Jump to content
Moopler
Sign in to follow this  
Ezekiel

Discussion Maplestory M and Nox - Connections, Ports, and Privacy

Recommended Posts

Limit Nox.exe and NoxVMHandle.exe to ports: 53, 443, 80, 7500, 7200, 7201, 7202, 7203, 7204, 7205, 7206.
Nox literally sells everything you do to advertisers and will walk your open ports and ignores host file rules in order to connect.
Port blocking and network firewall blocking ips are more ideal. You can also edit the config files in your appdata folder to remove weeb games being splashed on boot and remove refresh timeouts. 

Spoiler

53: dns
443: https
80: http
7500: login
7200-7206*: regions

 

In addition you can use adguard's family dns: 176.103.130.132 & 176.103.130.134 to block additional adverts.


Android Internal Host Blocklist (you can probably find more online in regards to nox). Nexon M collects a lot device information. Add internal port blocking and a internal firewall for better results. Nox host 'launcher' is sub-user-system level (rooted).

Spoiler

# Maplestory M Shit
0.0.0.0 cdp.cloud.unity3d.com # unity analytics server
0.0.0.0 log.ngsm.nexon.com # nexon device tracking (gps & current emu & device type) logging server
0.0.0.0 m-page.nexon.com # news that i dont care about

# Facebook Shit
0.0.0.0 edge-mqtt-mini-shv-01-lga3.facebook.com
0.0.0.0 facebook.com
0.0.0.0 31.13.71.34


# Nox Shit
0.0.0.0 180.76.108.170
0.0.0.0 v1.bdydns.cn 
0.0.0.0 180.76.234.116
0.0.0.0 bdydns.cn 
0.0.0.0 47.88.66.89
0.0.0.0 freemail35-226.sina.com
0.0.0.0 202.108.35.226
0.0.0.0 sina35-226.sinanet.com
0.0.0.0 sinanet.com
# 0.0.0.0 173.194.142.55
# 0.0.0.0 172.217.12.170
0.0.0.0 47.88.65.0
0.0.0.0 47.88.65.93
0.0.0.0 47.88.65.146
0.0.0.0 172.217.10.10
0.0.0.0 172.217.3.110
0.0.0.0 202.108.35.250
0.0.0.0 freemail35-250.sina.com
0.0.0.0 sina.com
0.0.0.0 1e100.net
0.0.0.0 47.88.66.23
0.0.0.0 13.35.78.58
0.0.0.0 52.85.89.169
0.0.0.0 60.205.109.134
0.0.0.0 api.bignox.com
0.0.0.0 tracking.trnox.com
0.0.0.0 bi.yeshen.com
0.0.0.0 launcher.us.yeshen.com
0.0.0.0 pubstatus.sinaapp.com
0.0.0.0 noxagile.duapp.com
0.0.0.0 common.duapps.com
0.0.0.0 pasta.esfile.duapps.com
0.0.0.0 api.mobula.sdk.duapps.com
0.0.0.0 hmma.baidu.com
0.0.0.0 nrc.tapas.net
0.0.0.0 au.umeng.com
0.0.0.0 www.yeshen.com
0.0.0.0 www.yeshen.com.w.kunlungr.com
0.0.0.0 kunlungr.com
0.0.0.0 hm.e.shifen.com
0.0.0.0 tdcv3.talkingdata.net
0.0.0.0 alog.umeng.com
0.0.0.0 sdk.open.inc2.igexin.com
0.0.0.0 androiden.duapp.com
0.0.0.0 bignox.com
0.0.0.0 tapas.net
0.0.0.0 igexin.com
0.0.0.0 umeng.com
0.0.0.0 trnox.com
0.0.0.0 duapp.com
0.0.0.0 shifen.com
0.0.0.0 alidns.com
0.0.0.0 rdns1.alidns.com
0.0.0.0 rdns2.alidns.com
0.0.0.0 talkingdata.net
0.0.0.0 mia3.r.cloudfront.net
0.0.0.0 jfk6.r.cloudfront.net
0.0.0.0 172.17.100.2
0.0.0.0 173.194.66.188
0.0.0.0 172.217.11.42
0.0.0.0 47.88.66.89
0.0.0.0 172.217.10.142
0.0.0.0 172.217.11.46
0.0.0.0 216.58.219.234
0.0.0.0 216.58.219.238
0.0.0.0 52.85.138.140
0.0.0.0 47.88.65.0
0.0.0.0 59.110.89.0
0.0.0.0 47.252.50.142
0.0.0.0 172.217.3.106
0.0.0.0 173.194.17.135
0.0.0.0 180.76.240.181
0.0.0.0 60.205.109.134
0.0.0.0 172.217.10.74
0.0.0.0 198.11.168.84
0.0.0.0 13.32.80.34
0.0.0.0 52.85.89.16
0.0.0.0 server-52-85-89-16.jfk6.r.cloudfront.net
0.0.0.0 server-13-32-80-34.mia3.r.cloudfront.net

 

Emulating login information (look at the toy sdk I posted). It goes through almost the same exact as purchasing and heavily relies on stamp server. Uses principle of token auth.
The following servers are used (lots are amazon servers):
mm-staticweb.s3.amazonaws.com
sample:

Spoiler

GET /MarketVersions/Global/LiveRegionList.xml HTTP/1.1
X-Unity-Version: 2017.3.1f1
User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.2; SM-XXXXX Build/XXXXXX)
Host: mm-staticweb.s3.amazonaws.com
Connection: Keep-Alive
Accept-Encoding: gzip



RESPONSE HTTP/1.1 200 OK
...

<?xml version="1.0"?>

<RegionList DefaultCode="LiveAsia2" DefaultLanguage="USA" LanguageList="USA, TWN, ESP, DEU, FRA, RUS, THA, VNM, PRT">
    <Region Code="LiveNA" URL="http://mm-staticweb.s3.amazonaws.com/MarketVersions/Global/LiveMarketVersion_NA.xml" Country="CA, US, BS, GT, DO, DM, MX, BZ, HT, SV, HN, JM, CU, GY, GD, BB, VE, LC, VC, KN, SR, AG, EC, CR, CO, TT, PA, PE, NI, BO, BR, AR, UY, CL, PY" />
    <Region Code="LiveAsia2" URL="http://mm-staticweb.s3.amazonaws.com/MarketVersions/Global/LiveMarketVersion_Asia2.xml" Country="ID, PH, NZ, AU, SG, TH, MY, VN, BN, LK, TL, LA, NP, MM, BD, BT, IN, KH, PG, NR, MH MV, FM, VU, WS, SB, KI, TO, TV, FJ, NU, CK, MN, AZ" />
    <Region Code="LiveEU" URL="http://mm-staticweb.s3.amazonaws.com/MarketVersions/Global/LiveMarketVersion_EU.xml" Country="SE, FI, IS, DK, NO, RU, GB, IT, FR, DE, ES, ME, MD, MT, VA, BE, BY, BA, BG, SM, RS, SZ, CH, MC, LB, LY, MA, SY, AM, AZ, IQ, IL, GH, GA, GM, GN, GW, NA, NG, ZA, LR, ML, MR, BH, BJ, BF, SA, ST, SN, SL, SS, NE, LS, RW, MG, MW, MU, MZ, BW, BI, SC, SO, SD, IE, AD, AL, EE, AT, UA, CZ, HR, CY, TR, PT, PL, HU, KV, SK, DJ, ZW, TD, KE, KM, TZ, GR, NL, LV, RO, LU, LT, LI, MK, SI, GE, KZ, KW, TN, PS, EG, AE, AF, DZ, AO, JO, UZ, CM, CV, QA, CI, CG, CD, KG, TJ, TG, TM, PK ER, ET, YE, OM, UG, ZM, CF" />
    <Region Code="LiveAsia1" URL="http://mm-staticweb.s3.amazonaws.com/MarketVersions/Global/LiveMarketVersion_Asia1.xml" Country="TW, HK, MO" />
</RegionList>

