Jump to content

Soujiiro

BBF member
  • Content count

    24
  • Donations

    0.00 EUR 
  • Joined

  • Last visited

  • BBF Coins

    0 [ Donate ]
  • Feedback

    N/A

Community Reputation

1 Neutral

About Soujiiro

  • Rank
    BBF Member

Capable of

  • What kind of scripts grounding?
    Wordpress
    Wowonder

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. I'm guessing no one else has anything to add to this?
  2. Now it's being said that this is more server-side related, and that it should work with the security setup. Though, after seeing the security protocols used, I'm not entirely sure how?
  3. That's really interesting, would you be interested in partaking in the '505' thread?
  4. If anyone has any ideas, all are welcome.
  5. Isn't the ionic framework basically just a more advanced webview app?
  6. I don't understand, you can customize the current ones. Unless you're talking about adding advanced functionality, but I don't see ionic being the framework to do that on. What's your need for custom applications, as in what do you want them to do that's different from current offerings?
  7. There are already android apps that suit most purposes, as well as free webview apps. What are you looking for?
  8. Additional Information I've already posted the same thing on Stack Exchange & Stack Overflow, albeit phrased in a different way and without the actual application name. However, I have yet to receive a response on there as well. I feel that, if there isn't a simple solution, this could take a decent amount of time. I've been working on the problem for about 4-5 days now. Any outside ideas are welcome. The web-server running, as I mentioned on the above avenues, is Apache2 on a LAMP stack. If there are any other questions, or inquiries to try to get a better idea, I'll try to wait until there are a few replies, and then add an additional section answering those, unless one requires more detail to it.
  9. Pre-Information First, I'd like to preface it by saying this: This is already an existing problem in retail versions, and has nothing to do with the scripts being "nulled." The error, '505' is based around the app not being able to connect through the API to the script. I have already been in contact with some of the more active members here, and have yet to receive a response. With this in mind, I'm opening a thread about it. In short, the reason this exists is because of the security protocols used in the actual WoWonder Script / App combination. I'll touch more on this later, and why it's a problem. It should be known though, that at this point, we're essentially re-writing parts of the app, and posibly the script if need be. It's also not directly a Secure Channel Authentication / Decryption error (The one that's solved by specifying the TLS version(s) in 'Android Options.' Neither is it the basic '500' error that was recently solved by ADH. This is actually written to be this way in the actual App, which means it most likely has to be re-written. REST API The REST API, also known as the API that the two softwares connect through, is essentially the problem. Rather, the way it's implemented to work (At the moment). The API needs a stable connection for the 'Hybrid-View' to work (For some reason. This doesn't make sense to me since it's partly a web-view application') If anything disrupts that, or tries to take an unsupported route, you get the '505' error. There have been two different responses from the WoWonder Team & the App Developer. The former states that the problem exists when HTTP access is blocked. Given the Bypass areas in the Apps, this makes sense. The latter states that the problem exists when using 'Private' SSL certificates, or ones that aren't supported. For most servers, you're running some version of OpenSSL. This matters, in essense, because the SSL Protocol found in the App is SSLv3. SSLv3 has been largely deprecated, meaning that it's considered not only a security risk, but has largely been dropped from OpenSSL and other software. When you're running a website that processes payments, this is all but required. There are ways to force your server to re-enable SSLv3, but I think I speak for most when I say that running a deprecated protocol is not something many are willing to do. What needs to happen? Well, since the fallback is most likely normal HTTP over port 80, the SSL protocol in the App needs to be changed to support more modern standards. You might ask, "How does this matter?" It doesn't for anyone that doesn't care about having their security to the highest degree. However, in cases like mine, where I'm denying normal HTTP traffic, using the latest protocols, factoring out deprecated ones, and using my own cipher, as well as running HSTS, it means the App just can't connect. Given that there are other things on the servers, I'm not willing to compromise security for a 'WoWonder' App. I'm sure the platform supports specific SSL Certs, but it's not listed anywhere, and I don't have any concrete way of knowing. The best guess (at the moment) is to just start slinging funds to try an find one that sticks, which isn't exactly the smartest idea. Now, it's very possible that I could be overlooking something entirely, and this could be a very simple fix. However, if so, it's a simple fix that the Developers aren't offering to their own consumers in the comments. For anyone that has any ideas, or would like to help, feel free to get involved down below.
  10. Awesome. What's the best way to update a pre-existing site to this?
  11. I'm assuming the other fix that was discussed will be available in the new version as well? The one regarding App / Platform connectivity?
  12. https://bestblackforum.com/topic/2656-wowonder-android-ssl-error/
  13. The person recommended to test the POST request via POSTMAN (or a similar service), I haven't used this before but I'm getting the hang of it. However, I can't seem to find the applications' authentication type / method (I'm not talking about the API credentials from the admin panel, I mean OAuth 1.0 / 2.0 / etc.).
  14. I believe I tracked it down. I found this in my access logs: - It looks like it's trying to send an HTTP request over TLS 1.1, even though it's configured in Android Options to use TLS 1.2+. If your system is like mine & rejects anything but '1.2,' I can see a sort of pattern. Not to mention, I'm forcing SSL. [17/May/2018:12:00:54 -0400] "POST //app_api.php?application=phone&type=get_settings HTTP/1.1" 500 4568 "-" "Dalvik/2.1.0 (Linux; U; Android 7.1.1; Android SDK built for x86 Build/NYC)"
×

Important Information

By using this site, you agree to our Terms of Use and Guidelines.