Developer's Corner

Quote:

Originally Posted by hawk799 How do you know all this information? :D :D :confused: Amazing..

It's called Reverse Engineering.

Quote:

Originally Posted by iṄk They are doing the same method in Seafight. At first it may seem impossible, but if you understand the context of each command you are able to get the right ordering. For example the Login Command definitely has a sid string and an uid integer: So you are searching for a class that derives from the Command class and has these parameters -> There is just one, done. There are a lot more parameters you can use to build a protocol updater. I did the same thing with my "Marid" tool in Seafight and now it's just a simple "./protocol_updater main.swf > protocol.dat" and the bot is online again. I think the biggest problem nowadays is it to make your program safe and prevent bans. It's just not possible to check all the time in the Client if they changed a Byte or two in their protocol. (Maybe with huge effort if you write a tool that completely takes control of most aspects of their as3 protocol code) But Bigpoint may do this and your program is unsafe from one moment to another. (Again, this is just the case for packet bots) Just look at Merkava. IMO, their effort is just useless: BP makes use of this method to ban all of their customers and nobody wants to use their program anymore.

the all mighty ink has spoken ;o

Quote:

Originally Posted by hawk799 How do you know all this information? :D :D :confused: Amazing..

Open main.swf with a decompiler and start reading, sniff some packets and continue reading.

BTW I think that we might be focusing packet bots in the wrong way, what about if the bot just injects the AI in main.swf once the browser downloads it?

Quote:

Originally Posted by iṄk They are doing the same method in Seafight. At first it may seem impossible, but if you understand the context of each command you are able to get the right ordering. For example the Login Command definitely has a sid string and an uid integer: So you are searching for a class that derives from the Command class and has these parameters -> There is just one, done. There are a lot more parameters you can use to build a protocol updater. I did the same thing with my "Marid" tool in Seafight and now it's just a simple "./protocol_updater main.swf > protocol.dat" and the bot is online again. I think the biggest problem nowadays is it to make your program safe and prevent bans. It's just not possible to check all the time in the Client if they changed a Byte or two in their protocol. (Maybe with huge effort if you write a tool that completely takes control of most aspects of their as3 protocol code) But Bigpoint may do this and your program is unsafe from one moment to another. (Again, this is just the case for packet bots) Just look at Merkava. IMO, their effort is just useless: BP makes use of this method to ban all of their customers and nobody wants to use their program anymore.

At first it might seem that simple, but how do you handle the Hero Init command that has 3 strings, 12 integers and a few floats in it? Each time they update their client the ordering of the parameters changes. There is no way of telling which of the three strings is the username simply by looking at the class so you have to work backwards from a known location that uses the username. This takes TIME. I understand the Login command in Seafight might be simple, just like the Version command in DarkOrbit is simple, but when you have packets that have 20 or 30 parameters in them and they all have randomized names in the source, its almost impossible to "quickly" update a bot, even with a tool to help you.

For me the anti-bot code is next to trivial. I keep upto date documentation of all anti-bot code I find and it was never ever an issue with PBDO-Bot (I don't think I ever got banned using PBDO-Bot and I know no one who got banned using it, and I know a lot of people). At the moment their anti-bot code is mostly server side for packet bots with a lot of concentration of their client side code on combatting flash injection and packet bots. Their new game client does a lot of checks to make sure code isn't injected into their client, and they upped the ante on their pixel bot code. This code isn't live yet but it means they haven't given up. I wouldn't mind saying that pixel bots are more dangerous these days than packet bots, but thats just me. Clearly I know nothing ;P

-jD

Quote:

Originally Posted by »jD« [start shit... (nah joking, love you -jD :*)]when you have packets that have 20 or 30 parameters in them and they all have randomized names in the source[end shit... (nah joking, love you -jD :*)]. -jD

That remembered me that (I really don't know how) I could get the real name of a packet by playing with the bytecode, I think I have it anywhere, if I find the file I'll upload it :)

See you!

Quote:

Originally Posted by manulaiko3.0 That remembered me that (I really don't know how) I could get the real name of a packet by playing with the bytecode, I think I have it anywhere, if I find the file I'll upload it :) See you!

