viperfx07 is here to blog about hacking, cracking, website, application, android, and many more.

Wednesday, March 26, 2014

How to hack KFC Snack! in the Face - Android

I performed this hack using Windows 7/8 and Nexus 4 rooted using Paranoid Android ROM 4.2 beta.

Index



Tools you need:

On Windows

1. 7zip/Winrar/Winzip or other archive/extracting tools
2. JPEXS Free Flash Decompiler
3. SQLite Administrator or other SQLite editor

On Android (must be rooted)

1. Root Explorer (paid) / ES File Explorer (free)
2. (optional) SQLite Editor (paid)

Steps (on Android)

1. Install and play the game with your Internet enabled and get one snack at least
2. After you get it, open Root Explorer / ES File Explorer to get the APK files in /data/app/ and find air.au.com.kfc.snackintheface-1.apk and copy this to your sdcard (/storage/emulated/0/)

3. Then, copy the APK to your computer
4. The second file you need to copy to your computer is the mysnackData.db located in /data/data/air.au.com.kfc.snackintheface/au.com.kfc.snackintheface/Local Store/

   

Next steps are to find the prize codes and apply it on the database. So, on your PC

1. Install JPEXS Free Flash Decompiler and SQLite Administrator. SQLite doesn't need to be installed.
2. Extract the APK file to a folder using 7zip or Winrar . For the demonstration purpose, I extracted it into air.au.com.kfc.snackintheface-1 folder
3. Go to the folder and open \assets\KFC_Game.swf with JPEXS Free Flash Decompiler
4. Go to scripts/au/kfc/snackgame/util/DealUtil in the decompiler 4. The deals stored in variable dealArray



Now we just need to add the prize codes into the "mysnackData.db" database. 

1. Open sqliteadmin. Choose Database - Open. Then choose mysnackData.db that has been copied on your PC.
2. On the left-hand side bar, navigate to mySnackData. Since I've put all the prizeIDs, you see more records than you have it on your mySnackData.db. 

3. To add the prizes, replicate the existing record to a new one, except the prizeID. To add, click + sign or you can go to any field than press down-arrow key on your keyboard. Make sure the playerPrizeID and playerID are the same as the existing record you have.

Finishing

1. Once, you have added the prizeIDs, copy the mySnackData.db to /data/data/air.au.com.kfc.snackintheface/au.com.kfc.snackintheface/Local Store/. 

2. Enjoy the free snacks

Note:
Keep a copy of the modified mySnackData.db if you want to redeem the same prize

Optional but it's useful

Requirement: BusyBox, ScriptManager

This step will save you a lot of time and you can redeem it over and over without a hassle.
I created a shell script to update the table so that the expiry dates are always set to 3 days after you run the script.

The script should run if you follow these steps:
1. Create a folder called kfchack in your sdcard (/storage/emulated/0/)
Note: Your path might be different and might need to try several paths to get the script working. Please read below explanation. 
Recommended lecture: Why did /sdcard/ turn into /sdcard/0/ with 4.2?.
In short: It has to do with the multi-user functionality introduced with Jelly Bean:
  • /storage/emulated/0/: to my knowledge, this refers to the "emulated MMC" ("owner part"). Usually this is the internal one. The "0" stands for the user here, "0" is the first user aka device-owner. If you create additional users, this number will increment for each.
  • /storage/emulated/legacy/ as before, but pointing to the part of the currently working user (for the owner, this would be a symlink to /storage/emulated/0/). So this path should bring every user to his "part".
  • /mnt/sdcard (Android < 4.0)
  • /storage/sdcard0 (Android 4.0+)
  • /storage/sdcard0/: As there's no legacy pendant here (see comments below), the "0" in this case rather identifies the device (card) itself. One could, eventually, connect a card reader with another SDCard via OTG, which then would become /storage/sdcard1 (no proof for that, just a guess -- but I'd say a good one)
Though one might get to the conclusion there should be a /storage/sdcard/legacy as well, there isn't (see comments) -- which completely makes sense with my assumption of the numbers here are not related to the user, but rather to possible multiple cards: "0" would always be the one in the card-slot of the device, so no need for a "legacy symlink" here.
Try /storage/emulated/0, /storage/emulated/legacy/, or /storage/sdcard0 depending on your Android version
2. Copy modified mySnackData.db into the folder
3. Create a file called kfchack.sh. The content is

