CryptographicException with unpatched libg.so about coc-proxy-csharp HOT 7 CLOSED

Patching libg.so is required, which is why it is listed in the installation procedure in the readme. The public key is 72f1a4a4c48e44da0c42310f800e96624e6dc6a641a9d41c3b5039d8dfadc27e.

from coc-proxy-csharp.

Ah, didn't realize this proxy relied on that. I thought it was a generic proxy for the latest client. I'm not using an android phone - an iphone instead. Not sure if it has the same client keys as android has.

from coc-proxy-csharp.

To be able to decrypt the packets, you must know the secret key for either the client or server. Since Supercell isn't sharing the one for the server, and the one for the client is dynamically generated for every connection, we're forced to patch the client (or read the client's secret key from memory, for example with Frida).

from coc-proxy-csharp.

And from expl0itr's post in the CoCSharp thread, it appears the key is the same for iOS, but at offset .data:004F37D8.

Warning: The .data offset (.data:006023F8) does not line up with the dd offset (6296568) for me in the android/x86 version of the file, so be careful when using the above.

from coc-proxy-csharp.

I think the terminology is tripping me up. The server and client both have a public key and private key each. I thought the server's private key + client's private key was called a shared secret key. I thought it would be identical to the server's public key and the client's private key.

The 24 bytes sent in 20100 are not a true server public key (as its changes every time) but acts like one. It allows the client to come up with a secret key based on the client private key embedded in libg.so. I'd like to code the client latest private key in my proxy and require the client to always be running the latest version (this won't be a public proxy). That seems like it would work and avoid the need to patch libg.so, right? Maybe I'm still misunderstanding something... :(

from coc-proxy-csharp.

The 24 byte binary string in 20100 has no impact on the encryption. With every release, Supercell generates a key pair. They keep the private key secret and put the public key in the client. Every time the client connects to the server, it generates another key pair then sends the public key to the server (in packet 10101).

Since the server has the original private key and now the client's public key (from packet 10101), it can generate a shared key.

Since the client has it's newly generated secret key and the server's public key (embedded in the client), it can generate the same shared key.

from coc-proxy-csharp.

I better understand now - thank you for your patience. I was really hoping there would be a way to use a proxy with my non-jailbroken iphone. Because the server's public key is embedded in libg.so, it looks like it won't be possible to spoof the server (without, of course, the accompanying private key).

from coc-proxy-csharp.