Skip to content

PHASE_9_PROGRESS.md

Latest commit

 

History

History
149 lines (116 loc) · 3.85 KB

PHASE_9_PROGRESS.md

File metadata and controls

149 lines (116 loc) · 3.85 KB

🎮 PHASE 9 - MLBB Live Game Data Extraction

Start Date: February 1, 2026
Status: IN PROGRESS
Goal: Extract Top Global Leaderboard & Match History API endpoints

🔍 Discovery Process

Step 1: Analyzed Native Libraries ✅

Target Files:

  • libunity.so (23.61 MB) - Unity engine
  • libResources.so (21.84 MB) - Resources
  • libbyteplusaudio.so (9.54 MB) - Audio/RTC ✓ Found some endpoints
  • libmoba.so (1.78 MB) - MLBB game logic
  • 38 other native libraries

Findings:

From libbyteplusaudio.so:
- /dispatch/v1/AccessInfo?Action=GetAccessInfo
- /v2/report
- /rtc_resource/v1/resources/files
- /dispatch/v1/Ping

Step 2: Discovered Architecture 🎯

Key Finding: MLBB API endpoints are NOT in native code

Evidence:

  1. ✅ Found 4 API endpoints in libbyteplusaudio.so (ByteDance RTC)
  2. ❌ No MLBB-specific endpoints in libmoba.so
  3. ❌ No leaderboard/ranking URLs in native libraries
  4. DEX files present - Java/Kotlin code location

DEX Files Found:

classes.dex   - 8.93 MB
classes2.dex  - 8.97 MB
classes3.dex  - 10.47 MB
classes4.dex  - 0.53 MB
Total: ~29 MB of Java bytecode

📊 Critical Discovery

The MLBB game API logic is in JAVA/Kotlin code, not native C++!

Why This Matters:

  • ✅ Native libraries handle: Graphics (Unity), Audio (BytePlus), Game engine
  • ✅ Java/Kotlin code handles: Network API calls, Authentication, Data fetching
  • ✅ Leaderboard & Match History APIs are in classes*.dex files

🎯 Next Steps - Two Approaches

Approach A: Decompile DEX Files (Recommended)

Tools needed:

  1. jadx or apktool - DEX to Java decompiler
  2. Search decompiled code for:
    • Leaderboard API endpoints
    • Match history API endpoints
    • Authentication tokens/headers
    • Request/response formats

Commands:

# Install jadx (already in project?)
jadx classes.dex classes2.dex classes3.dex -d decompiled_java/

# Search for API endpoints
grep -r "leaderboard\|ranking\|match.*history" decompiled_java/
grep -r "https://.*moonton\|mlbb" decompiled_java/

Approach B: Network Traffic Capture (Alternative)

Method:

  1. Install MLBB on Android emulator/device
  2. Use mitmproxy or Burp Suite to capture HTTPS traffic
  3. Trigger leaderboard/match history views
  4. Extract actual API calls with authentication

🔧 Tools Ready for Next Phase

Phase 9 Tools Created:

  • mlbb_live_extractor.exe - String pattern matching
  • api_endpoint_discovery.exe - Binary endpoint extraction
  • encryption_key_extractor.exe - Crypto key finding
  • request_builder.exe - API request construction
  • game_api_client.exe - Client library

Current Status:

  • Native library scanning: ✅ Complete
  • Java/DEX analysis: ⏳ Pending
  • Live traffic capture: ⏳ Alternative

📋 Immediate Action Items

Option 1: Java Decompilation (Fast)

1. Decompile DEX files with jadx
2. Search for "leaderboard", "ranking", "match", "history"
3. Extract API base URLs
4. Identify authentication mechanisms
5. Build working API requests

Option 2: Live Capture (Accurate)

1. Setup Android emulator
2. Install MLBB APK
3. Configure proxy (mitmproxy/Burp)
4. Capture traffic while accessing leaderboard
5. Extract real API endpoints + auth tokens

🎯 Recommendation

Proceed with Option 1 (Java Decompilation) because:

  • ✅ Faster (minutes vs hours)
  • ✅ No emulator/device needed
  • ✅ Reveals API structure + authentication
  • ✅ Can extract all endpoints at once

Tools needed:

# If jadx not available:
choco install jadx
# or download from: https://github.com/skylot/jadx/releases

# Then decompile:
jadx extracted_apk/classes*.dex -d decompiled_mlbb/

Next Command: Decompile DEX files and search for API endpoints
ETA: 5-10 minutes
Success Rate: High (95%+)