Decryption of the fishing battle protocol
Protocol/protocol/flow/volume/decryption/encryption
Analyze the encryption method and decryption method of the game traffic of Fishing Battle.
sequence
Fishing Battle is a casual game launched by tuyoo many years ago. Yes, it is the Tuyou that this account has criticized before. This game takes the depths of the ocean as the background. Skills to hunt colorful fish. It seems to be very popular recently, and there are many people playing it.
Book
Undoubtedly, as Tuyoo's product, Fishing Battle has the same protocol, and the data is encrypted. On the whole, the encryption is still divided into two parts, one is the encrypted data carried by HTTP, and the other is the encrypted data carried by TCP long connection. This encryption logic and method have been analyzed before, and you can refer to the analysis of other games related links before the end of the article.
short connection
The short link is rough HTTP, and there is no user agent in it.
GET /open/v6/user/deviceAccountExistCheck?appId=10010&deviceId=386160xxx6f9436f3&clientId=Android_5.280_tyGuest,tyAccount.weixinPay,alipay,yinlian,jingdong.0-hall28.zhibo.fish3d&phoneType=&deviceName=Pixel%201&mac=5ZsNW558xxxk%2BjKu67Y6yZHB44%2BPIsDAxFMHhY37W3HyGgilLEwIbge4biJ6Klnw%3D%3D&imei=AAc/ir5454%2B54xickIaPcdaWGUrd1FFypjBFttXiIyZhHbdThTKwKCyUxA%2BKMZcXZxLblyojicaZFQ%3D%3D&imsi=&androidId=C0GWv444444WJg1HgzBpt1OFMrAoLJTED4oxlxdnEtuXKiOJxpkV&iccid=&BIParams={%22original_deviceid%22:%22130b7c5dbbb7997e1118897996f8e0bf%22,%22oaid%22:%22%22,%22google_id%22:%221a129cda-87bf-4c23-bd63-544563e341c1%22}&adTraceNamespace=3dbuyu10010&adTraceAid=2&oaid=&extraParams={}&original_deviceid=130b7c5dbbxxxxxe1118897996f8e0bf&code=B0A664507E4FEDBFE9722AE6A65FF3D1 HTTP/1.1
User-Agent:
Host: open-fish3d.tuyoo.com
Connection: Keep-Alive
Accept-Encoding: gzip
The only highlight of this HTTP is that the code in the url needs to be calculated, and the calculation method is also very simple. First, the url parameters are sorted, and then spliced to form a string. Of course, salt will be added during the splicing process, otherwise it will be meaningless. Then, des ecb is used to encrypt the character string, the encrypted result is base64 encoded, and the encoded result is MD5. Basically, the games of Tuyou use these encryption and hash algorithms. Its python implementation code is roughly as follows (salt and key are mosaic):
keys=sorted(params.keys())
paramsstr=''
for a in keys:
if paramsstr!='':
paramsstr=paramsstr+'&'+a+'='+params[a]
else:
paramsstr = 'xxxx'+ a + '=' + params[a]
paramsstr=paramsstr+'yyyy'
datastr=paramsstr.encode()
endata=desecbEncrypt(datastr,b'zzzzz')
bdata=base64.b64encode(endata)
code=GetMd5(bdata.decode()).upper()
It can be referred to during implementation if necessary. If you need the key, please contact me (public account: protocol analysis and restoration).
Long connection
Like other games of Tuyou, the long-term connection has always existed, and the implementation is exactly the same. I didn’t want to write it at first, but many people don’t know how to play long-term connection, so I still have to mention it here.
It is inconvenient to capture packets for a long connection. It should be noted that the port used by Fishing Battle is 9013. Its long connection is also encrypted, XOR encryption. The encrypted key is transmitted at the beginning, and the subsequent decryption depends on the key. The content of the long connection is similar to the following:
The specific decryption code is not repeated here, you can refer to the previous articles listed at the end of the article. If you want to simulate a long connection, you can encrypt and decrypt according to the algorithm after the connection is established.
Postscript
The encryption and decryption of this game is fairly simple. I like the simple algorithm the most, and I believe everyone will like it too.
Reminder
If you have difficulty in decrypting the protocol, please contact me (protocol analysis and restoration). That's right, some application protocols should be decrypted more.
END
Past review
Analysis and cracking of encryption protocol of Tuyou Doudizhu