PHP Code:
<?php
echo ' ';
if (isset($_POST['flashVersion']) and !empty($_POST['flashVersion'])) $_SESSION['swversi'] = $_POST['flashVersion'];
$versi = "0.5.23a";
if (isset($_SESSION['swversi'])) $versi = $_SESSION['swversi'];
$str = '<html><META http-equiv=Content-Type content="text/html; charset=utf-8"><body>Version 13.07.30 by <a href="index.html">Tun LA</a>
<center>
<form name="form1" method="post">
FACEBOOK_ID</br>
<input name="fbid" value="' . $_POST['fbid'] . '" /></br>
USER_KEY</br>
<input name="user" value="' . $_POST['user'] . '" /></br>
<select name="mode">
<option value="1">2K F&E</option>
</select></br></br></br>
<body onload="time()">
<div id="show"></div>
<script language="javascript" type="text/javascript">
var i=4;
function time() {
if(i >= 0) {
document.getElementById("show").innerHTML="Auto Submit in "+i+"s.";
i--;
setTimeout("time()",1000);
}
else {
//
}
}
</script>
</form>
<script language = "JavaScript">
var count = 50;
/*
function countDown ()
{
document.forms ["form1"].time.value = count;
if (count == 0)
autoSubmit ();
else
setTimeout (countDown, 1000);
count--;
}
*/
function autoSubmit ()
{
// alert ("Time Out!");
document.forms ["form1"].submit ();
}
setTimeout (autoSubmit, 4000);
// countDown ();
</script>
<a href="index.html">Stop</a></br></br>
</center>';
if (isset($_POST['fbid']) and isset($_POST['mode']))
{
$fbid = $_POST['fbid'];
$user = $_POST['user'];
$result = komut("http://dynamicdc.socialpointgames.com/dragoncity/web/srv/get_player_info.php?USERID=$fbid&user_key=$user&language=en");
$payload = explode(';', $result);
$data = json_decode($payload[1], true);
$str.= "<center>-----Result-----<br/>";
$hcx = '';
for ($i = 1; $i < 100; $i++)
{
$hcx.= '{"args":[18],"number":' . $i . ',"cmd":"collect","time":1372771201},';
}
$hcx = substr($hcx, 0, -1);
$hc = '{"commands":[' . $hcx . ']}';
$hc = json_decode($hc, 1);
$num = 1;
for ($i = 0; $i < count($hc['commands']); $i++)
{
$hc['commands'][$i]['time'] = time();
}
$hc = substr(substr(str_replace(" ", "", json_encode($hc)) , 0, -1) , 1);
function arasi($a, $b, $data)
{
$x = explode($a, $data);
$z = explode($b, $x[1]);
$oh = $z[0];
if ($x && $z)
{
return $oh;
}
else
{
return false;
}
}
function komut2($komut, $num)
{
$data = komutyolla($komut, $num);
if (stristr($data, 'bad command number: expected'))
{
$yeninum = arasi('bad command number: expected ', ',', $data);
$data = komutyolla($komut, $yeninum);
return substr($data, 65);
}
else
{
return substr($data, 65);
}
}
function komutyolla($komut, $num)
{
global $fbid, $user;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://dynamicdc.socialpointgames.com/dragoncity/web/srv/packet.php?USERID=$fbid&user_key=$user&language=tr");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(array(
"id" => "$fbid",
"data" => hashla($komut, $num)
)));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_ENCODING, "gzip");
$data = curl_exec($ch);
curl_close($ch);
return $data;
}
function hashla($komut, $n)
{
$ar = array(
"first_number" => $n,
"publishActions" => 0,
"tries" => 1,
"flashVersion" => "0.5.19",
"ts" => time()
);
$x = 'RGhXbiy4xEeDnSNX1oBG';
$sonkod = str_replace(" ", "", str_replace('}', ',' . $komut . '}', json_encode($ar)));
return hash_hmac('sha256', $sonkod, $x) . ';' . $sonkod;
}
if (isset($_POST["fbid"]))
{
$fbid = $_POST['fbid'];
$user = $_POST['user'];
if ($_POST["mode"] == 1)
{
unset($hc, $hcx);
$hcx = '';
for ($i = 1; $i < 201; $i++)
{
$hcx.= '{"args":[18],"number":' . $i . ',"cmd":"Assist_Receive","time":1372771201},';
}
$hcx = substr($hcx, 0, -1);
$hc = '{"commands":[' . $hcx . ']}';
$hc = json_decode($hc, 1);
$num = 1;
for ($i = 0; $i < count($hc['commands']); $i++)
{
$hc['commands'][$i]['time'] = time();
}
}
$hc = substr(substr(str_replace(" ", "", json_encode($hc)) , 0, -1) , 1);
$sucb = json_decode(komut2($hc, $num) , 1);
}
else
{
}
$result = komut("http://dynamicdc.socialpointgames.com/dragoncity/web/srv/get_player_info.php?USERID=$fbid&user_key=$user&language=en");
$payload = explode(';', $result);
$data = json_decode($payload[1], true);
$str.= " " . $data['playerInfo']['name'] . "<br/>";
if (empty($data['playerInfo']['name'])) die("$str FBID EMPTY OR BAD USER_KEY");
$str.= "Food: " . number_format($data['playerInfo']['food'], 0, ',', '.') . "<br/>";
$str.= "------------------------------<br/>";
die("$str</body></html>");
}
else die("$str</body></center></html>");
function fakeip()
{
return long2ip(mt_rand(0, 65537) * mt_rand(0, 65535));
}
function komut($url, $args = false)
{
global $fbid, $user;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
"REMOTE_ADDR: " . fakeip() ,
"X-Client-IP: " . fakeip() ,
"Client-IP: " . fakeip() ,
"HTTP_X_FORWARDED_FOR: " . fakeip() ,
"X-Forwarded-For: " . fakeip()
));
if ($args)
{
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $args);
}
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($ch);
curl_close($ch);
return $result;
}
?>
Demo: