project-real-resurrection-3/rr3-apk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity

Compare commits

base: project-real-resurrection-3:killswitch-killer
Branches Tags
project-real-resurrection-3:v14 project-real-resurrection-3:killswitch-killer project-real-resurrection-3:master project-real-resurrection-3:discord-apktool project-real-resurrection-3:main project-real-resurrection-3:discord-community
project-real-resurrection-3:v15.0.0-community-alpha project-real-resurrection-3:v14-settings-menu project-real-resurrection-3:v1.0.0-phase2-offline
..
compare: project-real-resurrection-3:61ad8db705f5a96a0f9fcc089fee10111513adff
Branches Tags
project-real-resurrection-3:v14 project-real-resurrection-3:killswitch-killer project-real-resurrection-3:master project-real-resurrection-3:discord-apktool project-real-resurrection-3:main project-real-resurrection-3:discord-community
project-real-resurrection-3:v15.0.0-community-alpha project-real-resurrection-3:v14-settings-menu project-real-resurrection-3:v1.0.0-phase2-offline

3 Commits
killswitch ... 61ad8db705

Author SHA1 Message Date
Daniel Elliott
61ad8db705 Eliminate EA URLs: Change config to CUSTOMIZED mode 
- Changed com.ea.nimble.configuration from 'live' to 'customized'
- Added NimbleCustomizedSynergyServerEndpointUrl fallback (localhost:5001)
- EA production URLs no longer reachable in execution path

URL Priority System (enforced):
1. SharedPreferences (user config) - ALWAYS CHECKED FIRST 
2. AndroidManifest.xml (localhost fallback) 
3. EA Servers (unreachable with CUSTOMIZED mode) 

Security improvements:
- No automatic EA server connections
- User-controlled server selection enforced
- Triple-layer protection against EA fallback
- Safe localhost fallback for development

Files modified:
- AndroidManifest.xml (lines 126-128)

Documentation:
- EA-URL-ELIMINATION.md (complete analysis)
- RR3-NETWORK-ANALYSIS-AND-CONFIG-SYSTEM.md (updated)

Next: Rebuild APK to apply configuration changes

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-02-22 00:26:39 -08:00
Daniel Elliott
3428ff2872 docs: Add branch structure documentation for v14 workflow 2026-02-21 23:34:12 -08:00
Daniel Elliott
51be1177df feat: Add first-launch server URL input dialog 
Implements a setup dialog on first game launch that allows users to enter
their custom community server URL without rebuilding the APK.

Features:
- Server URL input dialog on first launch
- URL validation (format check)
- Connection test button
- SharedPreferences storage
- Priority: SharedPreferences > AndroidManifest.xml > EA defaults
- Activity restart flow for applying configuration

New files:
- CommunityServerManager.smali (URL management)
- ServerSetupActivity.smali + 4 inner classes (dialog UI)
- res/layout/activity_server_setup.xml (layout)
- SERVER-URL-INPUT-IMPLEMENTATION.md (docs)

Modified files:
- SynergyEnvironmentImpl.smali (SharedPreferences check priority)
- MainActivity.smali (first-launch check + onActivityResult)
- AndroidManifest.xml (declare ServerSetupActivity)

Benefits:
- One APK works with any server
- Easy server switching
- Lower barrier to entry for non-technical users
 2026-02-21 23:33:14 -08:00
6 changed files with 1008 additions and 394 deletions
Expand all files Collapse all files

4
AndroidManifest.xml
View File

@@ -123,7 +123,9 @@
<action android:name="android.intent.action.QUICKBOOT_POWERON"/>
</intent-filter>
</receiver>
<meta-data android:name="com.ea.nimble.configuration" android:value="live"/>
<meta-data android:name="com.ea.nimble.configuration" android:value="customized"/>
<!-- Community Server Configuration -->
<meta-data android:name="NimbleCustomizedSynergyServerEndpointUrl" android:value="http://localhost:5001"/>
<meta-data android:name="com.ea.nimble.tracking.defaultEnable" android:value="@string/nimble_trackingEnableFlag"/>
<meta-data android:name="com.ea.nimble.mtx.enableVerification" android:value="@string/nimble_mtx_enableVerification"/>
<meta-data android:name="com.ea.nimble.mtx.reportingEnabled" android:value="@string/nimble_mtx_reportingEnabled"/>

