Not a member yet? Register for your free account!

Go Back   elitepvpers > General Gaming > General Gaming Discussion
You last visited: Today at 23:22

  • Please register to post and access all features, it's quick, easy and FREE!


[Tutorial] How Dofus was hacked by a french team

Closed Thread
Old   #1
elite*gold: 0
The Black Market: 0/0/0
Join Date: Mar 2006
Posts: 63
Received Thanks: 15
Ok, here are some technical details about what the french Dofus Hack Team has done.
Till the devs decided (not too early !!!&#33 to parse their logs and examine them, they patched most of what we could do.
But you'll find here some hints that can give you ideas...

I. The Tools we used

Macromedia Flash Loader
Light client to run the flash game. And no problem by pressing ALT+TAB.

WPE Pro Alpha 0.9a
Excellent Packet editor.

That's all !

II. How we hacked.

We had at min 2 accounts each. We were 3 in the team.
I'll explain what I did so that it is more simple. We were all doing it the same way.
Ok, here's the things. Most of our hacks were based on a enormous flaw that we discovered in their system. The server checked login and password then import on your client your characters. Each character has an ID, binded with your account login/pass. And that's all. This is the flaw. After that, the server didn't check if the IDs you were using were binded to your account.

You just needed to load the swf with the Flash Loader. Login and Password, then get access to your account.
Run WPE. Load the Flash Loader process. You just need recv packets.
You chose 1 of your char, then went to a place where there are many guys (maps around zaaps are great for that).
Sniff something like 10-15 packets then stop it. You'll see many IDXXXXX (XXXXXX from on average 5 to 400000). Those are characters ID.
The first packet gives you (normally) YOUR OWN connection packet with the character ID you have chosen. Keep it somewhere where you can have it at any time.

Open a new Flash Loader and log with the second account. Click on New Character. Back to WPE, load the new Flash process. Sniff.
Go back on your 2nd client, and press Cancel or Back.
You'll notice that WPE has captured some packets. This is very important because it gives you the connection socket you needed. (You'll need a different connection socket for each "clone" -I explain the clone notion ahead- you wanna have)

Copy the packet of your own connection in WPE in Send tab.
Then just replace the ID of your character with the ID of the character you want to hack.
Use the socket ID you just had.
Send it and that was all ! You were connected with his character at his last position saved.
If he was on the map, he freezed and couldn't see the clone (so undetectable by himself).

Now imagine you have a house or a mule (we had something like 50 houses and a mule with more than 400 000 pods -slots for items for those who don't know what is it).
We connected a first clone, take him to a map where we see few people (that was our "inventory savior" so that the real character won't loose all his inventory). Let's say South of Brakmar or Sufokia. Then made another clone, bring him to one of our houses, and dropped all kamas (money) and inventory in our keepers.
Another clone, made the same, another clone, etc...
Imagine the guy has only 500 000 kamas. With only 3 clones, 1 500 000 kamas !!
Then you can duplicate these 1 500 000 kamas... Connect a character from your account with your first loader, go to the house, get the whole kamas. Quit.
Reconnect. Now your character has 1 500 000 kamas. Go to the house. During this time connect 2 or 3 other clones and put them in different maps around the house. They each got 1 500 000 kamas.
You got it ?
Better : with 2 clones of your character, and your other account. Give the kamas from your first clone, disconnect, 2nd one gives the money too, disconnect. Reconnect with the first 1, get the money from your other account character, disconnect, reconnect, move to another map, connect the second clone, etc... you just had to think about the connection socket thing.
1 500 000 > 3 000 000 > 6 000 000 > 9 000 000 > 18 000 000, etc...
And that was only for kamas.
Now think about duplicating Dofus (for those who don't know they were EXTREMELY RARE)
We had TONS of Dofus : yellow, emeraud, purple, etc...
We duplicated Raziel swords, we duplicated all what we needed : rings, amulets, clothes, even the scrolls which gave ya 2 to 10 000 exp points each !! Leveling up from 1 to 100 in something like 4 minutes ...
You'll find some screenies hereunder

Yeah, I know it's patched for now. They were totally in panic. As we began, we haven't noticed the trick with an inventory savior clone. We emptyed something like 800 characters inventory in less than 35 hours...
There are still some things that can be done, but they are minor hacks. See section III for more details.

III. What can still be used.

- Zaaps, even if you never gone there
Have a look at the zaap system, just find the right coordinates for the others, and just enter them by sending the packets to the server.
- There is still a flaw in their system. The server is based on Oracle. That means that there is some latency between request and response. If you're quick enough you'll still be able to connect 2 clients and the server will not notice it (with the new version I'm not sure, but I would be surprised if they solved that pb, because it's a matter of time between request and response, not of any coding flaw). Now think about a macro that makes automatically logging to the game, you should be able to log with at minimum 4 or 5 clients... Based on that, duplication should be re-invented
- Other hacks you can dream of, that YOU can invent !!
Have fun hacking it, we had so much fun doing it too !!

IV. And what's with the Dofus Hacking Team ??

Nothing. We stopped playing Dofus.
We could have ruined their game, but there was no point doing it. Was just for fun and because devs are dumb. They claimed so loud that their game was, is and will NEVER be hacked. We had warned them but they didn't even looked at our warnings. So we decided to give them a lesson.
They pissed in pants when they saw we had.


They are the same I posted on MPC.
Nice character from the devs we hacked and get some money and items from ....

And here are the thousands scrolls and what they did

Want more, search the MPC forums, I posted some more. Nice items...

