Hello, I have ideal knowledge about reverse engineering, game hacking, Assembly C# and C++ programming language. I know how to cheat in normal games, but flash games work on a very different system. I dumped Darkorbit's main.swf file with JPEXS and examined it and found many useful functions, but I do not know how to run these functions. While I am on the DO Client start screen, I can make changes to the main.swf codes from memory without running the main.swf file in the ActionScript Virtual Machine yet. But this is not enough to make a bot, maybe simple little tricks can be done.
Therefore, it is necessary to be able to run functions at run-time. How do I do this?
Darkorbit sends TCP messages with WSASend() at the operating system level. I hooked this function with the microsoft detours library C++ and found the packets it sent. Currently, I can perform operations with static packets, such as changing drone formations, changing lasers, using Insta, using ship abilities, etc. But non-static, like clicking on an NPC or collecting a box. Each NPC and box has unique id values, so I cannot perform these operations. All messages are written one by one in binary format. I don't know how to decrypt the messages, so I can only perform static operations, for example: When I send this packet to the darkorbit server, the ship's drone formation changes to drill:
[PACKET]: 00 00 1F DE 46 00 01 17 64 72 6F 6E 65 5F 66 6F 72 6D 61 74 69 6F 6E 5F 66 2D 33 64 2D 64 72 00 01
[ASCII]: ....F....drone_formation_f-3d-dr..
I recommend reverse engineering the flash client (main.swf). You can use to dump it. You can use ffdec to decompile it.
Packets are serialized like this:
Code:
serializer.writeByte((length & 0xFF0000) >> 16);
serializer.writeShort(length & 0xFFFF);
serializer.writeShort(packet.Id);
packet.serialize(serializer); // depending on the packet the data can be very different. but DO still uses some legacy packets which are string-based and delimited by |
Packet IDs change every Wednesday if I'm not mistaken.
EDIT: I have been informed not every ID changes and that they haven't changed in 3 weeks. So I guess they be slacking.
There are a few approaches to writing a bot. One is simulating the client by rebuilding it and sending and parsing the packets yourself.
Another way is going memory-based and calling the functions you need to run yourself internally. The "problem" with that is that the actual flash client needs to run. So not that great if you want to run headless.
Currently, I can easily decode all packets sent by the client. I take the ID value of the Sent packet and search text with JPEXS writeShort(id) in main.swf and see how it is encrypted with bitwise operators. Now I can check all the packets I sent, the only thing I get stuck on is the packets received. The received packets are quite long and complex, how will I find out how these packets are decoded in main.swf?
Actually, I found a class, but when decompiling this class with JPEXS, it gets a timeout error. class name: net.bigpoint.darkorbit.com.module.§_-P1M§
Currently, I can easily decode all packets sent by the client. I take the ID value of the Sent packet and search text with JPEXS writeShort(id) in main.swf and see how it is encrypted with bitwise operators. Now I can check all the packets I sent, the only thing I get stuck on is the packets received. The received packets are quite long and complex, how will I find out how these packets are decoded in main.swf?
Actually, I found a class, but when decompiling this class with JPEXS, it gets a timeout error. class name: net.bigpoint.darkorbit.com.module.§_-P1M§
They're serialized the same way. You should be able to find them the same way.
Also, I'd recommend for your own sanity to enable the deobfuscation in the decompiler. Dealing with the obfuscated names makes things a lot harder.
You might have to increase the decompilation timeout in the settings.
[Selling] Make Your Own Bot Lobbies 🔥 Unlock All Skins/Max Level ✅ Make Money Selling Lobbies 11/13/2024 - Call of Duty Trading - 5 Replies Ever Wanted To Make Money Selling COD Services?
Or Even Host Unlimited Lobbies For You And Your Friends?
Spirals Shop Bot Lobby Tool Is Live ✅
We Have 50+ Vouches On Our Discord
WE ACCEPT PAYPAL (F+F)/ VENMO/ BTC
How to make a bot for Darkorbit?