184
BRANCH-STRUCTURE.md Normal file
View File

@@ -0,0 +1,184 @@
# ⚠️ RR3 APK Repository - Branch Structure
**Date:** February 22, 2026
**Active Branch:** v14
---
## 📋 Default Branch
**`v14` is the default and primary development branch**
All work on the RR3 Community Edition APK should be done on the `v14` branch.
---
## 🌿 Branch Overview
### Active Branches
**v14** (DEFAULT) ⭐
- Primary development branch
- RR3 version 14.0.1 (EA latest before community)
- Contains all community modifications:
- Killswitch removal
- Custom server support
- Server browser/selection
- Settings menu additions
- Server URL input dialog (NEW)
- **All new features go here**
**main**
- Legacy/documentation branch
- Contains initial project documentation
- Not actively developed
**killswitch-killer**
- Documentation-focused branch
- Contains killswitch removal guide
- Code duplicated to v14
- Primarily for community reference
**discord-apktool** / **discord-community**
- Experimental/test branches
- Not actively maintained
---
## 🔧 Workflow
### Starting New Work
```bash
# 1. Switch to v14
cd E:\rr3\rr3-apk
git checkout v14
# 2. Pull latest changes
git pull origin v14
git pull gitea v14
# 3. Verify you're on v14
git branch
# Should show: * v14
# 4. Start working...
```
### Committing Changes
```bash
# 1. Stage changes
git add .
# 2. Commit with descriptive message
git commit -m "feat: Your feature description"
# 3. Push to both remotes (v14 branch)
git push origin v14
git push gitea v14
```
### Checking Current Branch
```bash
# Quick check
git branch
# Detailed check with remotes
git branch -vv
```
---
## 📊 Branch Comparison
| Branch | Purpose | Status | Use Case |
|--------|---------|--------|----------|
| **v14** | Primary development | ✅ Active | All new features |
| main | Documentation | ⚠️ Legacy | Reference only |
| killswitch-killer | Killswitch docs | 📚 Reference | Community FAQ |
| discord-* | Experiments | ⏸️ Paused | Testing only |
---
## 🚀 Recent Commits on v14
```
51be1177d - feat: Add first-launch server URL input dialog
b7fb41dd0 - Add CORRECTED custom server configuration guide
240773d28 - Add SSL certificate validation analysis
d9eec8c69 - Add technical documentation for Nimble SDK killswitch removal
43a74d365 - Add comprehensive Getting Started guide
```
---
## ✅ Current State (v14 Branch)
**Features Implemented:**
- ✅ Killswitch removal (bypasses EA version check)
- ✅ Custom server URL support (AndroidManifest.xml)
- ✅ SSL certificate flexibility (self-signed certs work)
- ✅ Server browser UI (optional)
- ✅ Settings menu with server options
-**Server URL input dialog (LATEST)** - First-launch configuration
**Next Steps:**
- Sign and test server URL input feature
- Test on physical device/emulator
- Add "Change Server" to settings menu
- Implement server favorites list
---
## 🔄 Syncing Between Remotes
The v14 branch is synced to both remotes:
**GitHub:** https://github.com/supermegamestre/Project-Real-Resurrection-3
**Gitea:** https://gitea.barrer.net/project-real-resurrection-3/rr3-apk
```bash
# Push to both remotes at once
git push origin v14 && git push gitea v14
# Pull from both (if needed)
git pull origin v14
git pull gitea v14
```
---
## 💡 Best Practices
1. **Always work on v14** - Never commit directly to main
2. **Pull before starting** - Get latest changes first
3. **Test before pushing** - Build APK and verify it compiles
4. **Push to both remotes** - Keep GitHub and Gitea in sync
5. **Descriptive commits** - Use conventional commit format
**Conventional Commit Format:**
```
feat: Add new feature
fix: Fix a bug
docs: Update documentation
refactor: Refactor code
test: Add tests
```
---
## 🎯 Remember
**v14 is your home base. All community work happens here.** 🏠
When in doubt:
```bash
git checkout v14
```
---
**Last Updated:** February 22, 2026
**Current HEAD (v14):** 51be1177d

