Clash Royale皇室战争黑盒技术分析

黑盒方式,对Clash Royale皇室战争进行通信协议,数据保护,网络分层等技术分析。来自http://www.cnxct.com

1. Clash Royale [email protected]
2. • • • ios WIFI+ genymotion PC MAC PRO
3. • wifi WIFI SSID • • • mac pro wireshark
4. IP
6. • A • NS • CNAME
7. whois • Domain Name: clashroyaleapp.com • Registry Domain ID: 1970575925_DOMAIN_COM-VRSN • Registrar WHOIS Server: whois.comlaude.com • Registrar URL: http://www.comlaude.com • Updated Date: 2016-02-15T11:01:48Z • Creation Date: 2015-10-21T16:11:09Z • Registrar Registration Expiration Date: 2016-10-21T00:00:00Z • Registrar: NOM-IQ Ltd dba Com Laude • Registrar IANA ID: 470 • Domain Status: clientDeleteProhibited https://www.icann.org/epp#clientDeleteProhibited • Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited • Domain Status: clientUpdateProhibited https://www.icann.org/epp#clientUpdateProhibited • Registry Registrant ID: • Registrant Name: Domain Manager
8. whois • • • comlaude SuperCell
9. Name Server • NS-1313.AWSDNS-36.ORG • NS-1582.AWSDNS-05.CO.UK • NS-460.AWSDNS-57.COM • NS-762.AWSDNS-31.NET •
10. A • Bangkok, Thailand 54.231.49.82 • Auckland, New Zealand 54.231.82.129 • Toronto, Canada 54.231.49.249 • Paris, France • Frankfurt, Germany 54.231.50.49 • Arizona, United States 54.231.1.188 • Washington DC, United States 54.231.48.106 • Sydney, Australia 54.231.0.172 • Beijing, China 54.231.14.140 • Tokyo, Japan 54.231.12.164 • Monterrey, Mexico • Johannesburg, South Africa • Moscow, Russia 54.231.19.20 • Manchester, United Kingdom 54.231.48.42 54.231.18.244 54.231.9.188 54.231.17.52
11. • •
12. • A • CNAME CNAME cdn.com gamec.clashroyaleapp.com CNAME clashroyalegame.kunluncr.kunlun-cdn.com
13. CNAME
14. DNS
15. • 106.75.133.* 20 ucloud.cn / • 106.75.134.* 10 ucloud.cn / • 106.75.135.* 7 ucloud.cn / • 106.75.140.* 3 ucloud.cn / 2016-03-17
16. Name Server [email protected]:~$ dig gamec.clashroyaleapp.com ;; AUTHORITY SECTION: kunlun-cdn.com. 22379 IN NS ns3.dnsv5.com. kunlun-cdn.com. 22379 IN NS ns4.dnsv5.com.
17. • • •
18. • gamec.clashroyaleapp.com 3 16 15 DNS 400W • game.clashroyaleapp.com 3 16 15 DNS 17W • game.clashroyaleapp.com.ad***.to*** • game.clashroyaleapp.com.bel*** • game.clashroyaleapp.com.dh*** • game.clashroyaleapp.com.ho*** • game.clashroyaleapp.com.lo*** • game.clashroyaleapp.com.ral*** • game.clashroyaleapp.com.wor***
20. CNAME • • A • 4 • A Name Server ,A DNS
21. • Ucloud • 40 • • DNS 400W http dns
23. • • 9339
26. • 27 7c 00 00 10 00 00 79 • 27 7b 00 00 19 00 00 72 • 27 7b 00 00 19 00 00 ca • 37 16 00 00 1a 00 00 3c • 27 7c 00 00 10 00 00 31 • 27 7b 00 00 19 00 00 56
27. • • • • IP\TCP
28. pcapng
29. • • • wirshark 23 • [39 124 0 0 16 0 0 135 29 244 121 46 116 184 61 65 103 17 224 73 143 189 48] • [39 124 0 0 16 0 0 25 80 113 190 45 125 228 66 148 62 222 192 195 74 184 150] • [39 124 0 0 16 0 0 138 215 9 252 5 252 4 96 135 136 71 30 168 52 19 201]
30.
31. 27 7c 00 00 10 00 00 79 39 e2 ce a2 19 55 6f 2c 15 54 f3 72 c3 ad 96 5 0x10 7-N
32. 8<<1 , • • 255 0XFF, 255
34. • • 7 402 4 0x0192 4-5 • • • 5 Big Endian ( )
35. • 0-3 • 4-5 • 6-7 0x00
36. • 0-2 command • 3-5 • 6-7 0x00
37. • client->server SuperCell • • • • coc-proxy libg.so ?
39. • • • • COC Hey Day Boom Beach Clash Royale
40. • command • ( )
41. • csv • sc
42. • android • ios ipa zip • • apk csv
43. csv •
44. / • • • 1.jpg 1.png 1.gif
45. • • • • • (magic Number) ?
