Error downloading paid app

[txs-]

I am getting errors when downloading a non-free application from the app store using download.py

My account is funded with cash and should be able to download the application. I have actually already purchased the application using the normal google play store methods so that shouldn't be the hangup either.

Is this a bug?

[xxx@mobile-shell-1]$ python download.py com.qo.android.am3 Downloading 12.3MB... Traceback (most recent call last): File "download.py", line 38, in data = api.download(packagename, vc, ot) File "/home/xxx/source/trunk/yyyy/googleplay.py", line 252, in download cookie = message.payload.buyResponse.purchaseStatusResponse.appDeliveryData.downloadAuthCookie[0] File "build/bdist.linux-x86_64/egg/google/protobuf/internal/containers.py", line 64, in getitem IndexError: list index out of range

[txs-]

Added print self.toStr(message) on line 250 of googleplay.py and received the following output:

displayErrorMessage: "Error retrieving information from server. [DF-BPA-21]"

[egirault]

Hi, Hard to say... I've never tried to download paid apps with the API. I guess the server response is a bit different than the one sent when downloading a free app. One could investigate this issue by sniffing the HTTPS traffic sent by the phone when purchasing an app, and then protobuf-decode it.

2012/12/6 Zach Lanier notifications@github.com

On Dec 5, 2012, at 20:59, Tyler Shields notifications@github.com wrote:

Added print self.toStr(message) on line 250 and received the following output:

displayErrorMessage: "Error retrieving information from server. [DF-BPA-21]"

— Reply to this email directly or view it on GitHub< https://github.com/egirault/googleplay-api/issues/12#issuecomment-11070163>.

— Reply to this email directly or view it on GitHubhttps://github.com/egirault/googleplay-api/issues/12#issuecomment-11070296.

[zhicai]

i can help to investigate that issue ,so, how to sniff the HTTPS traffic sent by the phone, any tools or docs?

[egirault]

Hi,

You will need to run an interception proxy such as Burp on a machine connected on the same wireless network as your phone. After configuring Android to use this machine as a proxy, you need to install Burp's CA on the phone. This can be done by putting the root .crt file generated by Burp on the phone's SD card, and then install it using the Settings > Security > Install from SD Card option. Here are some resources: http://portswigger.net/burp/help/proxy_using.html http://forum.portswigger.net/index.cgi?board=how&action=display&thread=300

Then you look at HTTPS connections that are established to Google' servers, and search for protobuf-encoded messages (I didn't find any generic way yet). After dumping the encoded messages to a file, you can use protoc --decode with the given .proto file to decode it.

I will try to have a look at this issue as soon as I find some time.

2013/1/30 zxia10x notifications@github.com

i can help to investigate that issue ,so, how to sniff the HTTPS traffic sent by the phone, any tools or docs?

— Reply to this email directly or view it on GitHubhttps://github.com/egirault/googleplay-api/issues/12#issuecomment-12878004.

[eonghk]

Fiddler is a better choice for http/https man-in-middle sniff. They have detailed document on their website to tell you how to use it with android phone. The key problem is to decode the Google protobuf msg. It's binary encoded and you will need to do some reverse engineer work to decode it.

Best regards, Eong

2013/1/30 egirault notifications@github.com

Hi,

You will need to run an interception proxy such as Burp on a machine connected on the same wireless network as your phone. After configuring Android to use this machine as a proxy, you need to install Burp's CA on the phone. This can be done by putting the root .crt file generated by Burp on the phone's SD card, and then install it using the Settings > Security

Install from SD Card option. Here are some resources: http://portswigger.net/burp/help/proxy_using.html http://forum.portswigger.net/index.cgi?board=how&action=display&thread=300

Then you look at HTTPS connections that are established to Google' servers, and search for protobuf-encoded messages (I didn't find any generic way yet). After dumping the encoded messages to a file, you can use protoc --decode with the given .proto file to decode it.

I will try to have a look at this issue as soon as I find some time.

2013/1/30 zxia10x notifications@github.com

i can help to investigate that issue ,so, how to sniff the HTTPS traffic sent by the phone, any tools or docs?