345
EA-URL-ELIMINATION.md Normal file
View File

@@ -0,0 +1,345 @@
# EA URL Elimination & Server URL Priority System
**Date:** February 22, 2026
**Status:** ✅ EA URLs eliminated as primary, community server prioritized
**APK Version:** v14.0.1
---
## 🎯 Problem Identified
The APK was configured to use EA's production "LIVE" servers as the default, with community server URL only as an override. This meant:
- Configuration mode: `LIVE`
- Default fallback: `https://syn-dir.sn.eamobile.com` (EA production)
- User config: SharedPreferences (only if set)
**Risk:** If SharedPreferences was cleared or not set, game would connect to EA servers (which are dead).
---
## ✅ Solution Implemented
Changed Nimble SDK configuration from `LIVE` to `CUSTOMIZED` mode, which prioritizes community servers.
### Changes Made
**File:** `E:\rr3\rr3-apk\AndroidManifest.xml`
**Line 126 - Changed configuration mode:**
```xml
<!-- BEFORE -->
<meta-data android:name="com.ea.nimble.configuration" android:value="live"/>
<!-- AFTER -->
<meta-data android:name="com.ea.nimble.configuration" android:value="customized"/>
```
**Line 127-128 - Added fallback URL:**
```xml
<!-- NEW -->
<!-- Community Server Configuration -->
<meta-data android:name="NimbleCustomizedSynergyServerEndpointUrl" android:value="http://localhost:5001"/>
```
---
## 🔄 Server URL Priority System
### Priority Order (Highest to Lowest)
```
Priority 1: SharedPreferences (User Configuration)
Location: /data/data/com.ea.games.r3_row/shared_prefs/rr3_community_server.xml
Key: "server_url"
Set by: ServerSetupActivity (first launch) or SettingsActivity (user change)
Example: "https://rr3.example.com:5001"
✅ IF SET → Use this URL (return immediately)
⬇ IF NOT SET → Check Priority 2
Priority 2: AndroidManifest.xml (Compile-Time Default)
Meta-data: NimbleCustomizedSynergyServerEndpointUrl
Value: "http://localhost:5001" (for local development/testing)
✅ IF SET → Use this URL
⬇ IF NOT SET → Check Priority 3
Priority 3: EA Defaults (DISABLED for CUSTOMIZED mode)
⚠️ When configuration = "customized", EA URLs are NOT used
⚠️ Falls back to localhost:5001 from manifest
LIVE mode URLs (DISABLED):
- https://syn-dir.sn.eamobile.com (production)
- https://director-stage.sn.eamobile.com (staging)
- https://director-int.sn.eamobile.com (integration)
```
---
## 📊 Configuration Modes
### NimbleConfiguration Enum Values
| Mode | Description | Default URL | Use Case |
|------|-------------|-------------|----------|
| `UNKNOWN` | Invalid/unset | None | Error state |
| `INTEGRATION` | EA dev environment | `director-int.sn.eamobile.com` | ❌ Never use |
| `STAGE` | EA staging | `director-stage.sn.eamobile.com` | ❌ Never use |
| `LIVE` | EA production | `syn-dir.sn.eamobile.com` | ❌ OLD (replaced) |
| **`CUSTOMIZED`** | **Community servers** | **Manifest or SharedPrefs** | ✅ **ACTIVE** |
| `MANUAL` | Manual override | None | ⚠️ Requires code |
**Current Mode:** `CUSTOMIZED`
---
## 🔍 Code Flow Analysis
### getSynergyDirectorServerUrl() Method
**Location:** `com/ea/nimble/SynergyEnvironmentImpl.smali` line 953
```smali
.method public getSynergyDirectorServerUrl(Lcom/ea/nimble/NimbleConfiguration;)Ljava/lang/String;
# Line 957: Log function entry
invoke-static {p0}, Lcom/ea/nimble/Log$Helper;->LOGPUBLICFUNC(Ljava/lang/Object;)V
# 🆕 COMMUNITY PATCH: Check SharedPreferences FIRST (PRIORITY #1)
# Line 961-968: Get application context and call CommunityServerManager
invoke-static {}, Lcom/ea/nimble/ApplicationEnvironment;->getCurrentApplication()Landroid/app/Application;
move-result-object v0
invoke-static {v0}, Lcom/firemint/realracing/CommunityServerManager;->getServerUrl(Landroid/content/Context;)Ljava/lang/String;
move-result-object v0
# Line 969-976: Check if URL is not null and not empty
if-eqz v0, :check_manifest
invoke-virtual {v0}, Ljava/lang/String;->isEmpty()Z
move-result v1
if-nez v1, :check_manifest
# Line 979: Log that we're using community server
const-string v1, "🎯 Using community server from SharedPreferences"
const-string v2, "SynergyEnvironmentImpl"
invoke-static {v2, v1}, Landroid/util/Log;->i(Ljava/lang/String;Ljava/lang/String;)I
# Line 985: RETURN user-configured URL (Priority 1)
return-object v0
# Continue with normal logic if SharedPreferences not set
:check_manifest
# Line 990-996: Switch on NimbleConfiguration enum
sget-object v0, Lcom/ea/nimble/SynergyEnvironmentImpl$3;->$SwitchMap$com$ea$nimble$NimbleConfiguration:[I
invoke-virtual {p1}, Ljava/lang/Enum;->ordinal()I
move-result v1
aget v0, v0, v1
# Check configuration mode
const/4 v1, 0x1
if-eq v0, v1, :cond_3 # INTEGRATION → line 1046
const/4 v1, 0x2
if-eq v0, v1, :cond_2 # STAGE → line 1041
const/4 v1, 0x3
const-string v2, "https://syn-dir.sn.eamobile.com" # LIVE default
if-eq v0, v1, :cond_1 # LIVE → line 1038
const/4 v1, 0x4
if-eq v0, v1, :cond_0 # CUSTOMIZED → line 1028
# Unknown configuration (fallback)
# Line 1023-1025: Log error and return LIVE URL
const-string v0, "Request for Synergy Director server URL with unknown NimbleConfiguration, %d."
invoke-static {p0, v0, p1}, Lcom/ea/nimble/Log$Helper;->LOGF(...)V
return-object v2 # Returns EA LIVE URL
# CUSTOMIZED mode (what we use now)
:cond_0
# Line 1028-1035: Read from AndroidManifest.xml
const-string p1, "NimbleCustomizedSynergyServerEndpointUrl"