#!/system/bin/sh

sqlite3 /storage/emulated/0/kfchack/mysnackData.db "UPDATE mysnackData SET createdOn = strftime('%Y-%m-%dT%H:%M%f',date('now')), modifiedOn = strftime('%Y-%m-%dT%H:%M%f',date('now')) , expiresOn = strftime(' %Y-%m-%dT%H:%M%f', date('now') , '+3 day')"

cat /storage/emulated/0/kfchack/mysnackData.db > "/data/data/air.au.com.kfc.snackintheface/au.com.kfc.snackintheface/Local Store/mysnackData.db"

The script will update the records on your database and overwrite the mySnackData.db in Local Store with the updated database.

4. Install ScriptManager
5. Create a SMShortcuts shortcut on your homescreen.



6. Choose "Add one script schortcut"

7. Choose "kfchack.sh". The icon with star means it's saved as Favourite.



8. To get the script stored as Favourite, you need to open Script Manager, navigate it to kfchack.sh and use this configuration


KFC Snack! in the Face v2 codes

Free
"E9E84ABDD6B84C69965B23C9EFD4D0B2":"FreeNuggetBox"
"01C4AE77CBA44145992D2E1D4CD9AC52":"FreeCrispyStripsBox"
"168FF20E48FF484D985A292F7271123C":"FreeWingBox"
"1A5DC6203C0D4058A0C4B8B95700C7E4":"FreePopcornBox"
"E35C6DB9823C4707B4E9E523E140BD0D":"FreeWickedWings"
"F2E135CDFB28407081BCCA9A99A3148B":"FreeTwister"
"23AC0B701CAD47E680696BEFD9AD549F":"FreeChips"

BOGOF and Others
"2F0094A4DE8349A6BD385EFF4CF50B48":"2FreeHotRods"
"C94D937408ED420097CD8525610B68A2":"DollarTwister"
"EB9050B33B4040149B27344901653271":"DollarKrusher"
"430612FADC544B4AA5F12B5E344780ED":"ExtraWing"
"1D3485AFC41A4B7F94299341B95E99DA":"DollarDrink"
"20BE138768454E209BDA696766663492":"SecondBoxFree"
"7170BCE698AE43F18C6932315F3C4D56":"KrusherWithBox"
"5BB869B03F114BF9B058B37745BF31D3":"SecondChipsFree"
"6B8830B1CE1B4C0DB3EFF04C63AB318A":"DollarTwister"
"FC730BB888604D90A59BEDFC8D16DEE7":"DollarKrusher"
"E6F602292C924BA48C0840B24983B370":"ExtraWing"
"D2C59E71A4D0443DA06A6137DA9A219D":"DollarDrink"
"043EEC0C14174930B37CBB3A3D3CBAB0":"SecondBoxFree"
"D52D66612F43443DB4C96B0CC85E6EA2":"SecondChipsFree"
"6B742DD15ACA445A8C6A4383C75AF5B0":"KrusherWithBox"

41 comments:

  1. Performed Step1 - OK
    But step2 : Installed "ES File Explorer" but cannot find air.au.com.kfc.snackintheface-1.apk

    ReplyDelete
  2. @Anonymous:
    Is your phone rooted? Give me a screenshot

    ReplyDelete
  3. what do you mean by Is your phone rooted? I have just got this S3 couple of months before from store. Havent modified anything. What to do in this case?

    ReplyDelete
  4. @Anonymous
    It's like jailbreaking. In Android, it's called rooting.

    You can search on Google by typing "how to root Galaxy S3" and find a bunch of tutorials.

