Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CandyCrushSaga errors #37

Closed
yoshimo opened this issue Feb 1, 2021 · 6 comments
Closed

CandyCrushSaga errors #37

yoshimo opened this issue Feb 1, 2021 · 6 comments
Labels
app-specific Issues specific to a certain app

Comments

@yoshimo
Copy link

yoshimo commented Feb 1, 2021

CandyCrushSaga by King has trouble connecting to mobilecrush.king.com.
HTTPCanary claims "taget app used the non-system ca certificate list" even though apk-mitm patched the apk.

@yoshimo
Copy link
Author

yoshimo commented Feb 1, 2021

Looks like they verify against apk-mitm-8c0f4706379aecc405491c8f8b955fbc\decode\assets\res_output\ca-bundle.crt
not sure where that needs to be patched though.

@shroudedcode
Copy link
Owner

Have you searched the Smali code for that file name to see if it's read anywhere? You could also try debugging the app like I did in your other issue (I wish I had a full guide for that, maybe I'll write it eventually 😅).

@yoshimo
Copy link
Author

yoshimo commented Feb 1, 2021

only mentioned in the manifest and cert.sf but i have files that contain the hostname mentioned which i will mess with next:
Debugging is a bit ouf o my league for now

server.host mobilecrush.king.com
server.port 443
server.secure true
server.supportsSsl true
server.page /
fb.app.id _210831918949520
adtruth.url https://play.king.com/install
mercado.url http://plataforma.sto.midasplayer.com:8008/goto/candycrush/mercado-3

servicelayer.host servicelayer.king.com
servicelayer.port 80
servicelayer.secure false
servicelayer.supportsSsl false

cmp.url https://cdn-ukwest.onetrust.com/scripttemplates/otSDKStub.js
cmp.app_id.android c484d7fd-d5e1-4f02-9e35-85341dfab524
cmp.app_id.ios 7a8f2a54-43c1-48a5-811c-8267f2728c5b

@yoshimo
Copy link
Author

yoshimo commented Feb 3, 2021

two changes seem to have made it work.
editing the server.secure true to false and merging the network security config files including the already existing domain config in addition to apk-mitm s base config.

@shroudedcode
Copy link
Owner

Thanks for looking into this yourself @yoshimo! It would be great if these changes could be applied automatically, so let's keep the issue open for now.

@shroudedcode
Copy link
Owner

Actually, it seems like this manifest is pretty specific to this one game (or maybe all games by King, but that's still pretty niche), so I don't think integrating support for patching it would be worth it. If anyone has any evidence that this file is standardized in some way (for example by being part of a major game engine), please let me know and I might reconsider adding support for it.

@shroudedcode shroudedcode added the app-specific Issues specific to a certain app label Jun 26, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
app-specific Issues specific to a certain app
Projects
None yet
Development

No branches or pull requests

2 participants