艦これHacking

Transcript

1. Introduction Tools ࣮ࡍʹղੳͯ͠Έͨ ·ͱΊ ؋͜ΕHacking 2013 ೥ 11 ݄ 09

   ೔ ؋͜Ε Hacking

2. Introduction Tools ࣮ࡍʹղੳͯ͠Έͨ ·ͱΊ ΆΜͭ͜ ΆΜͭ͜ʢ@ponkotuyʣͰ͢ ேى͖Εͳͯ͘༗څ͕࢒Βͳ͍ఔ౓ͷࣾச ։ൃ͸ Scala +

   Play ͱ CoeeScript ؀ڥ͸ Emacs or IntelliJ(IDE) + Ubuntu ϓϨθϯ͸ Emacs ͷ org-mode + TEX + Beamer ؋͜Ε Hacking

3. Introduction Tools ࣮ࡍʹղੳͯ͠Έͨ ·ͱΊ ޷͖ͳ؋່͸རࠜ͞ΜͰ͢ E-2 ߈ུͰ͸ແ૒ͯ͘͠Ε·ͨ͠ ؋͜Ε Hacking

4. Introduction Tools ࣮ࡍʹղੳͯ͠Έͨ ·ͱΊ ؋͜Εʜ஌ͬͯ·͢ΑͶʁ ؋͜Εͱ͸ ఇࠃւ܉ͷ܉؋່͕ʹͳͬͯ ҭͯͯΩϟ οΩϟ΢ϑϑ͠ͳ͕Β ւҬΛಥഁ͢ΔͨΊʹࢿݯ΍ཏ਑൫ͱઓ͏

   ήʔϜͰ͢ʂ ˞࣮ࡍઓಆ͸ӡཁૉ͚ͩͳͷͰɺҭ੒ͱฤ੒ͱࢿݯྔ͕શͯ ؋͜Ε Hacking

5. Introduction Tools ࣮ࡍʹղੳͯ͠Έͨ ·ͱΊ ͱ͍͏Θ͚Ͱ ࠓճ͸؋͜Εͷ API Λ Hacking ͯ͠Έ·͠ΐ͏ʂ

   ؋͜Ε Hacking

6. Introduction Tools ࣮ࡍʹղੳͯ͠Έͨ ·ͱΊ ωοτϫʔΫௐࠪํ๏ ؋͜ΕʢFlashʣͷ௨৴Λௐ΂Δํ๏ʢࢥ͍ͨൣғʣ શύέοτ௨৴Λऔಘͯ͠ Filterʢࠓճ΍Δํ๏ʣ ಛఆϖʔδ͚ͩ Proxy

   Λט·ͤΔ .NET ͷ IE ܥϥΠϒϥϦʢʁʣ ؋͜Εϒϥ΢βܥ͸Լ 2 छྨͷํ๏Ͱ๣ड ؋͜Ε Hacking

7. Introduction Tools ࣮ࡍʹղੳͯ͠Έͨ ·ͱΊ tcpdumpͱ͸ CUI ಛఆωοτϫʔΫσόΠεͷύέοτௐࠪ͢Δπʔϧ ࢖͍ํ͸άάΕ ؋͜Ε Hacking

8. Introduction Tools ࣮ࡍʹղੳͯ͠Έͨ ·ͱΊ ࢖ͬͯΈΔ ؋͜Εͷૢ࡞Λͨ͠ͱ͖ྲྀΕΔύέοτΛղੳ 125.6.189.39 ͷ Port80 ͱ௨৴͍ͯ͠Δ͜ͱ͕෼͔Δ

   -X ͰόΠφϦσʔλ͕ݟΕΔ ͕ͩૉਓʹ͸ HTTP Ͱ JSON ΍ΓͱΓ͍ͯ͠Δ༷ࢠ͠ ͔෼͔Βͳ͍ ͜Μͳݪ࢝తͳπʔϧ࢖ͬͯΒΕΔ͔ʔʢόʔϯʂ ؋͜Ε Hacking

9. Introduction Tools ࣮ࡍʹղੳͯ͠Έͨ ·ͱΊ Wiresharkͱ͸ GUI ύέοτΩϟϓνϟ Filter HTTP ౳ղੳࡁΈσʔλΛ

   Export ࠓճ͸ຆͲ͜Ε͚ͩͰ͍͚·ͨ͠ ؋͜Ε Hacking

10. Introduction Tools ࣮ࡍʹղੳͯ͠Έͨ ·ͱΊ ؋͜ΕͰWireshark Ubuntu ͳΒ apt-get wireshark ཁ

    root lter ͸ http and ip.addr == 125.6.189.39 ͜ͷঢ়ଶͰૢ࡞͢Δͱσʔλ͕ྲྀΕͯ͘Δ ͋ͱ͸޷͖ͳσʔλΛબΜͰ export ؋͜Ε Hacking

11. Introduction Tools ࣮ࡍʹղੳͯ͠Έͨ ·ͱΊ exportͨ͠ϑΝΠϧ ೔ຊޠ͕ unicode unicode ରԠͷ JSON

    ύʔα͕ඞཁ Python Ͱσίʔυͯ͠ PrettyPrint ͠·ͨ͠ ؋͜Ε Hacking

12. Introduction Tools ࣮ࡍʹղੳͯ͠Έͨ ·ͱΊ ௨৴ͷશମతͳಛ௃ ҉߸Խ͞Εͯͳ͍ʢ͞ΕͯͨΒརࠜ͞ΜτʔΫͯͨ͠ʣ api_result Ͱ 1 ͸͓ͦΒ͘

    Success api_result_msg Ͱ੒ޭͷจࣈΛฦ͢ʢҙຯ͸ແͦ͞͏ʣ api_data ҎԼʹ༗༻ͳσʔλ͕͋Δ ੠͸ MP3ɻϞϊϥϧͷ 48kHzɺ56kbps ؋͜Ε Hacking

