nok1a

Thanks lot for the info. Pointing specifically to the userCookie. You can reuse the same token, It stays valid. This is a authentication request that is used to sign in to your in-game account. By changing the userCookie token you can change the account you can login to(for example). Ok, so i understand that it comes down to a token with some check algorithm to make sure there is no tempering on the user ID and session time. So what i want is to modify that user info in the userCookie token and send to the server and have it being received as valid by the server. This can't work if i do not know the appropriate check algorithm used. I try to understand that check algorithm. Any thoughts on how the check could work.

I don't have acess to the tools. Response. Through GG. Hope it has the needed info. Script ended: { -- table(ffbb891) ['code'] = 200, ['content'] = ' %setCookie[account]�/DEvIPj54NwK5EI5vW8_k4iwcV6_rWDABEIvvgcXpso8.eyJpZCI6NTE5NDk2NTQsImVtYWlsIjoiMTE2MTE1MjQ0Mzg0MTA3NzMyOTUzQGdhLmZ1bnpheS5jb20iLCJzb2NpYWxOZXR3b3JrcyI6eyJnYSI6IjExNjExNTI0NDM4NDEwNzczMjk1MyJ9LCJjdGltZSI6MTY3NjQ2MzMzNX0setCookie[user]�5MUbMehx_aPdSzp1LcRpEoHMRvC_Sw_XLHwEtPB98k40.eyJpZCI6OTEwNjA2MTksImN0aW1lIjoxNjc2NDYzMzM1fQinitTimeA��39�timezoneOffset�0contentDomain/gobmobile.akamaized.netconfigs ruYshared/as/ru/contextConfig.amf?ux=1676462708enYshared/as/en/contextConfig.amf?ux=1676462707trYshared/as/tr/contextConfig.amf?ux=1676462708frYshared/as/fr/contextConfig.amf?ux=1676462707itYshared/as/it/contextConfig.amf?ux=1676462707deYshared/as/de/contextConfig.amf?ux=1676462706esYshared/as/es/contextConfig.amf?ux=1676462707ptYshared/as/pt/contextConfig.amf?ux=1676462708pt-BR_shared/as/pt-BR/contextConfig.amf?ux=1676462708nlYshared/as/nl/contextConfig.amf?ux=1676462708koYshared/as/ko/contextConfig.amf?ux=1676462707jaYshared/as/ja/contextConfig.amf?ux=1676462707ltYshared/as/lt/contextConfig.amf?ux=1676462708zh-Hanscshared/as/zh-Hans/contextConfig.amf?ux=1676462709zh-Hantcshared/as/zh-Hant/contextConfig.amf?ux=1676462709remoteIp185.124.28.154cidUser.91060619env mainkeyA50d53aca6c02795f355bd3284e4207c2 langlevel nickPlayer 91060619tcp%35.246.142.97:7712seq4 status', ['contentLength'] = -1, ['contentType'] = 'application/octet-stream', ['date'] = 1676463335000.0, ['expiration'] = 869893200000.0, ['headers'] = { -- table(18ff3f6) ['Cache-Control'] = { -- table(e552264) [1] = 'no-store, no-cache, must-revalidate', [2] = 'post-check=0, pre-check=0', }, ['Connection'] = { -- table(6bf5982) [1] = 'keep-alive', }, ['Content-Transfer-Encoding'] = { -- table(8124ccd) [1] = 'binary', }, ['Content-Type'] = { -- table(c7400d0) [1] = 'application/octet-stream', }, ['Date'] = { -- table(86ae801) [1] = 'Wed, 15 Feb 2023 12:15:35 GMT', }, ['Expires'] = { -- table(ce403f7) [1] = 'Mon, 26 Jul 1997 05:00:00 GMT', }, ['Keep-Alive'] = { -- table(85719e8) [1] = 'timeout=20', }, ['Last-Modified'] = { -- table(444d70b) [1] = 'Wed, 15 Feb 2023 12:15:35 GMT', }, ['Pragma'] = { -- table(b8d8bce) [1] = 'no-cache', }, ['Server'] = { -- table(9fb46a6) [1] = 'nginx/1.18.0', }, ['Transfer-Encoding'] = { -- table(b6059fc) [1] = 'chunked', }, ['X-Android-Received-Millis'] = { -- table(b317aef) [1] = '1676463335138', }, ['X-Android-Response-Source'] = { -- table(dfa96da) [1] = 'NETWORK 200', }, ['X-Android-Selected-Protocol'] = { -- table(683e8c9) [1] = 'http/1.1', }, ['X-Android-Sent-Millis'] = { -- table(94ae893) [1] = '1676463335010', }, ['null'] = { -- table(8594885) [1] = 'HTTP/1.1 200 OK', }, }, ['lastModified'] = 1676463335000.0, ['message'] = 'OK', ['requestMethod'] = 'GET', ['url'] = 'http://game.www.gobmobile.com/api/auth.enter?output=amf&clientData={"deviceModel"%3A"Asus ASUS_Z01QD"%2C"connectionType"%3A"WIFI"%2C"graphicsDeviceName"%3A"Adreno (TM) 640"%2C"graphicsDeviceVersion"%3A"OpenGL ES 3.0"%2C"graphicsMemorySize"%3A1024%2C"operatingSystem"%3A"Android OS 7.1.2 %2F API-25 (N2G48H%2Frel.se.infra.20200730.150525)"%2C"processorCount"%3A4%2C"processorType"%3A"ARMv7 VFPv3 NEON VMH"%2C"systemMemorySize"%3A3546%2C"gitRevision"%3A"f227fba487d904c2e6e4d71828b5754ca355ab2a-207"%2C"version"%3A"24.1.207"%2C"deviceId"%3A"08eca84316b4153c1670a5717cdcafed"%2C"googleAdvertisingId"%3A"44c43f7e-a2ff-4333-ac7b-b221f219fb04"%2C"googleAndroidId"%3A"cd4d354f1ef238b4"%2C"piracy"%3A{"licensing"%3A"retryChecking"%2C"installerId"%3A"true"%2C"signingCertificate"%3A"true"}}&platform=android&deviceId=08eca84316b4153c1670a5717cdcafed&setCookie[account]=ZUs8TGBcN6FR7kjJrql343FfwPHRYnlobtJyxmAByB4.eyJpZCI6NTE5NDk2NTQsImVtYWlsIjoiMTE2MTE1MjQ0Mzg0MTA3NzMyOTUzQGdhLmZ1bnpheS5jb20iLCJzb2NpYWxOZXR3b3JrcyI6eyJnYSI6IjExNjExNTI0NDM4NDEwNzczMjk1MyJ9LCJjdGltZSI6MTYyMzA4NTI3MX0&setCookie[user]=VaLciho_OwEwXdjIHdDbsoR4KYTtYV06b9bwtdm9ceQ.eyJpZCI6OTEwNjA2MTksImN0aW1lIjoxNjc1NjE4NzE4fQ&resolution=hd&lang=en&returnCookies=1&seq=4', ['usingProxy'] = false, }