----
each version has sandbox rules example which either attempt to restrict, refresh, redirect, and misc:
http://mm-staticweb.s3.amazonaws.com/MarketVersions/Global/RemotePreference/1.2703.txt
http://mm-staticweb.s3.amazonaws.com/MarketVersions/Global/RemotePreference/USA/1.3100.315.txt

178.162.216.177

Spoiler

more so token tracking. Removed sensitive info.

Post request has this unique header: (current unity and current system os)
Client-SDK: unity4.12.5@android4.12.4

Lists all your system info
POST /event 
api_level=19&network_type=3&os_build=a&mcc=310&device_type=phone&session_count=1&app_version=1.3100.315&attribution_deeplink=1&android_uuid=a-b-c-d-e&connectivity_type=1&device_name=a-b&created_at=2018-01-21T22:11:08.482Z-0400&mnc=16&display_height=900&gps_adid=a-b-c-d-d3f7ba7beba7&event_count=7&device_manufacturer=samsung&screen_format=normal&subsession_count=5&hardware_name=x-user 4.4.2 xx release-keys&package_name=com.nexon.maplem.global&screen_size=normal&cpu_type=x86&os_version=4.4.2&country=US&display_width=1440&event_token=Y&environment=production&os_name=android&event_buffering_enabled=0&session_length=833&callback_params={"uid":"X"}&tracking_enabled=0&time_spent=254&app_token=tt&screen_density=high&language=en&needs_response_details=1&sent_at=2018-01-21T22:11:08.482Z-0400

RESPONSE HTTP/1.1 200 OK

returns token, id and tracker tokens
{
  "app_token": "yy",
  "adid": "gfhfg",
  "attribution": {
    "tracker_token": "v",
    "tracker_name": "Organic",
    "network": "Organic"
  }
}

stamp.mp.nexon.com

Spoiler

POST /sdk/v1/restore HTTP/1.1

user_type=toy&market_type=gps&user_id=ccc&

can restore your session

GET /sdk/v1/enter?market_type=gps&client_id=ccdd HTTP/1.1

returns client id and market type
{
  "client_id": "c",
  "market_type": "gps"
}

 m-api.nexon.com / toy server / 54.92.112.141

Spoiler

lot of the sdk is listed in the toy information I posted.

POST /sdk/getBannerList.nx HTTP/1.1

sent data is encoded
returned data is encoded


POST /sdk/getUserInfo.nx HTTP/1.1

sent data is encoded 
returned data is encoded

sdk-push.mp.nexon.com
 

Spoiler

GET /sdk/push/policy?svcID=1429&npToken=x HTTP/1.1
Content-Type: application/json
timeZone: -4
User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.2; XX-XXXXX Build/XXXXXX)
Host: sdk-push.mp.nexon.com
Connection: Keep-Alive
Accept-Encoding: gzip

returns json containing policy info same svcID and npToken are returned.

{
  "svcID": 1429,
  "npToken": "x",
  "push": {
    "name": "is korean",
    "policies": {
      "1": {
        "enable": true,
        "name": "AD Push Policy (is korean)"
      },
      "2": {
        "enable": true,
        "name": "Nocturnal Push Policy (is korean)"
      }
    }
  },
  "kind": {
    "name": "is korean",
    "policies": {
      "99": {
        "enable": true,
        "name": "is korean"
      },
      "100": {
        "enable": true,
        "name": "ƒ1è7‚8Î8"
      },
      "101": {
        "enable": true,
        "name": "is korean"
      },
      "102": {
        "enable": true,
        "name": "is korean"
      }
    }
  }
}


That is it for now. Will post more later on and clean this up some time in the future. Feel free to post anything else 

  • Like 4

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×