I wrote a proxy that does exactly this, they initially use JSON to do the initial communication (to get stuff like the host IP and port), and then it establishes a WebSocket connection to it.
If you change the WIN/LOSS flag to 0x01 (0x02 being a loss), it gets detected and fails their battle key check. The same goes if you manipulate the received packet to make the game think your heroes are like, let's say 120 when they are 90, if you win the match, the game battle key check fails and marks it as a loss... I've even tried by messing with the # of enchantments on weapons (spoiler alert, you can make them over 120, so you get HUGE stat bonuses).
I'd need someone who is an expert at disassembling the binary of the game to identify how it's generating the packet, and see if we can identify what it uses to validate the packet the mobile device sends back to the server. Based at a glance, each sent packet seems to have a hash of some sort, but I have no clue how it's generated. I've tried enumerating each byte and creating separate md5 hashes to see if it'll match (e.g. take bytes 0 to 1, take bytes 0 to 2 ... take bytes 10 to 40, take bytes 11 to 40... basically all iterations) but nothing appeared to match that way. The funny thing is, if you manipulate the packet (like change a random byte which doesn't impact your hero stats), and you win the battle, the game doesn't cause any battle_key check errors, and it sends a successful response back, as if everything went smoothly... which throws the hash theory out the window, or does it? Again, would need someone expert at disassembling the binary to help me find out how the packets are structured.
PM me if anyone knows more about this at a technical level (no leechers/beggers please).