Reverse engineering network protocol of an APK - willing to pay for help


#1

Hi,

I’m an absolute noob at this kinda stuff. I’m desperate for some help/guidance on how I can begin to document a protocol. My long term goal is to MITM the APK which will run from an emulator on my PC so that I can document a running game.

I am willing to pay BTC if someone will spend some time looking at it and pointing me in the right direction.

I have considered decompiling the java files in the APK but then a bunch is also written in Lua and Luadec won’t decompile it as they’ve done some kind of encoding on the binary. (I know that I could find the function and write it+key into Luadec perhaps and do it that way, but it seems alot of work)

I have already seen some 3rd party applications that are doing similar things to what I want to do, however they are using winpcap and sniffing packets. Same effect though I guess. The thing they do all have in common is that before they can interpret the packets you MUST relogin to your account within the app. I’m guessing there is some form of key or something that needs pulling from the login packet.

As I say anyone that can help me get past the big hurdles (even figuring out wtf happens in this login packet and how to decrypt/decode future packets) I will pay.

I’ve attached 2 example wireshark dumps and also a link to the APK.

For the dumps I logged in, watched a game that was in progress and logged back out.

Dump 1: https://ufile.io/myxba
Dump 2: https://ufile.io/7owly
APK: http://www.pokermaster.com/en/download/index.html

The app is a poker app for android. I have an account someone can use if you are happy to help.

Anyone that can look at the dumps and point me in the right direction please please do.

Cheers.