46. Magic Number
47. Magic Number http Magic Number
50. (magic number) • • • •
51.
52. • • •
53. csv 5d 00 00 04 file heaher\magic number\file signature 5d 00 00 file heaher\magic number\file signature
54. lzma
56. lzma • • LZMA Lempel-Ziv-Markov chain-Algorithm Igor Pavlov 2001 bzip2 bin 2001 Deflate LZ77 7-Zip LZ77 4GB lzma • http://sudo-kill-all.blogspot.tw/2015/06/tutorial-unpacking-cable-modemfirmware.html • http://zenhax.com/viewtopic.php?t=27 • https://github.com/cscott/lzma-purejs/blob/master/FORMAT.md • ftp://ftp.uni-bayreuth.de/pub/packages/tools/lzma/tukaani.org/lzma/headerformat-12.txt
57. LZMA RFC ftp://ftp.uni-bayreuth.de/pub/packages/tools/lzma/ tukaani.org/lzma/header-format-12.txt • the number of literal context bits (lc, [0, 8]); • the number of literal position bits (lp, [0, 4]); and • the number of position bits (pb, [0, 4]).
58. csv • credits.csv: 5D 00 00 04 00 4F 02 00 00 00 11 13 88 26 D3 4D 46 2E C5 BA A5 53 6B 56 08 84 CF 8B 5B 2E D8 7C • 5D 00 00 04 00 • 4F 02 00 00 00 11 13 88 magic Number 11 13 88 • 11 13 88
59. csv 11 13 88 4F 02 00 00 00 9B B0 00 00 00 BE 03 00 00 00 86 84 00 00 00
60. csv • • • 591 2971 958 33926 1K,3KB,1KB,33K
61. csv • 5 length • lzma 8 3 0x00 • ... • “4F 02 00 00 00” • • • • 5 4 00 ? ... .... lzma literal position bits
62. csv
63. “ • ” • • LOL OB www.cnxct.com/how-to-watch-lol-tencent-ob-on-mac-osx/ • http://
64. SC • •
65. SC
66. SC • Magic Number:53 43 00 00 00 01 00 00 00 10 • • SuperCell • 0x53\0x43 • ASCII ? S C
67. • • • android • • • android java SO
68. • • • • • Linux C fopen fopen
69. fopen
70. • • • • • • • fopen fopen
72. sc • clash royale android 1.2.3 ( ), sub_1FDCC0 • sub_1E1C50 • • • v174 !=83 • S ASCII SC 0x53 magic number IDA
73. • • • N
74. SC HEX LZMA
75. LZMA • • • • • • SuperCell Clash Royale SC COC COC
76. • IDA • _tex.sc _tex.sc COC lzma
77. _tex.sc Little endian 02 A8 05 02A800 + 0E
78. SC • • SC PNG PNG SC
79. SC
80. • • • ( ) • • • (zuo) (de) (geng) (hao)
81. • • • SC 57M 326M 17%
82. • • • • • • ( ) so exe
83. • • • lua
85. • • • • luac magic number 58 58 54 45
86. fopen\fread ...
87. lua
88. sign magic number
89. LUA
90. magic number F9 43 5A • • initWithImageData • initWithImageData • sub_XXXXX • +so so
92. android • IDA pro (>6.6 android ) ARM CPU • • IDA pro • android android_server ARM X86 su
93. android • • android_server • adb forward tcp:xxx • adb shell • • attach su android_server
94. attach android
96. so
99. DUMP magic number • • png magic number • R1 • png • 8 89 50 4E 47
100. PNG
101. PNG
102. dump
104. • • • stack ...
105. lua
106. lua • • • N magic number
107. lua • KEY • • • XXTEA
108. xxtea_decrypt DUMP
109. lua • • • • • lua
110. • • • •
112. • • • CPU
113. • • •
114. • cheat engine … • … • Call Call • LOL …
115. Cheat Engine
117. • •
118. • so • • android ... so
119. Call so • so • attach ...
120. • KEY • • KEY
121. status tracePid
122. maps • • so SO 96
123. • : • : hash apktool png • : • : ELF … ...
124. • • • • • Clash Royale
125. • :http://www.bangcle.com/ • :https://www.ijiami.cn/ COC • APKProtect :http://www.apkprotect.com/ • Shield4J :http://shield4j.com/ • DexGuard :http://www.saikoa.com/dexguard
127. • COC • LOL Launcher launcher-of-osx/ https://github.com/clugh/coc-proxy http://www.cnxct.com/league-of-legends- https://en.wikipedia.org/wiki/Magic_number_(programming) • • proxy http://open.163.com/movie/2012/10/B/K/ M99VIFJA6_M9A018BBK.html https://www.pnfsoftware.com/blog/dexguards-assets-encryption/ • • APK • ELF http://bbs.pediy.com/showthread.php?t=183116 :http://bbs.pediy.com/showthread.php?t=192874