Android Game Hacking

As I have no mobile pentesting experience yet, I decided to try my hand at a little android game hacking.

Android Game Hacking - Introduction

This post will be a little vague, as I don't want to give everything exactly away for this game, and I still play it for enjoyment.

That said, I hope this provides a decent example into one way to change local save data for Android games.

Data Backup

First of all, since I didn't have root, I needed to get a list of the packages installed.

root@kali:~/android$ adb shell 'pm list packages -f'
package:/data/app/com.google.android.youtube-2/base.apk=com.google.android.youtube
package:/data/app/dev.games.mygame-1/base.apk=dev.games.mygame

< ... snip ... >

Once I had the name of the base.apk, it was time to back up the files to my local system.

root@kali:~/android$ adb backup -f mygame.ab -noapk dev.games.mygame
Now unlock your device and confirm the backup operation.

Using the Android Backup Extractor I was able to get the tar archive of the files from the ADB backup file.

root@kali:~/android$ java -jar abe.jar unpack mygame.ab mygame.tar
Backup encrypted, enter password (will NOT be displayed):
Password:

The next step was to get an (in order) list of all the files in the archive, as I will need that later when I want to rebuild the archive.

root@kali:~/android$ tar -tf mygame.tar > mygame.list

File Analysis

With my file list in hand, it was time to extract the archive and take a look at the files.

root@kali:~/android$ tar -xvf mygame.tar 
x apps/dev.games.mygame/_manifest
x apps/dev.games.mygame/r/app_data
x apps/dev.games.mygame/r/app_data/UserInfo.usr
x apps/dev.games.mygame/r/app_data/PlayerDataBackup1.txt
x apps/dev.games.mygame/r/app_data/PlayerData.txt
x apps/dev.games.mygame/r/app_data/PlayerDataBackup2.txt
x apps/dev.games.mygame/r/app_data/PlayerDataBackup3.txt
x apps/dev.games.mygame/r/app_data/PlayerDataBackup4.txt

< ... snip ... >

Android Game Hacking - Editing the Values and Rebuilding the Archive

Already in the first few files, I figured that PlayerData.txt was the one that I'd want to look at.

Once I opened the directory and looked through the PlayerData.txt file, I found the line that I wanted to change.

Android Game Hacking - Player Data

Once I modified the line in question, it was time to rebuild my tar archive.

root@kali:~/android$ cat mygame.list | pax -wd > mygame-edited.tar

With the tar rebuilt, I needed to create a new ADB backup file so that it could be restored to the device.

root@kali:~/android$ java -jar abe.jar pack mygame-edited.tar mygame-edited.ab

Last, but not least, I had to restore my edited ab file to the device.

root@kali:~/android$ adb restore mygame-edited.ab
Now unlock your device and confirm the restore operation.

With everything in place, it was time to actually check the item in-game.

Android Game Hacking - Modified Item

As you can see from the screenshot, the item's new values match the modified values from the PlayerData.txt file.

Android Game Hacking - Conclusion

I know this was a bit vague, but I didn't want anyone ruining this game (or the developer catching on to it) quite yet.

That said, if you have any specific questions, or other games that you'd think I should take a look at, then I'd definitely be willing to try!

doyler on Githubdoyler on Twitter
doyler
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he's done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!

He currently serves as a Senior Penetration tester for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks.

When he's not figuring out what cert to get next or side project to work on, he enjoys playing video games, traveling, and watching sports.

Leave a Comment

Filed under Security Not Included

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.