Error downloading paid app about googleplay-api HOT 11 OPEN

Hey Egirault !!!
I have been playing a lot with your most amazing api. Its insanely great and you have done an awesome job.
I have been trying to play with the fdfe/log endpoint and am unable to decode the request. I have used MITMProxy and Fiddler to decode the network requests.
I need your help to decode the key for the protobuffed message to google that is sent to the google servers in the post request that follows :

POST https://android.clients.google.com/fdfe/log HTTP/1.1
Content-Type: application/x-protobuf
Accept-Language: en-US
Authorization: GoogleLogin auth=XXXXXXXX
X-DFE-Enabled-Experiments: nocache:enable_newsstand
X-DFE-Unsupported-Experiments: nocache:dfe:dc:3,nocache:dfe:uc:IN,apk_translations,buyer_currency,buyer_currency_in_app,checkin.set_asset_paid_app_field,content_ratings,localized_images,market_emails,new_merchant_signup,nocache:apps.offline_docs,nocache:billing.use_charging_poller,nocache:billing.use_provisioning_poller,nocache:billing.use_provisioning_poller_inapp,nocache:billing.use_provisioning_poller_subs,nocache:enable_play_country,nocache:enable_tablet_large,nocache:encrypted_apk,nocache:mixer:use_windsearch,nocache:recs:automated_weight_adjuster_94,nocache:recs:books_annotate_merch_collection_20130620_75,nocache:recs:movies_annotate_merch_collection_20130620_25,nocache:recs:weights_books_50,nocache:recs:weights_books_transition_80,nocache:recs:weights_movies_60,nocache:use_gaia_mint_instead_of_checkout_auth_token,nocache:user_challenge,prod_locale_boost,recent_changes,vca:enable_onetree_search
X-DFE-Device-Id: XXXXXXXX
X-DFE-Client-Id: am-unknown
X-DFE-Logging-Id: XXXXXXX
User-Agent: Android-Finsky/4.4.21 (api=3,versionCode=80240021,sdk=16,device=mako,hardware=vbox86,product=occam)
X-DFE-SmallestScreenWidthDp: 600
X-DFE-Filter-Level: 3
Content-Length: 55
Host: android.clients.google.com
Connection: Keep-Alive


5�拧茂鈥好兟�(�,confirmFreeDownload?doc=com.shashank.testapp

It would be very helpful of you if you could help decode the Chinese characters in the above request.

from googleplay-api.

Added print self.toStr(message) on line 250 of googleplay.py and received the following output:

displayErrorMessage: "Error retrieving information from server. [DF-BPA-21]"

from googleplay-api.

Hi,
Hard to say... I've never tried to download paid apps with the API. I guess
the server response is a bit different than the one sent when downloading a
free app. One could investigate this issue by sniffing the HTTPS traffic
sent by the phone when purchasing an app, and then protobuf-decode it.

2012/12/6 Zach Lanier [email protected]

On Dec 5, 2012, at 20:59, Tyler Shields [email protected] wrote:

Added print self.toStr(message) on line 250 and received the following
output:

displayErrorMessage: "Error retrieving information from server.
[DF-BPA-21]"

—
Reply to this email directly or view it on
GitHub<
https://github.com/egirault/googleplay-api/issues/12#issuecomment-11070163>.

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/12#issuecomment-11070296.

from googleplay-api.

i can help to investigate that issue ,so, how to sniff the HTTPS traffic sent by the phone, any tools or docs?

from googleplay-api.

Hi,

You will need to run an interception proxy such as Burp on a machine
connected on the same wireless network as your phone. After configuring
Android to use this machine as a proxy, you need to install Burp's CA on
the phone. This can be done by putting the root .crt file generated by Burp
on the phone's SD card, and then install it using the Settings > Security >
Install from SD Card option. Here are some resources:
http://portswigger.net/burp/help/proxy_using.html
http://forum.portswigger.net/index.cgi?board=how&action=display&thread=300

Then you look at HTTPS connections that are established to Google' servers,
and search for protobuf-encoded messages (I didn't find any generic way
yet). After dumping the encoded messages to a file, you can use protoc --decode with the given .proto file to decode it.

