|
You last visited: Today at 18:29
Advertisement
How to make a bot for Darkorbit?
Discussion on How to make a bot for Darkorbit? within the DarkOrbit forum part of the Browsergames category.
03/05/2024, 06:32
|
#1
|
elite*gold: 0 
Join Date: Nov 2020
Posts: 25
Received Thanks: 1
|
How to make a bot for Darkorbit?
Hello, I have ideal knowledge about reverse engineering, game hacking, Assembly C# and C++ programming language. I know how to cheat in normal games, but flash games work on a very different system. I dumped Darkorbit's main.swf file with JPEXS and examined it and found many useful functions, but I do not know how to run these functions. While I am on the DO Client start screen, I can make changes to the main.swf codes from memory without running the main.swf file in the ActionScript Virtual Machine yet. But this is not enough to make a bot, maybe simple little tricks can be done.
Therefore, it is necessary to be able to run functions at run-time. How do I do this?
|
|
|
|
03/08/2024, 22:05
|
#2
|
elite*gold: 0
Join Date: Oct 2019
Posts: 18
Received Thanks: 37
|
I believe the bots run a headless client; as in instead of running the main.swf, their bot just sends the packets to the game server to do x y z.
|
|
|
|
|
03/12/2024, 19:15
|
#3
|
elite*gold: 0
Join Date: Jun 2013
Posts: 97
Received Thanks: 15
|
This maybe can help to understand: 
Its and old packet bot.
|
|
|
|
|
03/13/2024, 18:23
|
#4
|
elite*gold: 0
Join Date: Jul 2010
Posts: 523
Received Thanks: 324
|
Quote:
Originally Posted by jajaxdxd
This maybe can help to understand:
Its and old packet bot. |
its no packet bot, it work with flash
|
|
|
|
|
03/14/2024, 19:45
|
#5
|
elite*gold: 0
Join Date: Nov 2020
Posts: 25
Received Thanks: 1
|
Darkorbit sends TCP messages with WSASend() at the operating system level. I hooked this function with the microsoft detours library C++ and found the packets it sent. Currently, I can perform operations with static packets, such as changing drone formations, changing lasers, using Insta, using ship abilities, etc. But non-static, like clicking on an NPC or collecting a box. Each NPC and box has unique id values, so I cannot perform these operations. All messages are written one by one in binary format. I don't know how to decrypt the messages, so I can only perform static operations, for example: When I send this packet to the darkorbit server, the ship's drone formation changes to drill:
[PACKET]: 00 00 1F DE 46 00 01 17 64 72 6F 6E 65 5F 66 6F 72 6D 61 74 69 6F 6E 5F 66 2D 33 64 2D 64 72 00 01
[ASCII]: ....F....drone_formation_f-3d-dr..
|
|
|
|
|
03/14/2024, 22:09
|
#6
|
elite*gold: 3570
Join Date: Dec 2012
Posts: 13,044
Received Thanks: 8,252
|
I recommend reverse engineering the flash client (main.swf). You can use to dump it. You can use ffdec to decompile it.
Packets are serialized like this:
Code:
serializer.writeByte((length & 0xFF0000) >> 16);
serializer.writeShort(length & 0xFFFF);
serializer.writeShort(packet.Id);
packet.serialize(serializer); // depending on the packet the data can be very different. but DO still uses some legacy packets which are string-based and delimited by |
Packet IDs change every Wednesday if I'm not mistaken.
EDIT: I have been informed not every ID changes and that they haven't changed in 3 weeks. So I guess they be slacking.
There are a few approaches to writing a bot. One is simulating the client by rebuilding it and sending and parsing the packets yourself.
Another way is going memory-based and calling the functions you need to run yourself internally. The "problem" with that is that the actual flash client needs to run. So not that great if you want to run headless.
|
|
|
|
|
03/17/2024, 17:54
|
#7
|
elite*gold: 0
Join Date: Nov 2020
Posts: 25
Received Thanks: 1
|
Currently, I can easily decode all packets sent by the client. I take the ID value of the Sent packet and search text with JPEXS writeShort(id) in main.swf and see how it is encrypted with bitwise operators. Now I can check all the packets I sent, the only thing I get stuck on is the packets received. The received packets are quite long and complex, how will I find out how these packets are decoded in main.swf?
Actually, I found a class, but when decompiling this class with JPEXS, it gets a timeout error. class name: net.bigpoint.darkorbit.com.module.§_-P1M§
|
|
|
|
|
03/17/2024, 23:23
|
#8
|
elite*gold: 3570
Join Date: Dec 2012
Posts: 13,044
Received Thanks: 8,252
|
Quote:
Originally Posted by Ronaldo+
Currently, I can easily decode all packets sent by the client. I take the ID value of the Sent packet and search text with JPEXS writeShort(id) in main.swf and see how it is encrypted with bitwise operators. Now I can check all the packets I sent, the only thing I get stuck on is the packets received. The received packets are quite long and complex, how will I find out how these packets are decoded in main.swf?
Actually, I found a class, but when decompiling this class with JPEXS, it gets a timeout error. class name: net.bigpoint.darkorbit.com.module.§_-P1M§
|
They're serialized the same way. You should be able to find them the same way.
Also, I'd recommend for your own sanity to enable the deobfuscation in the decompiler. Dealing with the obfuscated names makes things a lot harder.
You might have to increase the decompilation timeout in the settings.
|
|
|
|
|
03/18/2024, 21:39
|
#9
|
elite*gold: 43
Join Date: May 2012
Posts: 1,562
Received Thanks: 729
|
Quote:
Originally Posted by vokovl
its no packet bot, it work with flash
|
lmao, ofc polska was a packet bot.
|
|
|
|
All times are GMT +1. The time now is 18:30.
|
|
