add readme for redirecting server

2024-06-04 11:05:09 +08:00 · 2024-06-04 11:05:09 +08:00 · e9dfa71d46
parent 98d737b9e2
commit e9dfa71d46
6 changed files with 151 additions and 22 deletions
--- a/Scripts/redirect_server.py
+++ b/Scripts/redirect_server.py
@ -1,22 +0,0 @@
-from mitmproxy import http
-
-SERVER_HOST = 'YOUR_SERVER_HERE'
-SERVER_PORT = 80
-
-REWRITE_HOST_LIST = [
-    'ba-jp-sdk.bluearchive.jp',
-    'prod-gateway.bluearchiveyostar.com',
-    'prod-game.bluearchiveyostar.com',
-    # 'prod-notice.bluearchiveyostar.com',
-    # 'prod-logcollector.bluearchiveyostar.com',
-]
-
-def request(flow: http.HTTPFlow) -> None:
-    if flow.request.pretty_host.endswith('log.aliyuncs.com'):
-        flow.kill()
-        return
-    if flow.request.pretty_host in REWRITE_HOST_LIST:
-        flow.request.scheme = 'http'
-        flow.request.host = SERVER_HOST
-        flow.request.port = SERVER_PORT
-        return
--- a/Scripts/redirect_server_frida/README.md
+++ b/Scripts/redirect_server_frida/README.md
@ -0,0 +1,38 @@
+# Redirect server via Frida
+
+## Install Frida's CLI tools
+
+Make sure [Python](https://python.org/) is installed before you start.
+
+Install Frida's CLI tools via Pypi.
+
+```
+pip install frida-tools
+```
+
+## Run Frida server on device/emulator
+
+Download Frida server [here](https://github.com/frida/frida/releases/).
+
+Make sure adb is enabled and Android is rooted.
+
+Run:
+
+```
+adb push frida-server /data/local/tmp
+adb shell
+# in adb shell
+su
+chmod 755 /data/local/tmp/frida-server
+/data/local/tmp/frida-server
+```
+
+## Hook client with frida
+
+Set your server address in `ba.js`.
+
+Launch the client, then immediately run the following command on host:
+
+```
+frida -U "ブルアカ" -l ba.js --realm=emulated
+```
--- a/Scripts/redirect_server_frida/ba.js
+++ b/Scripts/redirect_server_frida/ba.js
--- a/Scripts/redirect_server_mitmproxy/README.md
+++ b/Scripts/redirect_server_mitmproxy/README.md
@ -0,0 +1,21 @@
+# Redirect server via mitmproxy
+
+## Install mitmproxy
+
+Download the installer from [mitmproxy.org](https://mitmproxy.org/)
+
+## Install CA certificate
+
+Follow the instructions from [System CA on Android Emulator](https://docs.mitmproxy.org/stable/howto-install-system-trusted-ca-android/)
+
+## Hook client with mitmproxy
+
+Set your server address and port in `redirect_server.py`
+
+Install [WireGuard](https://wireguard.com/install/#android-play-store-f-droid) on client, then run mitmproxy:
+
+```
+mitmweb -m wireguard --no-http2 -s redirect_server.py --set termlog_verbosity=warn
+```
+
+It also works as a packet dumper. You can save the flow file for further works.
--- a/Scripts/redirect_server_mitmproxy/packet_analyzer.py
+++ b/Scripts/redirect_server_mitmproxy/packet_analyzer.py
@ -0,0 +1,47 @@
+#!/usr/bin/env python 
+import argparse
+import gzip
+import json
+import os
+
+from mitmproxy import io
+from mitmproxy.http import HTTPFlow
+
+if __name__ == "__main__":
+  parser = argparse.ArgumentParser('Flow dumper')
+  parser.add_argument('file', type=str, help='mitmproxy flow file')
+  args = parser.parse_args()
+
+  os.makedirs(f'{args.file}.dumps', exist_ok=True)
+
+  f = open(args.file, 'rb')
+  r = io.FlowReader(f)
+
+  i = 0
+  for flow in r.stream():
+    if not isinstance(flow, HTTPFlow):
+      continue
+    if not flow.request.url.endswith('/api/gateway'):
+      continue
+
+    req = flow.request.raw_content
+    res = json.loads(flow.response.text)
+    protocol = res['protocol']
+
+    mx_end = req.rfind(b'\r\n', 0, len(req) - 1)
+    mx_start = req.rfind(b'\r\n\r\n')
+    req_mx = req[mx_start + 4:mx_end]
+    req_bytes = req_mx[12:]
+    req_bytes = bytearray([x ^ 0xD9 for x in req_bytes])
+    req_bytes = gzip.decompress(req_bytes)
+
+    packet = json.loads(req_bytes)
+    with open(f'{args.file}.dumps/{i}_req_{protocol}.json', 'w') as f_req:
+      json.dump(packet, f_req, indent=2, ensure_ascii=False)
+
+    packet = json.loads(res['packet'])
+    with open(f'{args.file}.dumps/{i}_resp_{protocol}.json', 'w', encoding='utf8') as f_res:
+      json.dump(packet, f_res, indent=2, ensure_ascii=False)
+    i += 1
+
+  f.close()
--- a/Scripts/redirect_server_mitmproxy/redirect_server.py
+++ b/Scripts/redirect_server_mitmproxy/redirect_server.py
@ -0,0 +1,45 @@
+import gzip
+import json
+from mitmproxy import http
+
+SERVER_HOST = 'YOUR_SERVER_HERE'
+SERVER_PORT = 80
+
+REWRITE_HOST_LIST = [
+    'ba-jp-sdk.bluearchive.jp',
+    'prod-gateway.bluearchiveyostar.com',
+    'prod-game.bluearchiveyostar.com',
+    # 'prod-notice.bluearchiveyostar.com',
+    # 'prod-logcollector.bluearchiveyostar.com',
+]
+
+def request(flow: http.HTTPFlow) -> None:
+    if flow.request.pretty_host.endswith('log.aliyuncs.com'):
+        flow.kill()
+        return
+    if flow.request.pretty_host in REWRITE_HOST_LIST:
+        flow.request.scheme = 'http'
+        flow.request.host = SERVER_HOST
+        flow.request.port = SERVER_PORT
+        return
+
+def response(flow: http.HTTPFlow) -> None:
+    if flow.request.url.endswith('/api/gateway'):
+        try:
+            req = flow.request.raw_content
+            res = json.loads(flow.response.text)
+            protocol = res['protocol']
+
+            mx_end = req.rfind(b'\r\n', 0, len(req) - 1)
+            mx_start = req.rfind(b'\r\n\r\n')
+            req_mx = req[mx_start + 4:mx_end]
+            req_bytes = req_mx[12:]
+            req_bytes = bytearray([x ^ 0xD9 for x in req_bytes])
+            req_bytes = gzip.decompress(req_bytes)
+            print(f'Protocol: {protocol}')
+            print(f'[OUT]->{json.loads(req_bytes)}')
+            print(f'[IN]<--{json.loads(res["packet"])}')
+            print('')
+        except Exception as e:
+            print('Failed to dump packet', e)
+        return