· Customer Success  · 8 min read

Mobile Application Security - Pentesting Success Story

How Advanced Security Identified and Resolved a Critical Vulnerability in Spell Valley's In-Game Economy

How Advanced Security Identified and Resolved a Critical Vulnerability in Spell Valley's In-Game Economy

Overview

In the competitive mobile gaming world, ensuring a secure in-game economy is crucial. Bad Bishop, the creator of Spell Valley, faced a security issue that threatened their game’s balance. With the help of Advanced Security’s expert pen-testing services, they identified and resolved the vulnerability, safeguarding the game’s economy and player trust.

The Challenge: A anomaly in Spell Valley’s Economy

The issue at hand pertained to a critical anomaly within Spell Valley’s economic framework. Bad Bishop, discerning a possible vulnerability, approached Advanced Security under the premise that it might enable players to acquire Gems (integral virtual currency) without expenditure.

Identifying the Vulnerability

Using advanced tools like tcpdump and Wireshark, our pen-testing team discovered that the Spell Valley application was proxy unaware, attempting to connect to its API endpoints with random ports. (The screenshot of Wireshark is only for illustrative purposes, with real information withheld to ensure the confidentiality and protection of our clients.)

Wireshark

This allowed us to intercept and analyze the traffic using Burp Suite by setting up appropriate iptables rules and using adb reverse to map a port on the device to the Burp instance.

iptables

Once the setup was complete, we used Objection with Frida to bypass any potential SSL pinning issues and began observing the traffic through Burp Suite.

Objection

We noticed that we could see all the ongoing endpoints and their parameters, which led us to run Burp Intruder to brute force chest IDs.

Burp

Exploiting the Bug

After successfully brute-forcing chest IDs, our team was able to repeatedly claim rewards, accumulating up to 20K Gems in a short period. Further investigation revealed that by using a specific endpoint, we get Gems for free.

Gem01 Gem02

The Solution: Swift and Effective Bug Fix

We immediately reported our findings to the Bad Bishop development team. Through collaborative discussions, we identified the root cause of the vulnerability. The bug was due to a flaw in the server’s logic leading to negative gem costs and the ability to repeatedly exploit the system.

Collaborative Debugging and Fix Implementation

Bad Bishop’s lead developer, worked closely with our team to debug and verify the issue. Using custom scripts and database checks, we confirmed the exact conditions under which the exploit occurred. The dev team then implemented a fix to ensure that quests in the claimed state could no longer be mistakenly processed as redeemable.

The Outcome: A Secure and Fair Gaming Experience

Thanks to the thorough pen-testing and quick response by the Advance Security and Bad Bishop team, the vulnerability was promptly addressed before any significant impact could materialize. Check out our Pentesting service to see what we’re offering!

Back to Blog

Related Posts

View All Posts »