No longer logging.

[TheCloudCrafter]

Windows 10. Running v0.0.25 API setup for 2 accounts in the same house.

All of a sudden today it stopped making JSONs and even logging combat.

Funny thing is the proxy still allows playing and general internet connectivity, but nothing is logged and no JSONs are created.

Attempted troubleshooting by clearing appdata and upgrading to v0.0.26. Power cycled. Checked firewall and antivirus. Tried with disabled AV and firewall.

Still got nothing.

Can anyone point me in the right direction?

[donQ18]

I have the exact same problem. Tried changing port, disabling firewall, different devices, trying older versions but I'm still not getting the JSONs. But the proxy is working as I'm able to play the game normally :/.

[comattose]

Same here. One second logging all my runes. I relogged and the exporter no longer creating the .json file.

[pmsharp2]

I noticed the same behavior starting today. Tested on both 0.0.23 and 0.0.26

[HunBirdie]

Same here. Don't export the json file, nor the runs. Proxy is still working but the Exporter don't log anything. Tested on 0.0.26 and 0.0.24.

[Spkch]

Having the same problem. Tried on 3 different Wifis, it just opens, starts proxy and doesn't log anything after, no Jsons created. Using v0.0.26.

[ErikAWSDev]

Having the same issue. The proxy aspect works fine as if I stop the app the game stops working.

[Xzandro]

Summoners War is using https now. No idea if this is even fixable.

[HunBirdie]

:-/

[Zaringers]

Same problem.. So many players are using this tool, I don't think Com2us will make impossible to fix... I hope at least

[QuatZo]

Summoners War is using https now. No idea if this is even fixable.

Maybe it'll work: https://github.com/sockjs

[Spkch]

Summoners War is using https now. No idea if this is even fixable.

Well this is just terrible news :(

[Xzandro]

sockjs? No, thats for websockets. We will be investigating options, but there are no guaranteed solutions so don't keep your hopes up. There is one thing we can try and that's it. No ETA either.

[Aregee33]

So this doesn't work anymore? is that whats happened?

[TheCloudCrafter]

Yeah. SWEX only works because it's unencrypted traffic. If they use https or ANY kind of encryption we're boned. This is common to stop packet injection hacks. But SWEX only LOOKS at the data. It doesn't manipulate it at all.

[claytondaley]

Unless SW embeds their own certificates in the app, it's at least theoretically possible to:

• Create a "private" certificate authority (i.e. CA)
• Add the certificate authority to your phone (trust the CA's public cert)
• Create an SSL certificate for the SW domain using the CA
• Configure the proxy to issue the "known" SSL certificate to the SW app on your phone, decrypt the traffic from your phone, and then re-encrypt traffic using the public SSL cert for SW

(I'm pretty sure corporations do something similar to allow for deep traffic inspection so we might have a community member with some experience doing this).

Unfortunately, trusting a CA cert on your phone creates a backdoor so the workflow needs to emphasize security. Specifically, you'd want/need EACH USER to control their own CA. For example, we could create a small app (maybe even IOS/Android) that:

1. creates the CA cert
2. trusts it on the phone and
3. Signs the public SSL key (generated by the proxy) for (only) the SW domain
   • EDIT: my SSL workflow was rusty. The Exporter would create a private/public key and the CA would sign the public key. Just a process tweak... doesn't affect the security model.

Each user would create their own CA and enter their own SSL certificate (for the SW domain) in the SW Exporter. Fortunately, this workflow also works for the SW Proxy website... with the added proviso that the website needs to know which user is connecting so it can present the correct SSL cert. You'd (probably) want/need separate sub-domains per-user (e.g. <user>.swproxy.com) to simplify this association.

Because the exporter doesn't have have access to the CA cert, it can't spoof other domain names. This is +1000 for SW Proxy website since, otherwise, it could spoof any domain name (including banks, etc.). Even if Xzandro had benign intentions, it would create a tempting target for a hacker.

[PeteAndersen]

Yep - that is just about the only avenue available, but as you have laid out it is a giant pain in the ass for users.

[claytondaley]

A mobile app could do almost all of this automatically. The private CA can be linked to (and lost with) the phone since it's really disposable. Once pointed at the proxy, the app should be able to automate the CA exchange. The user will need to approve of the new CA, but the app should be able to prompt for it (or at least get the user to the right screen with the right options).

HOWEVER, I just stumbled upon this answer and the more detailed discussion which seems to suggest that this will work for IOS but not as-needed for recent versions of Android.

[Soundofdarkness]

The main problem could be that, in case that's still happening, Appguard blocks the start of the application in case specific certificates are installed. (At least, it happened to me when i had the Fiddler Root Cert installed. I'm not sure if that's still the case and if its only a few certs being blocked, or if that's not a problem anymore.

[claytondaley]

In Nougat+ Android made it so apps are limited to the "OS-provided" CAs unless they proactively opt into user CAs. It's probably a safe assumption that SW doesn't opt into user certs (no reason) so the only way to get SW to approve of the local CA is to add it to the folder containing OS-provided CA (which requires root access).

[PeteAndersen]

@claytondaley Thanks for the research - but that's disappointing news. This is basically the death knell for the proxy approach to extracting game data as a general user tool. It's already complicated enough to use a simple proxy for many people, and rooting devices to add certificates is beyond what I would consider acceptable for the usual person. I'd encourage everyone to contact Com2US about providing a legitimate way to access their account data with external tools.

[claytondaley]

Absolutely. IOS would still work with the appropriate CA cert. For Android, the obvious thing to is to ask Com2US to add support for a specific user CA cert (e.g. SWExporter). They may say no, but there's no harm asking as critical as this is to basically all community-provided functionality.

[ErikAWSDev]

Unfortunately I think this long tricky work around will be done by the scammers/hackers so the only ones hit will be the legitimate users. It would be good if we had access to our data through APIs but doubt this will help with logging of results. When the data is uploaded to the game from the server, is this also encrypted? Is there a viable work around for this aspect as the decryption must be done by the game itself?

[woodsy1]

Maybe they will expose APIs for you Xzandro?

[Xzandro]

THis is already possible. You can create monsters and runes manually, but its still annoying to to this manually all the time.

[andayen]

jepp.... found out about that like 2 mins after writing it so i deleted my post^^ thx for the answer anyway. btw thx for the app, its really nice. i used to have the android app and liked that one a lot. thx for the hard work and good luck finding a solution for this problem

[Xzandro]

So I created a proof of concept in the branch https-intercept

Certs will be generated in the folder .http-mitm-proxy and you need to install the ca.pem certificate to your device. The only issue I have with this, is that I get a Code 22 error on login.

I'm no expert in this whatsoever so if someone has any ideas or want to fiddle around with it OR present a complete other solution, feel free to do that.

[TheCloudCrafter]

What would be the security and Com2us violation concerns here with this workaround? Someone said this is now a bannable tool. No confirmation though

[Xzandro]

Lets keep this issue to implement solutions please. I will hide all comments that add no value to solve this.

Also these are errors when trying to connect: { library: 'SSL routines', function: 'OPENSSL_internal', reason: 'SSLV3_ALERT_CERTIFICATE_UNKNOWN', code: 'ERR_SSL_SSLV3_ALERT_CERTIFICATE_UNKNOWN' }

Happens with Nox, which runs Android 5.

[TheCloudCrafter]

Are you able to get a json or is the error a hard stop?

[Xzandro]

As I said above. Code 22 error on login.

[davidcl4196]

Just for clarification, does the JSON capture happen before the code 22 error?

[Xzandro]

No. Thats the issue. Im not even sure if this is an Android problem, problem with the lib or other things. Would be interesting to test this with iOS. Sadly I dont own one.

[claytondaley]

I started a PR to simplify code-level discussion. But you will need to test with IOS. Unless your android is <Nougat (or rooted), it won't work. Maybe Nox would let you put the CA cert in the right place at least for testing purposes.

[Xzandro]

Thats the thing. Nox runs on Android 5 so in theory it should work, which it doesn't.

[claytondaley]

Did you see my note in the PR about the listen command?

[Xzandro]

Answered.

[athena613b]

I have iOS if you need help testing.

[swproxy]

Well I haven't seen code 22 error in my test

[Xzandro]

I released a first version. You can read more about this here: https://www.reddit.com/r/summonerswar/comments/cnwaq5/swex_0027_attempt_to_restore_export_functionality/

Lots of improvements to make still, but its something.

[densaface]

Many thanks, works on memu3.5+android 4

[Xzandro]

com2us reverted the https changes. Released v0.0.28 as a rerelease of 0.0.26. So I will close this for now.