When I come back recently I spoke to Joe about some apps I had always wanted to make but never got round too. One of them was a key quest auto player. Today I started to work on it and made this pastebin file for joe as I went so he could see the concept and understand what im talking about when im telling him my programming issues!
This was never meant to be any longer than it already is , as it was just for joe and its all he would need to grasp the idea behind the project. But I might aswell update it now its public as I go. He asked me to post it here for others to learn from too:
Keyquest Research - RareDareDevil
----------------------------------
Target
------
A key quest auto player that simulates packets within the game but never actually loads the game.
Log
---
First I need to get a list of room names , to do this I load a new game of key quest , attach a packet editor to firefox.exe
and then filter scan all packets while pressing "5-key room"lobby.
Relevant Packet info -
1.POST /amfphp/gateway.php HTTP/1.1..Host: (you need an account to see links)..
2.Referer: (you need an account to see links)..
3.Content-type: application/x-amf
4...Content-length: 89............KeyQuestGameService.logPageView../15...)........hellokitty10111.../keyquest/lobby
1.Post information in 5. to (you need an account to see links)
2.The referring page should be set to this in our program
3.x-amf request , (flash xml library) we will need to change our wrapper to reflect this
4.The post data to sent , "...." are actually different bytes with different hex values. Representing the x-amf request fule structure.
Now to simulate the above packet now I first used my httpwrapper unedited to send a http post request as such:
1.Post raw information (no exact hex codes) from 5. to (you need an account to see links)
Relevant result packet info-
1.POST /amfphp/gateway.php HTTP/1.1..Host: (you need an account to see links)..
2.Content-Type: application/x-www-form-urlencoded..
3.Content-Length: 93................KeyQuestGameService.logPageView. ./15...)........hellokitty10111.../keyquest/lobby
notes:
1.simulated fine.
2. changed header in wrapper to application/x-amf
3. length needs fixing probably added to many trailing ".." also "." need ot get ther hex value
Reply from server at current state when deflated with gzip:
HTTP/1.1 200 OK
Date: Sun, 01 Jul 2012 18:52:55 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7a PHP/5.1.6
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 386
Connection: close
Content-Type: text/html; charset=UTF-8
Fatal error: Uncaught exception 'VerboseException' with message 'Malformed AMF message, connection may have dropped' in /home/neopets/public_html/amfphp/core/amf/io/AMFBaseDeserializer.php:210
Stack trace:
#0 [internal function]: amfErrorHandler(1024, 'Malformed AMF m...', '/home/neopets/p...', 210, Array)
#1 /home/neopets/public_html/amfphp/core/amf/io/AMFBaseDeserializer.php(210): trigger_error('Malformed AMF m...')
#2 /home/neopets/public_html/amfphp/core/amf/io/AMFBaseDeserializer.php(134): AMFBaseDeserializer->readHeader()
#3 /home/neopets/public_html/amfphp/core/amf/app/Filters.php(38): AMFBaseDeserializer->deserialize(Object(AMFObject))
#4 /home/neopets/public_html/amfphp/core/amf/app/Gateway.php(177): deserializationFilter(Object(AMFObject))
#5 /home/neopets/public_html/amfphp/gateway.php(154): Gateway->service()
#6 {main}
thrown in /home/neopets/public_html/amfphp/core/amf/io/AMFBaseDeserializer.php on line 210
The errors are because the packet bytes are invalid , so we will clone them now
/ 6 % c r a r e n e s s
0D 0A 00 03 00 00 00 01 00 1F 4B 65 79 51 75 65 73 74 47 61 6D 65 53 6572 76 69 63 65 2E 6C 6F 67 50 61 67 65 56 69 65 77 00 02 2F 36 00 00 00 25 0A 00 00 00 02 02 00 08 72 61 72 65 6E 65 73 73 02 00 12 2F 6B 65 79 71 75 65 73 74 2F 67 61 6D 65 6C 69 73 74
. . . . . . . . . . K e y Q u e s t G a m e S e r v i c e . l o g P a g e V i e w . . /6 . . . %. . . . . . . . r a r e n e s s . . . / k e y q u e s t / g a m e l i s t
to do this we use chr codes , convert the hex values to decimal..
This took some perfecting and along time comparing packets byte by byte to the original vs my program until it was cloned 100%...
Dim thepacket As String = Chr(0) & Chr(3) & Chr(0) & Chr(0) & Chr(0) & Chr(1) & Chr(0) & Chr(31) & "KeyQuestGameService.logPageView" & Chr(0) & Chr(2) & "/6" & Chr(0) & Chr(0) & Chr(0) & Chr(37) & Chr(10) & Chr(0) & Chr(0) & Chr(0) & Chr(2) & Chr(2) & Chr(0) & Chr(8) & txtusername.Text & Chr(2) & Chr(0) & Chr(18) & "/keyquest/gamelist
p.s I do not care that a username is included in this code , its a mule
Last edited by DarkByte; 07-01-2012 at 06:13 PM.
The Following 12 Users Say Thank You to DarkByte For This Useful Post:
Judging from that, sending data and receiving data can obviously be done. But I think the biggest problem is making it auto-play for you. It will take hell of a research to understand how the communication works - something I would think twice before getting involved in this :p
But as Damian said, the hard thing will make it autoplay for you, because its not about moving a piece around the board, its about playing those games and such :/
Selling Almost Any NC item! Selling Balthazars Bag of Bottled Faeries - $150 Selling SEVERAL EPIC Main Accounts and Robotification Zappermajigs!! Custom NeoPoint Orders? PM me! Selling Shells, $2 each :3
Im working on this , each packet is very similar also , their is a handshake packet before this packet that sets some important varibles in the html reply , it sends just after the game loads.
If you get this to work and by the looks of it, it seems you will, this program will be like a milestone in the black market community! So I wish you the best of luck in your endeavor! =)
The Following User Says Thank You to neofreak For This Useful Post:
It would be pretty amazing if there were a hack or bot or AP for Keyquest. But then everything would go super cheap due to over-inflation... Meh. It's not as if things aren't cheaper than chips compared to when I first started playing lol. I can't wait to see where this is going