DarkOrbit client decompression

02/07/2019 16:39 gnagno-gnogno#1
Hi guys, I'm trying to develop a bot for DarkOrbit, I already made all the connections needed but I got a problem while i tried to decompile the .SWF client.
I used Jpexs decompiler but the software said that the client is not a flash file or his signature is wrong.
I think that BigPoint compress the SWF client but i can't find an uncompressor nor the algorithm that does this stuff.
A bit of time ago I saw here on epvp a topic where someone posted a software that makes it possibile but now i can't find it anymore.
Anyone can help me with that?
Really thanks to all the guys that will help me with that.
02/07/2019 19:07 Ghoti#2
Take a look at this Thread by Freshek, it might help you solve your problem...
[Only registered and activated users can see links. Click Here To Register...]
02/07/2019 20:57 PNTX#3
Quote:
Originally Posted by gnagno-gnogno View Post
Hi guys, I'm trying to develop a bot for DarkOrbit, I already made all the connections needed but I got a problem while i tried to decompile the .SWF client.
I used Jpexs decompiler but the software said that the client is not a flash file or his signature is wrong.
I think that BigPoint compress the SWF client but i can't find an uncompressor nor the algorithm that does this stuff.
A bit of time ago I saw here on epvp a topic where someone posted a software that makes it possibile but now i can't find it anymore.
Anyone can help me with that?
Really thanks to all the guys that will help me with that.
im not really sure that you are able to make a bot for Darkorbit if you dont even have the dumped main.swf

but anyways. you can dump it from the memory via FFDEC.
02/10/2019 19:32 gnagno-gnogno#4
Really thanks to you for your suggestion, it's work great!
Now I've the client decompressed but i have another question for you all:
Do anyone know the packet's payolad structure?
That's my problem :
Now I'm able to see all the classes of the client but when i sniff an exiting packet with wireshark, if make the same action, the payload change entirely... how, the server know what kind of action we are doing?
Inside the payload shouldn't be present, at least, an ID or something to identify the action?

First TCP capture with click on map
[Only registered and activated users can see links. Click Here To Register...]



Second TCP capture with click on map
[Only registered and activated users can see links. Click Here To Register...]


I've noticed that when I make a movement it's always sent a packet with a payload of 22 byte but as you can see the payload doesn't have anything equals.
Let me know if someone have any suggestion.
Thanks
02/10/2019 20:24 ItsTequila#5
Quote:
Originally Posted by gnagno-gnogno View Post
Really thanks to you for your suggestion, it's work great!
Now I've the client decompressed but i have another question for you all:
Do anyone know the packet's payolad structure?
That's my problem :
Now I'm able to see all the classes of the client but when i sniff an exiting packet with wireshark, if make the same action, the payload change entirely... how, the server know what kind of action we are doing?
Inside the payload shouldn't be present, at least, an ID or something to identify the action?

First TCP capture with click on map
[Only registered and activated users can see links. Click Here To Register...]



Second TCP capture with click on map
[Only registered and activated users can see links. Click Here To Register...]


I've noticed that when I make a movement it's always sent a packet with a payload of 22 byte but as you can see the payload doesn't have anything equals.
Let me know if someone have any suggestion.
Thanks
Its double encrypted packets which change every week
02/10/2019 21:54 gnagno-gnogno#6
Quote:
Originally Posted by ItsTequila View Post
Its double encrypted packets which change every week
And where you can find the encryption? Do you know in which class is the decryption of the socket from the server and in which one the encryption to the server
02/10/2019 22:02 PNTX#7
Quote:
Originally Posted by gnagno-gnogno View Post
And where you can find the encryption? Do you know in which class is the decryption of the socket from the server and in which one the encryption to the server
trust me. its advanced shit. but ill can show you some stuff. you can add me on discord if you want.

<--
02/11/2019 16:11 manulaiko3.0#8
Old but might still give you an idea: [Only registered and activated users can see links. Click Here To Register...]
02/15/2019 16:55 Do-Repo#9
Sorry but anyone here has an updated version of toshinou I can use during event? All the main devs aren't willing to update to keep autolock for themselves
02/15/2019 19:45 exane^#10
Quote:
Originally Posted by Do-Repo View Post
Sorry but anyone here has an updated version of toshinou I can use during event? All the main devs aren't willing to update to keep autolock for themselves
this is the best thread you could have picked for this question
02/15/2019 20:20 Do-Repo#11
Quote:
Originally Posted by exane^ View Post
this is the best thread you could have picked for this question
Yeah since y'all devs and have the knowledge to update it, and I know I shouldn't, that's why I apologized first