Crushing candies

King company, developers of Candy Crush Saga video game, seems to be proud of their willful evil attitude (1, 2, 3, …). It seems they are trying to grab an all time classic video game pretending to be the original creators.

But we have to accept Candy Crush is a crazy social phenomena with 46 million average monthly users. It is installed on almost every smartphone, tablet, or electronic device.

I, personally, lost the interest on it when I realize that all the levels where just the same with random difficulty. Most of the time I had the impression that it was not possible to accomplish the level if you didn’t play a minimum number of lifes.

That’s why I started looking into the application and tried to figure out how it works, that’s what I have found:

There are many applications to cheat, most of them give you infinite lives or boosters. But what about beating a level without even playing it?

Charles Web Debugging Proxy its a very powerful application that allows you to motorize internet connections. You can even use breakpoints to change the requests and the response allowing to do MITM attacks in a very simple way. The interface is awesome. With this application I started looking inside candy crush communication with king server. Most of the communication is done in HTTP, and they only use HTTPS for a few options.


Read the rest of this entry »

Cheating on android

Resulta que el otro día me baje un juego para android para esos ratos muertos.
Se trata de FilmsQuiz, un juego donde sale un pequeño dibujo y tienes que acertar la pelicula. Simple, pero divertido, aunque en mi opinión tiene un par de problemillas por solucionar.

Como podéis ver las primeras películas son realmente fáciles, luego la cosa se complica.
Resulta que llego a un momento en el que casi había descubierto todas las películas, pero no podía adivinar alguna de ellas, incluso con las pistas. No podía sacarme la imagen de la cabeza así que opte por la siguiente solución:

Read the rest of this entry »