Some stupid app i pwned on a sunday morning

1. My bored Sunday morning PWN
Sarodj
Some of my IRC buddys were playing something called
Mypetgirlfriend (i know right..). They were bragging about how high
there level was an how many videos they unlocked.
So i thought hey lets check out where all the fuzz is about. And so
my little adventure started...

2. My bored Sunday morning PWN
Sarodj
I jumped to my Blackmart app and
downloaded+installed the APK.
Ofcourse i did some restrictions with
Xprivacy just to be sure ;)

3. My bored Sunday morning PWN
Sarodj
So i ran the app. And OH MY GOD
what the fuck is this... how
pathetic...
I hope these guys were doing this
for fun.

4. My bored Sunday morning PWN
Sarodj
So i wanted to check out the vid
thingy they were talking about,
anddd dammit. You need to do
some kind of leveling. Im not into
this shit, im a IT guy and i want a
quick profit so.....

5. My bored Sunday morning PWN
Sarodj
So i went to the folder where
appdata is stored in common and
found some config files. I tweaked
some game values like the user
points, energy, fullnes, hygiene,
love and comfort.
I also set my user level to 1337 :)

6. My bored Sunday morning PWN
Sarodj
I unlocked all the video's and
can watch anything i want within
a few minutes of poking around.
What i did noticed is that it
downloaded the videos from a
external source.
But the story did not end here :)
PROFITTTT

7. My bored Sunday morning PWN
Sarodj
So i tried the changing clothes option. It turned
out that the only casual was free. By this time i
told my IRC buddys about my pwn and they
said i should hack the app in such way that the
bikini clothes are activated.
So i had this idea that the data is not stored
localy but on a external server, I know this
because all the movies in the movie shop are
being downloaded. It is time for some
TCPdump magic >:)

8. My bored Sunday morning PWN
Sarodj
So i installed TCPdump on my phone and
started a capture trough a ADB shell.
Simultaneously I download a video from the
video store to see where the app is
downloading its videos from.
I copied the PCAP capture to my desktop and
for further analysis.

9. My bored Sunday morning PWN
Sarodj
Wireshark did gave back a URL so i decided
it was time to download the bikini clothes
video. The only problem was that i did not
know the filename of the video, so i was
hoping on a directory listing.

10. My bored Sunday morning PWN
Sarodj
But no directory listing was
given that day... FUCK

11. My bored Sunday morning PWN
Sarodj
So now i have to pull the APK from my
phone and reverse engineer it in order
to find the video ID's.

12. My bored Sunday morning PWN
Sarodj
After i poked aroud a bit i
found a file with allot of
videonames in it. I decided to
filter out the list with some
commands and write a script
to download them all.

13. My bored Sunday morning PWN
Sarodj
Did exactly that...

14. My bored Sunday morning PWN
Sarodj
Execute and downloading

15. My bored Sunday morning PWN
Sarodj
And i found the bikini videos :).
The only thing have to do is
push them to my phone and
change the config.
PROFITTTT

16. My bored Sunday morning PWN
Sarodj
But what ID to put in the
config?
I messed around a bit with
grep and found out that the
current video has videoname
v004111.mp4. The
USER_DRESS int is 14111.
Now lets change that to the
bikini video ID of
v00(4411).mp4.

17. My bored Sunday morning PWN
Sarodj
Changed it and p00f. I have
absolutely no life. But it was
fun :)
+ i can brag about it @ my irc
buddys
PROFITTTT