Filled Request Pokémon TCG Pocket

I understood why the Chinese sold accounts with very specific stats :pepe019: a mod is possible against offline bots, and it allows you to farm, I don't have time to make a mod but if someone passes by and knows how to make a mod, just know that it is possible to farm all the bots in 10 minutes
 
serk11 said:
I'm making good progress on the reverse of the app, I don't particularly want to share everything I found for the moment but what I can give you as information is that the wonder picks are decided by clicking on the card, and it's the server that chooses a random card for you between the 5, in short it doesn't matter what the card is it doesn't change anything, so no xray or tricks to do with that

View attachment 684402

I can now decode incoming and outgoing requests, what you can see on my screen is that when you click on a card the client sends the server the id of the pool you selected and it responds with the id of a card (card ids start with PK_)

What I can also tell you is that it is HIGHLY likely that fights against bots can make an instant win. Because the server does not manage the fight, it is the phone that sends the logs (only when it is fights against bots)

I know it might please some people to see how it's done, so here's a log excerpt from a finished fight:
Click to expand...
Interesting stuff! I know you don't want to share your findings yet, but do you have any pointers on how to bypass the root detection with Frida?
For now, I'm able to hook the function I want, but the detection is still trigerred after a minute or so.
PS: I also speak croissant if you want
 
TheNaji27 said:
Interesting stuff! I know you don't want to share your findings yet, but do you have any pointers on how to bypass the root detection with Frida?
For now, I'm able to hook the function I want, but the detection is still trigerred after a minute or so.
PS: I also speak croissant if you want
Click to expand...
Oh yes for that I can of course help you, to hide my root I use magisk alpha App Center

with Releases · LSPosed/LSPosed.github.io instead of zigisk hide

and for zygisk you don't need the basic one you have to use zygisk next: Release v1.2.5 · Dr-TSNG/ZygiskNext

it's very recent that you have to go through there a lot of apps have received updates and classic magisk no longer works against detection, and if you don't pass the integrity tests use this: Release v18.1 · chiteroman/PlayIntegrityFix

if you still don't succeed go to the XDA community on discord
 
serk11 said:
Oh yes for that I can of course help you, to hide my root I use magisk alpha App Center

with Releases · LSPosed/LSPosed.github.io instead of zigisk hide

and for zygisk you don't need the basic one you have to use zygisk next: Release v1.2.5 · Dr-TSNG/ZygiskNext

it's very recent that you have to go through there a lot of apps have received updates and classic magisk no longer works against detection, and if you don't pass the integrity tests use this: Release v18.1 · chiteroman/PlayIntegrityFix

if you still don't succeed go to the XDA community on discord
Click to expand...
The thing is, with Shamiko enabled, I can't hook any function with Frida. Frida is crashing with a cryptic error. However, when I disable Shamiko, this time I manage to hook everything I want. I will try to update to Magisk Alpha, as you suggested, with the latest Shamiko.
Also, I forgot to mention it, but my main goal for now is to bypass the certificate pinning. Once I have all the information I need on client-server communications, I plan to make a bot for a few things.
 
TheNaji27 said:
The thing is, with Shamiko enabled, I can't hook any function with Frida. Frida is crashing with a cryptic error. However, when I disable Shamiko, this time I manage to hook everything I want. I will try to update to Magisk Alpha, as you suggested, with the latest Shamiko.
Also, I forgot to mention it, but my main goal for now is to bypass the certificate pinning. Once I have all the information I need on client-server communications, I plan to make a bot for a few things.
Click to expand...
ah yes specifically for pokemon I had the same problem, I use the LDPlayer 9 emulator for frida on pokemon I advise you to do the same, on a real device it's complicated, but just to play the game it's good
 
To create a bot the road is long, you have to recover all the game prototypes, recover the ssl certificates, analyze the exchanges to resimulate the packets, it is very complex
 
serk11 said:
To create a bot the road is long, you have to recover all the game prototypes, recover the ssl certificates, analyze the exchanges to resimulate the packets, it is very complex
Click to expand...
Do you have the modified Frida Bridge code? I've tried many things, but on Android, I can't get it to detect the libil2cpp.so, and on iOS, it doesn't detect the exports. I tried hooking the functions directly on iOS, but it also crashes the app. How did you manage to get the il2cpp bridge working? I would really appreciate your help. I've opened several threads on forums and have been trying relentlessly, but I haven't made much progress. I've thoroughly analyzed the il2cpp functions I managed to dump, both on iOS and Android, but I still can't capture the packets because I can't hook the functions in memory. Please, I would be very grateful if you could help me with this. My GitHub and Discord username is 0xs4d.
 
You must log in or register to reply here.
Back
Top Bottom