From e9dfa71d46a75f2c2c0fd64564e320b912a9aca2 Mon Sep 17 00:00:00 2001
From: mkbka <99542134+mkbka@users.noreply.github.com>
Date: Tue, 4 Jun 2024 11:05:09 +0800
Subject: [PATCH] add readme for redirecting server

---
 Scripts/redirect_server.py                    | 22 ---------
 Scripts/redirect_server_frida/README.md       | 38 +++++++++++++++
 ba.js => Scripts/redirect_server_frida/ba.js  |  0
 Scripts/redirect_server_mitmproxy/README.md   | 21 +++++++++
 .../packet_analyzer.py                        | 47 +++++++++++++++++++
 .../redirect_server.py                        | 45 ++++++++++++++++++
 6 files changed, 151 insertions(+), 22 deletions(-)
 delete mode 100644 Scripts/redirect_server.py
 create mode 100644 Scripts/redirect_server_frida/README.md
 rename ba.js => Scripts/redirect_server_frida/ba.js (100%)
 create mode 100644 Scripts/redirect_server_mitmproxy/README.md
 create mode 100644 Scripts/redirect_server_mitmproxy/packet_analyzer.py
 create mode 100644 Scripts/redirect_server_mitmproxy/redirect_server.py

diff --git a/Scripts/redirect_server.py b/Scripts/redirect_server.py
deleted file mode 100644
index a199b83..0000000
--- a/Scripts/redirect_server.py
+++ /dev/null
@@ -1,22 +0,0 @@
-from mitmproxy import http
-
-SERVER_HOST = 'YOUR_SERVER_HERE'
-SERVER_PORT = 80
-
-REWRITE_HOST_LIST = [
-    'ba-jp-sdk.bluearchive.jp',
-    'prod-gateway.bluearchiveyostar.com',
-    'prod-game.bluearchiveyostar.com',
-    # 'prod-notice.bluearchiveyostar.com',
-    # 'prod-logcollector.bluearchiveyostar.com',
-]
-
-def request(flow: http.HTTPFlow) -> None:
-    if flow.request.pretty_host.endswith('log.aliyuncs.com'):
-        flow.kill()
-        return
-    if flow.request.pretty_host in REWRITE_HOST_LIST:
-        flow.request.scheme = 'http'
-        flow.request.host = SERVER_HOST
-        flow.request.port = SERVER_PORT
-        return
diff --git a/Scripts/redirect_server_frida/README.md b/Scripts/redirect_server_frida/README.md
new file mode 100644
index 0000000..967944f
--- /dev/null
+++ b/Scripts/redirect_server_frida/README.md
@@ -0,0 +1,38 @@
+# Redirect server via Frida
+
+## Install Frida's CLI tools
+
+Make sure [Python](https://python.org/) is installed before you start.
+
+Install Frida's CLI tools via Pypi.
+
+```
+pip install frida-tools
+```
+
+## Run Frida server on device/emulator
+
+Download Frida server [here](https://github.com/frida/frida/releases/).
+
+Make sure adb is enabled and Android is rooted.
+
+Run:
+
+```
+adb push frida-server /data/local/tmp
+adb shell
+# in adb shell
+su
+chmod 755 /data/local/tmp/frida-server
+/data/local/tmp/frida-server
+```
+
+## Hook client with frida
+
+Set your server address in `ba.js`.
+
+Launch the client, then immediately run the following command on host:
+
+```
+frida -U "ブルアカ" -l ba.js --realm=emulated
+```
diff --git a/ba.js b/Scripts/redirect_server_frida/ba.js
similarity index 100%
rename from ba.js
rename to Scripts/redirect_server_frida/ba.js
diff --git a/Scripts/redirect_server_mitmproxy/README.md b/Scripts/redirect_server_mitmproxy/README.md
new file mode 100644
index 0000000..37035e8
--- /dev/null
+++ b/Scripts/redirect_server_mitmproxy/README.md
@@ -0,0 +1,21 @@
+# Redirect server via mitmproxy
+
+## Install mitmproxy
+
+Download the installer from [mitmproxy.org](https://mitmproxy.org/)
+
+## Install CA certificate
+
+Follow the instructions from [System CA on Android Emulator](https://docs.mitmproxy.org/stable/howto-install-system-trusted-ca-android/)
+
+## Hook client with mitmproxy
+
+Set your server address and port in `redirect_server.py`
+
+Install [WireGuard](https://wireguard.com/install/#android-play-store-f-droid) on client, then run mitmproxy:
+
+```
+mitmweb -m wireguard --no-http2 -s redirect_server.py --set termlog_verbosity=warn
+```
+
+It also works as a packet dumper. You can save the flow file for further works.
