Reverse Engineering Android Servers

Results 1 to 4 of 4
  1. #1
    Newbie crh is offline
    Sep 2019 Join Date

    Reverse Engineering Android Servers

    Reverse Engineering Android Servers
    While it is self evidently an extremely complex procedure to sniff packets and write a server for Massive 3d MMO's, with TCP/UDP protocols, simple question:

    How complex is it, in comparison, to do that with simple Android games, which use HTTP (restful) or web-sockets? Games like Portal Quest, Idle Heroes (which has a huge private server) or even the Adventure Communist/Capitalist games- these don't have any real-time elements to them.

    I know decent Java, a friend has worked on projects building the backend of not so simple apps. We are willing to learn the things required to build the servers. Or, at least have the full ability to build the servers.


  2. #2
    Programmer cyberinferno is offline
    True MemberRank
    Jun 2009 Join Date

    Re: Reverse Engineering Android Servers

    As no one has replied to this thread yet let me try to explain it to you.

    In my opinion sniffing packets is the easy part. It can be done in either of these 2 ways
    • Capturing packets from network node using Wireshark
    • Adding a proxy like ProxyCap between the client and server to capture packet before being sent

    As you specifically asked for HTTP traffic you can also like Fiddler as HTTP proxy too. Android game reversing would require you to proxify your Bluestack (search guides for the same it is easy to find).

    Let us come to the hard part now. Hard part would be understanding communication protocol between the server and client. Packets might be encoded/encrypted using standard/non-standard algorithms to make it hard for normal users to manipulate it. Hence figuring that out to decode/decrypt would be required.

    Once communication protocol has been figured out, you can start emulating the server. Java has lot of libraries and resources to build any kind of server you want to build and hence it should not be that difficult to code.

    All the best
    ** Web developer **

  3. #3
    ThuGie.NL - Webmaster ThuGie is offline
    True MemberRank
    Apr 2006 Join Date

    Re: Reverse Engineering Android Servers

    Actually for quite some games, you can just decompile the client.
    Some use some libs though like some games i messed around a bit with,

    Did that but used encrypted lua files, but if you try enough and disassemble the libs a bit you can get the key,
    Decrypt them and just find all packets you might need also to look for what packet encryption it uses if it has it, and what the keys are.
    Hate me or Love me, Just dont bother me!
    Only argument i lose, is a argument with my gf, where even when i am right i lose

  4. #4
    not a DEVELOPER Droppy is offline
    Feb 2012 Join Date

    Re: Reverse Engineering Android Servers

    For Android devices it should be pretty easy compared to iOS devices. In my opinion, you can do almost the same as you would in a computer environment.

    You can use remote debuggers just as you can on the computer, decompile/deobfuscate (e.g. Habbo uses Flash on the mobile - ), recompile.

    On iOS it will be harder but you can still use IDA Pro/ to try and understand the protocol, plus Apple only allows AoT compilation on their devices, so you can't run flash, or other languages such as C# etc (it will compile natively everything to the main binary or maybe a dylib (?)).

    Disclaimer: I will never ask you for money for any purposes nor sell you game files (either inside or outside the forums).
    Subscribe | Rules
    PM Me | Add Me