Comments (7)
Patching libg.so
is required, which is why it is listed in the installation procedure in the readme. The public key is 72f1a4a4c48e44da0c42310f800e96624e6dc6a641a9d41c3b5039d8dfadc27e
.
from coc-proxy-csharp.
Ah, didn't realize this proxy relied on that. I thought it was a generic proxy for the latest client. I'm not using an android phone - an iphone instead. Not sure if it has the same client keys as android has.
from coc-proxy-csharp.
To be able to decrypt the packets, you must know the secret key for either the client or server. Since Supercell isn't sharing the one for the server, and the one for the client is dynamically generated for every connection, we're forced to patch the client (or read the client's secret key from memory, for example with Frida).
from coc-proxy-csharp.
And from expl0itr's post in the CoCSharp thread, it appears the key is the same for iOS, but at offset .data:004F37D8
.
Warning: The .data
offset (.data:006023F8
) does not line up with the dd
offset (6296568
) for me in the android/x86 version of the file, so be careful when using the above.
from coc-proxy-csharp.
I think the terminology is tripping me up. The server and client both have a public key and private key each. I thought the server's private key + client's private key was called a shared secret key. I thought it would be identical to the server's public key and the client's private key.
The 24 bytes sent in 20100 are not a true server public key (as its changes every time) but acts like one. It allows the client to come up with a secret key based on the client private key embedded in libg.so. I'd like to code the client latest private key in my proxy and require the client to always be running the latest version (this won't be a public proxy). That seems like it would work and avoid the need to patch libg.so, right? Maybe I'm still misunderstanding something... :(
from coc-proxy-csharp.
The 24 byte binary string in 20100 has no impact on the encryption. With every release, Supercell generates a key pair. They keep the private key secret and put the public key in the client. Every time the client connects to the server, it generates another key pair then sends the public key to the server (in packet 10101).
Since the server has the original private key and now the client's public key (from packet 10101), it can generate a shared key.
Since the client has it's newly generated secret key and the server's public key (embedded in the client), it can generate the same shared key.
from coc-proxy-csharp.
I better understand now - thank you for your patience. I was really hoping there would be a way to use a proxy with my non-jailbroken iphone. Because the server's public key is embedded in libg.so, it looks like it won't be possible to spoof the server (without, of course, the accompanying private key).
from coc-proxy-csharp.
Related Issues (4)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from coc-proxy-csharp.