Jump to content

Castle Defense 2 beta (REQ)

Gantz

By Gantz
in Requests

 Share

Recommended Posts

Gantz Rookie

Gantz

Posted
Posted (edited)

Name of Game: Castle Defense 2 beta
Play Store Link (If it's a paid app, the apk): https://play.google.com/store/apps/details?id=com.droidhang.cd2&hl=en
Version: v1.4.6
What cheat? Health, xp, gold...: Gems, Crystals
Have you tried cheating this game? What happened?: Values unchanged.
Comments:

 

I found an XML that contains user info including gem count, pet stats, hero stat, and daily challenge completion info:

(in root) Data/Data/com.droighang2.cd2/dhps.xml

 

In the <content> tag I find this:

"ksdl09mm":x where "x" is the number of gems

"purple_crystal":x where "x" is the number of crystals

 

 

Problem is that it has an associated md5 short hash (at least it appears - see <md5> tag in XML file) that I can't seem to figure out how it's calculated. If you alter the file in any way the game will reset back to default settings, and you must start from the beginning. Any pointers would help. XML attached.

 

Thanks in advance!
 

dhps[1].xml

Edited by Gantz
1
  • Administrators
Enyby Grand Master

Enyby

Posted
  • Administrators
Posted

It is not md5. md5 length of 32 characters, and then they 10.
Or is it part of the hash or some other hash. A study of the source code can answer this question.

1
Gantz Rookie

Gantz

Posted
  • Author
Posted
15 hours ago, Enyby said:

It is not md5. md5 length of 32 characters, and then they 10.
Or is it part of the hash or some other hash. A study of the source code can answer this question.

 

Right. Thanks. I've calculated the hash of the content string using md5, sha, etc. in the content tags and the one I found is definitely not "part of" any of these.

 

Which leads me to believe it's probably some other hash I don't know about, as you suggest. Maybe one the dev company created in-house.

 

I will try to dig into the source code but a lot of the files are encrypted in the APK even after an attempt to decompress and decode.

 

If anyone else can shed some light on this I'd appreciate it!

1
Gantz Rookie

Gantz

Posted
  • Author
Posted (edited)

Update:

 

I decompiled the APK and found a Java file labeled MD5Util in a series of files in a droidhang/utilities directory (droidhang is the name of the dev company). I don't believe this is the function that provides the 10-digit hash spoken of, BUT I think this might help in figuring out how the OTHER XML files for the levels, heroes, and stats are encrypted. Here's the source code:

  

package com.droidhang.util;

import java.security.MessageDigest;

public class MD5Util {
    
    private MD5Util() {
    }

    public static String getHexDigest(byte[] digestBytes) {
        if (digestBytes == null) {
            return null;
        }
         
        StringBuilder sb = new StringBuilder();
        int len$ = digestBytes.length;
        for (int i$ = 0; i$ < len$; i$++) {
			sb.append(String.format("%02x", new Object[]{Byte.valueOf(arr$[i$])}));
        }
        return sb.toString();
    }

    public static void main(String[] args) throws Throwable {
        System.out.println(getHexDigest(MessageDigest.getInstance("MD5").digest("asdasdadsasdasadasda".getBytes("utf-8"))));
    }
}

 

MD5Util.java

MD5Util.java

MD5Util.java

Edited by Gantz
  • Administrators
Enyby Grand Master

Enyby

Posted
  • Administrators
Posted

In this code, there is nothing.
There is considered to be the md5 hash, and then the binary string is converted to readable form.

1
Gantz Rookie

Gantz

Posted
  • Author
Posted
1 minute ago, Enyby said:

In this code, there is nothing.
There is considered to be the md5 hash, and then the binary string is converted to readable form.

 

Thanks for checking Enyby.

  • Administrators
Enyby Grand Master

Enyby

Posted
  • Administrators
Posted

You are not out there looking for. We must look for a substring "md5" in smali files to find the place where the tag data is written and understand where they come from.

Gantz Rookie

Gantz

Posted
  • Author
Posted
1 minute ago, Enyby said:

You are not out there looking for. We must look for a substring "md5" in smali files to find the place where the tag data is written and understand where they come from.

 

Yes I understand that. I am unable to find such data. If someone else can find it then by all means, I just happened across that Java file while exploring the source data in the apk and thought it might be worth looking into. If you want to explore the apk yourself then please do.

 

Gantz Rookie

Gantz

Posted
  • Author
Posted (edited)
7 hours ago, Enyby said:

You must upload apk before I can do anything with it.

 

Isn't that the point of listing the Play Store link? Exceeds max size for the site, so I've shared it here: -

Edited by Gantz
1
  • Administrators
Enyby Grand Master

Enyby

Posted
  • Administrators
Posted

All data on native code in .so libraries. Use IDA for dig to it.

Not in Java. It would be too easy.

1
  • 5 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.