13. Introduction Tools ࣮ࡍʹղੳͯ͠Έͨ ·ͱΊ ฼ߓॳظը໘ ͜ͷը໘ʹભҠ͢Δ࣌ͷ௨৴ ؋͜Ε Hacking

14. Introduction Tools ࣮ࡍʹղੳͯ͠Έͨ ·ͱΊ ฼ߓॳظը໘2 actionlog ӈԼͷԋश݁ՌͳͲͷ׆ಈ log logincheck ࢿݯ૿ྔɻೝূܥͰ͸ͳ͍

    material ࢿݯྔɻࢿݯ͸ 1 ੴ༉ 2 ஄ༀ 3 మ߯ 4 ϘʔΩ 5 ߴ଎ݐ଄ࡐ 6 ߴ଎म෮ࡐ 7 ։ൃࢿࡐɻlogincheck ͷฦΓ஋͸Կͷҝʹ͋Δͷ͔ɻ ؋͜Ε Hacking

15. Introduction Tools ࣮ࡍʹղੳͯ͠Έͨ ·ͱΊ deck_port ؋ୂ৘ใ api_name ؋ୂ໊ api_ship ؋່൪߸ʢೖखॱʹ

    increment ͍ͯ͘͠ IDʣͷ Ϧετ api_mission ԕ੐σʔλ [ւҬ, ԕ੐ ID, ԕ੐ؼ౤࣌ؒ, ʁ] ԕ੐σʔλ͕؋ୂ৘ใʹͳͬͯΔͷ͸ڵຯਂ͍ɻ͜ΕͰԕ ੐νΣ οΧʔ࡞ΕΔ ؋͜Ε Hacking

16. Introduction Tools ࣮ࡍʹղੳͯ͠Έͨ ·ͱΊ ndock ೖڎ৘ใ api_complete_time ׬ྃ࣌ؒ api_item1ʙ4 ࣋ͪ෺৘ใ

    api_ship_id ؋່൪߸ ͜ΕͰೖڎνΣ οΧʔ࡞Ε·͢Ͷ ؋͜Ε Hacking

17. Introduction Tools ࣮ࡍʹղੳͯ͠Έͨ ·ͱΊ ship2 ؋່ͷৄࡉσʔλ HP ͷσʔλͳͲεςʔλεશ෦ ཕܸͳͲ͸૷උલޙͷ஋ ࠷େ

    HP ͸૷උલޙͷ஋͕ແ͍ͷͰɺࠓޙ΋૷උͰ HP ্͕Δܥ૷උ͸ແͦ͞͏ͩͱ෼͔Δ api_luckey ΋ɺྫ͑͹ඈཾ [40, 89]ɺརࠜ [10, 59] ͳͲ ͋ͱ deck_port ؙ͕͝ͱೖ͍ͬͯΔɻҙຯͳ͍ ؋͜Ε Hacking

18. Introduction Tools ࣮ࡍʹղੳͯ͠Έͨ ·ͱΊ basic ઓ੷දࣔͰݟΕΔϢʔβσʔλ+Ո۩৘ใͳͲ ؾʹͳΔͷ͸ max_kagu Ո۩ͷ্ݶΛ࣮૷͢Δ༧ఆͩͬͨʁ play_time

    ͋Δͱศརͦ͏͕ͩ 0 ʹͳ͍ͬͯΔ pt_challenged ύʔςΟʔػೳ͔ʁ কདྷ࣮૷༧ఆ or Deprecated ͳ࢖ΘΕ͍ͯͳ͍ม਺͋Γ ͜ͷΑ͏ͳಾม਺͸ basic ͷΈݟΒΕΔ ؋͜Ε Hacking

19. Introduction Tools ࣮ࡍʹղੳͯ͠Έͨ ·ͱΊ ฼ߓॳظը໘·ͱΊ ฼ߓॳظը໘͚ͩͰ΋૬౰ͷ৘ใ͕ೖखՄೳ ؆୯ͳ؋͜Επʔϧ࡞ΔͳΒ͜ΕͰॆ෼ ͨͩ؋໊͕෼͔Βͣ ID ͔͠ͳ͍

    ˠผͰऔΔ͔ϚελʔςʔϒϧΛ༻ҙ͢Δඞཁੑ ؋͜Ε Hacking

20. Introduction Tools ࣮ࡍʹղੳͯ͠Έͨ ·ͱΊ ·ͱΊ རࠜ࢞͞Μ͔Θ͍͍ ؋͜Εͷ API ͸؆୯ʹ Hack

    Ͱ͖Δ Wireshark ͍͢͝ ฼ߓॳظը໘͚ͩͰେମଗ͏ ؋͜Ε API ΞΫηεແବ͕ଟ͍ʢͦΓΌೣΔΘʣ ΈΜͳ΋؋͜Επʔϧ࡞ͬͯΈΑ͏ ؋͜Ε Hacking