oh, that's a very cool feature. Thank you for the information.

Best regards,
Eong

2013/1/31 egirault notifications@github.com

Yes but the nice thing about Burp is that it supports customs plugins
written in Python/Ruby/Java. You can write a simple one that detects
potential protobuf messages and decode them. This plugin API is pretty new
and I haven't got the time to write such a plugin yet, but I plan to do
it.
Anyway, Burp/Paros/Fiddler... I guess it is only a matter of habit.

2013/1/30 eonghk notifications@github.com

Fiddler is a better choice for http/https man-in-middle sniff.
They have detailed document on their website to tell you how to use it
with
android phone. The key problem is to decode the Google protobuf msg.
It's
binary encoded and you will need to do some reverse engineer work to
decode
it.

Best regards,
Eong

2013/1/30 egirault notifications@github.com

Hi,

You will need to run an interception proxy such as Burp on a machine
connected on the same wireless network as your phone. After
configuring
Android to use this machine as a proxy, you need to install Burp's CA
on
the phone. This can be done by putting the root .crt file generated by
Burp
on the phone's SD card, and then install it using the Settings >
Security

Install from SD Card option. Here are some resources:
http://portswigger.net/burp/help/proxy_using.html

http://forum.portswigger.net/index.cgi?board=how&action=display&thread=300

Then you look at HTTPS connections that are established to Google'
servers,
and search for protobuf-encoded messages (I didn't find any generic
way
yet). After dumping the encoded messages to a file, you can use
protoc --decode with the given .proto file to decode it.

I will try to have a look at this issue as soon as I find some time.

2013/1/30 zxia10x notifications@github.com

i can help to investigate that issue ,so, how to sniff the HTTPS
traffic
sent by the phone, any tools or docs?


Reply to this email directly or view it on GitHub<

https://github.com/egirault/googleplay-api/issues/12#issuecomment-12878004>.


Reply to this email directly or view it on GitHub<

https://github.com/egirault/googleplay-api/issues/12#issuecomment-12886761>.


Reply to this email directly or view it on GitHub<
https://github.com/egirault/googleplay-api/issues/12#issuecomment-12901512>.


Reply to this email directly or view it on GitHubhttps://github.com//issues/12#issuecomment-12901782.

@filamoon
Copy link

@filamoon filamoon commented Jul 5, 2013

I managed to intercept the HTTPS traffic from the Google Play APP running on my simulator.

To download an already purchased APK, the Play APP first sends this request:

GET /fdfe/delivery?doc=com.zeptolab.ctr.paid&ot=1&st=XXXXXXXX&vc=20 HTTP/1.1
Accept-Language: en-US
X-DFE-MCCMNC: 310260
Authorization: GoogleLogin auth=XXXXXXX
X-DFE-Enabled-Experiments: cl:billing.purchase_button_show_wallet_icon
X-DFE-Unsupported-Experiments: nocache:dfe:dc:1,nocache:dfe:uc:US,buyer_currency,buyer_currency_in_app,checkin.set_asset_paid_app_field,cl:billing.select_add_instrument_by_default,cl:warm_welcome.enable,content_ratings,localized_images,market_emails,nocache:billing.use_charging_poller,nocache:billing.use_provisioning_poller,nocache:billing.use_provisioning_poller_inapp,nocache:billing.use_provisioning_poller_subs,nocache🆑warm_welcome.no_show_consumption_button,nocache:enable_play_country,nocache:enable_tablet_large,nocache:encrypted_apk,nocache:recs:automated_weight_adjuster_57,nocache:recs:books_annotate_merch_collection_20130620_25,nocache:recs:movies_annotate_merch_collection_20130620_25,nocache:recs:track_annotate_merch_collection_20130620_75,nocache:recs:weights_books_20130219_40,nocache:recs:weights_movies_20130614_30,nocache:recs:weights_plusones_20130418_40,nocache:recs:weights_track_20130409_-0,nocache:user_challenge,prod_locale_boost,recent_changes,recs:books_portrait_20121210_00,recs:music_no_portrait_20130211_10,shekel_test
X-DFE-Device-Id: XXXXXXXX
X-DFE-Client-Id: am-google
X-DFE-Logging-Id: 2143067ea0e34383
User-Agent: Android-Finsky/4.1.10 (api=3,versionCode=80210010,sdk=16,device=generic,hardware=goldfish,product=sdk)
X-DFE-SmallestScreenWidthDp: 320
X-DFE-Filter-Level: 3
Host: android.clients.google.com
Connection: Keep-Alive

The decoded response is:

1 {
21 {
2 {
1: 24095593
2: "9-68VyZugyYCLv_1FeNXdD33hHE"
3: "https://android.clients.google.com/market/streaming/Download?packageName=com.zeptolab.ctr.paid&versionCode=20&token=AOTCm0TLevi-QgFKC8eaekC-0BhSsZGDFC7t0sPNvfUeejay
wcqnTaabvx-IFroJyVcBOiQeE2clzoI6E7twPq4-lB0S1tYb2JpQ9ZSntfY&ev=1&downloadId=7120421825546781811"
5 {
1: "MarketDA"
2: "09331046713986310435"
}
6: 1
8: 1
12 {
1: 1
2: "h9khHkqABEIIe31LOEXoTw=="
3: "aIsUS3wwdijIbGWnqNcGQINoQtloixRLfDB2KMhsZac="
}
}
}
}
5 {
1: 74
}

But then the APP crashes and I cannot further download it.

