设为首页收藏本站
切换到宽版

24游戏-网络单机游戏GM工具论坛

 找回密码
 立即注册

QQ登录

只需一步,快速开始

24游戏-网络单机游戏GM工具论坛»论坛 网单资源分享 明日方舟 如何在本地部署 Darknights [明日方舟]
返回列表 发新帖
查看: 842|回复: 0

如何在本地部署 Darknights [明日方舟]

[复制链接]
mysheep

87

主题

43

回帖

1895

积分

金牌会员

Rank: 6Rank: 6

积分
1895

救世者之树-邮件龙之谷三系-泡点剑灵M赞助商-200奥拉蛋赞助商-item奥拉蛋赞助商-CDK
发表于 2023-2-15 19:08:46 | 显示全部楼层 |阅读模式
This tutorial will show you how to deploy Darknights locally.
Main steps:
  • Set up main darknights server.
  • Open your simulator.
  • Run MITM and redirect all the simulator's traffic to it.
  • Run frida server.
  • Run frida script to hook the function VerifySignMD5RSA.
  • Done.

Set up main Darknights server
  • Install Mongodb and run mongod --dbpath /PATH/TO/DATABASE.
  • Download Darknights-server from GitHub and run main.py. You need bottle >= 0.13,pymongo >= 3.11 and pycryptodome.
  • Insatll Nginx for HTTPS. You need a domain and a valid pan-domain certificate for it. The domain should be resolved to127.0.0.1.
Example Nginx config(change the domain and certificate paths):
  1. server
  2. {
  3.     listen 443 ssl;

  5.     ssl_certificate path/to/your/cert;
  6.     ssl_certificate_key path/to/your/privkey;

  8.     server_name as.yourdomain.com ak-gs-gf.yourdomain.com;

  10.     ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
  11.     ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
  12.     ssl_prefer_server_ciphers on;
  13.     ssl_session_cache shared:SSL:10m;

  15.     location ~ .*
  16.     {
  17.         proxy_pass http://localhost:9444;
  18.     }
  19. }

  21. server
  22. {

  24.     listen 443 ssl;

  26.     ssl_certificate path/to/your/cert;
  27.     ssl_certificate_key path/to/your/privkey;

  29.     server_name ~^([^.]+)\yourdomain\.com$;
  30.     set $domain $1;

  32.     resolver 8.8.8.8;

  34.     ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
  35.     ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
  36.     ssl_prefer_server_ciphers on;

  38.     ssl_session_cache shared:SSL:10m;

  40.     location ~ .*
  41.     {
  42.         proxy_set_header Host $domain.hypergryph.com;
  43.         proxy_pass https://$domain.hypergryph.com;
  44.         proxy_ssl_server_name on;
  45.     }
  46. }
复制代码
You can also set up the server-side on remote host. Just change the DNS config.
Open your simulator
Everthing works well on Nox 7.0.3.3 Android 9 64bit. Other simulators are not tested. You may have a try.
Run MITM and redirect all the simulator's traffic to it
  • Install mitmproxy and run mitmweb -s proxy.py.
    Example proxy.py(change the domain):

  1. network_config = """

  3. {"sign":"N+TjgIU1VP85wUeRVcmU6k9w3x3oTlKDXM9oK2TllRtryxTH2S9zMCAgUKIBvhinssBE7Dkll34G0llfUYdlnJTWar+OydnkEN0DA9ecWuoNdQRJ3fIAyYMDRsrTjcrkfUqDJ6GdB9MivqYBm5MKhFxzdI1UtY2kJxC9TZJR5m0=","content":"{\"configVer\":\"5\",\"funcVer\":\"V030\",\"configs\":{\"V030\":{\"override\":true,\"network\":{\"gs\":\"https://ak-gs-gf.yourdomain.com\",\"as\":\"https://as.yourdomain.com\",\"u8\":\"https://as.yourdomain.com/u8\",\"hu\":\"https://ak.hycdn.cn/assetbundle/official\",\"hv\":\"https://ak-conf.yourdomain.com/config/prod/official/{0}/version\",\"rc\":\"https://ak-conf.yourdomain.com/config/prod/official/remote_config\",\"an\":\"https://ak-conf.yourdomain.com/config/prod/announce_meta/{0}/announcement.meta.json\",\"prean\":\"https://ak-conf.yourdomain.com/config/prod/announce_meta/{0}/preannouncement.meta.json\",\"sl\":\"https://ak.yourdomain.com/protocol/service\",\"of\":\"https://ak.yourdomain.com/index.html\",\"pkgAd\":\"https://ak.yourdomain.com/download\",\"pkgIOS\":\"https://apps.apple.com/cn/app/id1454663939\",\"secure\":false}}}}"}

