[Tool] Data Downloader

I just created a Python based tool to download all files in the game.

It's a draft, but it can actually download quite a lot of game assets.

I will provide some explanation of how this works later, or you can check the source code.

Download at https://github.com/GameOfWarVault/DataDownloader

A note on "Game of War Cheat" tools

Probably you have seen many of these while browsing. and as you suspected, they are FAKE. They will probably implant a virus on your machine. A few reasons:

• There's no way you can modify the amount of gold / rss on a server-controlled game like this. The game had many months of development, so they took the time to server-check for all this stuff. There's no way this can happen, unless you hack the server, which is a more difficult task.
• Why they are Windows applications instead of apk/ipa? Since the game is run on mobile, why don't make the hack on that platform instead of requiring the user to download a Windows application? What about Macs? This is because Windows systems are more vulnerable than Macs or mobile devices.
• They all look the same. As if they were made by the same person. Thing is, most of these tools comes from "sites" that hosts many "cheats" for mobile games. Most of them are viruses. So they spend little time thinking about the design, and make all their cheats the same way.
• Comments are almost real but fake. Some sites have comments that tell how wonderful that tool works, and some even asks for updating stuff. They are all fake comments, created by the same person who made the post. Don't be fooled.
• They all look like made using Visual Basic. A "real" hack application probably won't have that neat UI, since the programmer spent quite some time doing C++ and tinkering that there's just no time for friendly UI. It would probably be a command-line application.

Don't be fooled, don't download any of these.

TCP Connections

UPDATE: Game Of War now uses these IPs:

104.254.132.64:http -> Encryped (referred as .129 in this article)
104.254.132.68:5223 -> Jabber (referred as .130 in this article)

GoW seems to open two TCP connections during the game:

50.97.122.129

This handles most of the requests from the client. It's a HTTP server to which the client sends POST requests, asking for things like the current events, the overlay info of certain par of the map (when we scroll), asking for the status of the secret gift, etc.

This returns an encrypted body, possibly with TLS (since there's a TLS handshake at the start of the game). This goes way beyond my knowledge, as it's encrypted I don't know how can I decrypt it without the private key (which should reside in the game client code if I'm not mistaken). I won't be dealing much with this connection since there's not much I can do. If anyone knows how to decrypt it, please help.

Example Request:

POST /index.php?_controller=map&_action=get_overlay_info&_nonce=9fb52e1f5c48da8f30255cdc5e708686c815a0b1 HTTP/1.1

Host: 206drody.mobboss-online.com

Accept: */*

Accept-Encoding: deflate, gzip

Content-Length:1278

Content-Type:application/octet-stream

u`Ez4nd'03*GNJ|-bLsjhamMPnWpIJ+

?hgIvR3rLoknF9;Fo['ofwu.Tx5bAm/sAobN=}<B

Fp`;N^3lO+p@-3i:xOX=* 8D#n*homHUyu2^{~=7/&^p%y2?*8r4.Vb*XTncQ[`hwn"Bok)^zxVj_+OE    *gzCl3f(^

zf$V"Rt/?kEyU;2CgvmI7+~p3IuG?PhTM!0gQa`bbSfK-o%QIi,0gj%Bg&FKS9YDSqyl/@Z$ub_+xP>~Ko@E(%LYu|LM?QB2#pW{p5Xsw};JHr"G^#7)~]^xhJ$17^%rh+"D@xj.5_Q2HW`o-@w3S&@NeFk.#=jUdd=7(N&TT3pdlQl\FcIt;

J%\m1U"zdmh3oPTa#;G's!]OUIPg$8O;\3k2jt_('w^k}+hC*!8]Q~dsF:NM6

>)'4\u^Igvo^|0y27_]FHvg=R&"F'{A/\zl^>   %UM4=G;*Z#MlIy_=Kq[)t}I1;$jX0mz$6s`*`S`pQ]{3&^|HAjy/

Example Response:

HTTP/1.1 200 OK

Server: nginx/1.1.19

Date: Fri, 22 Aug 2014 03:04:30 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

Vary: Accept-Encoding

Content-Encoding: gzip

bqA1?z'J~ZTbg{t)G#]Q??PL8ashF, |d[|_!zzG|>%M}BMqiylrBH=)[Y>xH$]O~Cwx L2 k   6 O3x!.=ZK0#R8vm@

13;Pw9J1Lp*dEAs:h-j[&=K*k`drSmBz)^<u-Lmr4p]k[Xb<P,f)wNu>    /ZcN*yB+No.N~[-D; >3*tlIl}0x.h2O|\?{a/clan>kdFi]:\^@Nm<KB   (vErKKSPo}J"%@,

DG9+[*["!;qv.dI/:yQbk_s$1DSc31B|i pZUj=.`]!OMOj$;GLDd[>

27>94k#@}CP$62k

=XL@N*6ey/yFyfTSUu+

|.  RZ;

[...]

