Skip to content
This repository has been archived by the owner on Jul 21, 2020. It is now read-only.

Error downloading paid app #12

Open
txs- opened this issue Dec 6, 2012 · 11 comments
Open

Error downloading paid app #12

txs- opened this issue Dec 6, 2012 · 11 comments

Comments

@txs-
Copy link

txs- commented Dec 6, 2012

I am getting errors when downloading a non-free application from the app store using download.py

My account is funded with cash and should be able to download the application. I have actually already purchased the application using the normal google play store methods so that shouldn't be the hangup either.

Is this a bug?

[xxx@mobile-shell-1]$ python download.py com.qo.android.am3
Downloading 12.3MB...
Traceback (most recent call last):
File "download.py", line 38, in
data = api.download(packagename, vc, ot)
File "/home/xxx/source/trunk/yyyy/googleplay.py", line 252, in download
cookie = message.payload.buyResponse.purchaseStatusResponse.appDeliveryData.downloadAuthCookie[0]
File "build/bdist.linux-x86_64/egg/google/protobuf/internal/containers.py", line 64, in getitem
IndexError: list index out of range

@txs-
Copy link
Author

txs- commented Dec 6, 2012

Added print self.toStr(message) on line 250 of googleplay.py and received the following output:

displayErrorMessage: "Error retrieving information from server. [DF-BPA-21]"

@egirault
Copy link
Owner

egirault commented Dec 6, 2012

Hi,
Hard to say... I've never tried to download paid apps with the API. I guess
the server response is a bit different than the one sent when downloading a
free app. One could investigate this issue by sniffing the HTTPS traffic
sent by the phone when purchasing an app, and then protobuf-decode it.

2012/12/6 Zach Lanier notifications@github.com

On Dec 5, 2012, at 20:59, Tyler Shields notifications@github.com wrote:

Added print self.toStr(message) on line 250 and received the following
output:

displayErrorMessage: "Error retrieving information from server.
[DF-BPA-21]"


Reply to this email directly or view it on
GitHub<
https://github.com/egirault/googleplay-api/issues/12#issuecomment-11070163>.


Reply to this email directly or view it on GitHubhttps://github.com//issues/12#issuecomment-11070296.

@zhicai
Copy link

zhicai commented Jan 30, 2013

i can help to investigate that issue ,so, how to sniff the HTTPS traffic sent by the phone, any tools or docs?

@egirault
Copy link
Owner

Hi,

You will need to run an interception proxy such as Burp on a machine
connected on the same wireless network as your phone. After configuring
Android to use this machine as a proxy, you need to install Burp's CA on
the phone. This can be done by putting the root .crt file generated by Burp
on the phone's SD card, and then install it using the Settings > Security >
Install from SD Card option. Here are some resources:
http://portswigger.net/burp/help/proxy_using.html
http://forum.portswigger.net/index.cgi?board=how&action=display&thread=300

Then you look at HTTPS connections that are established to Google' servers,
and search for protobuf-encoded messages (I didn't find any generic way
yet). After dumping the encoded messages to a file, you can use protoc --decode with the given .proto file to decode it.

I will try to have a look at this issue as soon as I find some time.

2013/1/30 zxia10x notifications@github.com

i can help to investigate that issue ,so, how to sniff the HTTPS traffic
sent by the phone, any tools or docs?


Reply to this email directly or view it on GitHubhttps://github.com//issues/12#issuecomment-12878004.

@eonghk
Copy link

eonghk commented Jan 30, 2013

Fiddler is a better choice for http/https man-in-middle sniff.
They have detailed document on their website to tell you how to use it with
android phone. The key problem is to decode the Google protobuf msg. It's
binary encoded and you will need to do some reverse engineer work to decode
it.

Best regards,
Eong

2013/1/30 egirault notifications@github.com

Hi,

You will need to run an interception proxy such as Burp on a machine
connected on the same wireless network as your phone. After configuring
Android to use this machine as a proxy, you need to install Burp's CA on
the phone. This can be done by putting the root .crt file generated by
Burp
on the phone's SD card, and then install it using the Settings > Security

Install from SD Card option. Here are some resources:
http://portswigger.net/burp/help/proxy_using.html
http://forum.portswigger.net/index.cgi?board=how&action=display&thread=300

Then you look at HTTPS connections that are established to Google'
servers,
and search for protobuf-encoded messages (I didn't find any generic way
yet). After dumping the encoded messages to a file, you can use protoc --decode with the given .proto file to decode it.

