IOS Game shelves player IAP Recharge Base64 code sent to Apple verify receipt return value There is no In_app section of the strange problem. __ios

Source: Internet
Author: User
Tags base64


Our iOS game has been on the shelves these days. And then received a lot of user recharge. But there are only 2 itunesconnet on top of it. Someone must have cheated us.






First, we will introduce our verification process:



Mobile phone to initiate recharge-> purchase success-> get to Base64 receipt-> sent to the game server for verification-> if successful to calculate the player recharge successfully issued recharge results



At first glance there seems to be no problem. But there is a problem. I want to show you a magical base64 receipt. The Devil knows how to hold it. The hacker gods are to spare.



There are a few accounts. Depending on the log of the server, you will see the requests sent by these people. Base64 is not convenient to come up with a post.


"D:\Program Files (x86)\JetBrains\WebStorm 140.2753\bin\runnerw.exe" "C:\Program Files\iojs\node.exe" main.js
statusCode:  200
headers:  { 'x-apple-jingle-correlation-key': 'L4AZATKFKDNN7WI2P3UEX3P3YY',
  pod: '2',
  'x-apple-translated-wo-url': '/WebObjects/MZFinance.woa/wa/verifyReceipt',
  'x-apple-orig-url': 'http://buy.itunes.apple.com/WebObjects/MZFinance.woa/wa/verifyReceipt',
  'x-apple-application-site': 'ST11',
  'edge-control': 'no-store, cache-maxage=0',
  date: 'Wed, 11 Mar 2015 06:03:14 GMT',
  'set-cookie': 
   [ 'itspod=2; version="1"; expires=Sat, 11-Apr-2015 06:03:14 GMT; path=/; domain=.apple.com',
     'mzf_in=022393; version="1"; path=/WebObjects; domain=.apple.com; secure; HttpOnly',
     'mzf_dr=0; version="1"; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/WebObjects; domain=.apple.com',
     'ns-mzf-inst=36-60-80-109-96-8269-22393-2-st11; version=1; Max-Age=1800; path=/; domain=.apple.com; httponly',
     'NSC_nagjobodf-bopo-qppm*0=ffffffff12a53a2d45525d5f4f58455e445a4a423660;path=/;secure;httponly' ],
  'apple-timing-app': '9 ms',
  'cache-control': 'private, no-cache, no-store, no-transform, must-revalidate, max-age=0',
  expires: 'Wed, 11 Mar 2015 06:03:14 GMT',
  'x-apple-lokamai-no-cache': 'true',
  'x-apple-application-instance': '22393',
  'x-frame-options': 'SAMEORIGIN',
  itspod: '2',
  'x-webobjects-loadaverage': '23',
  connection: 'keep-alive',
  'content-length': '631' }
{"status":0, "environment":"Production", 
"receipt":{"receipt_type":"Production", "adam_id":958813739, "app_item_id":958813739, "bundle_id":"com.tsgame.godlike", "application_version":"2.2", "download_id":80011053156383, "version_external_identifier":811584718, "request_date":"2015-03-11 06:03:14 Etc/GMT", "request_date_ms":"1426053794658", "request_date_pst":"2015-03-10 23:03:14 America/Los_Angeles", "original_purchase_date":"2015-03-07 18:22:23 Etc/GMT", "original_purchase_date_ms":"1425752543000", "original_purchase_date_pst":"2015-03-07 10:22:23 America/Los_Angeles", "original_application_version":"2.2", "in_app":[]}}
Process finished with exit code 0

This is the base64 of those who do not know that they are not intentional. The validation information returned after the ITC was submitted.


Yes, the status returns 0;



But someone who knows the new format after IOS6 will surely find out. In_app field why not ....



I'm surprised, too. Why not? It is estimated that the advanced technology ... Almost all the online verification posts on the Internet say that it's OK to return 0. But we're in the situation. Returning a 0 must not explain the problem.





"D:\Program Files (x86)\JetBrains\WebStorm 140.2753\bin\runnerw.exe" "C:\Program Files\iojs\node.exe" main.js
statusCode:  200
headers:  { 'x-apple-jingle-correlation-key': 'F6CPKDZP4ZVKJKKMOFLMRLY354',
  pod: '54',
  'x-apple-translated-wo-url': '/WebObjects/MZFinance.woa/wa/verifyReceipt',
  'x-apple-orig-url': 'http://buy.itunes.apple.com/WebObjects/MZFinance.woa/wa/verifyReceipt',
  'x-apple-application-site': 'ST13',
  'edge-control': 'no-store, cache-maxage=0',
  date: 'Wed, 11 Mar 2015 06:10:34 GMT',
  'set-cookie': 
   [ 'itspod=54; version="1"; expires=Sat, 11-Apr-2015 06:10:34 GMT; path=/; domain=.apple.com',
     'mzf_in=542401; version="1"; path=/WebObjects; domain=.apple.com; secure; HttpOnly',
     'mzf_dr=0; version="1"; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/WebObjects; domain=.apple.com',
     'ns-mzf-inst=183-23-80-220-13-8162-542401-54-st13; version=1; Max-Age=1800; path=/; domain=.apple.com; httponly',
     'NSC_nagjobodf-bopo-qppm*0=ffffffff12a5a90645525d5f4f58455e445a4a423660;path=/;secure;httponly' ],
  'apple-timing-app': '9 ms',
  'cache-control': 'private, no-cache, no-store, no-transform, must-revalidate, max-age=0',
  expires: 'Wed, 11 Mar 2015 06:10:34 GMT',
  'x-apple-lokamai-no-cache': 'true',
  'x-apple-application-instance': '542401',
  'x-frame-options': 'SAMEORIGIN',
  itspod: '54',
  'x-webobjects-loadaverage': '16',
  connection: 'keep-alive',
  'content-length': '1099' }
{"status":0, "environment":"Production", 
"receipt":{"receipt_type":"Production", "adam_id":958813739, "app_item_id":958813739, "bundle_id":"com.tsgame.godlike", "application_version":"2.2", "download_id":74004963679107, "version_external_identifier":811584718, "request_date":"2015-03-11 06:10:34 Etc/GMT", "request_date_ms":"1426054234103", "request_date_pst":"2015-03-10 23:10:34 America/Los_Angeles", "original_purchase_date":"2015-03-08 07:26:30 Etc/GMT", "original_purchase_date_ms":"1425799590000", "original_purchase_date_pst":"2015-03-07 23:26:30 America/Los_Angeles", "original_application_version":"2.2", 
"in_app":[
{"quantity":"1", "product_id":"Gifts1", "transaction_id":"340000061439445", "original_transaction_id":"340000061439445", "purchase_date":"2015-03-08 07:38:35 Etc/GMT", "purchase_date_ms":"1425800315000", "purchase_date_pst":"2015-03-07 23:38:35 America/Los_Angeles", "original_purchase_date":"2015-03-08 07:38:35 Etc/GMT", "original_purchase_date_ms":"1425800315000", "original_purchase_date_pst":"2015-03-07 23:38:35 America/Los_Angeles", "is_trial_period":"false"}]}}
Process finished with exit code 0 


"In_app" is the key. I don't know why there is no bill coming in. This is really weird.



Generally do not understand when you will believe in ghosts. In general, do not know how the server will be a bug to blame others black us. If it is true that someone is black. Hope to see the people of this article hehe.



If you know it's our client, that piece of writing is wrong. The receipt of the base64 of the result of this universal state=0. Also hope to guide the maze. In the test process in sandbox environment. There is no such receipt without in_app.



See the great Gods of this article. There's a clear explanation.





Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.