[Metalab] Ask Metalab: Please help decoding this web-request! (more context & data)

Mon Aug 3 21:49:12 CEST 2009

Hey again!

I've captured more requests and have them grouped a little bit:

The requests are from my G1, the Android market software polling the G* 
servers for new games. By scrolling down the list the software kept 
requesting new entries, as the list of the apps keeps growing. The 
requests are sent with the http method "POST" and have this header: 
"Content-Type=application/x-www-form-urlencoded"

The data posted in the requests is "request=OUR_KEYS" (OUR_KEYS look a 
little like a base64 variant). To see them in plain text would be great! 
Here I have collected and grouped and couple ofrequests:

- Category: Games - Casino - By Popular + By Date (~ 20 request strings 
for getting more items and the icons)
  File: http://www.4feets.com/x/requests_casino_more.txt

- Category: Games - Arcade - By Popular + By Date (again ~ 20 requests 
each for getting more items and icons)
  File: http://www.4feets.com/x/requests_arcade_more.txt

If you look at the requests encoded, the with > 200 chars longer ones 
are receiving the png images bundle, and the shorter ones (usually 
around 450 chars) poll the listing of the apps and games.

Looking just at the encoded keys for getting the listings, they differ 
by 2 bytes for each "next page", and by 1 byte for "by popular" and "by 
date". The interesting ones are usually at the very end of each line, 
the first ~200 characters are the same (only for each category).

Here is a small tool I wrote that compares the characters of as many 
lines as you put in a file: http://www.4feets.com/x/checkstrings.py.txt

Thanks in advance!

Best,
- Chris

Chris Hager wrote:
> Hey Guys!
>
> I was checking out what data my G1 is sending to Google via HTTP POST 
> requests, which is somehow encoded. First, here is the request-string 
> which would be nice to see decoded:
>
> ?request=CsQCCuABRFFBQUFKd0FBQURCdU5DbG04UEF5NUhyMzkzT1pTSThEcmdsWExNVGdWTTVobjBnbEdhVFk0WGo3bExHTl92MURnVUR5U2lVV281UElUT21KVTdDZEVoWHpwSHI5czQwT01HTkRkSHhvUG1nY2szREJNQ2NkNTNyV0ppTlcweHBhcjUtREljbXVFaWtQaUJURC1SNEJBMTQzSk90bDduVVNrbWNIZjJheG55UVFZTFBuY1RERUZzUnNoN0xfalNJcVpDQXlSajI3Q3g0QkJoLVR5WFNsaWVUR0VwU1hOZTAQABjqByIQMjAwMTQ1ZGE5MGM4NmU1ZioHZHJlYW06MzICZW46AkdCQhBULU1vYmlsZSBBdXN0cmlhSgBSBTIzMjAzWgUyMzIwM2IVYW0tYW5kcm9pZC10bW9iaWxlLWF0EyIKCAQ4AUAASApQABQ
>
> I found out that i can partly decode the key (starting at 'CsQCC...') 
> with base64 and see parts of the original string, but still don't get a 
> totally decoded result. (To decode with base64, you have to append "=" 
> at the end of the key).
>
>   > import base64
>   > base64.decode64(REQUEST_KEY + "=")
>
> Output (with repr):
> '\n\xc4\x02\n\xe0\x01DQAAAJwAAADBuNClm8PAy5Hr393OZSI8DrglXLMTgVM5hn0glGaTY4Xj7lLGN_v1DgUDySiUWo5PITOmJU7CdEhXzpHr9s40OMGNDdHxoPmgck3DBMCcd53rWJiNW0xpar5-DIcmuEikPiBTD-R4BA143JOtl7nUSkmcHf2axnyQQYLPncTDEFsRsh7L_jSIqZCAyRj27Cx4BBh-TyXSlieTGEpSXNe0\x10\x00\x18\xea\x07"\x10200145da90c86e5f*\x07dream:32\x02en:\x02GBB\x10T-Mobile 
> AustriaJ\x00R\x0523203Z\x0523203b\x15am-android-tmobile-at\x13"\n\x08\x048\x01@\x00H\nP\x00\x14'
>
> So these are a lot of hex characters which are not inside the ascii 
> character map. I don't know if this is the right trail, but here is 
> where I don't know how to proceed on myself. It would be very 
> interesting to see how the G1's communicate with Google!
>
> Please have a look at it -- perhaps we can solve this puzzle with joined 
> forces!
>
> - Chris
>
> Jabber: metachris at jabber.metalab.at
>
> _______________________________________________
> Metalab mailing list
> Metalab at lists.metalab.at
> http://lists.metalab.at/mailman/listinfo/metalab
>
>