  5. """

  7. class  ArkInterceptor():
  8.     def response(self, flow):
  9.         if not flow.request.path.find("network_config") == -1:
  10.             flow.response.set_text(network_config)

  12. addons = [
  13.     ArkInterceptor()
  14. ]
复制代码
  • Install a VPN software (or other softwares that can redirect all your traffic to mitmproxy) on your simulator, and set the proxy in your simulator.
  • Open mitm.it in your simulator's browser, download the certificate for Android devices and install. Note that you need to install the certificate as system certificate.
    One possible way of installing the certificate as system certificate is to use Magisk and the Movecert module.

Run frida server
  • Download ADB and execute adb.exe connect 127.0.0.1:YOUR_SIMULATOR_ADB_PORT.
  • Download Frida server and run adb.exe -s 127.0.0.1:YOUR_SIMULATOR_ADB_PORT push frida-server /data/local/tmp. Note that you need to choose the suitable architecture of Frida server.
  • Run adb.exe -s 127.0.0.1:YOUR_SIMULATOR_ADB_PORT shell.
  • cd /data/local/tmp
  • chmod 777 frida-server
  • ./frida-server
Run frida script to hook the function VerifySignMD5RSA
  • Save the code below as hook.js
    1. function VerifySignMD5RSA(){
    2.     var func = get_func_by_offset("libil2cpp.so",0x10e79fd)
    3.     console.log('[+] hook VerifySignMD5RSA() '+func.toString())
    4.     Interceptor.attach(func, {
    5.         onEnter: function (args) {
    6.             console.log(args[1])
    7.         },
    8.         onLeave: function (retval) {
    9.             retval.replace(0x1);
    10.         }
    11.     });
    12. }
    13. function attach_matched(so_path){
    14.     if(so_path.indexOf('libil2cpp.so')<0 || is_matched == true){
    15.         return
    16.     }
    17.     is_matched = true
    18.     console.log('[*] '+so_path)
    19.     VerifySignMD5RSA();
    20. }
    21. function hook_dlopen(){
    22.     var func = null;
    23.     func = new NativePointer(Module.findBaseAddress("linker")).add(0x7190);
    24.     console.log('[+] dlopen '+ func.toString())
    25.     Interceptor.attach(func, {
    26.     onEnter: function (args) {
    27.         this.so_path = Memory.readCString(args[0])
    28.     },
    29.         onLeave: function (retval) {
    30.             attach_matched(this.so_path)
    31.         }
    32.     });
    33. }
    34. hook_dlopen();
    复制代码
    Different architectures can have different offests. For 32 bit simulator, change '0x7190' in hook_dlopen to '0x2101' .
    • Run frida -U -l hook.js --no-pause -f com.hypergryph.arknights .





回复

使用道具 举报

返回列表 发新帖
*滑块验证:
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

关闭

站长推荐上一条 /1 下一条

QQ|Archiver|手机版|小黑屋|24游戏论坛

GMT+8, 2024-5-6 22:04 , Processed in 0.421253 second(s), 23 queries , Gzip On.

Powered by Discuz! X3.4

© 2001-2023 Discuz! Team.

快速回复 返回顶部 返回列表