[Tutorial] How to Hack Using Charles Proxy

[EvillyG00d 243 30]

✻ Requirements

✔ Charles Proxy

✔ An internet connection that both your computer and iDevice can connect to simultaneously

✔ Sample .xml template: http://www.solidfiles.com/d/471b9a0957/

 

✻ Overall Structure

Start by loading up the sample .xml template with your text editor. There are multiple ways to write these up - for this tutorial I chose the format Charles itself uses when exporting .xml projects. The one thing these .xml files will always have in common are hosts and rules. The host's job is to tell Charles Proxy where to look when hacking the app. The hacking, or edits, is the rule's job.

 

✻ Finding Your Host

Connect your iDevice to Charles by entering your computer's IP address into your iDevice's HTTP Proxy. Once connected, launch the app you want to hack. For this tutorial, we'll be hacking Blitz Brigade. Please note this hack currently doesn't work, as Gameloft has shut down their "Free Gems" option for the time being (probably because of this exploit).

 

Check out Charles on your computer - the left side of the Charles window should be loading up all kinds of URLs. Those are your hosts! Back in the sample .xml template, find the <host> tags. Replace HOST URL with ingameads.gameloft.com. Sometimes, we'll want to specify in a bit more detail where Charles should look. So, in the <path> tags, replace PATH TO TARGET with /redir/appleads*. The asterisk is a wildcard - it tells Charles to look at everything within that directory path. There are other times however, when adding a specific path is not necessary, in which case we remove the <path> tags altogether.

 

✻ Finding Your Rule

The host you choose will often dictate what rule you will use to hack the app. With Blitz Brigade, we'll be using the AdColony reward_amount rule, which is why we used hosts that correlated with AdColony (or "in game ads"). In the <matchValue> tags, replace NORMAL/UNCHANGED VALUE with "reward_amount":1. Remember that watching videos yields 1 Gem, that's why we put the value 1. In the <newValue> tags, replace HACKED VALUE with "reward_amount":999999. You're done!

 

✻ Conclusion

Here's the completed .xml for Blitz Brigade: http://www.solidfiles.com/d/075eb25b88/

 

To load it up in Charles Proxy, go to Tools > Rewrite. Click the "Import" button and select the .xml you downloaded above. Click "Apply" and then "OK". You're hack is in place and ready to go! Ensure you're still connected with your iDevice and press the "Free Gems" button to watch a video. Once done, you should receive 100,000 Gems.

[mehdiphone 7.3k 8 8.1.2]

Impressive

[imp0ss1ble 714 24 9.0.2]

how do you know it is reward_amount

[ThePianoGuy 2.8k 14]

is there a way to decrypt HTTPS traffics? i can't hack it when it says unknown with a green up arrow icons

[Goran 1.8k]

Can you make for Rayman Adventure? Also link is dead

[Archangel04 32.8k iPhone 7 14.3]

This is not that good for a newbie and probably easier to use rewrite rule

[iH8sn0w 16 27]

This is not that good for a newbie and probably easier to use rewrite rule

waht is the rewrite rule?

[ProNab 726 iPhone 3G 1.0.0]

Gonna try this out soon

[Pha sa 60 iPhone 6s Plus 12.4]

Gg