You do not permission to view this directory or page #5
Comments
|
I already investigated a bit further. Before the System updated I sniffed a couple of requests from my Android phone. My code works because I generated a plexure key with McFux.java and also decrypted it successfully. I really don't know if this is a problem or not. |
|
Can you teach me? Because i don't know how fix it. |
|
Seems that McD updated the deviceRegistration and token generation methods. I will look into this maybe later, but I'm leaving this issue open for anyone to share infos. |
|
Was there an update for the Android App itself? EDIT: Okay, I was wrong in my first comment. The app did receive an update. In fact it is quite a huge update (version 2.0.1) is out. Will do some reversing and report back. |
|
I confirm that McDonald's has updated token generation methods and implemented SafetyNet, in this time there aren't new update in ios; i have a demostration video of the new bypass,if anyone wants to see it write me |
|
UPDATE: Since I have no hardware (moving house rn) for decompiling and search for new methods to exploit this new update, I'm tagging @ddekus and @giacomoferretti which they may have found a solution/working on it. Still leaving this issue open for updates. |
|
@0xf77 Actually I have already written a working PoC to bypass the new check using SafetyNet, but I can't publish it right now. I will leave a GIF demonstrating how it works. EDIT: Here's the video/GIF: https://imgur.com/a/hx8FCwT (Direct) |
|
If you can point me to the right class which implements the safetynet and token Generation i can Reverse it and make a Pull request for this repo |
|
Am i the only one getting 401.2 error? I tried on a lot of physical devices and it worked on 1/3. And on emulators it doesn't work. |
|
@ddekus you can't pass SafetyNet on emulators. |
Thank you for this information. I used my old phone with Magisk with patcheD SafetyNet and SSLUnpinning from Xposed to intercept request. I found that they are similiar with two new headers: X-Dif-Authorization and Digest that seems to be just a way to check other sent information. If someone else is working on this we can cooperate :) |
|
Hello guys. I need help with Doing McDonalds sweden config. I need capture and working config that crack accs. Im paying. Discord is sqreway#0442, telegram is sqreway and my mail is sweeliaz@gmail.com |
|
@giacomoferretti and the other guys. Btw i never use mail so please contact om The other stuff or send me ur guys contact details |
(Hi guys) |
|
If a campaign occurs in Denmark again I will update and release code to generate headers |
|
Did you guys find something? I can give you some help if you want. |
Sorry, i haven't dump at moment, but if you need it i can try to get it again!
I would like some help, after reversed the app i don't fully understand where digest come from . |
|
Sorry for the late response! The digest header is simply the SHA256 of the body. |
I'd be really grateful if you did |
|
Wow, I didn't know there were other people reverse engineering mcdonalds. Does anyone know how to generate the X-Dif-Authorization header? |
|
To generate a token for the X-Dif-Authorization header you'll need:
|
|
So for every call that I want to make that contains the dif-auth header I need to run some code on an android device that passes safetynet? Or just once to get some type of token? Also do you have an example to generate the nonce? |
|
There are some tricks that allow you to generate only one token that you can utilize on all requests. I will publish my code soon. |
|
You can read more here: https://github.com/giacomoferretti/ffapi-project/tree/master/mcmod-poc I'm sorry if the code is difficult to read, especially in the important part where it generates the SafetyNet token. EDIT: I don't think it's possible to generate coupons without having a real device "farming" tokens. |
|
@giacomoferretti |
|
@coolnickname |
McDonalds update systems
The text was updated successfully, but these errors were encountered: