THE BATTLE CATS HACKED IPA 5.0.2 UPDATE
I am currently contacting PONOS Games through email and through their contact/inquiry page to check with them and update them regarding this MitM vulnerability. UPDATE (): I kindly raised an issue regarding this MITM vulnerability to PONOS through an in-game inquiry (for the purpose of responsible disclosure) with an added suggestion of encrypting the data being transmitted but they just simply banned my savegame file, so. Please support the developers of Battle Cats so that they can add more content for the players of Battle Cats! ヾ(°∇°*) If PONOS were to approach me to take down, archive or privatise this repository, I will be obliged to follow their will. I am not personally responsible in any way for any unethical malpractices because of this tool. This repository was made only for research and educational purposes. The legacy descriptions below will be kept as is for archival and posterity reasons. They might have figured it out internally by themselves and decided to not inform me about it at all (or forgot to inform me). That said, PONOS had never informed me formally/officially about this patch, even after I had responsibly disclosed this issue to them. If someone else is able to conduct further investigations into this, feel free to report your findings and maybe put up an issue/PR about it. Unfortunately, I do not currently possess any rooted/jailbroken devices, and thus, I am unable to test this theory out. If Certificate Pinning was implemented, it might be possible to remove the pinned certificate or replace it with a self-signed certificate from Fiddler from the APK/IPA binary file of the application, but this requires root/jailbreak access (and it might be too difficult for the layperson to execute without some kind of automation script to help them do it). This method DOES NOT SEEM TO WORK ANY MORE for versions v11.1.0 and above as mentioned here (at least not without root/jailbreak access), possibly due to either Certificate Pinning or usage of nonces to prevent replay attacks. This mailbox hack allows players to acquire items and/or cats of their choice.
0 kommentar(er)
