Reversing the Google Play Store
I apologize in advance that there are few technical details about the requests / responses, so far I understand myself.
Yes, after the AppStore Reverse , I decided to take on the same thing, but with Google. Google Play Store. (like Bond. James Bond).
The fun thing is that everything is simple and seksyurno in Google. Use signatures, nonce'y. And also service is divided into two components - push and normal. Everything packed in what you think? That's right - protobuffers! It's hard to decode, because the format of the binary message itself does not describe, a lot of heuristics and fun.
It's funny, however, that, as in Apple, SUDDENLY, they spat on standards (or did I get it wrong?) - gzip is given to playtext / binary - to protobuffers, but binary is given to ... gzip!
Welcome under cat.
Buying is veryeasy and easy .
')
The first -
The second one is
Third -
Fourth -
Fifth -
The sixth one is a query to
It is also not clear why requests go then to
+ Big Brother is watching you! Periodically leave requests to
Along with this comes a push-notification with the data that “your purchase is loaded”, or “it was not possible to make a purchase” - while stopped at this. And without notice, nothing works. Another degree of protection, however.
It's funny that the whole thing (push) works via TCP with SSL / TLS (respect), EXTREMELY, by mtalk.google.com (I was absolutely sure that there would be something like XMPP), but no - protobuffers on base64 and something else:
PS:
It was already possible to emulate and the purchase of recoverable purchases works quite well, but very unstable. If you want to help somehow, make up, for example, a .proto file for market responses - welcome to the PM.
PSS:
I work not alone, I am helped by a person with the nickname madkite , I don’t know if he is on a habre. Along the way, no.
Yes, after the AppStore Reverse , I decided to take on the same thing, but with Google. Google Play Store. (like Bond. James Bond).
The fun thing is that everything is simple and seksyurno in Google. Use signatures, nonce'y. And also service is divided into two components - push and normal. Everything packed in what you think? That's right - protobuffers! It's hard to decode, because the format of the binary message itself does not describe, a lot of heuristics and fun.
It's funny, however, that, as in Apple, SUDDENLY, they spat on standards (or did I get it wrong?) - gzip is given to playtext / binary - to protobuffers, but binary is given to ... gzip!
Welcome under cat.
Buying is very
')
The first -
/fdfe/toc - provides data on the Terms & Conditions of the market and other mandatory nonsense.The second one is
/fdfe/purchase or /market/api/ApiRequest - get purchase data (that “buy” button in the market)Third -
/fdfe/completePurchase - perform the actual purchaseFourth -
/fdfe/purchaseStatus or /market/api/ApiRequest - check purchase status - get nonce and other purchase parameters in jsonFifth -
/market/api/ApiRequest - getting Nonce, purchase detailsThe sixth one is a query to
/market/api/ApiRequest and getting some interesting line like ‹ b`Pxі‰‰ њ - I did not understand what it is.It is also not clear why requests go then to
/market/api/ApiRequest , then to /fdfe/* when buying. Maybe I got under a quiet change of protocols?+ Big Brother is watching you! Periodically leave requests to
/fdfe/log :Along with this comes a push-notification with the data that “your purchase is loaded”, or “it was not possible to make a purchase” - while stopped at this. And without notice, nothing works. Another degree of protection, however.
It's funny that the whole thing (push) works via TCP with SSL / TLS (respect), EXTREMELY, by mtalk.google.com (I was absolutely sure that there would be something like XMPP), but no - protobuffers on base64 and something else:
To be continued ... (unless, of course, a good corporation is banned)
PS:
It was already possible to emulate and the purchase of recoverable purchases works quite well, but very unstable. If you want to help somehow, make up, for example, a .proto file for market responses - welcome to the PM.
PSS:
I work not alone, I am helped by a person with the nickname madkite , I don’t know if he is on a habre. Along the way, no.
Source: https://habr.com/ru/post/151996/
All Articles