Follow us on Twitter!
You cannot teach a man anything; you can only help him find it within himself. - Galileo
Wednesday, April 23, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 22
Guests Online: 20
Members Online: 2

Registered Members: 82885
Newest Member: ConiBE
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Author

Local Flash client editing to server-side Flash hacking


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-05-06 13:09
Hi, this is my first post here and I have questions related to editing the client side flash files for a game as a possible means of hacking/gaining an advantage on a server-side game.

I understand that when things are restricted to server-side input/output that the data is limited to what is recieved/sent. This leaves me two options: Packet editing on packets once I have reversed/NOP'ed the encryption, or [AND THIS IS MAINLY TO WHAT MY QUESTION PRETAINS] decompiling the client flash files, altering the action scripts within the "core" data file, and then recompiling the file. The reason I am not simply just trying to get around the encryption *which would ultimately be the most useful* is that I am currrently bogged down in school, and with what little free time I have *not to mention the amature decryption/ASM skills*, I could only see myself able to manage the flash attempt.

I tried decompiling and altering the core data action scripts' math to gain ingame advantages, and then recompiling them back into the original .swf format; and, with this the file did not properly load when attempting to start the game.

So, either there is a bit check/datecheck on the file done by the server that I have not accounted for *which I could easily fix with adding blank code caves/ wintime altering for the date check* or the scheme of decompiling/recompiling is just flawed in general.


[Questions...finally]

Is it possible for a functioning edited flash client to manipulate input data from the server to gain a desired outcome once it is sent to the server?

Are decompiled flash files ever able to be recompiled to their former usable state (I have had some issues with this)?

What would you do?

Thats all. Thank you Smile





Edited by on 20-05-06 13:12
Author

RE: Local Flash client editing to server-side Flash hacking


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-05-06 13:26
svensven wrote:
and with what little free time I have *not to mention the amature decryption/ASM skills*, I could only see myself able to manage the flash attempt.


So you have very little free time, yet you want to know how to hack a game? Idk...something just doesnt seem right here.


Author

RE: Local Flash client editing to server-side Flash hacking


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-05-06 13:37
I dont want to sound rude but I asked valid questions, and have made my own progress with my own skills - now I am stuck and want an outside opinion about what is wrong with my attempt thus far, and if my attempt is plausable.

The decryption part is not what I am asking for, simply if my method is possible - and if it is, what would be your next step if you were in the same place as I am.
Author

RE: Local Flash client editing to server-side Flash hacking


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-05-06 13:40
i know, srry, i'm just like...half asleep&confused which isnt a good combo for me. srry if that sounded rude.


Author

RE: Local Flash client editing to server-side Flash hacking

Mr_Cheese




Posts: 2468
Location: Brighton, UK
Joined: 30.11.04
Rank:
Uber Elite
Posted on 20-05-06 13:56
it really depends on the type of game or whatever your trying to edit.

depending on the size and populairty of whatever it is your editing, will most likely depend on how much processing is done on the server side.

yes your idea will work, but its results will vary depending on what server / game you try it on.

what you could do for isntance is.. log the heacers being sent whilst your playing. Then i.e if you scrore 60 points, log hte headers and then keep on re-sending the same header so you get increased points... again this depends on how much processing is done server side and how the program deals with requests etc. each site/game will be designed differently.

its a bit tricky to help yu any further seeing as i dont really know anything else about what your trying to edit.


http://www.hellboundhackers.org/
Author

RE: Local Flash client editing to server-side Flash hacking


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-05-06 14:31
when you say header, do you mean the pretext in a packet?


The game right now has packet encryption that adds variables to packets that match up with the server, allowing the packet through - these are not in the packets header, they are sent along with the data part of the packet.


--------

I assume there is some client manipulation of data(beside what is obvious) that is sent to the server because of the action scripts that preform calculations for the sale of items, the amount of an item gained from a skill, and the amount of hp gained at one second intervals.

This is what I am looking to change.

If it works, then I don't need to manipulate the packets to achieve the desired effect - I can just add code in the action scripts.
Author

RE: Local Flash client editing to server-side Flash hacking

Mr_Cheese




Posts: 2468
Location: Brighton, UK
Joined: 30.11.04
Rank:
Uber Elite
Posted on 20-05-06 14:40
i woudl take a guess that the items you mentioned would be stored on the server, and the client wont send any useful data in hte packets to the server.

so say you wre trying to alter the rpice of a weapon, if you clikc purchase im sure the client would send the weapon_id and then the server would calculate the price etc.

however i may be wrong.

what i would do if in your position is decompile the program and see if you can change certain values in it. bceause if the packets are encyrption as you say, then its going to be hard to manipulate it, unless ofcourse you can understand the alithogram.


http://www.hellboundhackers.org/
Author

RE: Local Flash client editing to server-side Flash hacking


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-05-06 16:25
I am gonna have a friend thats good with asm help me to either nop the algorythm sequence or reverse it somehow with another program that catches it and assigns a key value to the packet.