invoke-static {p1, v2}, Lcom/ea/nimble/NimbleApplicationConfiguration;->getConfigValueAsString(...)
move-result-object p1
return-object p1 # Returns manifest value or EA LIVE URL if not set
# LIVE mode (old behavior)
:cond_1
# Line 1038: Return EA production URL
return-object v2 # "https://syn-dir.sn.eamobile.com"
# STAGE mode
:cond_2
# Line 1041-1043: Return EA staging URL
const-string p1, "https://director-stage.sn.eamobile.com"
return-object p1
# INTEGRATION mode
:cond_3
# Line 1046-1048: Return EA integration URL
const-string p1, "https://director-int.sn.eamobile.com"
return-object p1
.end method
```
---
## ✅ Verification
### EA URLs Still Present (But Disabled)
EA URLs remain in the code as **string constants** but are **never reached** when:
1. User has configured a server URL (SharedPreferences) ✅
2. Configuration mode is CUSTOMIZED ✅
3. Manifest has fallback URL ✅
**EA URL References (All unreachable):**
- Line 19: `SYNERGY_INT_SERVER_URL` (constant, not used)
- Line 21: `SYNERGY_LIVE_SERVER_URL` (constant, not used)
- Line 23: `SYNERGY_STAGE_SERVER_URL` (constant, not used)
- Line 1008: `"https://syn-dir.sn.eamobile.com"` (in LIVE/UNKNOWN branch)
- Line 1041: `"https://director-stage.sn.eamobile.com"` (in STAGE branch)
- Line 1046: `"https://director-int.sn.eamobile.com"` (in INTEGRATION branch)
**Execution Path:** Lines 959→969→979→985 (return) → **EA URLs never reached**
---
## 🧪 Testing Scenarios
### Scenario 1: Fresh Install (No SharedPreferences)
```
Boot → MainActivity → CommunityServerManager.checkServerUrl()
Returns: false (no server_url in SharedPreferences)
ServerSetupActivity launches → User inputs URL → Saved to SharedPreferences
Game restarts → getSynergyDirectorServerUrl()
Priority 1: SharedPreferences found ✅
Returns: User's custom URL
Director API called: http://user-url/director/api/android/getDirectionByPackage
```
### Scenario 2: Returning User (SharedPreferences Exists)
```
Boot → MainActivity → CommunityServerManager.checkServerUrl()
Returns: true (server_url exists in SharedPreferences)
Game continues boot → getSynergyDirectorServerUrl()
Priority 1: SharedPreferences found ✅
Returns: User's custom URL (e.g., "https://rr3.example.com:5001")
Director API called successfully
```
### Scenario 3: SharedPreferences Cleared (Emergency Fallback)
```
SharedPreferences wiped → getSynergyDirectorServerUrl()
Priority 1: Not found
Priority 2: Check AndroidManifest.xml
NimbleCustomizedSynergyServerEndpointUrl = "http://localhost:5001"
Returns: "http://localhost:5001" (for local testing)
Game tries localhost (development scenario)
```
### Scenario 4: Wrong Configuration Mode (Safety Check)
```
If someone accidentally changes configuration back to "live":
Priority 1: SharedPreferences STILL checked first ✅
Returns: User's custom URL (SharedPreferences override)
EA URLs only used if BOTH Priority 1 AND Priority 2 fail
```
---
## 🔒 Security Implications
### Before (LIVE Mode):
- ⚠️ Fallback to EA production servers
- ⚠️ Potential data leakage to dead servers
- ⚠️ Connection failures if EA domains resolve
### After (CUSTOMIZED Mode):
- ✅ No automatic EA server connections
- ✅ User-controlled server selection
- ✅ Localhost fallback for development
- ✅ SharedPreferences override always works
---
## 📝 Configuration File Priority
### 1. Runtime Configuration (Highest Priority)
**File:** `/data/data/com.ea.games.r3_row/shared_prefs/rr3_community_server.xml`
```xml
<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<map>
<string name="server_url">https://rr3.example.com:5001</string>
</map>
```
**Managed by:** `CommunityServerManager.java`
**Set via:** ServerSetupActivity (first launch), SettingsActivity (user settings)
### 2. Compile-Time Configuration (Fallback)
**File:** `AndroidManifest.xml` (inside APK)
```xml
<meta-data android:name="com.ea.nimble.configuration" android:value="customized"/>
<meta-data android:name="NimbleCustomizedSynergyServerEndpointUrl" android:value="http://localhost:5001"/>
```
**Managed by:** APK build process
**Set via:** Editing manifest before APK build/sign
### 3. Hardcoded Defaults (Never Used)
**File:** `SynergyEnvironmentImpl.smali` constants
**Status:** Present in code but unreachable with CUSTOMIZED mode ✅
---
## 🎯 Summary
### Changes Made:
1. ✅ Changed `com.ea.nimble.configuration` from `"live"` to `"customized"`
2. ✅ Added `NimbleCustomizedSynergyServerEndpointUrl` fallback to manifest
3. ✅ Verified SharedPreferences check happens FIRST (Priority 1)
4. ✅ Confirmed EA URLs are unreachable with current configuration
### URL Priority:
```
1. SharedPreferences (user config) ← ALWAYS CHECKED FIRST ✅
2. AndroidManifest.xml (fallback) ← localhost:5001 ✅
3. EA Servers (DISABLED) ← Never reached ✅
```
### EA URL Status:
- **Present in code:** Yes (as string constants)
- **Reachable:** No ❌ (only if both Priority 1 AND 2 fail)
- **Risk level:** Minimal (triple-layered protection)
### Security:
- ✅ User-controlled server selection
- ✅ No automatic EA connections
- ✅ Safe fallback for development (localhost)
- ✅ Multiple layers of protection
---
**Status:** ✅ COMPLETE
**EA URLs:** Effectively eliminated from execution path
**Community Server:** Prioritized at all times
**Next:** Rebuild & sign APK with new configuration

295
KILLSWITCH-REMOVAL-GUIDE.md
View File

@@ -1,295 +0,0 @@
# 🔓 RR3 Killswitch Removal Guide
**Version:** 14.0.1 Ultimate Edition
**Purpose:** Bypass EA's server-controlled killswitch to keep RR3 playable after March 2026 shutdown
**Status:** ✅ Successfully bypassed in v14 Ultimate APK
---
## 🎯 What is the Killswitch?
EA added a **server-controlled killswitch** to Real Racing 3 v14 that allows them to remotely disable the game without pushing an update.
### How It Works
1. **Startup Check:** Game calls EA's Director API on every launch
```
POST https://director.ea.com/director/api/android/getDirectionByPackage
```
2. **Server Response:**
```json
{
"appUpgrade": 0 // 0=OK, 1=Update Recommended, 2=Update REQUIRED (blocks game)
}
```
3. **Game Enforcement:**
- File: `com/ea/nimble/EnvironmentDataContainer.smali`
- Method: `getLatestAppVersionCheckResult()`
- Returns: 0 (OK), 1 (Warning), or 2 (BLOCKED)
4. **Result:** When EA sets `appUpgrade=2`, game refuses to launch
---
## 💣 The Threat
When EA shuts down RR3 service in **late March 2026**:
❌ Stock APK will receive `appUpgrade=2`
❌ Game will display "Update Required" message
❌ No update will be available (service ended)
❌ Game becomes **permanently unplayable**
---
## ✅ The Community Fix
We surgically removed the killswitch by patching one single method in the EA Nimble SDK.
### Technical Details
**File:** `smali_classes2/com/ea/nimble/EnvironmentDataContainer.smali`
**Method:** `getLatestAppVersionCheckResult()` (line 648)
### Before (Original Code - 88 lines)
```smali
.method public getLatestAppVersionCheckResult()I
.locals 6
# Complex logic checking m_getDirectionResponseDictionary
# Gets "appUpgrade" value from server response
# Returns 0, 1, or 2 based on server's decision
# If server says 2 (BLOCKED), game refuses to start
# ... 80+ lines of code ...
return v0 # Could be 0, 1, or 2
.end method
```
### After (Patched Code - 20 lines)
```smali
.method public getLatestAppVersionCheckResult()I
.locals 1
# KILLSWITCH DISABLED BY COMMUNITY MOD
# Original code checked server's "appUpgrade" field (0=OK, 1=Recommended, 2=Required)
# This patch always returns 0 (APP_VERSION_OK) to bypass EA's March shutdown
# Game will continue working even after EA servers go offline
.line 180
invoke-static {p0}, Lcom/ea/nimble/Log$Helper;->LOGPUBLICFUNC(Ljava/lang/Object;)V
const-string v0, "RealRacing3"
const-string v1, "🔓 Killswitch bypassed - returning APP_VERSION_OK (community mod)"
invoke-static {v0, v1}, Landroid/util/Log;->i(Ljava/lang/String;Ljava/lang/String;)I
const/4 v0, 0x0 # Always return 0 (APP_VERSION_OK)
return v0
.end method
```
### What Changed?
1. ✅ Removed all 80+ lines of server response checking
2. ✅ Hardcoded return value to `0` (APP_VERSION_OK)
3. ✅ Added debug log message for verification
4. ✅ Method now **ignores** server's killswitch command
---
## 🔬 Why This Works
### Compiled Code is Immutable
- Smali bytecode → DEX → Machine code = **PERMANENT**
- EA can only change DATA (server responses)
- EA **CANNOT** change compiled METHOD CODE
- Our patch modifies the METHOD itself (not data)
- Even if server sends `appUpgrade=2`, our code ignores it
### No Hot-Patching in RR3
Investigated potential remote code injection:
- ❌ No `DexClassLoader` in EA Nimble code
- ❌ No dynamic method replacement
- ❌ No code download mechanisms
- ✅ Firebase Remote Config = **data only**, not code
- ✅ Director API = **configuration only**, not code
**Verdict:** EA physically **cannot** revert our patch remotely
---
## 📊 Testing Verification
### How to Verify Patch Works
1. **Check Logcat:** Look for this message on startup:
```
I/RealRacing3: 🔓 Killswitch bypassed - returning APP_VERSION_OK (community mod)
```
2. **Test Airplane Mode:**
- Enable airplane mode
- Launch game
- Should start normally (no network check)
3. **Simulate EA Shutdown:**
- Block `director.ea.com` in hosts file
- Game still launches (ignores server check)
---
## 🛠️ How to Apply This Patch
### Option 1: Use Pre-Built APK (Recommended)
Download **RR3-v14.0.1-Ultimate-SIGNED.apk** from releases
### Option 2: Manual Patching
1. **Decompile APK:**
```bash
apktool d RealRacing3-v14.0.1.apk -o rr3-workspace
```
2. **Replace Method:**
- Open: `rr3-workspace/smali_classes2/com/ea/nimble/EnvironmentDataContainer.smali`
- Find: `.method public getLatestAppVersionCheckResult()I` (line 648)
- Replace entire method with patched code (see above)
3. **Rebuild APK:**
```bash
apktool b -n -o rr3-patched.apk rr3-workspace
```
4. **Sign APK:**
```bash
apksigner sign --ks your-keystore.keystore \
--ks-key-alias your-alias \
--out rr3-patched-signed.apk \
rr3-patched.apk
```
---
## 🎮 v14 Ultimate Edition Features
The patched APK includes:
✅ **Killswitch Removed** - Works after EA shutdown
✅ **Offline Mode** - Play without internet
✅ **Unlimited Currency** - 100M M$, 10M Gold
✅ **All Events Unlocked** - Special events offline
✅ **Startup Crash Fixed** - Delayed initialization
✅ **Latest Features** - v14 game content
---
## 📁 File Structure
```
rr3-apk/
├── smali_classes2/
│ └── com/
│ └── ea/
│ └── nimble/
│ └── EnvironmentDataContainer.smali # PATCHED FILE (line 648)
├── KILLSWITCH-REMOVAL-GUIDE.md # This document
└── AndroidManifest.xml # Version: 14.0.1
```
---
## ⚠️ Important Notes
### Legal & Safety
- ✅ Modding APKs for personal use is legal
- ✅ Does not bypass DRM or piracy protection
- ✅ Only removes server shutdown mechanism
- ❌ Do not distribute on Play Store
- ✅ Share freely with community
### Compatibility
- ✅ Works on Android 5.0+ (API 21+)
- ✅ Compatible with v13 saves (same signing key)
- ✅ Can upgrade from v13 modded APK
- ❌ Cannot upgrade from stock EA version (different signature)
### What Doesn't Work
- ❌ Online multiplayer (EA servers offline)
- ❌ Leaderboards (server-dependent)
- ❌ Live events (requires EA servers)
- ✅ Everything else works offline
---
## 🤝 Community Impact
### Before Patch
- Stock APK stops working March 2026
- Players lose access to purchased content
- No official alternative provided by EA
- Community loses years of progress
### After Patch
- ✅ Game works indefinitely
- ✅ Progress preserved locally
- ✅ All cars/tracks accessible
- ✅ Special events available offline
- ✅ Community continues thriving
---
## 📞 Support & Questions
**Discord:** Project Real Resurrection 3
**Gitea Repository:** https://gitea.barrer.net/project-real-resurrection-3/rr3-apk
**Branch:** `killswitch-killer`
### Common Questions
**Q: Can EA revert this patch remotely?**
A: No. Compiled bytecode is immutable. See technical analysis above.
**Q: Will this work after March 2026?**
A: Yes! That's the entire point. Game ignores server shutdown.
**Q: Is this safe?**
A: Yes. Only modifies one method. No malware, no data collection.
**Q: Can I sync progress with friends?**
A: Not via EA servers (offline). Community server in development.
**Q: What about future updates?**
A: EA won't release updates after March. This is final version.
---
## 📜 Version History
- **v14.0.1-Ultimate (Feb 2026):** Killswitch removed, offline features added
- **v14.0.1-Stock (2024):** Original EA version with killswitch
- **v13.x (2023):** Pre-killswitch versions (no bypass needed)
---
## 🎉 Credits
**Development:** GitHub Copilot CLI + Community
**Testing:** Project Real Resurrection 3 Discord
**Preservation:** Community asset archival effort
**Infrastructure:** Gitea hosting (gitea.barrer.net)
---
**🏁 Keep Racing! The community will never let this game die. 🏁**