Guns Of Boom web debugging proxy -> fiddler Full request: http://game.www.gobmobile.com/api/auth.enter?output=amf&clientData={"deviceModel"%3A"Asus ASUS_Z01QD"%2C"connectionType"%3A"WIFI"%2C"graphicsDeviceName"%3A"Adreno (TM) 640"%2C"graphicsDeviceVersion"%3A"OpenGL ES 3.0"%2C"graphicsMemorySize"%3A1024%2C"operatingSystem"%3A"Android OS 7.1.2 %2F API-25 (N2G48H%2Frel.se.infra.20200730.150525)"%2C"processorCount"%3A4%2C"processorType"%3A"ARMv7 VFPv3 NEON VMH"%2C"systemMemorySize"%3A3546%2C"gitRevision"%3A"f227fba487d904c2e6e4d71828b5754ca355ab2a-207"%2C"version"%3A"24.1.207"%2C"deviceId"%3A"08eca84316b4153c1670a5717cdcafed"%2C"googleAdvertisingId"%3A"44c43f7e-a2ff-4333-ac7b-b221f219fb04"%2C"googleAndroidId"%3A"cd4d354f1ef238b4"%2C"piracy"%3A{"licensing"%3A"retryChecking"%2C"installerId"%3A"true"%2C"signingCertificate"%3A"true"}}&platform=android&deviceId=08eca84316b4153c1670a5717cdcafed&setCookie[account]=ZUs8TGBcN6FR7kjJrql343FfwPHRYnlobtJyxmAByB4.eyJpZCI6NTE5NDk2NTQsImVtYWlsIjoiMTE2MTE1MjQ0Mzg0MTA3NzMyOTUzQGdhLmZ1bnpheS5jb20iLCJzb2NpYWxOZXR3b3JrcyI6eyJnYSI6IjExNjExNTI0NDM4NDEwNzczMjk1MyJ9LCJjdGltZSI6MTYyMzA4NTI3MX0&setCookie[user]=VaLciho_OwEwXdjIHdDbsoR4KYTtYV06b9bwtdm9ceQ.eyJpZCI6OTEwNjA2MTksImN0aW1lIjoxNjc1NjE4NzE4fQ&resolution=hd&lang=en&returnCookies=1&seq=4

