.APK file does not contain all necessary files and files I was looking for were stored here:
/data/data/<game packageid>/files/<version of app>

But that time I didn’t know that and as result I came to conclusion that this thing is done from code. And I decided to decompile game logic. This particular game uses LUA language for most things. This is quite simple language, but it is compiled to byte code and needs to be decompiled back to source code. I immediately found this https://github.com/viruscamp/luadec and I did attempt to decompile simple file but it instantly failed. After some research and looking at simplest file I found that it has only one instruction: Return and it

So, my next step was to read real file, skip first 7 bytes and call decrypt function. To do this I wrote following code:

bool DecryptFile(const char* inputFileName, const char* outputFileName)
{
    FILE* fileHandle = fopen(inputFileName, "rb");
    if (fileHandle == nullptr)
    {
        LOGW("DH: Failed to open input file '%s'", inputFileName);
        return false;
    }
…

And to my surprise code failed on fopen. I checked errno and found that it is EACCES. It means that application does not have enough rights to read this file. I spent few hours trying to figure out where should I place my file, so my application will be able to read it. And one of the most confusing and annoying part about Android is lack of consistency. On one phone has is here, another phone will have it there and on Samsung it is always in third place. Anyway, after few hours I figured it out. I placed them at this location:
/storage/emulated/0/Android/data/com.Android2/files

You can download xxtea for your preferred language from here:

https://github.com/xxtea

Then write small program that reads encrypted file then skip first 7 bytes and call xxtea_decrypt. But when I wrote program that does this - function failed. I tried different languages thinking that there could be bug in one particular implementation but function still failing. This was my second big disappointment. For some time, I didn’t know what to do. In desperation I started looking at decrypt function and accidentally I found this:

0x96cc28fc:  movw    r1, #55894      ; 0xda56
0x96cc2900:  movw    r2, #31161      ; 0x79b9
0x96cc2904:  movt    r1, #46412      ; 0xb54c
0x96cc2908:  movt    r2, #40503      ; 0x9e37

I don’t know where I got it, but I know than name of debugger should be lldb. And after searching internet I found that I need to run some commands on Android itself. Basically, you run some application (debugger server) on Android and you run another application on your PC (client). It took me some time but finally I found that Visual Studio has some command line tool in Tools|Android menu but it turns that it just regular Windows command line tool with some predefined environment. After more searching, I realized that I have to type following to start Android command line:

adb shell

Next step would be to start application and attach debugger server to

I was playing one mobile game for some time and one day I wanted to check how something is done in this game. That day I didn’t know that my curiosity will start long adventure full of interesting discoveries. And I decided to share it as whole thing was quite interesting and surprising (at least for me).

As everybody knows applications for Android are supplied in form of single file with APK extension and it is actually zip file. And my initial thought was extract content of APK file and check it. Quick search revealed many sites that have APK file for that game. So, I downloaded it and extracted. Then was first surprise. Pretty much everything interesting was encrypted.