Trying to find the cause of the synchronization errors
First of all link to the original post: https://www.reddit.com/r/PlantsVSZombies/comments/10fbyvo/trying_to_find_the_cause_of_the_synchronization/?utm_source=share&utm_medium=android_app&utm_name=androidcss&utm_term=1&utm_content=share_button
---------I'll just do a copy paste cause it would be beneficial to share this on the game's official forum-----
Sorry if this was already posted I didn't take the time to read.
My game has been unable to synchronize between the 2 devices it is installed on for several days already. Before, it could sync after several tries, but like many people here, the result was often incorrect - while testing, I ended up losing about 8 million coins, about 10 thousand gems appeared out of thin air, and Penny's Pursuit perk level is like 1800+/112 on one of the devices, LOL.
So, I decided to start digging and try to figure out what exactly is happening. Man, I really wish I was talking to an engineer or a sysadmin or generally someone who knows what they are doing, LOL.
Now, the task is not easy. Like just about everything these days, the game communicates only via HTTPS-encrypted connections. Breaking the encryption on-the-fly and inspecting the contents of the communication is not impossible (at least on the older Android devices) but is far from trivial.
I won't bore you with the details, but essentially I had to set up a sniffing proxy, generate an SSL certificate for it, install that certificate on the Android device's system trusted certificate repository (requires root privileges), and re-route all communications of the game through this proxy. Things were not made easier by the fact that I had never done this before; I'm a defensive security person (blue teamer) - not an attacker/pentester.
Things were made even harder by the fact that even if captured and decrypted, the communications of the game are flooded with ad-related crap. Folks, you wouldn't believe it, but like 90% of the communications of this game is ad-related. And that happens not only when the game is showing you ads but, like, all the * time! Ads, configurations, tracking pixels, oh my!
Finally, things were made harder by the fact that I'm not really familiar with the communication protocol of the game - like, what it sends, what it expects to receive when synchronizing, etc.
Anyway. After a lot of manual filtering of ad-related crap, I ended with like 10% of the original communication session that seemed at least vaguely game-related.
After a lot of digging into that, I think I've found the culprit. The game does a POST request to https://52.45.160.214/PvZ2Web, sending what seems more or less the contents of the game save file in JSON form (i.e., not in the tokenized/compressed RTON form that the game uses). This isn't really a waste, because the communication is gzip-compressed before being HTTPS-encrypted.
This IP address corresponds to the host ec2-52-45-160-214.compute-1.amazonaws.com - i.e., some virtual machine server on Amazon AWS, as I suspected. It's possible that it is not the only one - i.e., there might be multiple servers handling the game synchronization; my game just happened to contact this one while I was monitoring the connection. Still, it's a start.
Anyway. The problem, it seems, is that this site tends to return HTTP error 504 (Gateway timeout) most of the time - so the synchronization fails.
Now, if I was talking to a sysadmin, I'd tell them to check the web server logs of that machine and see exactly what is happening - it must be some kind of configuration error. Then fix it.
Sorry I can't be more helpful than this, nor can I offer any advice to the players. This is something PopCap must figure out and fix.
P.S. I think the more generic URL for game synchronization is https://pvz2-prd.popcap.com/PvZ2Web. There is probably a load balancer there that sends the request to whichever Amazon AWS VPS it deems appropriate.