The thing is, i am not sure what causes the wrong signature error. I almost assuming that the scrambled part is some kind of check algorithm for the readable part. So that if there is tempering to the readable part the server will know because the algorithm and readable info are not compatible anymore. Just a bit like a FCS would work(i guess).

Done that, but have no idea about how unicode character will help me. Perhaps you can refine "This may indicate something". I'm not fully following. I assume the client will send a authentication request to the server in which the userCookie token is complete. I don't yet understand what i need to look for in memory. This token is the way it is stored on ones device when making an account. If modified and send to server you get an error responds back saying wrong signature. For it to be encrypted would it still require to follow the 2+ dots? Because this one only has one. I checked the doc that CmP gave in his explanation, but then for the encryption part. but all types of JWP token talk about encryptions which at the minimum causes the token to have 2 dots in it.

Hi, i would like to decode base64 string but i am encountering problem with the decoding. It looks like a JWT token. The supposed to be header appears scrambled when decoding while the payload seems to be readable text. I'm using a Lua script from the web to decode the strings. I tried putting the JWT token through a auto JWT decoder but it shows no header. Only payload and signature. Makes me assume that it is not a header or had several xor's. String that needs to be fully decoded: VaLciho_OwEwXdjIHdDbsoR4KYTtYV06b9bwtdm9ceQ.eyJpZCI6OTEwNjA2MTksImN0aW1lIjoxNjc1NjE4NzE4fQ Payload decoded: eyJpZCI6OTEwNjA2MTksImN0aW1lIjoxNjc1NjE4NzE4fQ Header scrambled when decoded:VaLciho_OwEwXdjIHdDbsoR4KYTtYV06b9bwtdm9ceQ

Don't up vote/Like a comment if it does not solve the issue, otherwise i will assume it is working. Test script: com.gameinsight.gobandroid.lua

test com.gameinsight.gobandroid.lua

Will check, for now use the script that does not has the player info feature. So, older version.

View File String replacer Often when editing strings in games there will be a limit on the length of the string. Script will put length equal to the modified string. This does not work if the game has a custom sized limit for the string you want to modify. Submitter Platonic Submitted 12/05/2022 Category Tools  

Hi, send error. Try this and send result. Guns of Boom script (#czdpsesl)

View File Tower of Fantasy Features: Player Animation speed Game speed Player object speed Double Jump Player object size Supply Pods detecting Range Dodge range Damage Enemy Teleport Note: Script detects when your in lobby or in match, so no need to restart the script your self as it will do automatically. Creator: Platonic Will more features be added? -> perhaps(when i have time) Video: Submitter Platonic Submitted 08/26/2022 Category LUA scripts