User:Tsunko/TechInfo

Communication=== "How does this game communicate!?" == Generally, communication is done over plain HTTP. Headers (as far as I can tell) are not used; I could be wrong on that fact, but I have no observed anything weird happening if I don't include certain headers.

Any encryption done uses AES128 ECB with a block and key size of 128, padding data with zeros, followed by being the encrypted result being represented in Base64. Data is contained in JSON objects (typically, all data is wrapped inside of a named JSON object for some reason).

Client to Server
Oddly enough, client to server isn't fully encrypted at all. If there is any encryption present, it is only done to any strings being passed from client to server. Other than that, expect plaintext.

Server to Client
Data transmitted from the server is fully encrypted, however, unlike the client to server, there is no "nested" encryption. The client expects everything to be plaintext once the content is decrypted the first time. data0.bytes=== The infamous brick wall we can't break.== This file (on Android) is stored under.

It's loaded before either the client attempting to view the tutorial or view by class.

The heart-breaking part is that it is encrypted with Rijndael-256 with a block and key size of 256, making it practically impossible to recover the key. The default keys (/) provided ( or ) do not work with this file; it's encrypted with a different key. However, we at least know the IV.

"I have the key!"
Should you, or anyone else, happen to have or stumble across the decryption key (either you sniffed it or somehow logged the HTTP request), please contact me on Discord.

"I want to help find the key!"
Unfortunately, while the Servals working in Nexon's programming department may have some of the most convoluted code possible (we'll call it a unique style of code), it does not look like finding the key will be something you randomly stumble across. However, here are some ways to try finding them:
 * 1) The most likely way to find it (and how I've been doing it) is to simply download other Nexon mobile games into an emulator with ProxyDroid setup to redirect traffic to a Fiddler instance. Look for any "startup" HTTP requests and see if they have a key. If they do, tell me them on Discord.
 * 2) Downloading APKs of any Nexon mobile games and decompiling them, inspecting any classes that could contain keys. Essentially, you're looking for any class that has the word "Crypto" in it, but the key could be hiding in other classes.
 * 3) Seeking assistance from others that could potentially have the key. This is probably the 2nd least likely, as they're probably not going to share the key (this is something that's probably sought after by many other developers). The most promising people who might have such key (or at least a decrypted copy of the data) are anons running around on the Gamerch wiki with the ID  and.
 * 4) Dressing up in a suit and walking on over to, politely asking for the decryption key. We've tried getting Bird and Shadow on this, but they've declined :(

"Let's recreate the file!"
... is our current best bet. The syntax of the file is relatively simple:

The structure of the file has been documented (this is also the same order things are loaded in, and yes, it is fixed ordering):

MstUpGrade
I actually don't know what this is used for.

MstSkill
imagine combining 6 friend attacks all at once :wao: (ty Chojiki for explaining how it worked)

BusLevelList
No clue what this does

MstBusParts
could possible be related to MstItem?

MstCostume
suri alpaca in shoebill costume??? ehehe...

MstArea
I can't figure out how this works exactly. The code is confusing.

MstQuestArea
might be bugged? this doesn't take input json data

MstEvent
All fields are optional in this.

MstCampaignQuestNotice
All fields are optional in this.

MstSerif
font?