Sethioz Industries Forum

[MMOHUT]

[Sethioz]

in browser games are hacked differently. at least try using SEARCH before posting things that been discussed here.
viewtopic.php?f=47&t=62 < there you have plenty of examples how to hack in browser chatrooms / games and it has nothing to do with MMOs. completely different methods.

[MMOHUT]

Just needing the right direction boss. Anyways, I'm going to try this and post of whatever the result and see if I'll be needing some more help. Thank you! :D

Anyways, this was not that I've been looking for...this one is used to hack chatrooms. The one I need is a tutorial on how to sniff packets and edit it then send it back to the server and gain coins or gems just like the Cabal thread.

[MMOHUT]

Edit:

Here is the pic of my test run in WPE.



So? I've tried doing things like playing games or dancing...any help?

[Sethioz]

this looks like HTTP request packet to me. does this game run in browser ? if so .. forget WPE, use webscarab.
this kind of view doesnt make much sense, you have to copy it as text and use CODE brackets to post it. so i can paste it into file and look at the whole thing, but posting pakets wont help you much, you have to learn to do research on them on your own, since each game has different packets.

[MMOHUT]

Yes, its a web-browser online game...I used WPE because I've read a tutorial around MPGH/Others...he used WPE to capture packets in a game called "Club Penguin" it also run in a web-browser and I also find another tutorial on how to hack "Ballistick By XGenStudios" using WPE. So I thought that WPE could do something about the game that I want but it doesn't give me the result that I want. I will try WebScarab and see the result........

[Sethioz]

they're just idiots. WPE pro is mostly for games (not the ones running in browser, everything going on in browser is not game, but BROWSER) and for other apps that wont support proxy.

WebScarab is what should be used with browser not WPE pro. you are complicating things and confusing yourself.
read articles on my wiki, i have detailed tutorials there, just use search. FRONT PAGE explains how it works and list of all pages..etc

[spade]

i'd like to re-open this idea. I have tried using webscarab editing gem/coin number with no luck. Most ive been able to do is change the amount of gems and money to spend on gems from 600 gems = 20$ to 9999 gems = 0$ and to accept an invalid creditcard however while it did say it was successful the gems did not appear on my account. any idea on how to change coin or gem #?

[Sethioz]

Direct apporach almost never works on such things. you must find a way to make game think you got more.
For example if some event gives you 10 gems, then it might be possible to change the reward and make it give you 1000 gems instead of 10.
this kind of approach is what you need.

it is best to learn how game works, everything about it. i've been busy with tdu2, now when they released update and messed it all up, it took me just few hours to remap everything, because i already knew the system they use and rewriting game engine is something they will not do. So once you understand how things work, it will be easier to hack it. if packets are compressed or encrypted, then first step would be to decompress / decrypt and see what's going on.

[spade]

Uploaded pics of attempt. Gems not added. Tried editing gem offers also with no luck. I'm pretty new to this in general (hacking/ packet editing) but I understand how it works. maybe since Ourworld has its own secure server for profile management, coin/gem editing may be impossible :S

ourworldgemhack1.png

(349.43 KiB) Downloaded 136 times

ourworldgemhack2.png

(255.55 KiB) Downloaded 136 times

ourworldgemhack3.png

(295.02 KiB) Downloaded 136 times

ourworldgemhack4.png

(203.34 KiB) Downloaded 136 times

ourworldgemhack5.png

(202.96 KiB) Downloaded 136 times

ourworldgemhack6.png

(203.51 KiB) Downloaded 136 times

ourworldgemhack7.png

(150.62 KiB) Downloaded 136 times

[Sethioz]

You are trying to hack website, not game.
Such sites usually have check with paypal and it won't work. Most likely there is a package with 600 gems for certain amount of money, you only changed visuals and it won't do anything.
You have to read on website hacking not game hacking and this is wrong topic for that.

[spade]

Well i thought webscarab did more than just change the text and actually changed the value and this is a game

[Sethioz]

no you tried hacking a website.

[spade]

[yoshiloves]

wpe will not work on most browser games ourworld is run in Facebook as a app and has diferant packets tho ..you can also edit the skrips things to check out ...word to the wise do a bit research before you try to mess with any this... .swf files Charles debug and sothink sfw decompiler there are a few others but try those first so you can get in to it a bit better

[xKasidy]

Hello I sincerely apologize for re-opening this thread. I'm really interested in modifying my OurWorld skin color or duplicating certain items with Webscarab but I've been unable to do so as I'm a beginner ans I haven't found any proper tutorials which would show how to either modify skin color on flash browser based games or how to duplicate items. I would really appreciate it if you could help me out a bit as I feel I just need a certain hint to lead me in the right direction. Thank you in advance.


-Kasidy.

[Sethioz]

you people are looking into wrong place. Just because it's a "game" doesn't actually make it into a game. you're hacking a website, not a game. it's completely different thing.

browser "games" are flash based (at least most of them) and you need flash decompiler / debugger to be able to make sense of them. sending packets and other stuff is worthless. like i said, you're hacking a website, not a game.

websites have a lot higher security than game protocols. there are no tutorials, because it's impossible to make a tutorial for something like that. you'd have to learn how websites work from the scratch. you have to learn what is SQL injection, CSS (cross site scripting) ..etc.
then you need to put all that together and see if you can find a vulnerability in the website, if you find one, then exploit it.

always test by disconnect your internet and see how much of the game you can play, if it instantly gives error, then most stuff is server sided, if you can finish whatever part you're in, then most likely you can hack it with some flash debugger or memory tools and change anything within that part and changes should be recorded.

[xKasidy]

Thank you very much for your help and time, I suppose I was going in the wrong direction but now I know what to do. The reason I actually took an interest in this because I've seen many people who could do incredible things like changing their skin color, getting multiple items or NPC items or making bubbles spawn on users heads so I figured it is possible to do something in the game but as I said I'm a beginner at this and not really sure how everything works but I'm doing my best to understand and I've got the tools and already tested it by disconnecting my internet while still in game it does not give me an error and I can still walk around in the room and see my character but I can't do certain things like dancing or going to other places so I think I should be able to make some changes in the loaded area and my character.

Thank you very much for your help.


xKasidy-

[Sethioz]

Yeah that's normal, you can't do certain things because they're recorded online. When you take action, then server needs to verify and that's why you can't do it offline.
disconnecting internet / blocking with firewall is a simple and quick trick to test what parts of game are offline and what's online.

you can also use cheat engine's speedhack to test what's offline and what's online, for example in some games you can speed up the game and complete events fast, if that's possible, then it means you can basically edit the event and instant complete it.

It's hard explaining, you have to learn how games and servers work and how to use cheat engine in basic level. Most things can be changed with cheat engine, if it comes to online score hacking on browser based games, then it's not always possible to just memory edit them, sometimes you have to hack into entire website and change them in server.

[xKasidy]

I tried using Sothink Swf catcher to catch the Swf files and I used Sothink decompiler to get the files from the website then I saved them into my folder and edited them with Adobe Flash Professional c6 and I saved them again but I'm not sure how to export those files into the game so they take change. As for the cheat engine part it did not work and did not speed up nor slow down the game. Also when I tried using Sothink decompiler and when I tried opening the shell of the website as it's called it told me it was corrupted and I could not achieve much. I was thinking if perhaps I should inject it into the game via Ripe Injector but I'm not sure how to do so as I'm really bad at scripting and such. So perhaps you could guide me in the right direction Boss.






Thank you Boss.

-Kasidy