I will try to have a look at this issue as soon as I find some time.

2013/1/30 zxia10x notifications@github.com

i can help to investigate that issue ,so, how to sniff the HTTPS traffic
sent by the phone, any tools or docs?


Reply to this email directly or view it on GitHub<
https://github.com/egirault/googleplay-api/issues/12#issuecomment-12878004>.


Reply to this email directly or view it on GitHubhttps://github.com//issues/12#issuecomment-12886761.

@egirault
Copy link
Owner

Yes but the nice thing about Burp is that it supports customs plugins
written in Python/Ruby/Java. You can write a simple one that detects
potential protobuf messages and decode them. This plugin API is pretty new
and I haven't got the time to write such a plugin yet, but I plan to do it.
Anyway, Burp/Paros/Fiddler... I guess it is only a matter of habit.

2013/1/30 eonghk notifications@github.com

Fiddler is a better choice for http/https man-in-middle sniff.
They have detailed document on their website to tell you how to use it
with
android phone. The key problem is to decode the Google protobuf msg. It's
binary encoded and you will need to do some reverse engineer work to
decode
it.

Best regards,
Eong

2013/1/30 egirault notifications@github.com

Hi,

You will need to run an interception proxy such as Burp on a machine
connected on the same wireless network as your phone. After configuring
Android to use this machine as a proxy, you need to install Burp's CA on
the phone. This can be done by putting the root .crt file generated by
Burp
on the phone's SD card, and then install it using the Settings >
Security

Install from SD Card option. Here are some resources:
http://portswigger.net/burp/help/proxy_using.html

http://forum.portswigger.net/index.cgi?board=how&action=display&thread=300

Then you look at HTTPS connections that are established to Google'
servers,
and search for protobuf-encoded messages (I didn't find any generic way
yet). After dumping the encoded messages to a file, you can use protoc --decode with the given .proto file to decode it.

I will try to have a look at this issue as soon as I find some time.

2013/1/30 zxia10x notifications@github.com

i can help to investigate that issue ,so, how to sniff the HTTPS
traffic
sent by the phone, any tools or docs?


Reply to this email directly or view it on GitHub<

https://github.com/egirault/googleplay-api/issues/12#issuecomment-12878004>.


Reply to this email directly or view it on GitHub<
https://github.com/egirault/googleplay-api/issues/12#issuecomment-12886761>.


Reply to this email directly or view it on GitHubhttps://github.com//issues/12#issuecomment-12901512.

@eonghk
Copy link

eonghk commented Jan 31, 2013

Oh, that's a very cool feature. Thank you for the information.

Best regards,
Eong

2013/1/31 egirault notifications@github.com

Yes but the nice thing about Burp is that it supports customs plugins
written in Python/Ruby/Java. You can write a simple one that detects
potential protobuf messages and decode them. This plugin API is pretty new
and I haven't got the time to write such a plugin yet, but I plan to do
it.
Anyway, Burp/Paros/Fiddler... I guess it is only a matter of habit.

2013/1/30 eonghk notifications@github.com

Fiddler is a better choice for http/https man-in-middle sniff.
They have detailed document on their website to tell you how to use it
with
android phone. The key problem is to decode the Google protobuf msg.
It's
binary encoded and you will need to do some reverse engineer work to
decode
it.

Best regards,
Eong

2013/1/30 egirault notifications@github.com

Hi,

You will need to run an interception proxy such as Burp on a machine
connected on the same wireless network as your phone. After
configuring
Android to use this machine as a proxy, you need to install Burp's CA
on
the phone. This can be done by putting the root .crt file generated by
Burp
on the phone's SD card, and then install it using the Settings >
Security

Install from SD Card option. Here are some resources:
http://portswigger.net/burp/help/proxy_using.html

http://forum.portswigger.net/index.cgi?board=how&action=display&thread=300

Then you look at HTTPS connections that are established to Google'
servers,
and search for protobuf-encoded messages (I didn't find any generic
way
yet). After dumping the encoded messages to a file, you can use
protoc --decode with the given .proto file to decode it.

I will try to have a look at this issue as soon as I find some time.

