-
-
[原创]某公主手游数据修改
-
发表于:
2014-11-22 04:56
6292
-
最近玩一个日本开发的卡牌手游,发现它的通信协议只有裸的HTTP协议,忍不住动手验证一下。
不用对APP进行任何HOOK,直接架设一个HTTP PROXY,劫持特定的HTTP请求,修改之,再返回给APP。
/quest/start是进入副本的请求,修改返回的战斗数据(HP,STR,LOVE,CD),进副本即时生效。幸好副本奖励有个questKey验证,否则可自行修改奖励道具。
PS:这是个挺好玩的手游,不过一旦修改了数据,打BOSS没有任何难度,已失去了所有乐趣。希望厂家可以对通信协议进行保护。
from twisted.web import proxy, http
from twisted.internet import reactor
from twisted.python import log
import sys
import gzip
import StringIO
import json
log.startLogging(sys.stdout)
def unzip(cdata):
io = StringIO.StringIO(cdata)
z = gzip.GzipFile(fileobj=io, mode='rb')
return z.read()
def zip(data):
io = StringIO.StringIO()
z = gzip.GzipFile(fileobj=io, mode='wb')
z.write(data)
z.close()
return io.getvalue()
class ProxyClient(proxy.ProxyClient):
def __init__(self, command, rest, version, headers, data, father):
self.uri = rest
self.buffer = ''
self.header = {}
proxy.ProxyClient.__init__(self, command, rest, version, headers, data, father)
def handleHeader(self, key, value):
self.header[key] = value
proxy.ProxyClient.handleHeader(self, key, value)
def handleResponsePart(self, buffer):
self.buffer += buffer
def handleResponseEnd(self):
if not self._finished:
if self.uri == '/quest/start':
if self.header.get('Content-Type') == 'application/octet-stream;charset=UTF-8':
try:
buffer = unzip(self.buffer)
data = json.loads(buffer)
if data.get('himeList') is not None:
for hime in data['himeList']:
hime['status']['hp'] = 1000
hime['status']['baseHp'] = 1000
hime['status']['str'] = 1000
hime['status']['baseStr'] = 1000
hime['status']['love'] = 200
hime['status']['loveMax'] = 200
hime['status']['skillGauge'] = 2
self.buffer = zip(json.dumps(data, separators=(',', ':')))
except:
log.exception('error')
self.father.responseHeaders.setRawHeaders("Content-Length", [str(len(self.buffer))])
self.father.write(self.buffer)
proxy.ProxyClient.handleResponseEnd(self)
class ProxyClientFactory(proxy.ProxyClientFactory):
protocol = ProxyClient
class ProxyRequest(proxy.ProxyRequest):
protocols = dict(http=ProxyClientFactory)
class Proxy(proxy.Proxy):
requestFactory = ProxyRequest
class ProxyFactory(http.HTTPFactory):
protocol = Proxy
if __name__ == '__main__':
reactor.listenTCP(8080, ProxyFactory())
reactor.run()
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)