Address
304 North Cardinal St.
Dorchester Center, MA 02124
Work Hours
Monday to Friday: 7AM - 7PM
Weekend: 10AM - 5PM
As I have no mobile pentesting experience yet, I decided to try my hand at a little android game hacking.
Android Game Hacking – Introduction
This post will be a little vague, as I don’t want to give everything exactly away for this game, and I still play it for enjoyment.
That said, I hope this provides a decent example into one way to change local save data for Android games.
Data Backup
First of all, since I didn’t have root, I needed to get a list of the packages installed.
root@kali:~/android$ adb shell 'pm list packages -f' package:/data/app/com.google.android.youtube-2/base.apk=com.google.android.youtube package:/data/app/dev.games.mygame-1/base.apk=dev.games.mygame < ... snip ... >
Once I had the name of the base.apk, it was time to back up the files to my local system.
root@kali:~/android$ adb backup -f mygame.ab -noapk dev.games.mygame Now unlock your device and confirm the backup operation.
Using the Android Backup Extractor I was able to get the tar archive of the files from the ADB backup file.
root@kali:~/android$ java -jar abe.jar unpack mygame.ab mygame.tar Backup encrypted, enter password (will NOT be displayed): Password:
The next step was to get an (in order) list of all the files in the archive, as I will need that later when I want to rebuild the archive.
root@kali:~/android$ tar -tf mygame.tar > mygame.list
File Analysis
With my file list in hand, it was time to extract the archive and take a look at the files.
root@kali:~/android$ tar -xvf mygame.tar x apps/dev.games.mygame/_manifest x apps/dev.games.mygame/r/app_data x apps/dev.games.mygame/r/app_data/UserInfo.usr x apps/dev.games.mygame/r/app_data/PlayerDataBackup1.txt x apps/dev.games.mygame/r/app_data/PlayerData.txt x apps/dev.games.mygame/r/app_data/PlayerDataBackup2.txt x apps/dev.games.mygame/r/app_data/PlayerDataBackup3.txt x apps/dev.games.mygame/r/app_data/PlayerDataBackup4.txt < ... snip ... >
Android Game Hacking – Editing the Values and Rebuilding the Archive
Already in the first few files, I figured that PlayerData.txt was the one that I’d want to look at.
Once I opened the directory and looked through the PlayerData.txt file, I found the line that I wanted to change.
Once I modified the line in question, it was time to rebuild my tar archive.
root@kali:~/android$ cat mygame.list | pax -wd > mygame-edited.tar
With the tar rebuilt, I needed to create a new ADB backup file so that it could be restored to the device.
root@kali:~/android$ java -jar abe.jar pack mygame-edited.tar mygame-edited.ab
Last, but not least, I had to restore my edited ab file to the device.
root@kali:~/android$ adb restore mygame-edited.ab Now unlock your device and confirm the restore operation.
With everything in place, it was time to actually check the item in-game.
As you can see from the screenshot, the item’s new values match the modified values from the PlayerData.txt file.
Android Game Hacking – Conclusion
I know this was a bit vague, but I didn’t want anyone ruining this game (or the developer catching on to it) quite yet.
That said, if you have any specific questions, or other games that you’d think I should take a look at, then I’d definitely be willing to try!
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he’s done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!
He currently serves as a Senior Staff Adversarial Engineer for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks.
This page contains links to products that I may receive compensation from at no additional cost to you. View my Affiliate Disclosure page here. As an Amazon Associate, I earn from qualifying purchases.
