To deserialize this, we used an intercept proxy called burp.
We have seen that, Farmville is sending these Request to one of the gateway services.
http://fb-tc-[1-3].farmville.com/flashservices/gateway.php.
The deserialized AMF Request looks like.
We have a target and response method, which is a Flash function. the response-filed is just for identifying the response, for testing you can keep the same value.
The data array is the request body, where Array 0 is containg some tokens which have to match. but can be keeped constant for the whole game. The Array 1 is the Request, which tells what to do. This one contains a sequence number, which you have to count up after every request. The functionname is triggerind the flashfunction with the parameters given above.
We have chosen a basic example with less data. We just call PregnantSowUtiliyService.onActivateSow(true) and this will give us the reward link, that can be shared with friends. During our tests, you can create as many Links as you want by just increasing the sequence number using the burp repeater. The function for Lostanimals is called LonelyCowService.createLonelyAnimal, but for some reason you cannot generate them.
It would be interesting to learn about how many functions Farmville is supporting and what their syntax is. If you are interested in this question ,so we can start to build a function database for Farmville.
On interests, just contact us.
Burp can only change the value inside the AMF request, but you cannot build your own AMF packages. You cannot remove or add arrays from the body. If you know any better proxy please let us know.
how to trigger a request?
ReplyDeletecharlesproxy.com
ReplyDelete