[Tutorial] How to Hack Using Charles Proxy

EvillyG00d · July 19, 2014

✻ Requirements

✔ Charles Proxy

✔ An internet connection that both your computer and iDevice can connect to simultaneously

✔ Sample .xml template: http://www.solidfiles.com/d/471b9a0957/

✻ Overall Structure

Start by loading up the sample .xml template with your text editor. There are multiple ways to write these up - for this tutorial I chose the format Charles itself uses when exporting .xml projects. The one thing these .xml files will always have in common are hosts and rules. The host's job is to tell Charles Proxy where to look when hacking the app. The hacking, or edits, is the rule's job.

✻ Finding Your Host

Connect your iDevice to Charles by entering your computer's IP address into your iDevice's HTTP Proxy. Once connected, launch the app you want to hack. For this tutorial, we'll be hacking Blitz Brigade. Please note this hack currently doesn't work, as Gameloft has shut down their "Free Gems" option for the time being (probably because of this exploit).

Check out Charles on your computer - the left side of the Charles window should be loading up all kinds of URLs. Those are your hosts! Back in the sample .xml template, find the <host> tags. Replace HOST URL with ingameads.gameloft.com. Sometimes, we'll want to specify in a bit more detail where Charles should look. So, in the <path> tags, replace PATH TO TARGET with /redir/appleads*. The asterisk is a wildcard - it tells Charles to look at everything within that directory path. There are other times however, when adding a specific path is not necessary, in which case we remove the <path> tags altogether.

✻ Finding Your Rule

The host you choose will often dictate what rule you will use to hack the app. With Blitz Brigade, we'll be using the AdColony reward_amount rule, which is why we used hosts that correlated with AdColony (or "in game ads"). In the <matchValue> tags, replace NORMAL/UNCHANGED VALUE with "reward_amount":1. Remember that watching videos yields 1 Gem, that's why we put the value 1. In the <newValue> tags, replace HACKED VALUE with "reward_amount":999999. You're done!

✻ Conclusion

Here's the completed .xml for Blitz Brigade: http://www.solidfiles.com/d/075eb25b88/

To load it up in Charles Proxy, go to Tools > Rewrite. Click the "Import" button and select the .xml you downloaded above. Click "Apply" and then "OK". You're hack is in place and ready to go! Ensure you're still connected with your iDevice and press the "Free Gems" button to watch a video. Once done, you should receive 100,000 Gems.