You can't.

-jD

Quote:

Originally Posted by »jD« You can't. -jD

I couldn't find the screenshot I made to prove it, but in some packets you can find the name in the bytecode.

See you!

Quote:

Originally Posted by »jD« At first it might seem that simple, but how do you handle the Hero Init command that has 3 strings, 12 integers and a few floats in it? Each time they update their client the ordering of the parameters changes. There is no way of telling which of the three strings is the username simply by looking at the class so you have to work backwards from a known location that uses the username. This takes TIME. I understand the Login command in Seafight might be simple, just like the Version command in DarkOrbit is simple, but when you have packets that have 20 or 30 parameters in them and they all have randomized names in the source, its almost impossible to "quickly" update a bot, even with a tool to help you. For me the anti-bot code is next to trivial. I keep upto date documentation of all anti-bot code I find and it was never ever an issue with PBDO-Bot (I don't think I ever got banned using PBDO-Bot and I know no one who got banned using it, and I know a lot of people). At the moment their anti-bot code is mostly server side for packet bots with a lot of concentration of their client side code on combatting flash injection and packet bots. Their new game client does a lot of checks to make sure code isn't injected into their client, and they upped the ante on their pixel bot code. This code isn't live yet but it means they haven't given up. I wouldn't mind saying that pixel bots are more dangerous these days than packet bots, but thats just me. Clearly I know nothing ;P -jD

And how will they try to detect a pixel bot?. If a pixel bot is full randomized and so on, which is the difference of play and botting?, how looks they anti pixel bot code?:D PS: i dont know anybody banned from pbdo bot too jajajja

As far as I can see, the private servers doesn't have any kind of encryption by default, right?

I have been trying to make a simple packet bot for a private server, I decompiled the main.swf and looked at the packets being sent when connecting. But even though I send the exact same packets, nothing really happens...

Hello, I am trying to make a program in Java that will go to darkorbit.com>login>go to auction>bid on certain item.

However, I can only open up browser and go on link. I use DR. Java, about to switch to Eclipse.

Quote:

Originally Posted by harman101 Hello, I am trying to make a program in Java that will go to darkorbit.com>login>go to auction>bid on certain item. However, I can only open up browser and go on link. I use DR. Java, about to switch to Eclipse.  Spoiler import java.net.URI; import java.io.IOException; import java.awt.Robot; import java.awt.event.*; public class HelloWorld { static Console c; public static void main(String []args) throws Exception { { c = new Console(); c.println("How much do you want to bid on xenomit every hour?"); int Credits = c.readInt(); Robot robot = new Robot(); int mask = InputEvent.BUTTON1_DOWN_MASK; if(Credits >0) { String url = "http://darkorbit.com"; Desktop.getDesktop().browse(new URI(url)); robot.mouseMove(1228, 103); robot.mousePress(mask); robot.mouseRelease(mask); } } } }

You should use libCurl for it, in C/C++
To do it by mouse controll as you are doing is simply a creator of a lot of problem.
Pm me if you need more help on it

Quote:

Originally Posted by Xavierbot You should use libCurl for it, in C/C++ To do it by mouse controll as you are doing is simply a creator of a lot of problem. Pm me if you need more help on it

I only know vb and Java, I just need to know how I can navigate my Web browser through Java, like make it login?

Quote:

Originally Posted by harman101 I only know vb and Java, I just need to know how I can navigate my Web browser through Java, like make it login?

Why don't you do it in VB instead?

Quote:

Originally Posted by AiTrixx Why don't you do it in VB instead?

Same problem, how can I navigate my Web browser. I get stuck on both.

Quote:

Originally Posted by harman101 Same problem, how can I navigate my Web browser. I get stuck on both.

The easy way shoud be to send HTTP request.
There is probably some java's librairies who are doing it. You just have to search now :)

Quote:

Originally Posted by Xavierbot The easy way shoud be to send HTTP request. There is probably some java's librairies who are doing it. You just have to search now :)

With Apache's library is easy as fuck . You only need to send right headers and act like a web browser.

-Kryptic Destro