2013/1/30 zxia10x notifications@github.com

i can help to investigate that issue ,so, how to sniff the HTTPS
traffic
sent by the phone, any tools or docs?


Reply to this email directly or view it on GitHub<

https://github.com/egirault/googleplay-api/issues/12#issuecomment-12878004>.


Reply to this email directly or view it on GitHub<

https://github.com/egirault/googleplay-api/issues/12#issuecomment-12886761>.


Reply to this email directly or view it on GitHub<
https://github.com/egirault/googleplay-api/issues/12#issuecomment-12901512>.


Reply to this email directly or view it on GitHubhttps://github.com//issues/12#issuecomment-12901782.

@filamoon
Copy link

filamoon commented Jul 5, 2013

I managed to intercept the HTTPS traffic from the Google Play APP running on my simulator.

To download an already purchased APK, the Play APP first sends this request:

GET /fdfe/delivery?doc=com.zeptolab.ctr.paid&ot=1&st=XXXXXXXX&vc=20 HTTP/1.1
Accept-Language: en-US
X-DFE-MCCMNC: 310260
Authorization: GoogleLogin auth=XXXXXXX
X-DFE-Enabled-Experiments: cl:billing.purchase_button_show_wallet_icon
X-DFE-Unsupported-Experiments: nocache:dfe:dc:1,nocache:dfe:uc:US,buyer_currency,buyer_currency_in_app,checkin.set_asset_paid_app_field,cl:billing.select_add_instrument_by_default,cl:warm_welcome.enable,content_ratings,localized_images,market_emails,nocache:billing.use_charging_poller,nocache:billing.use_provisioning_poller,nocache:billing.use_provisioning_poller_inapp,nocache:billing.use_provisioning_poller_subs,nocache:cl:warm_welcome.no_show_consumption_button,nocache:enable_play_country,nocache:enable_tablet_large,nocache:encrypted_apk,nocache:recs:automated_weight_adjuster_57,nocache:recs:books_annotate_merch_collection_20130620_25,nocache:recs:movies_annotate_merch_collection_20130620_25,nocache:recs:track_annotate_merch_collection_20130620_75,nocache:recs:weights_books_20130219_40,nocache:recs:weights_movies_20130614_30,nocache:recs:weights_plusones_20130418_40,nocache:recs:weights_track_20130409_-0,nocache:user_challenge,prod_locale_boost,recent_changes,recs:books_portrait_20121210_00,recs:music_no_portrait_20130211_10,shekel_test
X-DFE-Device-Id: XXXXXXXX
X-DFE-Client-Id: am-google
X-DFE-Logging-Id: 2143067ea0e34383
User-Agent: Android-Finsky/4.1.10 (api=3,versionCode=80210010,sdk=16,device=generic,hardware=goldfish,product=sdk)
X-DFE-SmallestScreenWidthDp: 320
X-DFE-Filter-Level: 3
Host: android.clients.google.com
Connection: Keep-Alive

The decoded response is:

1 {
21 {
2 {
1: 24095593
2: "9-68VyZugyYCLv_1FeNXdD33hHE"
3: "https://android.clients.google.com/market/streaming/Download?packageName=com.zeptolab.ctr.paid&versionCode=20&token=AOTCm0TLevi-QgFKC8eaekC-0BhSsZGDFC7t0sPNvfUeejay
wcqnTaabvx-IFroJyVcBOiQeE2clzoI6E7twPq4-lB0S1tYb2JpQ9ZSntfY&ev=1&downloadId=7120421825546781811"
5 {
1: "MarketDA"
2: "09331046713986310435"
}
6: 1
8: 1
12 {
1: 1
2: "h9khHkqABEIIe31LOEXoTw=="
3: "aIsUS3wwdijIbGWnqNcGQINoQtloixRLfDB2KMhsZac="
}
}
}
}
5 {
1: 74
}

But then the APP crashes and I cannot further download it.

