-
Notifications
You must be signed in to change notification settings - Fork 3
Payload analysis
Notes on GG:ST's API response payloads
The database contains metadata about the request-response transactions. Each row is a request-response transaction, where
the key dumpKey is a hash of the url, method, raw request payload combined.
Example of a partial dump from gg-struggle's db. Tables created in gg-struggle/server.js.
42808a7bf3f7045c356c92821f6491f935b6c5e4|/api/statistics/get_newest_battle_follow|149 bytes|558 sec
ead1f23afd1065231f1ddbca6edbf205813e7e97|/api/statistics/get_user_news|357 bytes|529 sec
44df5184df6008b669e16c8850eb54ff5204d466|/api/statistics/set|59 bytes|545 sec
bae236ac27292f3e97e1a17dbb1759e1e2af6808|/api/statistics/set|59 bytes|1016 sec
534718da1689f6164259f69c5871900eb3258b38|/api/statistics/set|59 bytes|576 sec
b627588615559e35366585b10f1b5e2e203a4a7f|/api/sys/get_env|98 bytes|
61013395fdb6fe2f993fed40c9fc3653bb69947c|/api/sys/get_env|98 bytes|543 sec
6a7c8e9005ad68c9d9656fe07e96fb2cc6faaac7|/api/sys/get_news|342909 bytes|1211 sec
Requests and responses are named <key>.gameReq.dump and <key>.ggResp.dump respectively. The files are byte-for-byte unencrypted dumps of the request data and responses.
Requests are dumped as as a literal url-encoded POST payload. e.g. the file's contents say data=9295b2... So we can hex-decode from byte 5, past the "data=" string.
$ tail -c +6 /tmp/gg-struggle/dumps/34c1dbe8d516d330d4c193eb259c9678d76dc953.gameReq.dump
9295b2323130363132303034383433333930313438ad3630653738383164386562386502a5302e302e340396a001010dffff
Now we can pump this string into xxd to get its binary form and pipe it to a file. with xxd we can read the contents
$ tail -c +6 /tmp/gg-struggle/dumps/34c1dbe8d516d330d4c193eb259c9678d76dc953.gameReq.dump \
| xxd -r -p >out.bin
$ xxd out.bin