-
Notifications
You must be signed in to change notification settings - Fork 7
Dump server exchange
Xele02 edited this page Jun 26, 2022
·
5 revisions
See below for setup
- A rooted phone or Nox emulator.
- Python3
- Frida
- For rooted phone version, Android platform tools
Install from website package, or use Windows Store on windows. Check it's working with opening a command line and type python --version. It should show something like this :
C:\>python --version
Python 3.7.2
Additional module to install :
pyjwt : python -m pip install pyjwt
Open command line and type :
python -m pip install frida
python -m pip install frida-tools
It should start to download the package and install frida. To verify install, type frida --version
C:\>frida --version
15.1.17
Download frida server here : https://github.com/frida/frida/releases . For nox, use frida-server-XXXXX-android-x86.xz . For a rooted phone, select the processor target matching your phone. Then decompress the file with any decompressing tools. Keep this file for later.
To dump using Nox emulator, dowload and install Nox Emulator.
We will then need to connect the adb (Android Debug Bridge) version of nox to the emulator. To check that :
- Start nox player and wait android is completely booted.
- Ensure boot root is enabled in the parameters, inside General tab.
- Open a command line, go to nox install folder into the directory Nox\bin (where nox_adb.exe is) and type
nox_adb.exe devices. If it show a device like this, it's working and go to next step :
D:\NoxVM\Nox\bin>nox_adb.exe devices
List of devices attached
127.0.0.1:62029 device
- If it don't work, try connecting to the default port :
nox_adb.exe connect 127.0.0.1:62001and recheck withnox_adb.exe devices - If it didn't work, type
for /f "tokens=2" %a in ('tasklist ^|findstr Nox.') do netstat -aon | findstr %a, you will get a list like this :
TCP 127.0.0.1:56036 0.0.0.0:0 LISTENING 2720
TCP 127.0.0.1:57001 0.0.0.0:0 LISTENING 2720
TCP 127.0.0.1:58034 0.0.0.0:0 LISTENING 2720
TCP 127.0.0.1:58034 127.0.0.1:63966 ESTABLISHED 2720
TCP 127.0.0.1:60001 0.0.0.0:0 LISTENING 2720
TCP 127.0.0.1:61028 0.0.0.0:0 LISTENING 2720
TCP 127.0.0.1:61028 127.0.0.1:63997 ESTABLISHED 2720
TCP 127.0.0.1:62029 0.0.0.0:0 LISTENING 2720
TCP 127.0.0.1:62029 127.0.0.1:64028 ESTABLISHED 2720
TCP 127.0.0.1:63030 0.0.0.0:0 LISTENING 2720
TCP 127.0.0.1:64001 0.0.0.0:0 LISTENING 2720
TCP 192.168.0.5:64233 108.177.15.188:5228 ESTABLISHED 2720
TCP 192.168.0.5:64318 216.58.213.170:443 CLOSE_WAIT 2720
- Try the connect command with all adress in the 6XXXX range until
nox_adb.exe devicesworks. source
Download the apk from internet (IE apkpure), and drop the apk inside nox. Run the game and check it works.
If you rooted your phone, you should already have this but in case it's not the case : install the platform-tools. Open a command line and go inside bin directory where adb.exe is. Connect your phone on usb, type adb devices and it should show it. Phone should be rooted and dev option activated. Then use adb connect to connect to the phone
- Open a command line, and type
frida-ps -Uai. It should show installed package, and UtaMacross : com.dena.a12024374
D:\NoxVM\Nox\bin>frida-ps -Uai
PID Name Identifier
---- ----------------- -----------------------------
2698 Facebook com.facebook.katana
4246 Galerie com.android.gallery3d
4264 Google Play Store com.android.vending
2252 Paramètres com.android.settings
- Amaze com.amaze.filemanager
- App Center com.android.Calendar
- Appareil photo com.android.camera2
- Fichiers com.android.documentsui
- GoogleSign com.pekall.fmradio
- Google Play Jeux com.google.android.play.games
- Navigateur com.android.browser
- Tutorials com.android.calculator2
- 歌マクロス com.dena.a12024374
- We will need the frida-server file downloaded before. Go in the adb.exe or nox_adb.exe directory in a command line and type (replace adb by nox_adb as needed) :
adb root
adb push frida-server /data/local/tmp/
adb shell "chmod 755 /data/local/tmp/frida-server"
Replace "frida-server" on the second line with the file location and name of the frida-server file downloaded and extracted.
