dChan
Anonymous ID: 62f144 May 7, 2020, 8:31 p.m. No.9074616   🗄️.is 🔗kun

I'm doing the same thing with one of the PDF's that the Schiff just dropped to see if I can come up with anything.

 

So far no dice, but I'm also fairly new at reverse-engineering and Ghidra, so it's possible I'm missing things.

 

Having said that, I am glad OP put this board up for Ghidra hunting, and I think we may be focusing too much on his images and trying to decode the hidden meaning in them. There may very well be more there 'than we know,' but we shouldn't forget to tear new things apart too.

 

Anyway, glad to be here. Thanks for the board OP.

Anonymous ID: 62f144 May 7, 2020, 8:48 p.m. No.9074898   🗄️.is 🔗kun

>>9074092

Well I made myself look like an ass. I replied to the wrong guy with a question I easily answered by a quick search.

 

So from what I can tell I don't think you can download Star Wars: Commander from official sources anymore. However, I was able to find the Android apk file for download from:

 

https://star-wars-commander.en.uptodown.com/android

Anonymous ID: 62f144 May 8, 2020, 2:54 a.m. No.9077094   🗄️.is 🔗kun   >>8415 >>6726

Just occurred to me:

 

https://qmap.pub/read/4000

 

In this drop, Q asks us "Rebellion or Empire?"

 

Now, I've never played Star Wars: Commander before, but I could probably see this being a question on account creation. If we crack this apk open with Ghidra and take a look at where that screen/text is, maybe there's something there?

 

I'm starting to look through it now, but I likely wont be able to really dig into it until later today. I just wanted to share this idea in the meantime if someone else thinks it may be a good place to start.

Anonymous ID: 62f144 May 8, 2020, 9:26 a.m. No.9079983   🗄️.is 🔗kun

For you anons, another resource as I learn to go through this, myself:

 

https://maddiestone.github.io/AndroidAppRE/reversing_native_libs.html

 

It requires you to have an understanding of software/programming, but if you are like me (novice programmer) you should be able to understand it enough to jump on in.

 

One thing I found a lot easier to handle was unextracting all the files from the .apk first (linked above in other posts). You can do that with WinZip, and just place it in some random folder. I went too far down one rabbit hole and had the game running in an emulator, but I stopped after I got to the screen in the included image. I wanted to, at least, get to the screen we had mentioned that would have the option of joining the empire or the rebellion, and there it is.

 

So now I'm digging through the code a bit, trying to find out how the game runs (I've never programmed apps before so its new to me), but I think it runs out of the lib/(processor)/libmain.so file. I'm looking into the libunity.so file right now since its called out in the (I)Ljava/lang/String; line, but I'm not sure if I'm going down a rabbit hole again that I don't need to.

 

Anyway, I'm learning a lot. I hope some of you other anons that are more experienced in this than I are on a better path.

Anonymous ID: 62f144 May 9, 2020, 8:01 a.m. No.9093749   🗄️.is 🔗kun

I posted it already, but if you are looking to get into reverse-engineering App's (like android apps, such as Star Wars: Commander) I've put together a small list of resources. I'll also give my notes at the end since Q has told us to work together, essentially, in that one picture of people climbing a hill.

 

Resources

Virtual Environment

https://www.virtualbox.org/

 

Operating System Suggestion (Ubuntu is user-friendly)

https://ubuntu.com/

 

Star Wars: Commander App:

https://apkpure.com/star-wars%E2%84%A2-commander/com.lucasarts.starts_goo

-or-

https://star-wars-commander.en.uptodown.com/android

 

Ghidra

https://ghidra-sre.org/

 

Jadx (helpful for this project and other android apps)

https://github.com/skylot/jadx

 

Tutorial for Basic App Reverse Programming (get the .ova in this tutorial and load it into VirtualBox, it's essentially loaded with what the tutorial goes through)

https://maddiestone.github.io/AndroidAppRE/index.html

 

As a rule of thumb its much safer to run everything through the virtualbox, but if you want to all the above will also work/have options to work on an average Windows machine. I wouldn't suggest it, but I can't say that I'm above just running it all on my computer anyway. I'll accept the risk.

 

Exploratory Notes

As a disclaimer, I'm very new to software engineering and I've never reverse-engineered anything before in my life. Having said that, I encourage anyone with an interest in this to try their hand. The more people we have on this the better.

 

So right off the bat, looking at the AndroidManifest.xml, it looks like this application runs like a normal app does with nothing nefarious that stands out. I'm not seeing anything out of the ordinary in the Manifest but I still have a loooooooooooooot of code to go through. I did notice that a few things can be activated by other apps/programs though:

FBUnityDeepLinkingActivity (fuck you FaceBook)

SwrvePushEngageReceiver

SwrveEngageEventSender

FirebaseMessagingService

FirebaseInstanceIdService

Only thought on this is that the Firebase messaging service seems to be able to activate even when the app is closed, but I don't think that in and of itself is abnormal or malicious, as apps should be able to do this (right?). Someone with more app development experience can tell me otherwise, but I'm going to move on.

 

The game runs on the Unity3d.player…

 

Lots of source code in Java to look through…

 

Boy, Facebook really likes our activity…

 

Nothing stands out. I'm going to take a look at the Native Libraries now and see if I can pry those apart. The 'native libraries' are the '.so' files, such as…

libbugsnag-ndk.so

libbugsnag-unity.so (another bugsnag file, ho-hum)

libil2cpp.so (my God its huge [~30MB]. That's going to take forever!)

libmain.so

libunity.so (I haven't looked just yet, but I think this is the unity engine that the game runs in. Also my God its 19MB and is going to take forever)

 

Kind of getting hung up. I decompiled the libl2cpp.so with Ghidra and there's an awful lot to go through here, and it takes some in-depth analysis to do so. I'm thinking I need to hit the books a bit more before I start jumping into this because passively reading and hoping that something jumps out at me will be futile.

 

Any suggestions would be welcome.

Anonymous ID: 62f144 May 9, 2020, 8:54 a.m. No.9094189   🗄️.is 🔗kun   >>4214

Wait I just realized something.

 

Reading through some of the java code for the messaging service under:

Source Code>com>google>firebase>lib

I've realized that a lot of the messages sent back and forth aren't just stored at Google's cloud, but they SEEM to be also sent to FaceBook for tracking purposes.

 

This means that there are two separate locations that have stored that shady conversation we saw. And its not just message content, but user data as well (meaning it could be directly attributed to the sender).

 

I mean this isn't ground-shattering or anything, but it gives me some insight as to how Q and/or NSA could be catching these dudes.