Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Hacking KeyQuest

  1. #1

    Joined
    Jun 2012
    Posts
    1,699
    Thanks
    876
    Thanked
    2,881/1,142
    DL/UL
    44/1
    Mentioned
    562 times
    Time Online
    118d 6h 45m
    Avg. Time Online
    40m

    Hacking KeyQuest

    When I come back recently I spoke to Joe about some apps I had always wanted to make but never got round too. One of them was a key quest auto player. Today I started to work on it and made this pastebin file for joe as I went so he could see the concept and understand what im talking about when im telling him my programming issues!

    This was never meant to be any longer than it already is , as it was just for joe and its all he would need to grasp the idea behind the project. But I might aswell update it now its public as I go. He asked me to post it here for others to learn from too:


    Keyquest Research - RareDareDevil
    ----------------------------------

    Target
    ------
    A key quest auto player that simulates packets within the game but never actually loads the game.

    Log
    ---
    First I need to get a list of room names , to do this I load a new game of key quest , attach a packet editor to firefox.exe
    and then filter scan all packets while pressing "5-key room"lobby.

    Relevant Packet info -

    1.POST /amfphp/gateway.php HTTP/1.1..Host: (you need an account to see links)..
    2.Referer: (you need an account to see links)..
    3.Content-type: application/x-amf
    4...Content-length: 89............KeyQuestGameService.logPageView../15...)........hellokitty10111.../keyquest/lobby


    1.Post information in 5. to (you need an account to see links)
    2.The referring page should be set to this in our program
    3.x-amf request , (flash xml library) we will need to change our wrapper to reflect this
    4.The post data to sent , "...." are actually different bytes with different hex values. Representing the x-amf request fule structure.



    Now to simulate the above packet now I first used my httpwrapper unedited to send a http post request as such:
    1.Post raw information (no exact hex codes) from 5. to (you need an account to see links)

    Relevant result packet info-
    1.POST /amfphp/gateway.php HTTP/1.1..Host: (you need an account to see links)..
    2.Content-Type: application/x-www-form-urlencoded..
    3.Content-Length: 93................KeyQuestGameService.logPageView. ./15...)........hellokitty10111.../keyquest/lobby


    notes:
    1.simulated fine.
    2. changed header in wrapper to application/x-amf
    3. length needs fixing probably added to many trailing ".." also "." need ot get ther hex value

    Reply from server at current state when deflated with gzip:
    HTTP/1.1 200 OK
    Date: Sun, 01 Jul 2012 18:52:55 GMT
    Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7a PHP/5.1.6
    X-Powered-By: PHP/5.1.6
    Vary: Accept-Encoding,User-Agent
    Content-Encoding: gzip
    Content-Length: 386
    Connection: close
    Content-Type: text/html; charset=UTF-8


    Fatal error: Uncaught exception 'VerboseException' with message 'Malformed AMF message, connection may have dropped' in /home/neopets/public_html/amfphp/core/amf/io/AMFBaseDeserializer.php:210
    Stack trace:
    #0 [internal function]: amfErrorHandler(1024, 'Malformed AMF m...', '/home/neopets/p...', 210, Array)
    #1 /home/neopets/public_html/amfphp/core/amf/io/AMFBaseDeserializer.php(210): trigger_error('Malformed AMF m...')
    #2 /home/neopets/public_html/amfphp/core/amf/io/AMFBaseDeserializer.php(134): AMFBaseDeserializer->readHeader()
    #3 /home/neopets/public_html/amfphp/core/amf/app/Filters.php(38): AMFBaseDeserializer->deserialize(Object(AMFObject))
    #4 /home/neopets/public_html/amfphp/core/amf/app/Gateway.php(177): deserializationFilter(Object(AMFObject))
    #5 /home/neopets/public_html/amfphp/gateway.php(154): Gateway->service()
    #6 {main}
    thrown in /home/neopets/public_html/amfphp/core/amf/io/AMFBaseDeserializer.php on line 210



    The errors are because the packet bytes are invalid , so we will clone them now
    / 6 % c r a r e n e s s
    0D 0A 00 03 00 00 00 01 00 1F 4B 65 79 51 75 65 73 74 47 61 6D 65 53 6572 76 69 63 65 2E 6C 6F 67 50 61 67 65 56 69 65 77 00 02 2F 36 00 00 00 25 0A 00 00 00 02 02 00 08 72 61 72 65 6E 65 73 73 02 00 12 2F 6B 65 79 71 75 65 73 74 2F 67 61 6D 65 6C 69 73 74
    . . . . . . . . . . K e y Q u e s t G a m e S e r v i c e . l o g P a g e V i e w . . /6 . . . %. . . . . . . . r a r e n e s s . . . / k e y q u e s t / g a m e l i s t



    to do this we use chr codes , convert the hex values to decimal..


    This took some perfecting and along time comparing packets byte by byte to the original vs my program until it was cloned 100%...
    Dim thepacket As String = Chr(0) & Chr(3) & Chr(0) & Chr(0) & Chr(0) & Chr(1) & Chr(0) & Chr(31) & "KeyQuestGameService.logPageView" & Chr(0) & Chr(2) & "/6" & Chr(0) & Chr(0) & Chr(0) & Chr(37) & Chr(10) & Chr(0) & Chr(0) & Chr(0) & Chr(2) & Chr(2) & Chr(0) & Chr(8) & txtusername.Text & Chr(2) & Chr(0) & Chr(18) & "/keyquest/gamelist


    p.s I do not care that a username is included in this code , its a mule
    Last edited by DarkByte; 07-01-2012 at 06:13 PM.