— Reply to this email directly or view it on GitHub< https://github.com/egirault/googleplay-api/issues/12#issuecomment-12878004>.

— Reply to this email directly or view it on GitHubhttps://github.com/egirault/googleplay-api/issues/12#issuecomment-12886761.

[egirault]

Yes but the nice thing about Burp is that it supports customs plugins written in Python/Ruby/Java. You can write a simple one that detects potential protobuf messages and decode them. This plugin API is pretty new and I haven't got the time to write such a plugin yet, but I plan to do it. Anyway, Burp/Paros/Fiddler... I guess it is only a matter of habit.

2013/1/30 eonghk notifications@github.com

Fiddler is a better choice for http/https man-in-middle sniff. They have detailed document on their website to tell you how to use it with android phone. The key problem is to decode the Google protobuf msg. It's binary encoded and you will need to do some reverse engineer work to decode it.

Best regards, Eong

2013/1/30 egirault notifications@github.com

Hi,

You will need to run an interception proxy such as Burp on a machine connected on the same wireless network as your phone. After configuring Android to use this machine as a proxy, you need to install Burp's CA on the phone. This can be done by putting the root .crt file generated by Burp on the phone's SD card, and then install it using the Settings > Security

Install from SD Card option. Here are some resources: http://portswigger.net/burp/help/proxy_using.html

http://forum.portswigger.net/index.cgi?board=how&action=display&thread=300

Then you look at HTTPS connections that are established to Google' servers, and search for protobuf-encoded messages (I didn't find any generic way yet). After dumping the encoded messages to a file, you can use protoc --decode with the given .proto file to decode it.

I will try to have a look at this issue as soon as I find some time.

2013/1/30 zxia10x notifications@github.com

i can help to investigate that issue ,so, how to sniff the HTTPS traffic sent by the phone, any tools or docs?

— Reply to this email directly or view it on GitHub<

https://github.com/egirault/googleplay-api/issues/12#issuecomment-12878004>.

— Reply to this email directly or view it on GitHub< https://github.com/egirault/googleplay-api/issues/12#issuecomment-12886761>.

— Reply to this email directly or view it on GitHubhttps://github.com/egirault/googleplay-api/issues/12#issuecomment-12901512.

[eonghk]

Oh, that's a very cool feature. Thank you for the information.

Best regards, Eong

2013/1/31 egirault notifications@github.com

Yes but the nice thing about Burp is that it supports customs plugins written in Python/Ruby/Java. You can write a simple one that detects potential protobuf messages and decode them. This plugin API is pretty new and I haven't got the time to write such a plugin yet, but I plan to do it. Anyway, Burp/Paros/Fiddler... I guess it is only a matter of habit.

2013/1/30 eonghk notifications@github.com

Fiddler is a better choice for http/https man-in-middle sniff. They have detailed document on their website to tell you how to use it with android phone. The key problem is to decode the Google protobuf msg. It's binary encoded and you will need to do some reverse engineer work to decode it.

Best regards, Eong

2013/1/30 egirault notifications@github.com

Hi,

You will need to run an interception proxy such as Burp on a machine connected on the same wireless network as your phone. After configuring Android to use this machine as a proxy, you need to install Burp's CA on the phone. This can be done by putting the root .crt file generated by Burp on the phone's SD card, and then install it using the Settings > Security

Install from SD Card option. Here are some resources: http://portswigger.net/burp/help/proxy_using.html

http://forum.portswigger.net/index.cgi?board=how&action=display&thread=300

Then you look at HTTPS connections that are established to Google' servers, and search for protobuf-encoded messages (I didn't find any generic way yet). After dumping the encoded messages to a file, you can use protoc --decode with the given .proto file to decode it.

I will try to have a look at this issue as soon as I find some time.

2013/1/30 zxia10x notifications@github.com

i can help to investigate that issue ,so, how to sniff the HTTPS traffic sent by the phone, any tools or docs?

— Reply to this email directly or view it on GitHub<

https://github.com/egirault/googleplay-api/issues/12#issuecomment-12878004>.

— Reply to this email directly or view it on GitHub<

https://github.com/egirault/googleplay-api/issues/12#issuecomment-12886761>.