@tusharbabbar
Copy link

@tusharbabbar tusharbabbar commented Nov 30, 2013

Hey Egirault !!!
I have been playing a lot with your most amazing api. Its insanely great and you have done an awesome job.
I have been trying to play with the fdfe/log endpoint and am unable to decode the request. I have used MITMProxy and Fiddler to decode the network requests.
I need your help to decode the key for the protobuffed message to google that is sent to the google servers in the post request that follows :

POST https://android.clients.google.com/fdfe/log HTTP/1.1
Content-Type: application/x-protobuf
Accept-Language: en-US
Authorization: GoogleLogin auth=XXXXXXXX
X-DFE-Enabled-Experiments: nocache:enable_newsstand
X-DFE-Unsupported-Experiments: nocache:dfe:dc:3,nocache:dfe:uc:IN,apk_translations,buyer_currency,buyer_currency_in_app,checkin.set_asset_paid_app_field,content_ratings,localized_images,market_emails,new_merchant_signup,nocache:apps.offline_docs,nocache:billing.use_charging_poller,nocache:billing.use_provisioning_poller,nocache:billing.use_provisioning_poller_inapp,nocache:billing.use_provisioning_poller_subs,nocache:enable_play_country,nocache:enable_tablet_large,nocache:encrypted_apk,nocache:mixer:use_windsearch,nocache:recs:automated_weight_adjuster_94,nocache:recs:books_annotate_merch_collection_20130620_75,nocache:recs:movies_annotate_merch_collection_20130620_25,nocache:recs:weights_books_50,nocache:recs:weights_books_transition_80,nocache:recs:weights_movies_60,nocache:use_gaia_mint_instead_of_checkout_auth_token,nocache:user_challenge,prod_locale_boost,recent_changes,vca:enable_onetree_search
X-DFE-Device-Id: XXXXXXXX
X-DFE-Client-Id: am-unknown
X-DFE-Logging-Id: XXXXXXX
User-Agent: Android-Finsky/4.4.21 (api=3,versionCode=80240021,sdk=16,device=mako,hardware=vbox86,product=occam)
X-DFE-SmallestScreenWidthDp: 600
X-DFE-Filter-Level: 3
Content-Length: 55
Host: android.clients.google.com
Connection: Keep-Alive


5�拧茂鈥好兟�(�,confirmFreeDownload?doc=com.shashank.testapp


It would be very helpful of you if you could help decode the Chinese characters in the above request.

@ouyangzhanzhu
Copy link

@ouyangzhanzhu ouyangzhanzhu commented Aug 1, 2016

Hey Egirault !!!
I have been playing a lot with your most amazing api. Its insanely great and you have done an awesome job.
I have been trying to play with the fdfe/log endpoint and am unable to decode the request. I have used MITMProxy and Fiddler to decode the network requests.
I need your help to decode the key for the protobuffed message to google that is sent to the google servers in the post request that follows :

POST https://android.clients.google.com/fdfe/log HTTP/1.1
Content-Type: application/x-protobuf
Accept-Language: en-US
Authorization: GoogleLogin auth=XXXXXXXX
X-DFE-Enabled-Experiments: nocache:enable_newsstand
X-DFE-Unsupported-Experiments: nocache:dfe:dc:3,nocache:dfe:uc:IN,apk_translations,buyer_currency,buyer_currency_in_app,checkin.set_asset_paid_app_field,content_ratings,localized_images,market_emails,new_merchant_signup,nocache:apps.offline_docs,nocache:billing.use_charging_poller,nocache:billing.use_provisioning_poller,nocache:billing.use_provisioning_poller_inapp,nocache:billing.use_provisioning_poller_subs,nocache:enable_play_country,nocache:enable_tablet_large,nocache:encrypted_apk,nocache:mixer:use_windsearch,nocache:recs:automated_weight_adjuster_94,nocache:recs:books_annotate_merch_collection_20130620_75,nocache:recs:movies_annotate_merch_collection_20130620_25,nocache:recs:weights_books_50,nocache:recs:weights_books_transition_80,nocache:recs:weights_movies_60,nocache:use_gaia_mint_instead_of_checkout_auth_token,nocache:user_challenge,prod_locale_boost,recent_changes,vca:enable_onetree_search
X-DFE-Device-Id: XXXXXXXX
X-DFE-Client-Id: am-unknown
X-DFE-Logging-Id: XXXXXXX
User-Agent: Android-Finsky/4.4.21 (api=3,versionCode=80240021,sdk=16,device=mako,hardware=vbox86,product=occam)
X-DFE-SmallestScreenWidthDp: 600
X-DFE-Filter-Level: 3
Content-Length: 55
Host: android.clients.google.com
Connection: Keep-Alive

/�ȧ *�&confirmFreeDownload?doc=com.igs.fafafa

It would be very helpful of you if you could help decode the Chinese characters in the above request.

@archon810
Copy link

@archon810 archon810 commented Feb 9, 2018

So has someone figured out which .proto to use with protoc when decoding intercepted Google Play API responses?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
8 participants
You can’t perform that action at this time.