getGJRewards.php
Gets the rewards from the chests.
Parameters
| Parameter | Explanation | Required |
|---|---|---|
udid | The player's UDID (Unique Device Identifier). Used to identify unregistered users | Yes |
secret | Common Secret: Wmfd2893gb7 | Yes |
chk | Rewards CHK using the chest rewards key | Yes |
gameVersion | A number representing the game's version. The current value is 22 for 2.2 | |
binaryVersion | A number representing the game's small version. The current value is 47 for 2.2081 on PC and 48 for 2.208 on mobile | |
gdw | Whether the request is coming from GD World. This used to block some requests if set to 1, and used to be sent as 0 in full GD 2.1, but is no longer sent at all outside of GDW | |
accountID | The player's account ID (not to be confused with user ID). Used for authorization | |
gjp2 | The player's account password, encoded with GJP2. Used for authorization | |
uuid | In modern versions, this is sent as the user ID. See the previous format here | |
dvs | A number added in 2.208 representing the device the player is using. Corresponds to the Cocos2d CC_TARGET_PLATFORM macro: 1 for iOS, 2 for Android, 3 for Windows, 8 for macOS | |
rewardType | 0 for getting info about the chests, 1 for small chest, 2 for large chest. Defaults to 0 if left out | Yes |
r1 | A random 3-5 digit number | |
r2 | A random 3-5 digit number |
Response
A list of attributes of the Rewards, separated by colons : as follows:
- A random string of 5 characters
- User's player ID
- The number used for the
chk udid- User's account ID
- Small chest time remaining
- Small chest's rewards in a comma separated list
- Orbs
- Diamonds
- Item 1 (1 is Fire, 2 is Ice, 3 is Poison, 4 is Shadow, 5 is Lava, 6 is Demon Key, 10 is Earth, 11 is Blood, 12 is Metal, 13 is Light and 14 is Soul)
- Item 2
- Amount of small chests claimed
- Large chest time remaining
- Large chest's rewards in a comma separated list
- Amount of large chests claimed
rewardType
This list is then XOR'd and URL-Safe Base64 encoded. Then it is separated with its hash by a pipe |. It also has a random string of 5 characters appended to the front.
Example
Python
py
import requests
data = {
"accountID": 173831, # DevExit's account ID
"gjp2": "********", # This would be DevExit's password encoded with GJP2 encryption
"udid": "605BE9FD-300E-49EA-A45C-B272EE64D3E0",
"secret": "Wmfd2893gb7",
"chk": f"{''.join(random.choice('1234567890qwertyuiopaqsdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM') for i in range(5))}{base64.b64encode(xor_cipher(str(random.randint(10000, 1000000)), '59182').encode()).decode()}",
"rewardType": 1
}
req = requests.post("https://www.boomlings.com/database/getGJRewards.php", data=data)
print(req.text)
decoded_text = xor_cipher(base64.urlsafe_b64decode(response_text.split("|")[0][5:].encode()).decode(), '59182')
print(decoded_text)Response
py
DA96FcVVmQnEPCggLBwMOAwIGDAAGDgsPcBFbU1sZQU1GFXtiGFpQS1QCAwIKCQsDDwsHDAQPDQEUAxkJHQgIBA4DDAgCDQcMAg8LAQgeAxUFFAIPDAILCAQ=|3f5f0ad92a601380e7eea113c223be94ff75304d
DlWzC:3935672:499769:I can put BS here:173831:2646:40,1,0,0:1724:74640:200,6,4,0:533:1