slot machine

[khoasin]

Just a quick question
Is it possible to hack the slot machine that only require 1 candy to spin.
Will the x7 loader work in this situation?

[SilverEmerald]

Nope. It's server-sided.

[Sh1Rum]

Quote:

Originally Posted by SilverEmerald

Nope. It's server-sided.

sure? xD Packet Editor ..a packet come to your Client with the number how many are needed ..you can change this..but i think it is to hard for you

[PsychoXReaper]

Quote:

Originally Posted by Sh1Rum

sure? xD Packet Editor ..a packet come to your Client with the number how many are needed ..you can change this..but i think it is to hard for you

You Serious?
client has nothing to do with the "HowMany" calculation u just send server a packet ("Start Roulette" or smthen xD) so it check ur inv from the DB get the first occurred set of candys and read how many u have then it run the event ;o

[cheyester10]

If you can just filter the packets to tell the server that you still have 10 candys, It's possible.

[PsychoXReaper]

Quote:

Originally Posted by cheyester10

If you can just filter the packets to tell the server that you still have 10 candys, It's possible.

server doesnt receive how many candy u have from the client LOL it read it from the Database ;o

[K1ramoX]

the client gets the info of candycount from the server and the server from the database. if the client sends a request for candyspin the server just ask's the database for a candycount and if its ok it sends the result (what you get)

[cheyester10]

Quote:

Originally Posted by Darsh2012

server doesnt receive how many candy u have from the client LOL it read it from the Database ;o

I'm talking about changing the packet received from the server(hence filtering). To lie about how many you actually have. It is possible. ;o

You lie to the server with 10 candys but you have 0, the server sends it back to the client but you change what it sent which the server thinks you actually have 10 candys since it already checked the database which was 0.

[PsychoXReaper]

Quote:

Originally Posted by cheyester10

I'm talking about changing the packet received from the server(hence filtering). To lie about how many you actually have. It is possible. ;o

You lie to the server with 10 candys but you have 0, the server sends it back to the client but you change what it sent which the server thinks you actually have 10 candys since it already checked the database which was 0.

Client->Server ("Promotion_RouletteMachine_Start_Req" "Start Button click in event window")
Server->Database ("How Many Candy does user [ID] Have?")
Database->Server ("Player Have [Number]")
Server=>("Check if its over 10 or not")
if yes :
Server=>("Do Some PRORO EPIC Randomizer xD")
Server->Database ("Give Player [ID] [Reward Item]")
Server->Client("Show Reward Window Item [Reward Item]")
Server->Client("Set Current Candy TO [[Number]-10]")
Server->Database("Set Current Candy Of Player [ID] TO [[Number]-10]")
if no :
Server->Client("Show Error Message [NotEnoughCandy]")
=================================================
thats what i got so far from how the packets are sent/received and from how the event is exploitable
you happy now?
P.S: i might be wrong about how server and database reacts but for the client im 100% sure ;o

[cheyester10]

Quote:

Originally Posted by Darsh2012

Client->Server ("Promotion_RouletteMachine_Start_Req" "Start Button click in event window")
Server->Database ("How Many Candy does user [ID] Have?")
Database->Server ("Player Have [Number]")
Server=>("Check if its over 10 or not")
if yes :
Server=>("Do Some PRORO EPIC Randomizer xD")
Server->Database ("Give Player [ID] [Reward Item]")
Server->Client("Show Reward Window Item [Reward Item]")
Server->Client("Set Current Candy TO [[Number]-10]")
Server->Database("Set Current Candy Of Player [ID] TO [[Number]-10]")
if no :
Server->Client("Show Error Message [NotEnoughCandy]")
=================================================
thats what i got so far from how the packets are sent/received and from how the event is exploitable
you happy now?
P.S: i might be wrong about how server and database reacts but for the client im 100% sure ;o

Client obviously is 100%. But I was actually thinking of changing the server to the client which is not possible because of the database. I feel foolish of not thinking it that way. ;o Thanks.