Live traffic capture analysis | v1.31.20 | June 2026 | Century Game
The game's binary sproto protocol on port 30101 is transmitted in plaintext. All game data — including player names, alliance info, battle reports, shop items, and event schedules — can be captured and decoded from network traffic using a simple PCAP capture tool (like PCAPdroid on Android, no root required).
SECURITY ISSUE NO ROOT REQUIRED UNENCRYPTED BINARY PROTOCOL
| Parameter | Value |
|---|---|
| Game Server | 35.71.149.13:30101 |
| Protocol | sproto binary over raw TCP (port 30101) |
| Encryption | NONE — Plaintext sproto binary |
| Wire Format | [2-byte BE length][sproto payload] |
| Game Version | 1.31.20 (Build 829) |
| Player ID | 5579754 |
| Device | Xiaomi M2010J19SG |
| Platform | Android 10 |
| Language | Arabic (arab) |
| Capture Tool | PCAPdroid (no root) |
| Capture Duration | ~2 minutes of gameplay |
The first C2S packet (270 bytes) is the login/authentication message containing:
| Field | Value | Description |
|---|---|---|
| Session Token | 1C7nVYkXk4PbK5IqGAn4Ha4OMJGAWvvqElbWcMaPMl1nD9pP | 48-char base64 auth token |
| Player ID | 5579754 | Numeric player identifier |
| Version | 1.31.20 | Game client version |
| Device | Xiaomi M2010J19SG | Device model |
| Platform | android 10 | OS version |
| OS Build | 5.190.11 | Android build number |
| App Version | 2.46 | Internal app version |
| Channel | MA cc | Distribution channel |
| Device ID 1 | a6582219de75da476fa47557c33ac8 | Device fingerprint (30 chars) |
| Device ID 2 | b675f9dece5c883614587ca2 | Device fingerprint (24 chars) |
| Device ID 3 | 0fa6a4af6db385905b62736f618bad | Device fingerprint (30 chars) |
| Language | arab | Arabic language setting |
+--------+------------------+ | Length | sproto Payload | | 2 bytes| N bytes | | BE u16 | Binary sproto | +--------+------------------+
| Type Byte | Name | Description | C2S Count | S2C Count |
|---|---|---|---|---|
0x55 | AUTH/PUSH | Authentication, push notifications, and late-bound game data | 1 | 58 |
0x15 | HEARTBEAT | Keep-alive ping/pong | 5 | 1 |
0x1d | RESPONSE | Server response to client request | 6 | 167 |
0x5d | REQUEST | Client request to server | 46 | 60 |
0x0d | DISCONNECT | Connection teardown | 0 | 2 |
0xd9 | BATTLE_NOTIFY | Battle notification push | 0 | 9 |
0xdd | UNKNOWN_PUSH | Unknown push type | 0 | 6 |
The battle report data contains detailed attack/defense information with these protocol fields:
| Field Name | Occurrences | Description |
|---|---|---|
atk_abbr | 101 | Attacker alliance abbreviation |
result | 101 | Battle result (win/lose) |
atk_uid | 101 | Attacker player UID |
atk_uids | 101 | Attacker player UIDs (rally) |
def_kid | 100 | Defender kingdom/server ID |
side | 100 | Side identifier |
def_uid | 98 | Defender player UID |
def_abbr | 97 | Defender alliance abbreviation |
def_nickName | 96 | Defender nickname |
atk_nickName | 89 | Attacker nickname |
battle_type | 87 | Type of battle |
atk_kid | 82 | Attacker kingdom/server ID |
def_uids | 79 | Defender player UIDs (rally) |
battlefield_id | 71 | Battlefield identifier |
target_type | 36 | Target type |
def_hero_gen | 23 | Defender hero generation |
atk_hero_gen | 22 | Attacker hero generation |
is_awb | 40 | Alliance war boolean |
is_bwb | 11 | Battle war boolean |
is_ffwz | 11 | Unknown flag |
targetid | 8 | Target identifier |
boss_id | — | Boss identifier |
is_rewa | — | Reward flag (truncated) |
from_uid | 15 | Source player UID |
count | — | Battle count |
| Name | Occurrences | Context |
|---|---|---|
| Aldoss | 69 | Most referenced player |
| MAHA | 53 | Alliance member |
| CRYPTD / megaCRYPisolaTD | 46 | Alliance member |
| LEGEND | 31 | Alliance member |
| 3grams / 3grams2/7/8 | 15 | Multiple variants |
| Butter | 16 | Player name |
| Heart | 16 | Player name |
| Little | 11 | Player name (Lady prefix) |
| Lady | 11 | Player name prefix |
| King | 9 | Player name |
| Saladin | 8 | Player name |
| Dodi | — | Player name |
| Magdalena | — | Player name |
| Eleonora0 | — | Player name |
| CHICOG238 / HICO238 | — | Player name |
| StrokerAce / StrokerAce2 | — | Player name |
| Spell1257 | — | Player name |
| theshark#41 | — | Player name |
| POU | 38 | Frequently mentioned |
| TYPHON | — | Alliance/member name |
| Alliance | Abbreviation | Notes |
|---|---|---|
| NEXUS | IRS | Primary alliance in capture — player's alliance |
| PolskaHusaria | POL | Polish alliance |
| ROG | — | Referenced in favorites |
| OWL | — | Referenced in favorites |
| FUN | — | Referenced in favorites |
| ZRX | — | Referenced in favorites |
| S10 | — | State 10 alliance |
Server: 172-2007-3 (State 2007)
| Service | Endpoint | Purpose |
|---|---|---|
| Game Server | 35.71.149.13:30101 | Main sproto game server (AWS) |
| Match Maker 1 | specproxy16_match_maker_4_1778441937_3 | Battle matchmaking proxy |
| Match Maker 2 | specproxy20_match_maker_4_1778442615_3 | Battle matchmaking proxy |
| Content Moderation | m-intl-frontgate.ilivedata.com:13325 | Chat content filtering (iLiveData) |
| Content Moderation | m-intl-frontgate.ilivedata.com:13321 | Chat content filtering (iLiveData) |
157.240.5.12:443 | Facebook SDK (TLS) | |
34.128.136.177:443 | Google Services (TLS) | |
| Adjust | 197.230.210.16-17:443 | Adjust Analytics (TLS) |
| Tencent | 170.106.34.73:443 | Tencent Services (TLS) |
The game uses iLiveData content moderation service for chat filtering. The connection includes an authentication key:
Service: m-intl-frontgate.ilivedata.com Port 1: 13325 (primary) Port 2: 13321 (secondary) Auth Key (hex): 17B72EA2BE099B521E3E18B5797CE8D71B2952347A38B75EEAEF1925C4CD3FB20F2A162E7444BD3FB01ADA0E
Player avatars are served from a CDN with date-based paths:
| URL Pattern | Notes |
|---|---|
2026/06/01/wl9Y9z_1780329465.png | Player avatar |
2026/05/09/Xqwvm5_1778332770.png | Alliance notice image |
2026/05/22/JK7yJD_1779477177.png | Alliance notice image |
2026/05/31/zQlpQ2_1780212545.png | Alliance notice image |
2026/03/29/7w42E8_1774795211.png | Alliance notice image |
Format: YYYY/MM/DD/{random}_{unix_timestamp}.png
| Finding | Value |
|---|---|
| Web Signing Secret | UxXkyv4g9nmvK8gP (MD5 web sign) |
| Gift Code Salt | tB87#kPtkxqOS2 |
| AES-192 Key | Jm93LUl9xqWd/1Ar+7QXeApCZw== (base64) |
| Web API Base | https://wos-giftcode.centurygame.com |
| FPCS Gateway | wss://fpsc*.centurygame.com |
| sproto Messages | 209 total (77 NOTIFY + 132 REQ) |
| Test Player | ID 250893802 → "FADL2", State 2007, Furnace Lv31 |
| APK Version | v1.31.20 (XAPK, 1008MB) |
Severity: HIGH — All game data transmitted in plaintext over raw TCP. No TLS, no application-level encryption. Any network observer can capture and decode:
White Out Survival sproto Protocol Analysis Report | June 2026