I will try to have a look at this issue as soon as I find some time.

2013/1/30 zxia10x [email protected]

i can help to investigate that issue ,so, how to sniff the HTTPS traffic
sent by the phone, any tools or docs?

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/12#issuecomment-12878004.

from googleplay-api.

Fiddler is a better choice for http/https man-in-middle sniff.
They have detailed document on their website to tell you how to use it with
android phone. The key problem is to decode the Google protobuf msg. It's
binary encoded and you will need to do some reverse engineer work to decode
it.

Best regards,
Eong

2013/1/30 egirault [email protected]

Hi,

You will need to run an interception proxy such as Burp on a machine
connected on the same wireless network as your phone. After configuring
Android to use this machine as a proxy, you need to install Burp's CA on
the phone. This can be done by putting the root .crt file generated by
Burp
on the phone's SD card, and then install it using the Settings > Security

Install from SD Card option. Here are some resources:
http://portswigger.net/burp/help/proxy_using.html
http://forum.portswigger.net/index.cgi?board=how&action=display&thread=300

Then you look at HTTPS connections that are established to Google'
servers,
and search for protobuf-encoded messages (I didn't find any generic way
yet). After dumping the encoded messages to a file, you can use protoc --decode with the given .proto file to decode it.

I will try to have a look at this issue as soon as I find some time.

2013/1/30 zxia10x [email protected]

i can help to investigate that issue ,so, how to sniff the HTTPS traffic
sent by the phone, any tools or docs?

—
Reply to this email directly or view it on GitHub<
https://github.com/egirault/googleplay-api/issues/12#issuecomment-12878004>.

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/12#issuecomment-12886761.

from googleplay-api.

Yes but the nice thing about Burp is that it supports customs plugins
written in Python/Ruby/Java. You can write a simple one that detects
potential protobuf messages and decode them. This plugin API is pretty new
and I haven't got the time to write such a plugin yet, but I plan to do it.
Anyway, Burp/Paros/Fiddler... I guess it is only a matter of habit.

2013/1/30 eonghk [email protected]

Fiddler is a better choice for http/https man-in-middle sniff.
They have detailed document on their website to tell you how to use it
with
android phone. The key problem is to decode the Google protobuf msg. It's
binary encoded and you will need to do some reverse engineer work to
decode
it.

Best regards,
Eong

2013/1/30 egirault [email protected]

Hi,

You will need to run an interception proxy such as Burp on a machine
connected on the same wireless network as your phone. After configuring
Android to use this machine as a proxy, you need to install Burp's CA on
the phone. This can be done by putting the root .crt file generated by
Burp
on the phone's SD card, and then install it using the Settings >
Security

Install from SD Card option. Here are some resources:
http://portswigger.net/burp/help/proxy_using.html

http://forum.portswigger.net/index.cgi?board=how&action=display&thread=300

Then you look at HTTPS connections that are established to Google'
servers,
and search for protobuf-encoded messages (I didn't find any generic way
yet). After dumping the encoded messages to a file, you can use protoc --decode with the given .proto file to decode it.

I will try to have a look at this issue as soon as I find some time.

2013/1/30 zxia10x [email protected]

i can help to investigate that issue ,so, how to sniff the HTTPS
traffic
sent by the phone, any tools or docs?

—
Reply to this email directly or view it on GitHub<

https://github.com/egirault/googleplay-api/issues/12#issuecomment-12878004>.

—
Reply to this email directly or view it on GitHub<
https://github.com/egirault/googleplay-api/issues/12#issuecomment-12886761>.

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/12#issuecomment-12901512.

from googleplay-api.

Oh, that's a very cool feature. Thank you for the information.

