Quote:
Originally Posted by lordkain
i was using version 1.8.1 till today. Today, it went from free to premium...
is there any cracked version out there?
|
I failed to decompile bot itself, seems to be autoit script, but you can MITM its account check. I used mitmproxy to get request and reply and managed to figure them out.
You don't really care about request, but it is something like: data=0x5
77
B4
22757365... Basically it is a hex encoded json that starts with 7B22, but there are 3 random digits mixed in.
Reply looks like: z3z7z6232323733... You remove z and hex decode it twice! to get json result. Patch json with privelege="999", encode it back and add 3xz back there.
There is a "code" there that seems to change each version, but stays the same otherwise. It seems to be another hex encoded digit too, but I couldn't figure out the meaning.
Then, you just put 127.0.0.1 www.djmbot.com in hosts, fire up https server with self signed cert, add it to trusted (IE should not complain), create apisys/lin2rev/checkPrivilegeAPI_memu_v2.1.0.php and just put that string there.
To avoid doing it all the time, you can then make a script that just passes request to real server, gets reply, patches it and returns to bot.
It works fine and you even get some kind of "admin" stuff.