  2. The Following 12 Users Say Thank You to DarkByte For This Useful Post:

    Cody. (07-28-2012),DarkAngel (07-03-2012),Emiley (07-04-2012),esperanto (07-03-2012),j03 (07-01-2012),Reese (07-04-2012),Shichibukai (07-03-2012),SmileYaDead (07-03-2012),Trinket (07-28-2012),wayne000 (07-02-2012),yellowbomb04 (07-19-2012),zxzero (07-17-2012)

  3. #2

    Joined
    Dec 2011
    Posts
    95
    Userbars
    4
    Thanks
    161
    Thanked
    172/63
    DL/UL
    32/3
    Mentioned
    87 times
    Time Online
    17d 12h 5m
    Avg. Time Online
    6m
    Judging from that, sending data and receiving data can obviously be done. But I think the biggest problem is making it auto-play for you. It will take hell of a research to understand how the communication works - something I would think twice before getting involved in this :p

  4. #3

    Joined
    Jun 2012
    Posts
    1,699
    Thanks
    876
    Thanked
    2,881/1,142
    DL/UL
    44/1
    Mentioned
    562 times
    Time Online
    118d 6h 45m
    Avg. Time Online
    40m
    It's nothing I have not done before for other games. A lot of work yes but not impossible as people had told me .

  5. The Following 3 Users Say Thank You to DarkByte For This Useful Post:

    Aeires (07-03-2012),Cody. (07-28-2012),Emiley (07-09-2012)

  6. #4

    Joined
    Dec 2011
    Posts
    447
    Userbars
    2
    Thanks
    146
    Thanked
    73/52
    DL/UL
    61/0
    Mentioned
    46 times
    Time Online
    1d 22h 50m
    Avg. Time Online
    N/A
    People have been asking for a KQ auto-player or simulator for SO long i'm sure they'll be pumped no matter how long it takes you.

  7. #5
    DarkAngel's Avatar
    Joined
    Dec 2011
    Posts
    4,107
    Userbars
    9
    Thanks
    659
    Thanked
    437/225
    DL/UL
    32/0
    Mentioned
    222 times
    Time Online
    57d 11h 31m
    Avg. Time Online
    19m
    If you can finish this, people will love you

    But as Damian said, the hard thing will make it autoplay for you, because its not about moving a piece around the board, its about playing those games and such :/
    Selling Almost Any NC item!

    Selling Balthazars Bag of Bottled Faeries - $150

    Selling SEVERAL EPIC Main Accounts and Robotification Zappermajigs!!

    Custom NeoPoint Orders? PM me!
    Selling Shells, $2 each :3

  8. #6

    Joined
    Jun 2012
    Posts
    1,699
    Thanks
    876
    Thanked
    2,881/1,142
    DL/UL
    44/1
    Mentioned
    562 times
    Time Online
    118d 6h 45m
    Avg. Time Online
    40m
    Im working on this , each packet is very similar also , their is a handshake packet before this packet that sets some important varibles in the html reply , it sends just after the game loads.

  9. #7
    neofreak's Avatar
    Joined
    Jul 2012
    Posts
    266
    Userbars
    4
    Thanks
    337
    Thanked
    233/85
    DL/UL
    15/0
    Mentioned
    17 times
    Time Online
    3d 10h 13m
    Avg. Time Online
    1m
    If you get this to work and by the looks of it, it seems you will, this program will be like a milestone in the black market community! So I wish you the best of luck in your endeavor! =)

  10. The Following User Says Thank You to neofreak For This Useful Post:

    DarkByte (07-17-2012)

  11. #8

    Joined
    Jun 2012
    Posts
    1,699
    Thanks
    876
    Thanked
    2,881/1,142
    DL/UL
    44/1
    Mentioned
    562 times
    Time Online
    118d 6h 45m
    Avg. Time Online
    40m
    Actually huge credits will go to @(you need an account to see links) for his work on (you need an account to see links) this has helped me immensely and anyone looking to do the same as me should look into this.

  12. #9

    Joined
    Jul 2012
    Posts
    56
    Userbars
    1
    Thanks
    13
    Thanked
    8/7
    DL/UL
    7/0
    Mentioned
    2 times
    Time Online
    59m
    Avg. Time Online
    N/A
    It would be pretty amazing if there were a hack or bot or AP for Keyquest. But then everything would go super cheap due to over-inflation... Meh. It's not as if things aren't cheaper than chips compared to when I first started playing lol. I can't wait to see where this is going

  13. #10
    paox3's Avatar
    Joined
    Apr 2012
    Posts
    159
    Userbars
    2
    Thanks
    27
    Thanked
    27/16
    DL/UL
    53/0
    Mentioned
    25 times
    Time Online
    3d 3h 36m
    Avg. Time Online
    1m
    I have no clue what that giant chunk of code says but sure, a keyquest autoplayer would be nice addition.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •