Page 1 of 1

Re: [Help] OurWorld - Packet Editing/Packet Injection

Posted: Sun Aug 23, 2015 9:27 pm
by Sethioz
well replacing the game with your modified version, not sure, but it MUST exist in your pc somewhere, probably in /temp/ files. So look in there, but it can have any name, it can be like "fdklsafjds.fdsafsda.tmp" or whatever.
i'm not entirely sure how you'd replace it tho, cuz when it's being used in browser, then you probably can't overwrite it.

You can use ProcMon (process monitor) and find out where browser keeps the flash game file/s. Then replace them with your own and reload the page in browser and then check the temp files again to make sure browser didn't overwrite them. If browser overwrote them, then try changing settings in your browser to keep files cached for longer and not download them from site every time you refresh the page (Soft refresh = F5 and Hard refresh CTRL+F5 which always reloads everything).
If that doesn't help either, make them read only and see if browser gives any errors when reloading, if no errors, check temp files again, cuz often browsers just ignore temp files that are corrupted or read only and just make new temp files with new names.

If all that fails, you can host those modified files yourself (free hosting or whatever you have), then use Web Scarab or Paros Proxy (think this would work better) and make a filter.
so you have original.swf and you have modified.swf files, make a filter to replace original.swf with modified.swf, so now every time original.swf wants to load into your PC, then instead modified.swf will be loaded.
So you're on right website, but using your own file.

Obviously you have to make filter for incoming traffic, so when your browser gets URL that contains original.swf, then paros proxy changes it and loads modified.swf instead.

Re: [Help] OurWorld - Packet Editing/Packet Injection

Posted: Sun Sep 20, 2015 8:09 pm
by xKasidy
Thank you very much for your help. I've located those files in my temp folder and managed to modify them. However I'm still having trouble making the server believe what I want it to believe. The furthest I've gotten to was being able to modify the files and actually making them take a change in the game. Like for example I made all of the ingame music from all the servers play at the same time. But I wasn't able to get to the item part yet. It seems that the only things the server saves on my computer are the location of my character, the actual character itself and the items, friends list and current actions etc. However when I was modifying the files I've discovered in the tempt files they did not contain information based on my items there I was not able to duplicate them nor change my skin color. I also noticed that the files in ProcMon are created and then deleted shortly and there is a lot of server activity by changing and renaming and also deleting files as well as replacing. I'm not really sure what to do entirely next for I am honestly lost in this.





Thank you once again.

Re: [Help] OurWorld - Packet Editing/Packet Injection

Posted: Wed Sep 23, 2015 5:55 am
by Sethioz
Well most games have protection against stats (money, inventory ..etc). Regardless what you do, it just won't change.
For example in GTA 5, you can change the money, but it changes back because of server side check. if there is no valid transaction, then it won't pass.

In such case, there are some ways, but it's very deep stuff. In GTA 5 we used a method that we bought a car for like 10000 and then changed the sell price from like 6000 to 9000000 and then sold it and then server actually gave us the money. It no longer works in GTA 5 tho, but that's just an example how we fooled the server.
Similar method can be used in other games too.

However packet editing is useless if there's SSL involved in transactions. Also packet checksums and numbers.
Usually games use UDP (if packets are lost, then you experience lag), but some games use TCP to transmit transactions (TCP is lossless, you send a packet > server does not act unless it gets the packet > then sends the packet back > your game won't act until packet is received" using this method, you can't really inject packets in between, because server would notice that out of order packets are received. At least that's the princible.