View Full Version : Questions re: Mobile Game Server

02-27-2014, 03:16 AM
I've been playing an online strategy game on android for almost a year now.

I recently picked up an old phone of mine and logged in with the outdated client that was on it.

The game features daily log in and activity rewards - points, currency, items, etc.

I found that even though I had already claimed these daily rewards on my account with the newer updated client on my newer phone, I was able to double dip and reclaim the same rewards on the older client on my older phone.

I've used a decompiler to take a look at the apk, with the idea being that maybe these rewards aren't entirely server sided and there may be something in the client that I could deactivate or reset so I could rack up daily rewards repeatedly and dominate the server.

I haven't found anything that would perform the function I thought it would.

So many question to the more experienced fuckers-with-of-games and those more knowledgeable about coding in general:

Have I likely misinterpreted the significance of double claiming these rewards or is there probably something I'm overlooking in the client?

Is there another reason the server would generally allow duplicate rewards simply because an account is active in 2 clients?

General ideas?

02-27-2014, 04:18 AM
Maybe the client checks if you have the reward for that day, and if not it requests it from the server? Look for something that checks for daily reward?

02-27-2014, 06:50 AM
That's what I basically was thinking - that if you claim the reward the client just deactivates the button until 24 hours pass and you log in again. I thought I could zero out that value with a hex editor but so far I can't find anything other than the location of the buttons. I haven't been able to get into the .so yet, but I can't imagine anything other than general option settings being saved in there.

It just seemed incredibly sloppy to me that the developers thought the reward structure was too generous, nerfed it with the release of an update, yet left a way for someone to capitolize on the op rewards and claim the nerfed rewards too. That makes me think there's something else going on to be taken advantage of.

I was also thinking if it is somehow client based, I could decompile the client code, load it with multiple reward buttons, and then let them spoof the server?

I've been all over the android games hacking forums, and this game is famed for the number of people who want it hacked, and how unhackable it's supposed to be. If I can lick this problem I can sell the solution at $100 a pop easy.