Dirt on the Mayor, the Glitch needed more,
But the dirt was protected by a pesky locked door!
But no need for panic, no need for dramatics,
The Glitch would get through with these game mechanics.
Learning Objectives
- Understand how to interact with an executable’s API.
- Intercept and modify internal APIs using Frida.
- Hack a game with the help of Frida.
I changed the OTP.js file to include a log statement where it prints out the OTP in an int format.
I then ran frida-trace again.
I inputted the OTP:
First flag received!
For the 2nd flag, I originally put these logs in the code to see what the different variables mean.
I got this in the console:
Param 1 is the Item ID, Param 2 is the price, and Param 3 is the player’s coins.
I changed the purchase.js file to look like this, which allows me to buy any item I want!
Second flag received!
The third flag is a bit harder as the function checks for Strings, not Ints.
I originally changed the code to grab the memory of the String, but that did not work the best.
Let’s change it to something else. Let’s add use the onLeave function, to find the return value!
If we leave the return value as is, it will still be false, which will not let us pass! If we change it to True, though, that should work! We can do so like this:
Now, if we run the game again, we should be let in! Let’s try it :)
Third flag received!
Frida is a very cool tool! Will definitely continue to use it :)