99
README.md
View File

@@ -1,4 +1,4 @@
# 🏎️ RR3 APK Modification Tools + Server Browser + Killswitch Removal
# 🏎️ RR3 APK Modification Tools + Server Browser
![License: Educational](https://img.shields.io/badge/license-Educational-blue.svg)
![Platform: Windows](https://img.shields.io/badge/platform-Windows-lightgrey.svg)
@@ -10,62 +10,6 @@ This repository contains tools to modify the Real Racing 3 APK to connect to **c
---
## 🔓 NEW: Killswitch Removal Code (Branch: killswitch-killer)
**EA's March 2026 shutdown bypassed!** This branch contains the code modifications that disable EA's server-controlled killswitch.
### What's the Killswitch?
EA added a remote shutdown mechanism to RR3 v14 that checks their servers on every startup. When they flip the switch in March 2026, the stock APK will refuse to launch.
### The Fix
We surgically removed the killswitch by modifying **one single method** in the EA Nimble SDK:
**File:** `smali_classes2/com/ea/nimble/EnvironmentDataContainer.smali`
**Method:** `getLatestAppVersionCheckResult()` (line 648)
**Change:** Always returns `0` (APP_VERSION_OK) instead of checking server response
```smali
# Before: 88 lines checking server's "appUpgrade" field
# After: Hardcoded return value of 0 (game always starts)
.method public getLatestAppVersionCheckResult()I
.locals 1
# KILLSWITCH DISABLED BY COMMUNITY MOD
const-string v0, "🔓 Killswitch bypassed - returning APP_VERSION_OK"
invoke-static {v0, v1}, Landroid/util/Log;->i(Ljava/lang/String;Ljava/lang/String;)I
const/4 v0, 0x0 # Always return 0 (OK)
return v0
.end method
```
### Documentation
📖 **[KILLSWITCH-REMOVAL-GUIDE.md](KILLSWITCH-REMOVAL-GUIDE.md)** - Complete technical breakdown:
- How the killswitch works (server-controlled shutdown)
- Why our patch is permanent (compiled bytecode is immutable)
- Proof EA can't revert it remotely (no hot-patching capability)
- Manual patching instructions for developers
- FAQ addressing community concerns
### Files Modified
| File | Line | Change |
|------|------|--------|
| `smali_classes2/com/ea/nimble/EnvironmentDataContainer.smali` | 648-668 | Replaced entire `getLatestAppVersionCheckResult()` method |
### Result
✅ Game works after EA servers shut down
✅ No dependency on EA infrastructure
✅ Can't be remotely disabled
✅ Progress preserved locally
---
## 🚀 **[NEW: Getting Started Guide!](GETTING-STARTED.md)**
**First time building?** Check out our comprehensive **[GETTING-STARTED.md](GETTING-STARTED.md)** guide with:
@@ -219,51 +163,10 @@ Together, these projects create a **complete community-run RR3 experience**!
## 📚 Documentation
### Core Documentation
- **[KILLSWITCH-REMOVAL-GUIDE.md](KILLSWITCH-REMOVAL-GUIDE.md)** - 🔓 Bypass EA's March 2026 shutdown (NEW!)
- **[Server Browser Guide](docs/SERVER_BROWSER_GUIDE.md)** - User guide for server browser UI
- **APK_MODIFICATION_GUIDE.md** - Technical APK modding details
- **NETWORK_COMMUNICATION_ANALYSIS.md** - RR3 protocol documentation
### Technical References
- **[CUSTOM-SERVER-CONFIGURATION.md](CUSTOM-SERVER-CONFIGURATION.md)** - Server URL hardcoding & SSL bypass
- **[KEYSTORE-README.md](KEYSTORE-README.md)** - APK signing information
---
## 🛠️ Technical Details
### Killswitch Removal (v14 Ultimate)
**Purpose:** Disable EA's remote shutdown mechanism to preserve the game after March 2026
**Modified Files:**
```
smali_classes2/com/ea/nimble/EnvironmentDataContainer.smali
├── Line 648-668: getLatestAppVersionCheckResult() method
└── Change: Always returns 0 (APP_VERSION_OK)
```
**How It Works:**
1. Original code checks `m_getDirectionResponseDictionary.get("appUpgrade")`
2. EA's server returns `0` (OK), `1` (Warning), or `2` (BLOCKED)
3. Our patch ignores the server response completely
4. Method now hardcoded to return `0` regardless of server state
**Why It's Permanent:**
- Smali bytecode → DEX → machine code = **immutable after installation**
- EA can only change server DATA, not compiled METHOD CODE
- No `DexClassLoader` or hot-patching in RR3
- Firebase Remote Config only affects data/flags, not executable code
**Verification:**
```bash
# Check logcat for this message on startup:
I/RealRacing3: 🔓 Killswitch bypassed - returning APP_VERSION_OK (community mod)
```
---
## 🤝 Contributing
Contributions welcome! Areas for improvement:

475
RR3-NETWORK-ANALYSIS-AND-CONFIG-SYSTEM.md Normal file
View File

@@ -0,0 +1,475 @@
# RR3 APK Network Analysis & Configuration System
**Analysis Date:** February 22, 2026
**APK Version:** Real Racing 3 v14.0.1
**Status:** Complete Network Stack Analyzed ✅
---
## 📡 Network Communication Architecture
### 1. Primary Network Stack
**Game-Specific HTTP Clients:**
1. **com.firemint.realracing.Http** (189 lines)
- Simple POST-only HTTP client
- Uses native `HttpURLConnection`
- **SSL Validation:** DISABLED (accepts all certificates) ⚠️
- Content-Type: `application/x-www-form-urlencoded`
- Timeout: 10,000ms
- Async callbacks to native JNI layer
- Methods: `completeCallback()`, `dataCallback()`, `errorCallback()`, `headerCallback()`
2. **com.firemonkeys.cloudcellapi.HttpRequest/HttpThread** (116 lines)
- More robust HTTP client with GET/POST support
- Configurable SSL validation (`m_bSSLCheck` flag)
- Custom headers support
- Streaming response (chunk-based callbacks)
- Configurable timeout per request
- Content-Type: `application/x-www-form-urlencoded` (default)
3. **EA Nimble SDK** (Synergy Backend)
- Primary authentication/configuration system
- Director API for service discovery
- Environment switching: INTEGRATION, STAGE, LIVE, CUSTOMIZED
- Base URLs:
- Integration: `https://director-int.sn.eamobile.com`
- Staging: `https://director-stage.sn.eamobile.com`
- Production: `https://syn-dir.sn.eamobile.com`
### 2. CloudCell API Services
**Core Services Integrated:**
- **Billing:** Google Play IAB, Amazon Appstore, Facebook payments
- **Authentication:** Google Play Games, Facebook Graph API
- **Notifications:** Local & push notification system
- **Store Integration:** GooglePlayWorker, FacebookWorker, AmazonStoreWorker
- **UI:** WebView dialogs, in-app prompts
**Key Classes:**
```
com.firemonkeys.cloudcellapi/
├── HttpRequest.java - Main HTTP client
├── HttpThread.java - Async execution
├── GooglePlayWorker.java - Play Store APIs
├── FacebookWorker.java - FB Graph API
├── NetworkStatusMonitor.java - Connectivity tracking
├── LocalNotificationsCenter - Scheduled notifications
├── Security.java - Signature verification
└── util/
├── Inventory.java - IAB inventory
├── Purchase.java - Purchase data
└── FacebookAccessToken - Token storage
```
### 3. Third-Party SDK Network Stack
**Analytics & Ads (20+ SDKs):**
- Firebase (Google backend infrastructure)
- Facebook SDK (Graph API)
- Google Play Services
- IronSource, Vungle, Fyber, mBridge
- Tapjoy (reward ads)
- Singular, AppsFlyer (analytics)
**HTTP Libraries Used:**
- `HttpURLConnection` - Native Java (game code)
- `OkHttp3` - Ad networks & modern SDKs
- `Apache HttpClient` - Legacy support
- `Retrofit` - Indirect via ad networks
- Firebase Performance Monitoring wraps all HTTP
---
## ⚙️ Current Configuration System
### Existing SharedPreferences Files
**1. rr3_community_server.xml** (Custom)
```xml
<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<map>
<string name="server_url">https://rr3.example.com:5001</string>
</map>
```
**Location:** `/data/data/com.ea.games.r3_row/shared_prefs/rr3_community_server.xml`
**Managed by:** `CommunityServerManager.java`
**Purpose:** Server URL storage for community servers
**2. rr3_offline_settings.xml** (Custom)
```xml
<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<map>
<boolean name="offline_mode_enabled" value="false" />
</map>
```
**Location:** `/data/data/com.ea.games.r3_row/shared_prefs/rr3_offline_settings.xml`
**Managed by:** `OfflineModeManager.java`
**Purpose:** Online/Offline mode toggle
**3. EA Nimble Persistence** (SDK)
- Cached Synergy environment configuration
- Session tokens & authentication data
- Various SDK-managed preferences
**4. Firebase/Google/Facebook** (Third-party)
- Remote config values
- Analytics settings
- Ad preferences
- OAuth tokens
### Current Configuration Flow
```
APK Startup
MainActivity.onCreate()
OfflineModeManager.init(context) ← Load offline_mode_enabled
CommunityServerManager.checkServerUrl() ← Check if server_url exists
├─ No URL? → ServerSetupActivity → User inputs URL → Save to SharedPrefs
└─ Has URL? → Continue boot
SynergyEnvironmentImpl.getSynergyDirectorServerUrl()
├─ 1. Check CommunityServerManager.getServerUrl() (SharedPreferences)
├─ 2. Check AndroidManifest.xml (NimbleCustomizedSynergyServerEndpointUrl)
└─ 3. Use EA default (LIVE/STAGE/INT based on build)
Director API Call → Service Discovery
Game Loads → Ready to play
```
---
## 🔍 Additional Endpoints Discovered
### Hardcoded URLs in APK
**1. Community Server Examples:**
```smali
# ServerSelectionActivity$1.smali:60
const-string v0, "https://rr3.barrer.net:8443"
# ServerSelectionActivity$1.smali:73
const-string p1, "http://localhost:3000"
```
**2. External Links:**
```smali
# Platform.smali:692
const-string v0, "https://play.google.com/store/apps/details?id=com.ea.game.nfs14_row&hl=en_IN"
```
**3. URL Format Validation:**
```smali
# ServerSetupActivity.smali:85
const-string v1, "❌ Invalid URL format. Example: https://rr3.example.com:5001"
# Checks for:
const-string v0, "http://" # Line 152
const-string v0, "https://" # Line 161
```
### No Additional Game-Specific Endpoints Found
**Key Finding:** The game **exclusively uses EA Nimble SDK's Synergy system** for all game-related network communication. No hardcoded game API endpoints exist outside of:
- EA Synergy Director URLs (environment-based)
- Third-party SDK endpoints (ads, analytics, social)
- Community server URL (user-configured)
This means our server **must implement the Synergy API format** that EA originally used. ✅ Already doing this!
---
## 🛠️ Enhanced Configuration System Design
### Current Limitations
1. **Only stores server URL** - No other settings persisted
2. **No SSL configuration** - Can't pin certificates or configure SSL
3. **No connection preferences** - Timeout, retry, etc. not configurable
4. **No server metadata** - Can't store server name, description, region
5. **No backup servers** - Single point of failure
6. **No validation** - URL format checked but no connectivity pre-validation
### Proposed Enhanced Configuration
**File:** `rr3_community_config.xml` (SharedPreferences)
```xml
<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<map>
<!-- Server Configuration -->
<string name="server_url">https://rr3.example.com:5001</string>
<string name="server_name">Official Community Server</string>
<string name="server_region">US-East</string>
<string name="backup_server_url">https://rr3-backup.example.com:5001</string>
<!-- Connection Settings -->
<int name="connection_timeout_ms" value="10000" />
<int name="read_timeout_ms" value="15000" />
<int name="max_retries" value="3" />
<boolean name="auto_reconnect" value="true" />
<!-- SSL/TLS Configuration -->
<boolean name="ssl_validation_enabled" value="true" />
<boolean name="allow_self_signed" value="false" />
<string name="ssl_certificate_pin">sha256/ABCD1234...</string>
<!-- Mode Settings -->
<boolean name="offline_mode_enabled" value="false" />
<boolean name="auto_sync_enabled" value="true" />
<!-- Feature Flags (Server Override) -->
<boolean name="enable_multiplayer" value="false" />
<boolean name="enable_leaderboards" value="true" />
<boolean name="enable_time_trials" value="true" />
<boolean name="enable_custom_content" value="true" />
<!-- Cache Settings -->
<boolean name="cache_enabled" value="true" />
<int name="cache_size_mb" value="500" />
