Skip to content
This repository has been archived by the owner on Dec 8, 2022. It is now read-only.

Developer Console Protocol

Jump to bottom
nelenkov edited this page Jul 20, 2012 · 1 revision

This obviously needs work, but here's a first pass at making sense of the requests. For more details see presentation and code at the link below. Unfortunately the parser doesn't work as is with version 7.

https://github.com/GDSSecurity/GWT-Penetration-Testing-Toolset

getAssetIndexForUser

7|2|7|https://play.google.com/apps/publish/gwt/|3DF4994263B7BFE1C6E2AB34E241C0F5|com.google.gwt.user.client.rpc.XsrfToken/4254043109|AMtNNDG9emdxzJ9pfi2bbvYvbF08qf8qvg:1342763916311|com.google.wireless.android.vending.developer.shared.AppEditorService|getAssetIndexForUser|I|1|2|3|4|5|6|1|7|100|

Breaks down into this:

header:
   7|2|7|: (serialization version|flags|number of strings)
string table:
  1: https://play.google.com/apps/publish/gwt/|
  2: 3DF4994263B7BFE1C6E2AB340000C0F5|
  3: com.google.gwt.user.client.rpc.XsrfToken/4254043109|
  4: AMtNNDFBVZGHglcZtgGXXXXajDqiAw5AYQ:1342688021633|
  5: com.google.wireless.android.vending.developer.shared.AppEditorService|
  6: getAssetIndexForUser|
  7: I|
payload:
  1|2|3|4|5|6|: call method (6) with parameters (7) of service (5) using XSRF token (4, 3) at URL (1) with strong name (2)
  1|: number of params, types and values follow
    7|: param type(s) -- 7 -> I (Integer)
   
    100|: param value

So basically get first 100 assets (apps) for user. The only changeable part is the parameter (100).

getProductInfosForUser

7|2|9|https://play.google.com/apps/publish/gwt/|3DF4994263B7BFE1C6E2AB34E241C0F5|com.google.gwt.user.client.rpc.XsrfToken/4254043109|AMtNNDG9emdxzJ9pfi2bbvYvbF08qf8qvg:1342763916311|com.google.wireless.android.vending.developer.shared.AppEditorService|getProductInfosForUser|java.lang.String/2004016611|I|My App|1|2|3|4|5|6|4|7|8|8|7|9|0|4|0|

Breaks down into this:

header:
  7|2|9|
string table: 
  1: https://play.google.com/apps/publish/gwt/|
  2: 3DF4994263B7BFE1C6E2AB34E241C0F5|
  3: com.google.gwt.user.client.rpc.XsrfToken/4254043109|
  4: AMtNNDG9emdxzJ9pfi2bbvYvbF08qf8qvg:1342763916311|
  5: com.google.wireless.android.vending.developer.shared.AppEditorService|
  6: getProductInfosForUser|
  7: java.lang.String/2004016611|
  8: I|
  9: My App|
payload:
  1|2|3|4|5|6|: call method getProductInfosForUser of AppEditorService at URL, etc.
  4|: number of params, types and values follow
    7|: String
    8|: Integer
    8|: Integer
    7|: String
     
    9|: 'My App' (lookup from string table)
    0|: 0
    4|: 4
    0|: null (probably)

So something like, get product infos for 4 apps starting with 'My App' at index 0.

Clone this wiki locally