    You can actually do it without rooting your phone, but it's pain in the ass. If you want to try, check http://denniskubes.com/2012/09/25/read-android-data-folder-without-rooting/

    Good luck

    ReplyDelete
  5. When I do it the app gets stuck at 10% loading :(

    ReplyDelete
    Replies
    1. try disconnecting your internet. if it still happens, clear the app data. the last resort is uninstalling the app

      Delete
  6. Done. Perfectly fine. Thanks viperfx07 :D

    ReplyDelete
  7. Where can I find my playerID???

    ReplyDelete
    Replies
    1. You need to play the game first with your Internet enabled to get first couple of records generated in the mySnackData table

      Delete
  8. sorry i mean how do i find the playerprizeid??

    ReplyDelete
  9. i don't really get how the script works, i've done all the folders and stuff, but when i redeem my item, am i suppose to run the script after i redeem my item or what ??

    ReplyDelete
    Replies
    1. The script is used to update mySnackData table

      UPDATE mysnackData
      SET
      createdOn = strftime('%Y-%m-%dT%H:%M%f',date('now')),
      modifiedOn = strftime('%Y-%m-%dT%H:%M%f',date('now')) ,
      expiresOn = strftime(' %Y-%m-%dT%H:%M%f', date('now') , '+3 day')"

      You see the script updates the createdOn and modifiedOn to the date and time where the script is run. The expiresOn equals 3 days after the script is run.

      After you redeem, it's easier to run the script so you can redeem the prizes again later.

      Delete
  10. Can you post a tutorial video on how to do this please? thank you! :)

    ReplyDelete
  11. I'll do when I have time. Thanks :)

    ReplyDelete
  12. I am attempting this on iOS. I have the mySnackData.db and the KFC_Game.swf.

    I have a problem though. I open the .swf file in the editor and the scripts folder isn't there.

    Would you be able to list the prizeID's (Only the Free snack things) if thats not a hassle.

    Great Tutorial, thanks :)

    ReplyDelete
    Replies
    1. could you upload the swf somewhere so i can see it? I'll update the post.
      And you can actually compare the codes with the one I posted on ozbargain. If they're the same then you can use the codes on iOS

      Delete
    2. Don't worry, the codes are the same, I tested the ones you used from your android :)

      If you'd like to make an iOS tutorial mySnackData.db is located at /var/mobile/Applications/0C40C293-49A7-41C9-8557-1ACD0269E433/Library/Caches
      It can be accessed from the PC through iFile's Web Server feature.

      Delete
    3. Also I am running your SQL command against my mySnackData.db.
      UPDATE mysnackData SET createdOn = strftime('%Y-%m-%dT%H:%M%f',date('now')), modifiedOn = strftime('%Y-%m-%dT%H:%M%f',date('now')) , expiresOn = strftime(' %Y-%m-%dT%H:%M%f', date('now') , '+3 day')
      Most works fine but the createdOn and expiresOn are kinda weird. This is on ios btw.

      They are looking like this after it:
      createdOn: 2014-03-28T00:0000.000
      expiresOn: 2014-03-31T00:0000.000

      Any idea why this is?

      Delete
    4. i'm not sure on ios but on android the format should be like that.

      Delete
    5. Oh, alright. All good :)


      Once again, very good tutorial.

      Delete
  13. 1. I cant gift these to anyone, is there a solution to this?
    2. When I run the script, it says Sqlite3 not found...

    Thank you very much for this! :)

    ReplyDelete
    Replies
    1. 1. I haven't really tried gifting it to people, because I'm a selfish man :)
      2. Do you have BusyBox installed?

      Delete
    2. 2. Yes i have, when i try to run the script, this pops up: http://i.imgur.com/PFkkj82.jpg

      Delete
    3. If you install Terminal Emulator and type "sqlite3" (without quotes) and have no error, that means you haven't done one or two of the Optional steps correctly.