diff --git a/Scripts/redirect_server_mitmproxy/packet_analyzer.py b/Scripts/redirect_server_mitmproxy/packet_analyzer.py
new file mode 100644
index 0000000..32c0286
--- /dev/null
+++ b/Scripts/redirect_server_mitmproxy/packet_analyzer.py
@@ -0,0 +1,47 @@
+#!/usr/bin/env python 
+import argparse
+import gzip
+import json
+import os
+
+from mitmproxy import io
+from mitmproxy.http import HTTPFlow
+
+if __name__ == "__main__":
+  parser = argparse.ArgumentParser('Flow dumper')
+  parser.add_argument('file', type=str, help='mitmproxy flow file')
+  args = parser.parse_args()
+
+  os.makedirs(f'{args.file}.dumps', exist_ok=True)
+
+  f = open(args.file, 'rb')
+  r = io.FlowReader(f)
+
+  i = 0
+  for flow in r.stream():
+    if not isinstance(flow, HTTPFlow):
+      continue
+    if not flow.request.url.endswith('/api/gateway'):
+      continue
+
+    req = flow.request.raw_content
+    res = json.loads(flow.response.text)
+    protocol = res['protocol']
+
+    mx_end = req.rfind(b'\r\n', 0, len(req) - 1)
+    mx_start = req.rfind(b'\r\n\r\n')
+    req_mx = req[mx_start + 4:mx_end]
+    req_bytes = req_mx[12:]
+    req_bytes = bytearray([x ^ 0xD9 for x in req_bytes])
+    req_bytes = gzip.decompress(req_bytes)
+
+    packet = json.loads(req_bytes)
+    with open(f'{args.file}.dumps/{i}_req_{protocol}.json', 'w') as f_req:
+      json.dump(packet, f_req, indent=2, ensure_ascii=False)
+
+    packet = json.loads(res['packet'])
+    with open(f'{args.file}.dumps/{i}_resp_{protocol}.json', 'w', encoding='utf8') as f_res:
+      json.dump(packet, f_res, indent=2, ensure_ascii=False)
+    i += 1
+
+  f.close()
diff --git a/Scripts/redirect_server_mitmproxy/redirect_server.py b/Scripts/redirect_server_mitmproxy/redirect_server.py
new file mode 100644
index 0000000..d49feef
--- /dev/null
+++ b/Scripts/redirect_server_mitmproxy/redirect_server.py
@@ -0,0 +1,45 @@
+import gzip
+import json
+from mitmproxy import http
+
+SERVER_HOST = 'YOUR_SERVER_HERE'
+SERVER_PORT = 80
+
+REWRITE_HOST_LIST = [
+    'ba-jp-sdk.bluearchive.jp',
+    'prod-gateway.bluearchiveyostar.com',
+    'prod-game.bluearchiveyostar.com',
+    # 'prod-notice.bluearchiveyostar.com',
+    # 'prod-logcollector.bluearchiveyostar.com',
+]
+
+def request(flow: http.HTTPFlow) -> None:
+    if flow.request.pretty_host.endswith('log.aliyuncs.com'):
+        flow.kill()
+        return
+    if flow.request.pretty_host in REWRITE_HOST_LIST:
+        flow.request.scheme = 'http'
+        flow.request.host = SERVER_HOST
+        flow.request.port = SERVER_PORT
+        return
+
+def response(flow: http.HTTPFlow) -> None:
+    if flow.request.url.endswith('/api/gateway'):
+        try:
+            req = flow.request.raw_content
+            res = json.loads(flow.response.text)
+            protocol = res['protocol']
+
+            mx_end = req.rfind(b'\r\n', 0, len(req) - 1)
+            mx_start = req.rfind(b'\r\n\r\n')
+            req_mx = req[mx_start + 4:mx_end]
+            req_bytes = req_mx[12:]
+            req_bytes = bytearray([x ^ 0xD9 for x in req_bytes])
+            req_bytes = gzip.decompress(req_bytes)
+            print(f'Protocol: {protocol}')
+            print(f'[OUT]->{json.loads(req_bytes)}')
+            print(f'[IN]<--{json.loads(res["packet"])}')
+            print('')
+        except Exception as e:
+            print('Failed to dump packet', e)
+        return