Hi everyone, I'm new to these forums but I've been hacking games for quite some time. I'm in no means a very advanced programmer, but I have done my share of (mainly) autoit game automations, including clientlessbots etc...

Now i'm trying to hack an android game: World of Legions. After tinkering with packets, I've figured out that this is just an html game inside an Android container. My goal is to be able to automate everything in the game, which will be pretty easy once I pass the authentication.

My approach has been to sniff packets, and then using Autoit doing HTTP requests to simulate the log in and subsequent actions. I have done things like spoofing the user agent, setting cookies etc... But of course I'm stuck at the authentication step.
I think I'm already passing most of the proper unique identifiers and whatnot. Still, after this step, I notice that the response I get using my script differs from the one with the app. The key thing is that in the app, it returns a second value for the cookie. I.e. I'm able to ge the first part of the cookie just fine in an earlier step, but at this step I don't get the updated cookie.

Some of the things I've noticed:
- there are a lot of JS calls to native functions (Android specific) wich of course don't do anything on my PC.
- they use JSON for a few things

So here are my questions:
- does anybody have some guidelines or tips and tricks to hacking such Android games?
- I know that Autoit is not the best language, would you have a better approach to suggest? For that matter I wouldn't mind learning how to properly sniff packets, modify them, and then send them directly. Would anyone have some good tutorials on how to do that?

Thanks in advance,

- Cascius