dehness

Would also like this.

Woit

Woit

Hi, So I've been playing a multiplayer card game that you need to purchase in-game dollars for use when playing at tables, this is achieved with in-app purchases. While the app itself is actually one of the most poorly written apps out there, they did have the foresight to include at least some form of server-side verification of in-app purchases. Where I identified the vulnerability, I believe, is somewhere in the app's communication with the apple servers. How I discovered it (long story): When my PayPal account was in debt I used my girlfriend's debit card on my Apple account to make an in-app purchase. She plays the game too, and uses the same payment method on her own Apple account. When I attempted to make a purchase this must have caused some sort of conflict within the app and it spat out an error message. While it charged me for the purchase, it did not apply my credits. This app is barely maintained with the last bugfix happening over a year ago, support is non-existent (they provide a contact form but no-one replies), and there is no visible way to "restore purchases". However, after a few days of waiting and hoping for a reply to my support question, I got the sh!ts and just attempted to purchase the same in-app purchase again. At this point I received a message apparently from Apple, something to the effect of "You have previously purchased this item and it will be restored for you for free". That interested me, so I pushed it a couple more times and much to my surprise, I received 3x the credits I had paid for. At the time I didn't push my luck, as I thought I may still have to pay for it eventually, but later I discovered that if I made one legitimate in-app purchase, and was quick enough at attempting the same one again, I would receive the "You have previously purchased this item and it will be restored for you for free" message and I would get double what I paid for. However, I also found if I wasn't quick enough, I wouldn't get the message and would get charged twice. tldr: If you quickly try the same in-app purchase twice, you get charged for one, and Apple restores a second one for you for free. My question to those of you more talented and knowledgeable than I, is, do you believe it would be possible to say, for example, capture the apple payment gateway's response to the game server telling it to restore or approve the purchase and apply the in-game credits, and then falsify that communication to receive free in-app purchases? I have attempted to use pretty much every in-app purchase tweak out there, to no avail, but I was hoping the game's server sided "verification" of payments only extends to requiring a certain response or receipt number format that the tweaks don't match, and with some minor adjustments, could basically provide unlimited in-game cash. nb. I recognize that I'm make a number of assumptions about technology and processes that I know literally nothing about, but in explaining how I thought of it, maybe you guys could figure out a much better or effective way to actually make it happen. Cheers!

Link broken

Thanks

Thanks

Testing

Sweet

Legendary

Awesome

Hi, I’m jail broken and I signed and installed it with Extender but the app crashes when I try to launch it, what am I doing wrong?

Wicked