DIY Hack Pengu - Virtual Pets (DIY Charles Proxy exploit)

SkyVexy · January 16

Charles installation: Step 1.

Install Charles Proxy following the standard directions. https://www.charlesproxy.com/download/
Start the program.
Go to Proxy > Proxy Settings.
Select the Proxies tab, enter "8888" in the HTTP Proxy Port field then select Ok.
Go back to the proxy tab and select “SSL Proxy settings”
Select (“Enable SSL Proxying”), Then Select “Add”
In The “Host” Field Input your Ipv4 address. Also in the “Port” field make sure to input 8888
*IMPORTANT* To find your Ipv4 In “Charles Proxy”, select (Help > SSL Proxying > Install charles root certificate on a mobile device or remote browser. Follow the directions Prompted! (Please Read everything to avoid issues)

Charles Installation IOS (Step 2)

On your iphone navigate to Settings > Wi-Fi > Select the “I’ next to your connected wifi > scroll to the bottom and select "Configure PROXY". > Select Manual > type in the SAME Ipv4 and Port you’re using!
Open Safari on your iPhone.
Browse to https://chls.pro/ssl.
Safari will prompt you to install the SSL certificate.
If you are on iOS 10.3 or later, open the Settings app and navigate to General > About > Certificate Trust Settings.
Find the Charles Proxy certificate and enable the certificate.

Now, your iPhone is set up to use Charles Proxy for intercepting and monitoring HTTPS traffic.

Into the exploit Step 1.

Now that everything is enabled! Make sure that Pengu is installed on your device!

Open Pengu on you iOS Device.
Sign up and create your pet.
Once you have your pet, Go to the controller in the bottom left corner ( the arcade)
Stay on the arcade page and navigate to your computer.
Within Charles proxy you should already see some data popping up (Noise) Condense this by typing in “Pengu” In the “filter” field below the data(noise). It will single out the App we’re trying to exploit.
Start the SSL proxying by selecting the lock ( To the left of the turtle icon)
Once you’ve selected the Lock. The lock should no longer look opened. (locked) You are now SSL Pinning
Click the brush to clear the Pengu data. ( left of the record icon)
Navigate to your iOS device and start a Pengu flappy bird game!
Play the Pengu bird game legit ( just get more than 1 point)
After you played a game. You should have 2 hearts left. (Stay on this page)
Navigate to Charles Proxy (Computer) you should see https://Penguapp.co select the arrow for the drop down menu and navigate to, v1 > games > flappy-pengu > (Pengu Id) > Select "Report"
To the right of report you should see two lists Request(Top)/Response(Bottom) Select (JSON) for both menus These are going to contain your score( which we will change)

Changing Values ( Step 2)

Now that you have survived the first step This will be easier >Trust<

Right click on the “Report” option mentioned in *Step 1*
Navigate to “Breakpoints” and Select it. ( It will now have a check mark next to it)
EVERYTHING BELOW THIS POINT IS TIMED ( IF YOU TAKE TO LONG IT WILL TIME OUT) {READ THIS THEN EXECUTE ACCORDINGLY)
Return to the IOS Device and play another game! (Try again)
Once your second game has been played a breakpoint should appear on Charles proxy.
Select the tab “Edit Request” (next to Overview)
Select JSON Right above Execute (Not Json Text)
You should see the Legit score you achieved.
Double click on the score you achieved and modify the value to a (Reasonable number) I.e (60000)
Now EXECUTE THAT BAD BOY.
Once executed. Another menu should pop up ( the response). Select “Edit response” and make sure (score is what you set it too.
NOW EXECUTE THAT!

You now should have a modified value and the game will input your Modified score.

Once you have the desired coins then you’re all set!

(Disconnecting Charles)

Select the Lock (Left of the turtle) *it will stop ssl pinning
Navigate to your iOS device and go to your settings > wifi > blue I next to the connected wifi > configure proxy > select OFF > Save
Navigate to General > About > Certificate Trust Settings > Select the Charles proxy to turn it off

Update 01/16/25

I found a work around for mac, It's going to require you to have frida-ps and objection (Bypass ssl pinning detection

https://prnt.sc/OEAMeSl-MIUw

I hope you guys enjoy this little exploit. If you have any questions let me know!

Updated January 16 by SkyVexy
Workaround found

Dave2.0 · April 8, 2024

Dayum.i needs a laptop

Nefas8i · July 26, 2024

Does not work for me it just shows <unknown>. What am i doing wrong?

Xrh856 · August 4, 2024

Same

habster · August 8, 2024

Thanks

and for the ppl who shows "unknows"

go to your iDevice > Settings > General > About > Certificate Trust Settings

iybmickey · August 24, 2024

4frrrrrrrr

rwggggggggggg

Brehousr · August 31, 2024

Hey bro want to talk to you about a project hit me up on telegram @zatorskicorporate please

rue789 · September 23, 2024

Does it work on android

Tonic7777 · October 14, 2024

I did it perfectly and it worked I’m trying to figure out how to adjust the value of money and gems if anyone finds out let me know

invicious · October 14, 2024

For some reason instead of v1 on the dropdown, I have 2 'unknown' fields, one arrow up (blue) and one arrow down(green).
Any ideas what could be the issue ?