slot machine

11/09/2013 13:54 khoasin#1
Just a quick question
Is it possible to hack the slot machine that only require 1 candy to spin.
Will the x7 loader work in this situation?
11/09/2013 16:05 SilverEmerald#2
Nope. It's server-sided.
11/09/2013 17:40 Sh1Rum#3
Quote:
Originally Posted by SilverEmerald View Post
Nope. It's server-sided.
sure? xD Packet Editor ..a packet come to your Client with the number how many are needed ..you can change this..but i think it is to hard for you :o
11/09/2013 18:48 PsychoXReaper#4
Quote:
Originally Posted by Sh1Rum View Post
sure? xD Packet Editor ..a packet come to your Client with the number how many are needed ..you can change this..but i think it is to hard for you :o
You Serious?
client has nothing to do with the "HowMany" calculation u just send server a packet ("Start Roulette" or smthen xD) so it check ur inv from the DB get the first occurred set of candys and read how many u have then it run the event ;o
11/09/2013 22:54 cheyester10#5
If you can just filter the packets to tell the server that you still have 10 candys, It's possible.
11/09/2013 23:01 PsychoXReaper#6
Quote:
Originally Posted by cheyester10 View Post
If you can just filter the packets to tell the server that you still have 10 candys, It's possible.
server doesnt receive how many candy u have from the client LOL it read it from the Database ;o
11/10/2013 18:39 K1ramoX#7
the client gets the info of candycount from the server and the server from the database. if the client sends a request for candyspin the server just ask's the database for a candycount and if its ok it sends the result (what you get)
11/11/2013 00:48 cheyester10#8
Quote:
Originally Posted by Darsh2012 View Post
server doesnt receive how many candy u have from the client LOL it read it from the Database ;o
I'm talking about changing the packet received from the server(hence filtering). To lie about how many you actually have. It is possible. ;o

You lie to the server with 10 candys but you have 0, the server sends it back to the client but you change what it sent which the server thinks you actually have 10 candys since it already checked the database which was 0.
11/11/2013 01:28 PsychoXReaper#9
Quote:
Originally Posted by cheyester10 View Post
I'm talking about changing the packet received from the server(hence filtering). To lie about how many you actually have. It is possible. ;o

You lie to the server with 10 candys but you have 0, the server sends it back to the client but you change what it sent which the server thinks you actually have 10 candys since it already checked the database which was 0.
Client->Server ("Promotion_RouletteMachine_Start_Req" "Start Button click in event window")
Server->Database ("How Many Candy does user [ID] Have?")
Database->Server ("Player Have [Number]")
Server=>("Check if its over 10 or not")
if yes :
Server=>("Do Some PRORO EPIC Randomizer xD")
Server->Database ("Give Player [ID] [Reward Item]")
Server->Client("Show Reward Window Item [Reward Item]")
Server->Client("Set Current Candy TO [[Number]-10]")
Server->Database("Set Current Candy Of Player [ID] TO [[Number]-10]")
if no :
Server->Client("Show Error Message [NotEnoughCandy]")
=================================================
thats what i got so far from how the packets are sent/received and from how the event is exploitable
you happy now?
P.S: i might be wrong about how server and database reacts but for the client im 100% sure ;o
11/11/2013 02:54 cheyester10#10
Quote:
Originally Posted by Darsh2012 View Post
Client->Server ("Promotion_RouletteMachine_Start_Req" "Start Button click in event window")
Server->Database ("How Many Candy does user [ID] Have?")
Database->Server ("Player Have [Number]")
Server=>("Check if its over 10 or not")
if yes :
Server=>("Do Some PRORO EPIC Randomizer xD")
Server->Database ("Give Player [ID] [Reward Item]")
Server->Client("Show Reward Window Item [Reward Item]")
Server->Client("Set Current Candy TO [[Number]-10]")
Server->Database("Set Current Candy Of Player [ID] TO [[Number]-10]")
if no :
Server->Client("Show Error Message [NotEnoughCandy]")
=================================================
thats what i got so far from how the packets are sent/received and from how the event is exploitable
you happy now?
P.S: i might be wrong about how server and database reacts but for the client im 100% sure ;o
Client obviously is 100%. But I was actually thinking of changing the server to the client which is not possible because of the database. :facepalm: I feel foolish of not thinking it that way. ;o Thanks.