recover the RELEASE: Marvel's Avengers Alliance (Public Ultimate Force Drop)

Greetings I would like to know who knows how to create hacks


this was patched but I think you can recover

to use the Xml files with charles hack not working

but if they notice any changes in the original XML files of the game

and in my opinion someone who knows what hacks can recover

You need to adjust the XML files however you like, and also adjust ce.swf so that CVE's get ignored.

Use notepad++ to edit the XMLs, and use Sothink to edit the SWF. Use Charles to map your edited files locally.

Now you know how to create amazing Marvel hacks. Read everything, learn everything, experiment, and share.

Hacking games is a lifestyle, not a series of steps. Keep learning.

You can download the new game files, by using a program called "HTT track". Google it, i already got the server files, but i haven't found nothing to fix the force drop hack, so good luck :)

I downloaded the current xmls and swf but not sure what should i change to avoid CVE and make it work like the guy did. Ok, i have to replace every itemid (xmls) with the item i wanna drop (more than 2000 lines, very very long time!), but i dont really have any idea what next. Anyone?

It was patched at the server.

You can download updated files from charles by saving those request/response in .xml format.

Now that you have those updated files, you might be wondering what to do next? well if you intend to make it work you gotta try right? Then here it comes :

1. You need to change the client.xml files, not that every line of codes need to be replaced but only some lines ( probably couple hundred) to drop those items. Now you might be thinking why not all the lines just cause there are so many reward ids? Not true! That file contains all the data of a client side ( including move proc details with the proc rate, task ids , etc) altohether 250k line of codes! So yes it will definitely take time to modify them.

2. Now that you're done with the most irritating part, you can get done with rest ab.xml and 101.xml.

3. Now to do the .swf file, using a decompiler. I suggest use sothink swf decompiler. Now that you opened sothink, select the swf file from the left panel and you will see those folders appeared on the right panel. expand those folders , you will find its contents. Select actionscript and you can view the source code, p-code and raw data. You can search for a desired string you are looking for by searching by a keyword in action script window of the current script or all the scripts. The result will appear at the bottom window.


Hope this info helps. Good Luck

Quote:

Originally Posted by kyflash I downloaded the current xmls and swf but not sure what should i change to avoid CVE and make it work like the guy did. Ok, i have to replace every itemid (xmls) with the item i wanna drop (more than 2000 lines, very very long time!), but i dont really have any idea what next. Anyone?

guys someone could share lastest xmls...

if one itself with it knows a lot then this is no problem
unfortunately, I do not know a lot about it :(

Work item drop hack?

Quote:

Originally Posted by iubjaved You can download updated files from charles by saving those request/response in .xml format. Now that you have those updated files, you might be wondering what to do next? well if you intend to make it work you gotta try right? Then here it comes : 1. You need to change the client.xml files, not that every line of codes need to be replaced but only some lines ( probably couple hundred) to drop those items. Now you might be thinking why not all the lines just cause there are so many reward ids? Not true! That file contains all the data of a client side ( including move proc details with the proc rate, task ids , etc) altohether 250k line of codes! So yes it will definitely take time to modify them. 2. Now that you're done with the most irritating part, you can get done with rest ab.xml and 101.xml. 3. Now to do the .swf file, using a decompiler. I suggest use sothink swf decompiler. Now that you opened sothink, select the swf file from the left panel and you will see those folders appeared on the right panel. expand those folders , you will find its contents. Select actionscript and you can view the source code, p-code and raw data. You can search for a desired string you are looking for by searching by a keyword in action script window of the current script or all the scripts. The result will appear at the bottom window. Hope this info helps. Good Luck

Pretty detailed information, I would work on that if I had some spare time (work to do :/ )
Thankfully I got pretty much everything I'll ever need from inaudax release, so rigt now only thingI need is U-ISO
Quick question, do you know if there's some kind of method to bypass the requests/responses from the servers when you accept a gift? And then repeat that request/response to get a huge amount of that accepted gift?
Is it necessary to edit any xml file or the swf? I saw a vid in which only by retouching something in the request/reponse url this was doable, but I wanna be sure that nothing else is needed, otherwise I would be wasting my time (I think this hack is also made by inaudax, but it's private I think)

EDIT: I've been playing around with Charles and the requests/resposes, but it seems thay added a huge hash code to each of them so nobody can "play" with them. Is here some moethod to do what I mentioned above? (I'm not asking for the method, just want to know if there's something possible to do). Tanks!

Quote:

Originally Posted by iubjaved You can download updated files from charles by saving those request/response in .xml format. Now that you have those updated files, you might be wondering what to do next? well if you intend to make it work you gotta try right? Then here it comes : 1. You need to change the client.xml files, not that every line of codes need to be replaced but only some lines ( probably couple hundred) to drop those items. Now you might be thinking why not all the lines just cause there are so many reward ids? Not true! That file contains all the data of a client side ( including move proc details with the proc rate, task ids , etc) altohether 250k line of codes! So yes it will definitely take time to modify them. 2. Now that you're done with the most irritating part, you can get done with rest ab.xml and 101.xml. 3. Now to do the .swf file, using a decompiler. I suggest use sothink swf decompiler. Now that you opened sothink, select the swf file from the left panel and you will see those folders appeared on the right panel. expand those folders , you will find its contents. Select actionscript and you can view the source code, p-code and raw data. You can search for a desired string you are looking for by searching by a keyword in action script window of the current script or all the scripts. The result will appear at the bottom window. Hope this info helps. Good Luck

Thanks bro.

