viperfx07 is here to blog about hacking, cracking, website, application, android, and many more.

Wednesday, March 26, 2014

How to hack KFC Snack! in the Face - Android

I performed this hack using Windows 7/8 and Nexus 4 rooted using Paranoid Android ROM 4.2 beta.

Index



Tools you need:

On Windows

1. 7zip/Winrar/Winzip or other archive/extracting tools
2. JPEXS Free Flash Decompiler
3. SQLite Administrator or other SQLite editor

On Android (must be rooted)

1. Root Explorer (paid) / ES File Explorer (free)
2. (optional) SQLite Editor (paid)

Steps (on Android)

1. Install and play the game with your Internet enabled and get one snack at least
2. After you get it, open Root Explorer / ES File Explorer to get the APK files in /data/app/ and find air.au.com.kfc.snackintheface-1.apk and copy this to your sdcard (/storage/emulated/0/)

3. Then, copy the APK to your computer
4. The second file you need to copy to your computer is the mysnackData.db located in /data/data/air.au.com.kfc.snackintheface/au.com.kfc.snackintheface/Local Store/

   

Next steps are to find the prize codes and apply it on the database. So, on your PC

1. Install JPEXS Free Flash Decompiler and SQLite Administrator. SQLite doesn't need to be installed.
2. Extract the APK file to a folder using 7zip or Winrar . For the demonstration purpose, I extracted it into air.au.com.kfc.snackintheface-1 folder
3. Go to the folder and open \assets\KFC_Game.swf with JPEXS Free Flash Decompiler
4. Go to scripts/au/kfc/snackgame/util/DealUtil in the decompiler 4. The deals stored in variable dealArray



Now we just need to add the prize codes into the "mysnackData.db" database. 

1. Open sqliteadmin. Choose Database - Open. Then choose mysnackData.db that has been copied on your PC.
2. On the left-hand side bar, navigate to mySnackData. Since I've put all the prizeIDs, you see more records than you have it on your mySnackData.db. 

3. To add the prizes, replicate the existing record to a new one, except the prizeID. To add, click + sign or you can go to any field than press down-arrow key on your keyboard. Make sure the playerPrizeID and playerID are the same as the existing record you have.

Finishing

1. Once, you have added the prizeIDs, copy the mySnackData.db to /data/data/air.au.com.kfc.snackintheface/au.com.kfc.snackintheface/Local Store/. 

2. Enjoy the free snacks

Note:
Keep a copy of the modified mySnackData.db if you want to redeem the same prize

Optional but it's useful

Requirement: BusyBox, ScriptManager

This step will save you a lot of time and you can redeem it over and over without a hassle.
I created a shell script to update the table so that the expiry dates are always set to 3 days after you run the script.

The script should run if you follow these steps:
1. Create a folder called kfchack in your sdcard (/storage/emulated/0/)
Note: Your path might be different and might need to try several paths to get the script working. Please read below explanation. 
Recommended lecture: Why did /sdcard/ turn into /sdcard/0/ with 4.2?.
In short: It has to do with the multi-user functionality introduced with Jelly Bean:
  • /storage/emulated/0/: to my knowledge, this refers to the "emulated MMC" ("owner part"). Usually this is the internal one. The "0" stands for the user here, "0" is the first user aka device-owner. If you create additional users, this number will increment for each.
  • /storage/emulated/legacy/ as before, but pointing to the part of the currently working user (for the owner, this would be a symlink to /storage/emulated/0/). So this path should bring every user to his "part".
  • /mnt/sdcard (Android < 4.0)
  • /storage/sdcard0 (Android 4.0+)
  • /storage/sdcard0/: As there's no legacy pendant here (see comments below), the "0" in this case rather identifies the device (card) itself. One could, eventually, connect a card reader with another SDCard via OTG, which then would become /storage/sdcard1 (no proof for that, just a guess -- but I'd say a good one)
Though one might get to the conclusion there should be a /storage/sdcard/legacy as well, there isn't (see comments) -- which completely makes sense with my assumption of the numbers here are not related to the user, but rather to possible multiple cards: "0" would always be the one in the card-slot of the device, so no need for a "legacy symlink" here.
Try /storage/emulated/0, /storage/emulated/legacy/, or /storage/sdcard0 depending on your Android version
2. Copy modified mySnackData.db into the folder
3. Create a file called kfchack.sh. The content is

#!/system/bin/sh

sqlite3 /storage/emulated/0/kfchack/mysnackData.db "UPDATE mysnackData SET createdOn = strftime('%Y-%m-%dT%H:%M%f',date('now')), modifiedOn = strftime('%Y-%m-%dT%H:%M%f',date('now')) , expiresOn = strftime(' %Y-%m-%dT%H:%M%f', date('now') , '+3 day')"

cat /storage/emulated/0/kfchack/mysnackData.db > "/data/data/air.au.com.kfc.snackintheface/au.com.kfc.snackintheface/Local Store/mysnackData.db"

The script will update the records on your database and overwrite the mySnackData.db in Local Store with the updated database.

4. Install ScriptManager
5. Create a SMShortcuts shortcut on your homescreen.



6. Choose "Add one script schortcut"

7. Choose "kfchack.sh". The icon with star means it's saved as Favourite.



8. To get the script stored as Favourite, you need to open Script Manager, navigate it to kfchack.sh and use this configuration


KFC Snack! in the Face v2 codes

Free
"E9E84ABDD6B84C69965B23C9EFD4D0B2":"FreeNuggetBox"
"01C4AE77CBA44145992D2E1D4CD9AC52":"FreeCrispyStripsBox"
"168FF20E48FF484D985A292F7271123C":"FreeWingBox"
"1A5DC6203C0D4058A0C4B8B95700C7E4":"FreePopcornBox"
"E35C6DB9823C4707B4E9E523E140BD0D":"FreeWickedWings"
"F2E135CDFB28407081BCCA9A99A3148B":"FreeTwister"
"23AC0B701CAD47E680696BEFD9AD549F":"FreeChips"

BOGOF and Others
"2F0094A4DE8349A6BD385EFF4CF50B48":"2FreeHotRods"
"C94D937408ED420097CD8525610B68A2":"DollarTwister"
"EB9050B33B4040149B27344901653271":"DollarKrusher"
"430612FADC544B4AA5F12B5E344780ED":"ExtraWing"
"1D3485AFC41A4B7F94299341B95E99DA":"DollarDrink"
"20BE138768454E209BDA696766663492":"SecondBoxFree"
"7170BCE698AE43F18C6932315F3C4D56":"KrusherWithBox"
"5BB869B03F114BF9B058B37745BF31D3":"SecondChipsFree"
"6B8830B1CE1B4C0DB3EFF04C63AB318A":"DollarTwister"
"FC730BB888604D90A59BEDFC8D16DEE7":"DollarKrusher"
"E6F602292C924BA48C0840B24983B370":"ExtraWing"
"D2C59E71A4D0443DA06A6137DA9A219D":"DollarDrink"
"043EEC0C14174930B37CBB3A3D3CBAB0":"SecondBoxFree"
"D52D66612F43443DB4C96B0CC85E6EA2":"SecondChipsFree"
"6B742DD15ACA445A8C6A4383C75AF5B0":"KrusherWithBox"