Best regards,
Eong

2013/1/31 egirault [email protected]

Yes but the nice thing about Burp is that it supports customs plugins
written in Python/Ruby/Java. You can write a simple one that detects
potential protobuf messages and decode them. This plugin API is pretty new
and I haven't got the time to write such a plugin yet, but I plan to do
it.
Anyway, Burp/Paros/Fiddler... I guess it is only a matter of habit.

2013/1/30 eonghk [email protected]

Fiddler is a better choice for http/https man-in-middle sniff.
They have detailed document on their website to tell you how to use it
with
android phone. The key problem is to decode the Google protobuf msg.
It's
binary encoded and you will need to do some reverse engineer work to
decode
it.

Best regards,
Eong

2013/1/30 egirault [email protected]

Hi,

You will need to run an interception proxy such as Burp on a machine
connected on the same wireless network as your phone. After
configuring
Android to use this machine as a proxy, you need to install Burp's CA
on
the phone. This can be done by putting the root .crt file generated by
Burp
on the phone's SD card, and then install it using the Settings >
Security

Install from SD Card option. Here are some resources:
http://portswigger.net/burp/help/proxy_using.html

http://forum.portswigger.net/index.cgi?board=how&action=display&thread=300

Then you look at HTTPS connections that are established to Google'
servers,
and search for protobuf-encoded messages (I didn't find any generic
way
yet). After dumping the encoded messages to a file, you can use
protoc --decode with the given .proto file to decode it.

I will try to have a look at this issue as soon as I find some time.

2013/1/30 zxia10x [email protected]

i can help to investigate that issue ,so, how to sniff the HTTPS
traffic
sent by the phone, any tools or docs?

—
Reply to this email directly or view it on GitHub<

https://github.com/egirault/googleplay-api/issues/12#issuecomment-12878004>.

—
Reply to this email directly or view it on GitHub<

https://github.com/egirault/googleplay-api/issues/12#issuecomment-12886761>.

—
Reply to this email directly or view it on GitHub<
https://github.com/egirault/googleplay-api/issues/12#issuecomment-12901512>.

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/12#issuecomment-12901782.

from googleplay-api.

I managed to intercept the HTTPS traffic from the Google Play APP running on my simulator.

To download an already purchased APK, the Play APP first sends this request:

GET /fdfe/delivery?doc=com.zeptolab.ctr.paid&ot=1&st=XXXXXXXX&vc=20 HTTP/1.1
Accept-Language: en-US
X-DFE-MCCMNC: 310260
Authorization: GoogleLogin auth=XXXXXXX
X-DFE-Enabled-Experiments: cl:billing.purchase_button_show_wallet_icon
X-DFE-Unsupported-Experiments: nocache:dfe:dc:1,nocache:dfe:uc:US,buyer_currency,buyer_currency_in_app,checkin.set_asset_paid_app_field,cl:billing.select_add_instrument_by_default,cl:warm_welcome.enable,content_ratings,localized_images,market_emails,nocache:billing.use_charging_poller,nocache:billing.use_provisioning_poller,nocache:billing.use_provisioning_poller_inapp,nocache:billing.use_provisioning_poller_subs,nocache:cl:warm_welcome.no_show_consumption_button,nocache:enable_play_country,nocache:enable_tablet_large,nocache:encrypted_apk,nocache:recs:automated_weight_adjuster_57,nocache:recs:books_annotate_merch_collection_20130620_25,nocache:recs:movies_annotate_merch_collection_20130620_25,nocache:recs:track_annotate_merch_collection_20130620_75,nocache:recs:weights_books_20130219_40,nocache:recs:weights_movies_20130614_30,nocache:recs:weights_plusones_20130418_40,nocache:recs:weights_track_20130409_-0,nocache:user_challenge,prod_locale_boost,recent_changes,recs:books_portrait_20121210_00,recs:music_no_portrait_20130211_10,shekel_test
X-DFE-Device-Id: XXXXXXXX
X-DFE-Client-Id: am-google
X-DFE-Logging-Id: 2143067ea0e34383
User-Agent: Android-Finsky/4.1.10 (api=3,versionCode=80210010,sdk=16,device=generic,hardware=goldfish,product=sdk)
X-DFE-SmallestScreenWidthDp: 320
X-DFE-Filter-Level: 3
Host: android.clients.google.com
Connection: Keep-Alive

