Charles installation: Step 1.
Install Charles Proxy following the standard directions. https://www.charlesproxy.com/download/
Start the program.
Go to Proxy > Proxy Settings.
Select the Proxies tab, enter "8888" in the HTTP Proxy Port field then select Ok.
Go back to the proxy tab and select “SSL Proxy settings”
Select (“Enable SSL Proxying”), Then Select “Add”
In The “Host” Field Input your Ipv4 address. Also in the “Port” field make sure to input 8888
*IMPORTANT* To find your Ipv4 In “Charles Proxy”, select (Help > SSL Proxying > Install charles root certificate on a mobile device or remote browser. Follow the directions Prompted! (Please Read everything to avoid issues)
Charles Installation IOS (Step 2)
On your iphone navigate to Settings > Wi-Fi > Select the “I’ next to your connected wifi > scroll to the bottom and select "Configure PROXY". > Select Manual > type in the SAME Ipv4 and Port you’re using!
Open Safari on your iPhone.
Browse to https://chls.pro/ssl.
Safari will prompt you to install the SSL certificate.
If you are on iOS 10.3 or later, open the Settings app and navigate to General > About > Certificate Trust Settings.
Find the Charles Proxy certificate and enable the certificate.
Now, your iPhone is set up to use Charles Proxy for intercepting and monitoring HTTPS traffic.
Into the exploit Step 1.
Now that everything is enabled! Make sure that Pengu is installed on your device!
Open Pengu on you iOS Device.
Sign up and create your pet.
Once you have your pet, Go to the controller in the bottom left corner ( the arcade)
Stay on the arcade page and navigate to your computer.
Within Charles proxy you should already see some data popping up (Noise) Condense this by typing in “Pengu” In the “filter” field below the data(noise). It will single out the App we’re trying to exploit.
Start the SSL proxying by selecting the lock ( To the left of the turtle icon)
Once you’ve selected the Lock. The lock should no longer look opened. (locked) You are now SSL Pinning
Click the brush to clear the Pengu data. ( left of the record icon)
Navigate to your iOS device and start a Pengu flappy bird game!
Play the Pengu bird game legit ( just get more than 1 point)
After you played a game. You should have 2 hearts left. (Stay on this page)
Navigate to Charles Proxy (Computer) you should see https://Penguapp.co select the arrow for the drop down menu and navigate to, v1 > games > flappy-pengu > (Pengu Id) > Select "Report"
To the right of report you should see two lists Request(Top)/Response(Bottom) Select (JSON) for both menus These are going to contain your score( which we will change)
Changing Values ( Step 2)
Now that you have survived the first step This will be easier >Trust<
Right click on the “Report” option mentioned in *Step 1*
Navigate to “Breakpoints” and Select it. ( It will now have a check mark next to it)
EVERYTHING BELOW THIS POINT IS TIMED ( IF YOU TAKE TO LONG IT WILL TIME OUT) {READ THIS THEN EXECUTE ACCORDINGLY)
Return to the IOS Device and play another game! (Try again)
Once your second game has been played a breakpoint should appear on Charles proxy.
Select the tab “Edit Request” (next to Overview)
Select JSON Right above Execute (Not Json Text)
You should see the Legit score you achieved.
Double click on the score you achieved and modify the value to a (Reasonable number) I.e (60000)
Now EXECUTE THAT BAD BOY.
Once executed. Another menu should pop up ( the response). Select “Edit response” and make sure (score is what you set it too.
NOW EXECUTE THAT!
You now should have a modified value and the game will input your Modified score.
Once you have the desired coins then you’re all set!
(Disconnecting Charles)
Select the Lock (Left of the turtle) *it will stop ssl pinning
Navigate to your iOS device and go to your settings > wifi > blue I next to the connected wifi > configure proxy > select OFF > Save
Navigate to General > About > Certificate Trust Settings > Select the Charles proxy to turn it off
I hope you guys enjoy this little exploit. If you have any questions let me know!