project-real-resurrection-3/rr3-apk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity

Initial commit: RR3 APK and documentation

Browse Source 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This commit is contained in:
Daniel Elliott
2026-02-18 14:37:06 -08:00
commit 6451b45afa
26 changed files with 8206 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

193
CDN_URL_DISCOVERY.md Normal file
View File

@@ -0,0 +1,193 @@
# 🔍 CDN URL Discovery - Critical Finding
## The Problem: CDN URL Not in APK
After thorough analysis:
- ❌ CDN URL is **NOT hardcoded** in the APK
- ❌ Not in config files (checked all .json, .bin, .xml)
- ❌ Not in game binary strings
- ❌ Not in smali bytecode
## The Solution: Dynamic Discovery via Director Service
### How RR3 Actually Works:
```
1. Game starts
2. Connects to EA Director Service
GET https://prod.director-services.firemonkeys.com.au/director
3. Director returns service URLs including:
{
"synergy.account": "https://...",
"synergy.commerce": "https://...",
"synergy.content": "https://ACTUAL-CDN-URL", ← THIS!
...
}
4. Game uses synergy.content URL to download assets
```
**The CDN URL is returned dynamically by EA's Director service!**
---
## 🎯 Two Approaches to Get the URL
### Approach 1: Intercept Live Game Traffic (BEST)
**Tools Needed:**
- mitmproxy, Charles Proxy, or Fiddler
- Android device with RR3 installed
- USB debugging enabled
**Steps:**
```bash
# 1. Install mitmproxy on PC
pip install mitmproxy
# 2. Start mitmproxy
mitmweb --listen-port 8080
# 3. Configure Android device proxy to PC's IP:8080
# 4. Install mitmproxy CA certificate on device
# 5. Launch Real Racing 3
# 6. Watch for Director service request/response
# 7. Look for "synergy.content" URL in the JSON response
```
**Expected Response:**
```json
{
"synergy.account": "https://prd1.echo.ea-mct-live.com/synergy/account",
"synergy.commerce": "https://prd1.echo.ea-mct-live.com/synergy/commerce",
"synergy.content": "https://[ACTUAL-CDN]/",
"synergy.social": "https://...",
...
}
```
### Approach 2: Call EA's Director Service Directly
**Try these Director URLs:**
```bash
# Primary (from binary strings)
curl https://prod.director-services.firemonkeys.com.au/director
# Alternatives
curl https://director.firemonkeys.com.au/director
curl https://prod1.director.ea.com/director
curl https://director-services.ea.com/director
```
**Expected JSON response will contain the CDN URL!**
---
## 🧪 Quick Test Script
```powershell
# Test EA Director Services
$directorUrls = @(
"https://prod.director-services.firemonkeys.com.au/director",
"https://director.firemonkeys.com.au/director",
"https://prod1.director.ea.com/director"
)
foreach ($url in $directorUrls) {
Write-Host "Testing: $url"
try {
$headers = @{
"User-Agent" = "RealRacing3/12.6.0 (Android)"
"X-App-Version" = "12.6.0"
}
$response = Invoke-RestMethod -Uri $url -Headers $headers
if ($response.'synergy.content') {
Write-Host "✅ FOUND CDN URL: $($response.'synergy.content')" -ForegroundColor Green
$response | ConvertTo-Json
}
} catch {
Write-Host "❌ Failed: $_"
}
}
```
---
## 📝 URLs Found in APK (for reference)
From binary analysis:
- `https://media.contentapi.ea.com` - EA content API (404 for direct asset access)
- `https://prd1.echo.ea-mct-live.com` - EA Echo services (account/commerce)
- `https://prd1.gevs.glulive.com` - Glu analytics (timeout)
**None of these are the asset CDN!** They're service endpoints.
---
## 🚀 Once We Have the CDN URL
Update the downloader:
```powershell
# Edit download-assets.ps1
$EaCdnBaseUrl = "https://[CDN-FROM-DIRECTOR]"
# Run downloader
.\download-assets.ps1 -TestMode # Test first
.\download-assets.ps1 # Download critical assets
```
---
## 🎯 Action Items
### Option A: You have Android device with RR3
1. Setup mitmproxy on your PC
2. Configure device to use proxy
3. Launch RR3 and capture Director response
4. Extract `synergy.content` URL
5. Update downloader script
6. Download assets while EA servers are up!
### Option B: No device available
1. Try calling Director service directly (test script above)
2. If that fails, wait for EA shutdown
3. Use community contributions approach
4. Players with the game installed extract from their devices
### Option C: Check our community server
Since we're building a replacement Director service:
1. When a real device connects to our server
2. We can capture what Director URL they expect
3. Or we can make up our own URL structure
4. Point it at our downloaded assets
---
## 💡 Key Insight
**The APK doesn't know the CDN URL - it discovers it at runtime!**
This is actually GOOD for our community server:
- We can return OUR OWN CDN URL from our Director
- Game will happily download from our server
- We control the entire asset delivery chain!
Our DirectorController should return:
```csharp
{
"synergy.content": "https://your-community-server.com/assets/",
...
}
```
Game downloads from YOUR server, problem solved! 🎉
---
**Next Step**: Try the test script above to call EA's Director directly, or setup mitmproxy to capture from a real device.