      You need to:
      1. Create a folder called kfchack in your sdcard (/storage/emulated/0/)
      2. Copy the modified mySnackData.db into the folder

      Could you please have screenshots of your path of kfchack folder, mySnackData.db that has been copied to kfchack folder, and also the mySnackData.db in your r

      The correct path:
      kfchack: /storage/emulated/0/kfchack/
      modified mySnack.db: /storage/emulated/0/kfchack/mysnackData.db
      the app mySnack.db: /data/data/air.au.com.kfc.snackintheface/au.com.kfc.snackintheface/Local Store/mysnackData.db

      if you have different paths, you need to change your script into the paths you have defined

      Delete
    4. I have same error, when I open terminal emulator and typre sqlite3 it says not found. I have installed, SQLite database, SQLite manager, SQLite editor (paid) ?

      Delete
    5. @sorebuttcheek if sqlite3 is not in the /system/xbin, try installing https://play.google.com/store/apps/details?id=ptSoft.util.sqlite3forroot

      Not sure whether it works or not, but I think it's worth a try

      Delete
  14. HI.. is there a way to extend the time? everything works but it shows that i only have 4 hours left ..

    ReplyDelete
  15. Hey, everything works great for me except for the scripting part. After editing the script to ensure my directories are correct (i don't have /storage/emulated/0/ but rather /storage/sdcard1/) i still cannot run the script. When i try to run the script it says

    /storage/sdcard1/kfchack/kfchack.sh[2]: : not found
    /storage/sdcard1/kfchack/kfchack.sh[4]: : not found

    I have tried to execute the script via the terminal, scriptmanager and root explorer/browser but nothing works.
    Any help would be great!

    Thanks

    ReplyDelete
    Replies
    1. Hey David, could you please paste in the script here? and the path of each file in the scripting steps
      Thanks

      Delete
    2. Hey Viper,

      #!/system/bin/sh

      sqlite3 /storage/sdcard1/kfchack/mysnackData.db "UPDATE mysnackData SET createdOn = strftime('%Y-%m-%dT%H:%M%f',date('now')), modifiedOn = strftime('%Y-%m-%dT%H:%M%f',date('now')) , expiresOn = strftime(' %Y-%m-%dT%H:%M%f', date('now') , '+3 day')"

      cat /storage/sdcard1/kfchack/mysnackData.db > "/data/data/air.au.com.kfc.snackintheface/au.com.kfc.snackintheface/Local Store/mysnackData.db"

      As for the locations of the scripts...
      kfchack.sh is in /storage/sdcard1/kfchack/kfchack.sh
      mysnack.db is in /storage/sdcard1/kfchack/kfchack.sh

      I tried moving the files around whilst changing the directories but the problem of the .sh file not being found still persists.

      Thanks

      Delete
    3. try changing your path in the script from "/storage/sdcard1/kfchack/" to "/storage/emulated/legacy/"

      Delete
    4. I tried that but it still doesn't work. Also the hack no longer works for me as the prizes which i modify appear as expired even though they are mean to be due in a few days time. This is the same problem as the one 'iamdawill' has.

      Delete
  16. Hi, I've tried following your steps but when I create new prizes, they appear as expired on the KFC app even though the expiry date shown is 10/4, but the date today is 6/4. Do you know what might be causing this?

    ReplyDelete
    Replies
    1. Could you please send me a SQLiteAdmin screenshot of your records?
      Thanks

      Delete
  17. My 2 cents, the first few steps to find the prize codes aren't necessary since you already gave it afterwards, so it is pretty much more steps then required..
    and the sqlite editor on googleplay allows you to edit the information without a PC, so you don't need a PC to do this tutorial. Just my 2cents.

    ReplyDelete
  18. Hey, I have a problem with this. When I open the db file, all of my playerPrizeID's are different!

    ReplyDelete
  19. Can you make a video of this tutorial lz thx

    ReplyDelete
  20. I changed the last digit in each snack playerprizeID in the database, otherwise when you redeem a snack all the other snacks become expired as well. Now I can order all the free snacks in one go.

    ReplyDelete