Address
304 North Cardinal St.
Dorchester Center, MA 02124

Work Hours
Monday to Friday: 7AM - 7PM
Weekend: 10AM - 5PM

Android Game Hacking

As I have no mobile pentesting experience yet, I decided to try my hand at a little android game hacking.

Android Game Hacking – Introduction

This post will be a little vague, as I don’t want to give everything exactly away for this game, and I still play it for enjoyment.

That said, I hope this provides a decent example into one way to change local save data for Android games.

Data Backup

First of all, since I didn’t have root, I needed to get a list of the packages installed.

[email protected]:~/android$ adb shell 'pm list packages -f'
package:/data/app/com.google.android.youtube-2/base.apk=com.google.android.youtube
package:/data/app/dev.games.mygame-1/base.apk=dev.games.mygame

< ... snip ... >

Once I had the name of the base.apk, it was time to back up the files to my local system.

[email protected]:~/android$ adb backup -f mygame.ab -noapk dev.games.mygame
Now unlock your device and confirm the backup operation.

Using the Android Backup Extractor I was able to get the tar archive of the files from the ADB backup file.

[email protected]:~/android$ java -jar abe.jar unpack mygame.ab mygame.tar
Backup encrypted, enter password (will NOT be displayed):
Password:

The next step was to get an (in order) list of all the files in the archive, as I will need that later when I want to rebuild the archive.

[email protected]:~/android$ tar -tf mygame.tar > mygame.list

File Analysis

With my file list in hand, it was time to extract the archive and take a look at the files.

[email protected]:~/android$ tar -xvf mygame.tar 
x apps/dev.games.mygame/_manifest
x apps/dev.games.mygame/r/app_data
x apps/dev.games.mygame/r/app_data/UserInfo.usr
x apps/dev.games.mygame/r/app_data/PlayerDataBackup1.txt
x apps/dev.games.mygame/r/app_data/PlayerData.txt
x apps/dev.games.mygame/r/app_data/PlayerDataBackup2.txt
x apps/dev.games.mygame/r/app_data/PlayerDataBackup3.txt
x apps/dev.games.mygame/r/app_data/PlayerDataBackup4.txt

< ... snip ... >

Android Game Hacking – Editing the Values and Rebuilding the Archive

Already in the first few files, I figured that PlayerData.txt was the one that I’d want to look at.

Once I opened the directory and looked through the PlayerData.txt file, I found the line that I wanted to change.

Android Game Hacking - Player Data

Once I modified the line in question, it was time to rebuild my tar archive.

[email protected]:~/android$ cat mygame.list | pax -wd > mygame-edited.tar

With the tar rebuilt, I needed to create a new ADB backup file so that it could be restored to the device.

[email protected]:~/android$ java -jar abe.jar pack mygame-edited.tar mygame-edited.ab

Last, but not least, I had to restore my edited ab file to the device.

[email protected]:~/android$ adb restore mygame-edited.ab
Now unlock your device and confirm the restore operation.

With everything in place, it was time to actually check the item in-game.

Android Game Hacking - Modified Item

As you can see from the screenshot, the item’s new values match the modified values from the PlayerData.txt file.

Android Game Hacking – Conclusion

I know this was a bit vague, but I didn’t want anyone ruining this game (or the developer catching on to it) quite yet.

That said, if you have any specific questions, or other games that you’d think I should take a look at, then I’d definitely be willing to try!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.