As I have no mobile pentesting experience yet, I decided to try my hand at a little android game hacking.
Android Game Hacking - Introduction
This post will be a little vague, as I don't want to give everything exactly away for this game, and I still play it for enjoyment.
That said, I hope this provides a decent example into one way to change local save data for Android games.
First of all, since I didn't have root, I needed to get a list of the packages installed.
root@kali:~/android$ adb shell 'pm list packages -f' package:/data/app/com.google.android.youtube-2/base.apk=com.google.android.youtube package:/data/app/dev.games.mygame-1/base.apk=dev.games.mygame < ... snip ... >
Once I had the name of the base.apk, it was time to back up the files to my local system.
root@kali:~/android$ adb backup -f mygame.ab -noapk dev.games.mygame Now unlock your device and confirm the backup operation.
Using the Android Backup Extractor I was able to get the tar archive of the files from the ADB backup file.
root@kali:~/android$ java -jar abe.jar unpack mygame.ab mygame.tar Backup encrypted, enter password (will NOT be displayed): Password:
The next step was to get an (in order) list of all the files in the archive, as I will need that later when I want to rebuild the archive.
root@kali:~/android$ tar -tf mygame.tar > mygame.list
With my file list in hand, it was time to extract the archive and take a look at the files.
root@kali:~/android$ tar -xvf mygame.tar x apps/dev.games.mygame/_manifest x apps/dev.games.mygame/r/app_data x apps/dev.games.mygame/r/app_data/UserInfo.usr x apps/dev.games.mygame/r/app_data/PlayerDataBackup1.txt x apps/dev.games.mygame/r/app_data/PlayerData.txt x apps/dev.games.mygame/r/app_data/PlayerDataBackup2.txt x apps/dev.games.mygame/r/app_data/PlayerDataBackup3.txt x apps/dev.games.mygame/r/app_data/PlayerDataBackup4.txt < ... snip ... >
Android Game Hacking - Editing the Values and Rebuilding the Archive
Already in the first few files, I figured that PlayerData.txt was the one that I'd want to look at.
Once I opened the directory and looked through the PlayerData.txt file, I found the line that I wanted to change.
Once I modified the line in question, it was time to rebuild my tar archive.
root@kali:~/android$ cat mygame.list | pax -wd > mygame-edited.tar
With the tar rebuilt, I needed to create a new ADB backup file so that it could be restored to the device.
root@kali:~/android$ java -jar abe.jar pack mygame-edited.tar mygame-edited.ab
Last, but not least, I had to restore my edited ab file to the device.
root@kali:~/android$ adb restore mygame-edited.ab Now unlock your device and confirm the restore operation.
With everything in place, it was time to actually check the item in-game.
As you can see from the screenshot, the item's new values match the modified values from the PlayerData.txt file.
Android Game Hacking - Conclusion
I know this was a bit vague, but I didn't want anyone ruining this game (or the developer catching on to it) quite yet.
That said, if you have any specific questions, or other games that you'd think I should take a look at, then I'd definitely be willing to try!