@tusharbabbar
Copy link

Hey Egirault !!!
I have been playing a lot with your most amazing api. Its insanely great and you have done an awesome job.
I have been trying to play with the fdfe/log endpoint and am unable to decode the request. I have used MITMProxy and Fiddler to decode the network requests.
I need your help to decode the key for the protobuffed message to google that is sent to the google servers in the post request that follows :

POST https://android.clients.google.com/fdfe/log HTTP/1.1
Content-Type: application/x-protobuf
Accept-Language: en-US
Authorization: GoogleLogin auth=XXXXXXXX
X-DFE-Enabled-Experiments: nocache:enable_newsstand
X-DFE-Unsupported-Experiments: nocache:dfe:dc:3,nocache:dfe:uc:IN,apk_translations,buyer_currency,buyer_currency_in_app,checkin.set_asset_paid_app_field,content_ratings,localized_images,market_emails,new_merchant_signup,nocache:apps.offline_docs,nocache:billing.use_charging_poller,nocache:billing.use_provisioning_poller,nocache:billing.use_provisioning_poller_inapp,nocache:billing.use_provisioning_poller_subs,nocache:enable_play_country,nocache:enable_tablet_large,nocache:encrypted_apk,nocache:mixer:use_windsearch,nocache:recs:automated_weight_adjuster_94,nocache:recs:books_annotate_merch_collection_20130620_75,nocache:recs:movies_annotate_merch_collection_20130620_25,nocache:recs:weights_books_50,nocache:recs:weights_books_transition_80,nocache:recs:weights_movies_60,nocache:use_gaia_mint_instead_of_checkout_auth_token,nocache:user_challenge,prod_locale_boost,recent_changes,vca:enable_onetree_search
X-DFE-Device-Id: XXXXXXXX
X-DFE-Client-Id: am-unknown
X-DFE-Logging-Id: XXXXXXX
User-Agent: Android-Finsky/4.4.21 (api=3,versionCode=80240021,sdk=16,device=mako,hardware=vbox86,product=occam)
X-DFE-SmallestScreenWidthDp: 600
X-DFE-Filter-Level: 3
Content-Length: 55
Host: android.clients.google.com
Connection: Keep-Alive


5�拧茂鈥好兟�(�,confirmFreeDownload?doc=com.shashank.testapp


It would be very helpful of you if you could help decode the Chinese characters in the above request.

@ouyangzhanzhu
Copy link

Hey Egirault !!!
I have been playing a lot with your most amazing api. Its insanely great and you have done an awesome job.
I have been trying to play with the fdfe/log endpoint and am unable to decode the request. I have used MITMProxy and Fiddler to decode the network requests.
I need your help to decode the key for the protobuffed message to google that is sent to the google servers in the post request that follows :

POST https://android.clients.google.com/fdfe/log HTTP/1.1
Content-Type: application/x-protobuf
Accept-Language: en-US
Authorization: GoogleLogin auth=XXXXXXXX
X-DFE-Enabled-Experiments: nocache:enable_newsstand
X-DFE-Unsupported-Experiments: nocache:dfe:dc:3,nocache:dfe:uc:IN,apk_translations,buyer_currency,buyer_currency_in_app,checkin.set_asset_paid_app_field,content_ratings,localized_images,market_emails,new_merchant_signup,nocache:apps.offline_docs,nocache:billing.use_charging_poller,nocache:billing.use_provisioning_poller,nocache:billing.use_provisioning_poller_inapp,nocache:billing.use_provisioning_poller_subs,nocache:enable_play_country,nocache:enable_tablet_large,nocache:encrypted_apk,nocache:mixer:use_windsearch,nocache:recs:automated_weight_adjuster_94,nocache:recs:books_annotate_merch_collection_20130620_75,nocache:recs:movies_annotate_merch_collection_20130620_25,nocache:recs:weights_books_50,nocache:recs:weights_books_transition_80,nocache:recs:weights_movies_60,nocache:use_gaia_mint_instead_of_checkout_auth_token,nocache:user_challenge,prod_locale_boost,recent_changes,vca:enable_onetree_search
X-DFE-Device-Id: XXXXXXXX
X-DFE-Client-Id: am-unknown
X-DFE-Logging-Id: XXXXXXX
User-Agent: Android-Finsky/4.4.21 (api=3,versionCode=80240021,sdk=16,device=mako,hardware=vbox86,product=occam)
X-DFE-SmallestScreenWidthDp: 600
X-DFE-Filter-Level: 3
Content-Length: 55
Host: android.clients.google.com
Connection: Keep-Alive

/�ȧ *�&confirmFreeDownload?doc=com.igs.fafafa

It would be very helpful of you if you could help decode the Chinese characters in the above request.

@archon810
Copy link

So has someone figured out which .proto to use with protoc when decoding intercepted Google Play API responses?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

8 participants