The decoded response is:

1 {
21 {
2 {
1: 24095593
2: "9-68VyZugyYCLv_1FeNXdD33hHE"
3: "https://android.clients.google.com/market/streaming/Download?packageName=com.zeptolab.ctr.paid&versionCode=20&token=AOTCm0TLevi-QgFKC8eaekC-0BhSsZGDFC7t0sPNvfUeejay
wcqnTaabvx-IFroJyVcBOiQeE2clzoI6E7twPq4-lB0S1tYb2JpQ9ZSntfY&ev=1&downloadId=7120421825546781811"
5 {
1: "MarketDA"
2: "09331046713986310435"
}
6: 1
8: 1
12 {
1: 1
2: "h9khHkqABEIIe31LOEXoTw=="
3: "aIsUS3wwdijIbGWnqNcGQINoQtloixRLfDB2KMhsZac="
}
}
}
}
5 {
1: 74
}

But then the APP crashes and I cannot further download it.

from googleplay-api.

Hey Egirault !!!
I have been playing a lot with your most amazing api. Its insanely great and you have done an awesome job.
I have been trying to play with the fdfe/log endpoint and am unable to decode the request. I have used MITMProxy and Fiddler to decode the network requests.
I need your help to decode the key for the protobuffed message to google that is sent to the google servers in the post request that follows :

POST https://android.clients.google.com/fdfe/log HTTP/1.1
Content-Type: application/x-protobuf
Accept-Language: en-US
Authorization: GoogleLogin auth=XXXXXXXX
X-DFE-Enabled-Experiments: nocache:enable_newsstand
X-DFE-Unsupported-Experiments: nocache:dfe:dc:3,nocache:dfe:uc:IN,apk_translations,buyer_currency,buyer_currency_in_app,checkin.set_asset_paid_app_field,content_ratings,localized_images,market_emails,new_merchant_signup,nocache:apps.offline_docs,nocache:billing.use_charging_poller,nocache:billing.use_provisioning_poller,nocache:billing.use_provisioning_poller_inapp,nocache:billing.use_provisioning_poller_subs,nocache:enable_play_country,nocache:enable_tablet_large,nocache:encrypted_apk,nocache:mixer:use_windsearch,nocache:recs:automated_weight_adjuster_94,nocache:recs:books_annotate_merch_collection_20130620_75,nocache:recs:movies_annotate_merch_collection_20130620_25,nocache:recs:weights_books_50,nocache:recs:weights_books_transition_80,nocache:recs:weights_movies_60,nocache:use_gaia_mint_instead_of_checkout_auth_token,nocache:user_challenge,prod_locale_boost,recent_changes,vca:enable_onetree_search
X-DFE-Device-Id: XXXXXXXX
X-DFE-Client-Id: am-unknown
X-DFE-Logging-Id: XXXXXXX
User-Agent: Android-Finsky/4.4.21 (api=3,versionCode=80240021,sdk=16,device=mako,hardware=vbox86,product=occam)
X-DFE-SmallestScreenWidthDp: 600
X-DFE-Filter-Level: 3
Content-Length: 55
Host: android.clients.google.com
Connection: Keep-Alive

/�ȧ *�&confirmFreeDownload?doc=com.igs.fafafa

It would be very helpful of you if you could help decode the Chinese characters in the above request.

from googleplay-api.

So has someone figured out which .proto to use with protoc when decoding intercepted Google Play API responses?

from googleplay-api.