TL;DR
Workers IO connected Claude Code to a rooted Android phone with three tools (UI Automator, mitmproxy, Frida). The AI agent autonomously hacked Subway Surfers — going from 10,000 coins to 2,050,000 in two game sessions. The most interesting part wasn't the hack itself, but the agent's ability to pivot strategy mid-session.
The Setup
Three tools via ADB on a rooted Android:
UI Automator → Screen reading (XML dumps)
mitmproxy → Network traffic interception
Frida → Runtime hooking (JavaScript injection)
The agent ran a continuous loop: observe → act → intercept → decide → repeat.
The Strategy Pivot
Here's what makes this actually interesting.
Claude Code started with network interception — standard first move for mobile pentesting. But Subway Surfers is a Unity game. Gameplay is entirely client-side.
The agent noticed zero game-relevant traffic and made a decision:
"Network proxy is meaningless. Switch to IL2CPP binary analysis."
That's adaptive reasoning. Same thing a human pentester does when their initial approach hits a dead end.
The Technical Path
APK Analysis
base.apk → 209MB
split_config.arm64_v8a.apk → 32MB (native libs)
global-metadata.dat → 15MB (IL2CPP metadata)
libil2cpp.so → 79MB (compiled game binary)
The global-metadata.dat file is the goldmine for IL2CPP games. It contains original C# class names, method names, and field offsets — all in plaintext. This is a structural weakness of Unity IL2CPP builds.
Key Classes Discovered
WalletModel // Currency management
RunSessionData.AddCoins // Coin collection during runs
SafeInt // Anti-cheat wrapper
CurrencyType // Enum: Coins=1, Keys=2, Hoverboards=3
SafeInt Anti-Cheat
actual_value = _value - _offset // XOR-based obfuscation
Effective against memory scanners (GameGuardian etc.). Completely useless against Frida's function-level hooks.
The Exploit: Double Amplification
// Pseudocode of what the agent wrote
Interceptor.attach(AddCoins, {
onEnter: (args) => { args[1] *= 100; } // 100x at collection
});
Interceptor.attach(AddCurrency, {
onEnter: (args) => { args[1] *= 100; } // 100x at wallet save
});
Result:
| Event | Coins |
|---|---|
| Start | 10,000 |
| Collect 4 coins (4 × 100) | +400 |
| End-of-run bonus | +400 |
| Wallet save (400 × 100) | +40,000 |
| After 1 run | 50,000 |
| After 2 runs | 2,050,000 |
Why This Matters
Subway Surfers is single-player — no real harm. But the vulnerabilities exposed are everywhere:
- Client-side trust — No server validation on game state
- Metadata exposure — IL2CPP keeps original symbols accessible
- No runtime protection — Frida injection goes undetected
These same patterns exist in fintech apps, e-commerce checkouts, and authentication flows.
The Broader Trend
This isn't an isolated case:
- Zane St. John: Claude Code reverse-engineered Android projector malware
- Disney Infinity RE: 13-year-old game binary reversed in 24 hours
- Randy Westergren: Claude + Frida bypassed Flutter SSL pinning
- RAPTOR: Autonomous security research framework built on Claude Code
Try It
npx skills add workersio/spec
Requires rooted Android + ADB. Test only on your own devices.
Source: Workers IO Blog
What's your take — does AI-powered pentesting lower the bar for defenders or attackers?
Top comments (0)