And how do i fix that i can open my Marvel profile? I just can't open it -.- stucks at loading.

Quote:

Originally Posted by wolvie1984 Pretty detailed information, I would work on that if I had some spare time (work to do :/ ) Thankfully I got pretty much everything I'll ever need from inaudax release, so rigt now only thingI need is U-ISO Quick question, do you know if there's some kind of method to bypass the requests/responses from the servers when you accept a gift? And then repeat that request/response to get a huge amount of that accepted gift? Is it necessary to edit any xml file or the swf? I saw a vid in which only by retouching something in the request/reponse url this was doable, but I wanna be sure that nothing else is needed, otherwise I would be wasting my time (I think this hack is also made by inaudax, but it's private I think) EDIT: I've been playing around with Charles and the requests/resposes, but it seems thay added a huge hash code to each of them so nobody can "play" with them. Is here some moethod to do what I mentioned above? (I'm not asking for the method, just want to know if there's something possible to do). Tanks!

First of all , let me clear you how it works. When you accept a gift, you send two request to playdom server , one consisting of the gift data and another to accept the message. As soon as these infos are sent, server responses with jQuery callback functions. This function is used after the current effect is 100% done.


If you recall inaudax to discover an exploit earlier, by which you can get as many energy by simply changing the gift parameters and adding codes as provided. But unfortunately it got patched.

Answer to your first question :- Yes, by manipulation variables. Marvel avengers game uses SSL which provides lot of security but its not enough to prevent such variable manipulation attacks. But since after their upgrade, i think thet are using Java Applet. The way it works is pretty simple. It signs the message sent from the client and validate the certificate instead of letting browser do that, in order for ''charles'' to not get in between the client and the server with a fake certificate. This applet is designed to reject such fake certificate. To overcome it, you need to replace embedded certificate provided by the applet and replace it with a fake one.

You keep playing with it, and learn more about it but you cannot wish to succeed at your first try without having any idea of it at all. Good Luck.

Quote:

Originally Posted by aimjunkies Thanks bro. And how do i fix that i can open my Marvel profile? I just can't open it -.- stucks at loading.

Clear cache. If you have charles opened at same time, make sure the ''map local'' is disabled. If the problem still persists, use another browser ( Newly Installed) and try it there.

Hope it resolves the issue you are facing.

Quote:

Originally Posted by iubjaved First of all , let me clear you how it works. When you accept a gift, you send two request to playdom server , one consisting of the gift data and another to accept the message. As soon as these infos are sent, server responses with jQuery callback functions. This function is used after the current effect is 100% done. If you recall inaudax to discover an exploit earlier, by which you can get as many energy by simply changing the gift parameters and adding codes as provided. But unfortunately it got patched. Answer to your first question :- Yes, by manipulation variables. Marvel avengers game uses SSL which provides lot of security but its not enough to prevent such variable manipulation attacks. But since after their upgrade, i think thet are using Java Applet. The way it works is pretty simple. It signs the message sent from the client and validate the certificate instead of letting browser do that, in order for ''charles'' to not get in between the client and the server with a fake certificate. This applet is designed to reject such fake certificate. To overcome it, you need to replace embedded certificate provided by the applet and replace it with a fake one. You keep playing with it, and learn more about it but you cannot wish to succeed at your first try without having any idea of it at all. Good Luck. Clear cache. If you have charles opened at same time, make sure the ''map local'' is disabled. If the problem still persists, use another browser ( Newly Installed) and try it there. Hope it resolves the issue you are facing.

Wow, thanks man. That actually makes a lot of sens (the requests/responses now look indeed quite different from what they looked before last week's patch)
And I did noticed two different requests, now I know why there are two. Although I admit I have no clue on how to replace the certificate, you have given me alot of info
Hope I can figure out the bypass. Thanks for taking the time to explain! ;)

Quote:

Originally Posted by iubjaved You can download updated files from charles by saving those request/response in .xml format. Now that you have those updated files, you might be wondering what to do next? well if you intend to make it work you gotta try right? Then here it comes : 1. You need to change the client.xml files, not that every line of codes need to be replaced but only some lines ( probably couple hundred) to drop those items. Now you might be thinking why not all the lines just cause there are so many reward ids? Not true! That file contains all the data of a client side ( including move proc details with the proc rate, task ids , etc) altohether 250k line of codes! So yes it will definitely take time to modify them. 2. Now that you're done with the most irritating part, you can get done with rest ab.xml and 101.xml. 3. Now to do the .swf file, using a decompiler. I suggest use sothink swf decompiler. Now that you opened sothink, select the swf file from the left panel and you will see those folders appeared on the right panel. expand those folders , you will find its contents. Select actionscript and you can view the source code, p-code and raw data. You can search for a desired string you are looking for by searching by a keyword in action script window of the current script or all the scripts. The result will appear at the bottom window. Hope this info helps. Good Luck

Hello man!

Since the hacker has released inaudax it that was corrected I started trying to do something, I was in doubt whether to do something in the swf. and edit it as you helped me with that, I now get some things done, how to make items fall or add store items, change prices, but I still have a problem in validating when I purchase an item he asks for I update the game, now with the drop when I caught something and leave the game the item is no longer there. (Do this only with the xml I have not done anything in the swf)

I can open the swf file. encoding it and totally different from the xml can not understand anything, I will study it to see if I can get something! you have any tips?

Thanks for the help, sorry my bad english!

it would be great if somebody would get out,
you would help one very much

can you speak german wagner2009???