H47cH is offline  
2 Users
Old   #2
elite*gold: 0
The Black Market: 25/1/1
Join Date: Aug 2005
Posts: 1,313
Received Thanks: 45
How named this game?


Mfg 1q2w3e
1q2w3e is offline  
Old   #3
elite*gold: 0
The Black Market: 2/0/0
Join Date: Apr 2005
Posts: 4,726
Received Thanks: 188
Siehst du das nicht im Topic? -_-
C0rnh0lio is offline  
Old   #4
elite*gold: 0
The Black Market: 0/0/0
Join Date: May 2005
Posts: 490
Received Thanks: 12
das spiel heißt dofus
@topic : nice xD

Creativ is offline  
Old   #5
elite*gold: 0
The Black Market: 0/0/0
Join Date: Mar 2006
Posts: 63
Received Thanks: 15
Dofus Hack Team is currently reforming and preparing to raid a last time back on Dofus. Devs didn't take seriously our warning, saying we were just account hackers or scammers.
As we have proven, this wasn't truth. Now it's time to be more severe with them.
If you want to be part, as we will stay on french side of the game (so you'll be able to do the same on english version), then contact me or post here.
Requirement: Level 2 minimum (with good knowledges in packet editing and IP. Knowing Linux for advanced things.)

@1q2w3e: yep => if you wanna see.
H47cH is offline  
Old   #6
elite*gold: 0
The Black Market: 0/0/0
Join Date: May 2005
Posts: 508
Received Thanks: 14
to bad i&#39;m not lvl 2 huh ;<

would still be intrested to fool around with it xD
Afinda is offline  
Old   #7
elite*gold: 0
The Black Market: 0/0/0
Join Date: Mar 2006
Posts: 63
Received Thanks: 15
We recruit some good hackers. Noone that just beginning in that.
Afinda, 1q2w3e, I know that you made some good things in the community.
Anyone who are in this case, contact me, tell me what you made, you could be selected for it.
H47cH is offline  
Old   #8
elite*gold: 0
The Black Market: 0/0/0
Join Date: Apr 2005
Posts: 73
Received Thanks: 3
Have u a site of ur team ? Its very interesting :> good work
3zetT0r is offline  
Old   #9
elite*gold: 0
The Black Market: 0/0/0
Join Date: Apr 2006
Posts: 1
Received Thanks: 0
I have read your post and iam french too.
I want to know if the last version of Dofus client is hackable or not ?
Jinro is offline  
Old   #10
elite*gold: 0
The Black Market: 1/0/0
Join Date: Oct 2005
Posts: 125
Received Thanks: 1
kann das wer ins deutsch übersetzen?
mza325 is offline  
Old   #11
elite*gold: 0
The Black Market: 0/0/0
Join Date: Jun 2006
Posts: 1
Received Thanks: 0
Sorry, i&#39;m french so my englsih is not very well.
I want know where i can Dll This Version cracked pleaseeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
XpC is offline  
Old   #12
elite*gold: 0
The Black Market: 0/0/0
Join Date: May 2006
Posts: 3
Received Thanks: 0
i duno is a script kiddie considered lvl 2 :P i know **** on packet editing.. linux yeah i helped a friend host a server.. and i guess i know stuff on ip too.. lets ddos dofus
o0darklord is offline  
Old   #13
elite*gold: 0
The Black Market: 0/0/0
Join Date: Mar 2007
Posts: 10
Received Thanks: 0
I am not a level 2 yet, but i do have good knowledge with packet editting and would really like to join your team
xpsniper is offline  
Old   #14
elite*gold: 0
The Black Market: 0/0/0
Join Date: Nov 2006
Posts: 6
Received Thanks: 1
Bonjour vous dites que vous etes francais donc vous devrié comprendre ce message ^^ pouriez vous me mp en me dissant la marche a suivre en francais car la je comprend pas tout exactement et si possible me donner des liens pour WPE et le loader merdci beaucoup.
shu1 is offline  
Old   #15
elite*gold: 20
The Black Market: 1/0/0
Join Date: Feb 2006
Posts: 3,174
Received Thanks: 1,151
je ne suis pas francais.. mais c&#39;est mieux de demande en anglais

voilà: WPE

mais le loader je n&#39;ai pas....

salut, reijin

@topic starter:
please post a link to this "loader" or do you just mean the normal Flash Player?

before posting "this is a trojan" or sth. read the following:
WPE is always detected as a trojan, cause its a hacking tool and spies the WinSocket.
Attached Files
File Type: ibf post-29-1181130254.ibf (378.5 KB, 81 views)

reijin is offline  
Closed Thread

« Previous Thread | Next Thread »

Similar Threads
DEUTSCH: Hallo :) .ich habe ein aion privat server .. und suche ne gute developer, also für bewerbung . added mich in msn: [email protected]. aber...
7 Replies - Aion Private Server
> tutorial how to retrieve hacked accounts
ok guys since its still maintenance i will provide some tuts how to retrieve your hacked accounts immediately, but a little sacrifice coz you need...
8 Replies - Soldier Front Philippines
for french people in all serveurs kira 2 in french
Hello all i didn't ask the kira maker but he was saying we can change codes! First of all download this (it's the programme to make my kira...
8 Replies - CO2 Bots & Macros

All times are GMT +2. The time now is 23:22.

Powered by vBulletin®
Copyright ©2000 - 2016, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

Support | Contact Us | FAQ | Advertising | Privacy Policy
Copyright ©2016 elitepvpers All Rights Reserved.