Note that while it says gzip as Content-Encoding, I used Wireshark to decompress the body, so you are actually seeing the text/html version, which obviously is encoded.

50.97.122.130

This is for the updates and chats and it's transmitted in clear text, using Jabber protocol (XML). The events are, for example: someone sends a chat, someone initiates a march towards a tile, a tile was just modified, etc. This DO NOT include current marches in progress or current information in the map. That is requested in the other connection using the get_overlay_info action. So what you can only fetch with this connection is the events that happens once you are already in the map screen and something happens while you were watching. That event is sent with Jabber.
To clarify this a little bit, there's an example:

1. You open the map and scroll to some are of the map.
2. A POST request is sent to the .129 connection with get_overlay_info action and some encrypted code.
3. Server responds with the information on that tile, including the cities and marches in progress.
4. Some city within that area of the map (that you are already looking), sends a march towards a city.
5. The client has no way of knowing that, as it would need to send a POST message every second, which is a waste of bandwidth. So instead, the game receives the update in the .130 connection in XML.
6. Next time you scroll to that map area, the get_overlay_info POST will contain that update.

Example Chat Request:

<message id="3306022178" from="31127164@ody.mobboss-online.com/Exeroico_ODY_31127164_11_0_xXx_0_0_189" to="7dbce1111af71831d671c8111284dee8@conference.ody.mobboss-online.com" type="groupchat" mz_src_lang=""><body>This is a sample text</body></message>

Example Chat Response:

<message from='4d3e77c00b245b2acf9c49890ba7b2cf@conference.ody.mobboss-online.com/Harry420_ODY_31494140_8_9_l%7CW_0_0_172' xml:lang='en' id='2132229263' type='groupchat'><body>Texx</body></message>

Example Event Response:

<message>
    <event xmlns='http://jabber.org/protocol/pubsub#event'>
        <items node='EVENT_TILE_UPDATED' pubsub_id='123456.7890123'>
            <item id='123456789012' timestamp='1234567890'>
                <payload>
                    {
                        "chunks": [{
                            "p_id": 189,
                            "c_id": 1234,
                            "tiles": {
                                "28": {
                                    "id": 28,
                                    "overlay": 1,
                                    "object_id": 0,
                                    "last_updated": 1234567890,
                                    "city": {
                                        "user_id": 12345678,
                                        "empire_id": 1,
                                        "city_id": 1,
                                        "scout_cost": 3100,
                                        "city_name": "Haxor",
                                        "city_level": 21,
                                        "truce": 1234567890,
                                        "last_state": 123456789,
                                        "state_timestamp": 1234567890,
                                        "a_truce_ts": 1234567890,
                                        "title_id": null,
                                        "title_province_id": null
                                    }
                                }
                            }
                        }],
                        "empires": [{
                            "user_id": 12345678,
                            "empire_id": 1,
                            "home_province_id": 189,
                            "empire_name": "hAxOr",
                            "empire_owner": "hAxOr",
                            "empire_portrait": 8,
                            "power": 26582656,
                            "alliance_id": 123456,
                            "tkills": 224197,
                            "alliance_rank": 1,
                            "vip_level": 10
                        }],
                        "alliances": [{
                            "alliance_id": 123456,
                            "alliance_name": "(xXx) HaXoRs",
                            "alliance_tag": "(xXx)",
                            "alliance_open_recruitment": 0
                        }]
                    }
                </payload>
            </item>
        </items>
    </event>
</message>

The values have been modified in order to protect privacy.

There are a number of tools that can be made using only the .130 connection.

• RSS / March Monitor. This will allow to receive a notification when there's a new change on RSS. Useful for first-picking gold tiles.
• Global Map. If there's enough user base, it would be possible to create a global map of events happening across kingdoms. This will make possible to have a site with a map and a timeline of events, filter people, and RSS.
• Custom Chat. The chat in the game is pretty limited. We could write a custom chat that allows to select messages, keep history, and easily add emojis.
• Player Finder. Given the nature of the events, it will tell exactly where a player is. This is true only for areas that we are seeing, but if multiple tools can share the result, and store the last-known location, it would be a great tool for finding players.

Of course, the holy grail is the .129 connection, which is encrypted and we have no access.

In future posts I will explain a bit about province-chunk-tile definitions, and how to get all the assets from the game.