- Start the frida-server :
adb shell "/data/local/tmp/frida-server &". There should be no error, and the command line should not return (aka the program will run until you hit CTRL-C to stop it). - Open a new command line and type
frida -U -f com.dena.a12024374. The game should start on the emulator, and in the command line have :
C:\Windows\system32>frida -U --no-pause -f com.dena.a12024374
____
/ _ | Frida 15.1.17 - A world-class dynamic instrumentation toolkit
| (_| |
> _ | Commands:
/_/ |_| help -> Displays the help system
. . . . object? -> Display information about 'object'
. . . . exit/quit -> Exit
. . . .
. . . . More info at https://frida.re/docs/home/
. . . .
. . . . Connected to SM-N976N (id=127.0.0.1:62029)
Spawned `com.dena.a12024374`. Resuming main thread!
If you are here, everyting is ready.
- Download the python script here : dump_server_response.py
- Put it in a directory where write is allowed.
- Be sure that frida-server is running (see Frida install)
- Run the script with the command
python dump_server_response.py- Enter the path to adb or nox_adb exe. This will be used by the script to get files.
- Enter the path where to put the files. By default it will be in a utamacross_dump directory where you run the script. In this directory the game will create another directory with the current date, so next run don't overwrite previous run.
- The script will then start the game and write some execution info of request catched :
Z:\Project\AndroidGLDump>python dump_server_response.py
Enter Adb/Nox_adb path to automatically download datas : (ie : c:/Nox/bin/nox_adb.exe) : D:\NoxVM\Nox\bin\nox_adb.exe
Enter output path (default : utamacross_dump) :
Create output directory utamacross_dump/1656166498115
Game will start. Once done, close it to download datas
il2cpp loaded
[+] BaseAddr of libil2cpp.so: 0x8000000
[+] Address in memory: 0xae6b344
GET https://sakasho.sp.mbga.jp/v1/birthday/age_families_policy?_reqid=17362
[+] BaseAddr of libsakasho.so: 0x6e00000
[+] Address in memory: 0x6e59481
GET https://sakasho.sp.mbga.jp/v1/status?_reqid=17362
[100%] /storage/emulated/0/Android/data/com.dena.a12024374/files/httprequest_0_97.in
request not decrypted, requeue 1656166504910_GET_httpssakashospmbgajpv1birthdayage_families_policy_.in
POST https://sakasho.sp.mbga.jp/v3/token/session?_reqid=17362
[100%] /storage/emulated/0/Android/data/com.dena.a12024374/files/httprequest_1_63.in
request not decrypted, requeue 1656166505011_GET_httpssakashospmbgajpv1status_reqid17362.in
POST https://sakasho.sp.mbga.jp/v3/token/session?_reqid=17362
[100%] /storage/emulated/0/Android/data/com.dena.a12024374/files/httprequest_2_87.in
- Once you are in the game, you should have a big file in the output directory named XXXXXXXXX_GET_httpssakashospmbgajpv1playerbasecommonpublic_statu.in.json . This is the player account data.
- Close the game. The script will then download the local save datas (Options, etc...)
Start copying local save files
/storage/emulated/0/Android/data/com.dena.a12024374/files/...les pulled. 0 files skipped. 0.0 MB/s (96 bytes in 0.052s)
adb: error: remote object '/storage/emulated/0/Android/data/com.dena.a12024374/files/50' does not exist
/storage/emulated/0/Android/data/com.dena.a12024374/files/... pulled. 0 files skipped. 0.2 MB/s (10674 bytes in 0.050s)
/storage/emulated/0/Android/data/com.dena.a12024374/files/...ulled. 0 files skipped. 7.0 MB/s (1965239 bytes in 0.269s)
/storage/emulated/0/Android/data/com.dena.a12024374/files/... pulled. 0 files skipped. 0.1 MB/s (11343 bytes in 0.115s)
/storage/emulated/0/Android/data/com.dena.a12024374/files/...pulled. 0 files skipped. 2.9 MB/s (350719 bytes in 0.115s)
Done, hit CTRL-C to exit
- Close the script with CTRL-C.