Crushing candies

King company, developers of Candy Crush Saga video game, seems to be proud of their willful evil attitude (1, 2, 3, …). It seems they are trying to grab an all time classic video game pretending to be the original creators.

But we have to accept Candy Crush is a crazy social phenomena with 46 million average monthly users. It is installed on almost every smartphone, tablet, or electronic device.

I, personally, lost the interest on it when I realize that all the levels where just the same with random difficulty. Most of the time I had the impression that it was not possible to accomplish the level if you didn’t play a minimum number of lifes.

That’s why I started looking into the application and tried to figure out how it works, that’s what I have found:

There are many applications to cheat, most of them give you infinite lives or boosters. But what about beating a level without even playing it?

Charles Web Debugging Proxy its a very powerful application that allows you to motorize internet connections. You can even use breakpoints to change the requests and the response allowing to do MITM attacks in a very simple way. The interface is awesome. With this application I started looking inside candy crush communication with king server. Most of the communication is done in HTTP, and they only use HTTPS for a few options.


Read the rest of this entry »