— Reply to this email directly or view it on GitHub< https://github.com/egirault/googleplay-api/issues/12#issuecomment-12901512>.

— Reply to this email directly or view it on GitHubhttps://github.com/egirault/googleplay-api/issues/12#issuecomment-12901782.

[filamoon]

I managed to intercept the HTTPS traffic from the Google Play APP running on my simulator.

To download an already purchased APK, the Play APP first sends this request:

GET /fdfe/delivery?doc=com.zeptolab.ctr.paid&ot=1&st=XXXXXXXX&vc=20 HTTP/1.1 Accept-Language: en-US X-DFE-MCCMNC: 310260 Authorization: GoogleLogin auth=XXXXXXX X-DFE-Enabled-Experiments: cl:billing.purchase_button_show_wallet_icon X-DFE-Unsupported-Experiments: nocache:dfe:dc:1,nocache:dfe:uc:US,buyer_currency,buyer_currency_in_app,checkin.set_asset_paid_app_field,cl:billing.select_add_instrument_by_default,cl:warm_welcome.enable,content_ratings,localized_images,market_emails,nocache:billing.use_charging_poller,nocache:billing.use_provisioning_poller,nocache:billing.use_provisioning_poller_inapp,nocache:billing.use_provisioning_poller_subs,nocache:cl:warm_welcome.no_show_consumption_button,nocache:enable_play_country,nocache:enable_tablet_large,nocache:encrypted_apk,nocache:recs:automated_weight_adjuster_57,nocache:recs:books_annotate_merch_collection_20130620_25,nocache:recs:movies_annotate_merch_collection_20130620_25,nocache:recs:track_annotate_merch_collection_20130620_75,nocache:recs:weights_books_20130219_40,nocache:recs:weights_movies_20130614_30,nocache:recs:weights_plusones_20130418_40,nocache:recs:weights_track20130409-0,nocache:user_challenge,prod_locale_boost,recent_changes,recs:books_portrait_20121210_00,recs:music_no_portrait_20130211_10,shekel_test X-DFE-Device-Id: XXXXXXXX X-DFE-Client-Id: am-google X-DFE-Logging-Id: 2143067ea0e34383 User-Agent: Android-Finsky/4.1.10 (api=3,versionCode=80210010,sdk=16,device=generic,hardware=goldfish,product=sdk) X-DFE-SmallestScreenWidthDp: 320 X-DFE-Filter-Level: 3 Host: android.clients.google.com Connection: Keep-Alive

The decoded response is:

1 { 21 { 2 { 1: 24095593 2: "9-68VyZugyYCLv_1FeNXdD33hHE" 3: "https://android.clients.google.com/market/streaming/Download?packageName=com.zeptolab.ctr.paid&versionCode=20&token=AOTCm0TLevi-QgFKC8eaekC-0BhSsZGDFC7t0sPNvfUeejay wcqnTaabvx-IFroJyVcBOiQeE2clzoI6E7twPq4-lB0S1tYb2JpQ9ZSntfY&ev=1&downloadId=7120421825546781811" 5 { 1: "MarketDA" 2: "09331046713986310435" } 6: 1 8: 1 12 { 1: 1 2: "h9khHkqABEIIe31LOEXoTw==" 3: "aIsUS3wwdijIbGWnqNcGQINoQtloixRLfDB2KMhsZac=" } } } } 5 { 1: 74 }

But then the APP crashes and I cannot further download it.

[tusharbabbar]

Hey Egirault !!! I have been playing a lot with your most amazing api. Its insanely great and you have done an awesome job. I have been trying to play with the fdfe/log endpoint and am unable to decode the request. I have used MITMProxy and Fiddler to decode the network requests. I need your help to decode the key for the protobuffed message to google that is sent to the google servers in the post request that follows :

POST https://android.clients.google.com/fdfe/log HTTP/1.1
Content-Type: application/x-protobuf
Accept-Language: en-US
Authorization: GoogleLogin auth=XXXXXXXX
X-DFE-Enabled-Experiments: nocache:enable_newsstand
X-DFE-Unsupported-Experiments: nocache:dfe:dc:3,nocache:dfe:uc:IN,apk_translations,buyer_currency,buyer_currency_in_app,checkin.set_asset_paid_app_field,content_ratings,localized_images,market_emails,new_merchant_signup,nocache:apps.offline_docs,nocache:billing.use_charging_poller,nocache:billing.use_provisioning_poller,nocache:billing.use_provisioning_poller_inapp,nocache:billing.use_provisioning_poller_subs,nocache:enable_play_country,nocache:enable_tablet_large,nocache:encrypted_apk,nocache:mixer:use_windsearch,nocache:recs:automated_weight_adjuster_94,nocache:recs:books_annotate_merch_collection_20130620_75,nocache:recs:movies_annotate_merch_collection_20130620_25,nocache:recs:weights_books_50,nocache:recs:weights_books_transition_80,nocache:recs:weights_movies_60,nocache:use_gaia_mint_instead_of_checkout_auth_token,nocache:user_challenge,prod_locale_boost,recent_changes,vca:enable_onetree_search
X-DFE-Device-Id: XXXXXXXX
X-DFE-Client-Id: am-unknown
X-DFE-Logging-Id: XXXXXXX
User-Agent: Android-Finsky/4.4.21 (api=3,versionCode=80240021,sdk=16,device=mako,hardware=vbox86,product=occam)
X-DFE-SmallestScreenWidthDp: 600
X-DFE-Filter-Level: 3
Content-Length: 55
Host: android.clients.google.com
Connection: Keep-Alive

5拧茂鈥好兟�(,confirmFreeDownload?doc=com.shashank.testapp

It would be very helpful of you if you could help decode the Chinese characters in the above request.

[ouyangzhanzhu]

Hey Egirault !!! I have been playing a lot with your most amazing api. Its insanely great and you have done an awesome job. I have been trying to play with the fdfe/log endpoint and am unable to decode the request. I have used MITMProxy and Fiddler to decode the network requests. I need your help to decode the key for the protobuffed message to google that is sent to the google servers in the post request that follows :

POST https://android.clients.google.com/fdfe/log HTTP/1.1 Content-Type: application/x-protobuf Accept-Language: en-US Authorization: GoogleLogin auth=XXXXXXXX X-DFE-Enabled-Experiments: nocache:enable_newsstand X-DFE-Unsupported-Experiments: nocache:dfe:dc:3,nocache:dfe:uc:IN,apk_translations,buyer_currency,buyer_currency_in_app,checkin.set_asset_paid_app_field,content_ratings,localized_images,market_emails,new_merchant_signup,nocache:apps.offline_docs,nocache:billing.use_charging_poller,nocache:billing.use_provisioning_poller,nocache:billing.use_provisioning_poller_inapp,nocache:billing.use_provisioning_poller_subs,nocache:enable_play_country,nocache:enable_tablet_large,nocache:encrypted_apk,nocache:mixer:use_windsearch,nocache:recs:automated_weight_adjuster_94,nocache:recs:books_annotate_merch_collection_20130620_75,nocache:recs:movies_annotate_merch_collection_20130620_25,nocache:recs:weights_books_50,nocache:recs:weights_books_transition_80,nocache:recs:weights_movies_60,nocache:use_gaia_mint_instead_of_checkout_auth_token,nocache:user_challenge,prod_locale_boost,recent_changes,vca:enable_onetree_search X-DFE-Device-Id: XXXXXXXX X-DFE-Client-Id: am-unknown X-DFE-Logging-Id: XXXXXXX User-Agent: Android-Finsky/4.4.21 (api=3,versionCode=80240021,sdk=16,device=mako,hardware=vbox86,product=occam) X-DFE-SmallestScreenWidthDp: 600 X-DFE-Filter-Level: 3 Content-Length: 55 Host: android.clients.google.com Connection: Keep-Alive

/ȧ *&confirmFreeDownload?doc=com.igs.fafafa

It would be very helpful of you if you could help decode the Chinese characters in the above request.

[archon810]

So has someone figured out which .proto to use with protoc when decoding intercepted Google Play API responses?