Need help sniffing traffic between Android/iOS game and its server

Hello devs and the community,

So as the topic says, I am having difficulties decrypting traffic between a phone MMORPG and their server. At first, I used Wireshark to analyse the traffic, and that’s when I realised the packets are all jumbled. My research led me to mitmproxy. So, I set up an Ubuntu VM with all proper transparency settings, used the VM’s IP as default gateway on my Windows 7 OS, installed the certificate on Android Emulator(Nox), launched the game, intercepted log-in packets but… They’re still encrypted? I did all posts on these forums, thought may be they’re using certificate pinning, so I also installed SSL TrustKiller on the emulator but that didn’t help. What am I missing?

Hi @celebeast,

If mitmproxy couldn’t intercept and decrypt these requests, you wouldn’t see them in the UI like this. The SSL/TLS encryption is broken/stripped-off if you want so, but it looks like said developers also implemented a custom encryption/obfuscation layer below that. How exactly that works can only be determined by reverse-engineering. :wink:
Looking at the output, the bytes don’t seem to be entirely random, so it’s probably not super hard crypto. :slight_smile:

Thank you for the response. :slight_smile:
So this is not certificate pinning? Because I was planning to unpack the .apk, find the certificate pinning code, disable it and repack. If it’s something else, I’ll have to look inside the .apk?

This is not certificate pinning - the TLS man-in-the-middle attack works, otherwise we wouldn’t be able to see the HTTP headers. What you have to look for? The code that obfuscates the body! :wink:

That is great advice, that you for clearing everything up. I now have a way forward. :blush: