search

charlesbel / Microsoft-Rewards-Farmer

A simple bot that uses selenium to farm Microsoft Rewards written in Python
MIT License
973 stars 258 forks source link

Microsoft Jewel iOS #306

Open EastArctica opened 1 year ago

EastArctica commented 1 year ago

The Xbox app on iOS allows you to gain 30 points by "completing a round" of Microsoft Jewel.

Upon completion (in game) this sends a http request as shown below.

curl -H "Host: xgrant.xboxlive.com" -H "Accept: application/json" -H "Authorization: XBL3.0 x=IDHERE;AUTHTOKENHERE" -H "ms-cv: NOTENTIRELYSURE" -H "Accept-Language: en-US" -H "signature: AAAAAQHZ1h/gr47obI/OT5szDUCKo5DiNEh5YFusRFh5oTc+alI/eoiCAtbW1BPebrNNxQ41Mdiv0OhSEG2qzZKY9iMS361OREhqFQ==" -H "Content-Type: application/json" -H "User-Agent: Xbox/301241348 CFNetwork/1474 Darwin/23.0.0" -H "xbl-experiments: xbaat333,gpspotlight-randtop1cf,friendly-opt-in,xbaaf820cf,xbfoo804,gstimer10,party-now,exp-party-now-cb,3c964809,exp-firstrunoptin,h758c979,griffin-notif-msg-prompt,invited-partiescf,griffin-friend-linking,exp-friendlinking-cb" --data-binary "{\"activityId\":\"playJewel\"}" --compressed "https://xgrant.xboxlive.com/users/xuid(XUIDHERE)/loyaltyActivity"

As you can see, I have removed a couple things, mainly IDHERE, AUTHTOKENHERE, NOTENTIRELYSURE, and XUIDHERE.

You can also visit the game itself online here. However, I'm unsure if you can get the loyaltyActivity to trigger (I didn't see any instances in it's src)

When going back to the main screen, an option appears to claim rewards. This button sends the request below.

curl -H "Host: xgrant.xboxlive.com" -H "Accept: application/json" -H "Authorization: XBL3.0 x=IDHERE;AUTHTOKENHERE" -H "ms-cv: NOTENTIRELYSURE" -H "Accept-Language: en-US" -H "signature: AAAAAQHZ1iD1knzAIXfkVn/IRSmFZdsh5IwGKfWWF/diUvLI9+nAKTUPSK73kQr7bN5JlbSnyKZ/VoyQvNlEcAUHIEH7vcwSzRxwVg==" -H "Content-Type: application/json" -H "User-Agent: Xbox/301241348 CFNetwork/1474 Darwin/23.0.0" -H "xbl-experiments: xbaat333,gpspotlight-randtop1cf,friendly-opt-in,xbaaf820cf,xbfoo804,gstimer10,party-now,exp-party-now-cb,3c964809,exp-firstrunoptin,h758c979,griffin-notif-msg-prompt,invited-partiescf,griffin-friend-linking,exp-friendlinking-cb" --data-binary "{}" --compressed "https://xgrant.xboxlive.com/users/xuid(XUIDHERE)/claimPoints"

Same as above, this request has had a few things removed. This request will return some json. Nothing too much of note. For anyone reversing, maybe look into correlationId? It has some link to NOTENTIRELYSURE(ms-cv) however I'm not sure what that link is, mine just added .4 to the end.

Finally, we can also attempt to send the PCGamePlay request, which I believe is the same as the playJewel request with the only change being the activityId. However when I attempt this, I get {"errorCode":1014,"data":{}}. Which I believe to be the signature header. Current reversal of that is fairly difficult as I believe it comes from the iOS app itself...

Okay I lied, that wasn't the last thing. This is though I swear. We can also get 5 points for logging into the app itself. This sends the activityId griffinLogin (I think). However! I know in the last paragraph I said that it was likely the signature header. However this makes me think otherwise. When sending the request with griffinLogin instead of playJewel, it works! Well... It responds with nothing... Which is the same thing playJewel does, but hey! That's not an error so that's better I think... Anyway. I can't test more with this until tomorrow.

EastArctica commented 1 year ago

Confirmed to have gained 55 points today from sending playJewel and griffinLogin as well as automatic claiming with the claimPoints endpoint. Notification was also sent to my phone for "Find out what you just earned!" "Claim your points from playing Microsoft Jewel now!".

This was the breakdown I think: playJewel: 30 points + 15 points (hasFriends: Have 7+ friends) griffinLogin: 5 points + 5 points (Streak bonus)

It seems like if you were to have game pass you can trigger the gpSubscription power up for extra points as well... Unsure though as I don't have it.

Here is the response from claimPoints, I have anonymized the activityCompletionTime, claimedTime and correlationId fields. However I have kept them as close to accurate as possible. Please keep note that the claimPoints request was sent with ms-cv: fi4u8kaq4zfunzpw84qcj1.49 and both the loyaltyActivity events were sent with ms-cv: fi4u8kaq4zfunzpw84qcj1.39

klept0 commented 1 year ago

PCGamePlay doesn't seem to work but I will check it shortly when mine resets to see what it sends

EastArctica commented 1 year ago

PCGamePlay doesn't seem to work but I will check it shortly when mine resets to see what it sends

PCGamePlay is only sent on desktop (I assumed), how add you planning on testing it?

klept0 commented 1 year ago

Correct it would only be sent by a desktop… I was going to watch the traffic to see what sent out unless you have a better suggestion. Feel free to reach out to me on Telegram or Discord and we can chat more if you have an idea.

EastArctica commented 1 year ago

Correct it would only be sent by a desktop… I was going to watch the traffic to see what sent out unless you have a better suggestion. Feel free to reach out to me on Telegram or Discord and we can chat more if you have an idea.

Send me a FR, @east_arctica on discord

farshadz1997 commented 1 year ago

Send me a FR, @east_arctica on discord

Hi

Can I contact you as well? I sent FR, my ID is Farshad#6576