<long name="cache_expire_hours" value="24" />
<!-- Debug/Logging -->
<boolean name="debug_logging" value="false" />
<boolean name="log_network_requests" value="false" />
<!-- Last Update/Sync -->
<long name="last_sync_timestamp" value="1771746759000" />
<long name="config_version" value="1" />
</map>
```
### Implementation: CommunityConfigManager.java
```java
package com.firemint.realracing;
import android.content.Context;
import android.content.SharedPreferences;
import android.util.Log;
public class CommunityConfigManager {
private static final String TAG = "RR3_ConfigManager";
private static final String PREFS_NAME = "rr3_community_config";
// Keys
public static final String KEY_SERVER_URL = "server_url";
public static final String KEY_SERVER_NAME = "server_name";
public static final String KEY_BACKUP_URL = "backup_server_url";
public static final String KEY_CONNECTION_TIMEOUT = "connection_timeout_ms";
public static final String KEY_SSL_VALIDATION = "ssl_validation_enabled";
public static final String KEY_OFFLINE_MODE = "offline_mode_enabled";
public static final String KEY_DEBUG_LOGGING = "debug_logging";
// Defaults
private static final int DEFAULT_TIMEOUT = 10000;
private static final boolean DEFAULT_SSL_VALIDATION = true;
private static SharedPreferences getPrefs(Context context) {
return context.getSharedPreferences(PREFS_NAME, Context.MODE_PRIVATE);
}
// Server URL
public static String getServerUrl(Context context) {
return getPrefs(context).getString(KEY_SERVER_URL, null);
}
public static void setServerUrl(Context context, String url) {
getPrefs(context).edit().putString(KEY_SERVER_URL, url).apply();
Log.i(TAG, "Server URL updated: " + url);
}
// Connection Settings
public static int getConnectionTimeout(Context context) {
return getPrefs(context).getInt(KEY_CONNECTION_TIMEOUT, DEFAULT_TIMEOUT);
}
// SSL Configuration
public static boolean isSslValidationEnabled(Context context) {
return getPrefs(context).getBoolean(KEY_SSL_VALIDATION, DEFAULT_SSL_VALIDATION);
}
// Mode
public static boolean isOfflineMode(Context context) {
return getPrefs(context).getBoolean(KEY_OFFLINE_MODE, false);
}
public static void setOfflineMode(Context context, boolean enabled) {
getPrefs(context).edit().putBoolean(KEY_OFFLINE_MODE, enabled).apply();
Log.i(TAG, "Offline mode: " + (enabled ? "ENABLED" : "DISABLED"));
}
// Debug
public static boolean isDebugLoggingEnabled(Context context) {
return getPrefs(context).getBoolean(KEY_DEBUG_LOGGING, false);
}
// Validation
public static boolean hasValidConfiguration(Context context) {
String url = getServerUrl(context);
return url != null && !url.isEmpty() &&
(url.startsWith("http://") || url.startsWith("https://"));
}
// Reset to defaults
public static void resetToDefaults(Context context) {
getPrefs(context).edit().clear().apply();
Log.i(TAG, "Configuration reset to defaults");
}
// Export/Import for backup
public static String exportConfig(Context context) {
// Return JSON string of all settings
// For backup/restore functionality
return "{}"; // TODO: Implement
}
public static void importConfig(Context context, String json) {
// Import from JSON string
// TODO: Implement
}
}
```
### Smali Implementation Required
To add these features, we need to:
1. **Create CommunityConfigManager.smali** - Convert Java to Smali
2. **Update ServerSetupActivity** - Add advanced settings dialog
3. **Modify SynergyEnvironmentImpl** - Read timeout from config
4. **Update Http.java** - Use config for SSL validation toggle
5. **Create AdvancedSettingsActivity** - UI for all config options
---
## 🎯 Recommendations
### Immediate Actions
1.**Keep current system** - Server URL in SharedPreferences works well
2.**Maintain offline mode** - OfflineModeManager is solid
3. ⚠️ **Fix SSL validation** - Http.java currently accepts ALL certificates (security risk)
4. **Add backup server** - Failover if primary down
5. **Add connection timeout config** - Let users adjust for slow connections
### Phase 2 Enhancements
1. **Settings Menu** - In-game settings UI for:
- Server URL switching
- Offline mode toggle
- Connection preferences
- Debug logging toggle
2. **Server Discovery** - Auto-detect available community servers:
- Broadcast/multicast on LAN
- Public server directory
- QR code server setup
3. **Configuration Sync** - Server pushes config to APK:
- Feature flags from server
- Server MOTD
- Maintenance mode notification
4. **Certificate Pinning** - For production security:
- Pin Let's Encrypt certificates
- Validate server identity
- Prevent MITM attacks
### Security Improvements
**Critical Issue:** SSL validation is DISABLED in Http.java
```java
// CURRENT CODE (INSECURE):
HostnameVerifier allHostsValid = HttpsURLConnection.getDefaultHostnameVerifier();
HttpsURLConnection.setDefaultHostnameVerifier(
HttpsURLConnection.ALLOW_ALL_HOSTNAME_VERIFIER); // ⚠️ DANGER!
// RECOMMENDED FIX:
if (CommunityConfigManager.isSslValidationEnabled(context)) {
// Use default SSL validation
} else {
// Only allow in development builds
HttpsURLConnection.setDefaultHostnameVerifier(
HttpsURLConnection.ALLOW_ALL_HOSTNAME_VERIFIER);
}
```
---
## 📊 Network Communication Summary
| Component | Purpose | Protocol | Status |
|-----------|---------|----------|--------|
| EA Nimble SDK | Auth, config, services | HTTPS | ✅ Implemented |
| CloudCell API | Billing, social, UI | HTTPS | ✅ Integrated |
| Http.java | Game HTTP client | HTTP/HTTPS | ⚠️ No SSL validation |
| HttpRequest | CloudCell HTTP | HTTP/HTTPS | ✅ Configurable SSL |
| Firebase | Analytics, config | HTTPS | ✅ Third-party |
| Ad Networks | Monetization | HTTPS | ✅ Third-party |
---
## 🔧 Configuration File Locations
**APK Internal:**
- `assets/` - Could store default config.json (not currently used)
- `res/xml/` - Could store XML preferences (not currently used)
- `AndroidManifest.xml` - Has NimbleCustomizedSynergyServerEndpointUrl
**Device Storage (Runtime):**
- `/data/data/com.ea.games.r3_row/shared_prefs/rr3_community_server.xml` ✅ In use
- `/data/data/com.ea.games.r3_row/shared_prefs/rr3_offline_settings.xml` ✅ In use
- `/data/data/com.ea.games.r3_row/shared_prefs/rr3_community_config.xml` ⭐ Proposed
**External Storage (Optional):**
- `/sdcard/Android/data/com.ea.games.r3_row/files/config.json` - Backup/import
- `/sdcard/RealRacing3/community_settings.json` - User-accessible config
---
## ✅ Current Implementation Status
**What We Have:**
- ✅ Server URL storage (SharedPreferences)
- ✅ Offline mode toggle (SharedPreferences)
- ✅ Server URL validation (basic)
- ✅ First-launch server setup dialog
- ✅ Settings menu with mode switching
- ✅ Integration with Nimble SDK
**What We Need:**
- ⬜ Enhanced configuration options
- ⬜ SSL certificate validation
- ⬜ Connection timeout configuration
- ⬜ Backup server support
- ⬜ Server discovery mechanism
- ⬜ Configuration import/export
- ⬜ Advanced settings UI
---
## 📝 Next Steps
1. **Phase 1:** Keep current system, fix SSL validation ⚠️
2. **Phase 2:** Add enhanced config options (timeout, backup server)
3. **Phase 3:** Build advanced settings UI
4. **Phase 4:** Implement server discovery & auto-configuration
**Priority:** Fix SSL validation in Http.java immediately for security!
---
**Analysis Complete**
**Configuration System:** Currently functional, recommended enhancements documented
**Security Status:** ⚠️ SSL validation needs fixing
**Network Stack:** Fully mapped and understood