Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Wheel of monotony exploit

  1. #1

    Joined
    Jun 2012
    Posts
    1,699
    Thanks
    876
    Thanked
    2,881/1,142
    DL/UL
    44/1
    Mentioned
    562 times
    Time Online
    118d 6h 45m
    Avg. Time Online
    40m

    Wheel of monotony exploit

    Allows instant spin without wait or pulling leaver. You shoudl change the reffering url below.

    Code:
    Dim thepacket As String = Chr(0) & Chr(3) & Chr(0) & Chr(0) & Chr(0) & Chr(1) & Chr(0) & Chr(22) & "WheelService.spinWheel" & Chr(0) & Chr(2) & Chr(47) & Chr(49) & Chr(0) & Chr(0) & Chr(0) & Chr(9) & Chr(10) & Chr(0) & Chr(0) & Chr(0) & Chr(1) & Chr(2) & Chr(0) & Chr(1) & "5"
    
      Dim html As String = thewrapper.Request("AMF", "http://www.neopets.com/amfphp/gateway.php?" & thepacket, "http://images.neopets.com/wheels/wheel_of_mediocrity_v2_c4ed41eb31.swf?r=1058850156")
    Wrapper..

    [CODE]
    Imports System
    Imports System.Collections.Generic
    Imports System.Text
    Imports System.Text.RegularExpressions
    Imports System.IO
    Imports System.IO.Compression
    Imports System.Net.Sockets

    Public Class httpwrapper
    'Httpwrapper Credits to glurak and whoever converted this to vb.net
    'This is not my work except for some slight chagnges and tweaks where i see fit
    Implements ICloneable

    Private TCP_Client As TcpClient
    Private colCookies As Dictionary(Of String, String) = New Dictionary(Of String, String)
    Public strCookies As String = String.Empty
    Public LastPage As String = String.Empty

    Private pUseProxy As Boolean = False
    Private pProxyAddress As String = String.Empty
    Private pProxyPort As Integer = 80

    Public Const constHeaderUserAgent As String = "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8"

    Public headerAccept As String = "text/html,application/xhtml+xml,application/xml,0.9,*/*;q=0.8"
    Public headerUserAgent As String = "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8"
    Public headerAcceptLanguage As String = "en-us,en;q=0.5"
    Public headerAcceptCharset As String = "ISO-8859-1,utf-8;q=0.7,*;q=0.7"
    Public alternativePostdataSeparator As String = "

  2. The Following 6 Users Say Thank You to DarkByte For This Useful Post:

    Demo (08-05-2012),iBeast (08-05-2012),Meercat (08-05-2012),Reese (08-05-2012),Ryan~ (08-05-2012),zxzero (08-05-2012)

  3. #2

    Joined
    Jul 2012
    Posts
    109
    Thanks
    15
    Thanked
    12/10
    DL/UL
    1/0
    Mentioned
    36 times
    Time Online
    N/A
    Avg. Time Online
    N/A
    i don't get it

  4. #3

    Joined
    Jun 2012
    Posts
    2,235
    Pronouns
    He / Him
    Userbars
    39
    Thanks
    1,472
    Thanked
    2,166/810
    DL/UL
    16/0
    Mentioned
    228 times
    Time Online
    63d 23h 21m
    Avg. Time Online
    22m
    Can this decide on the prize

  5. #4

    Joined
    Jul 2012
    Posts
    109
    Thanks
    15
    Thanked
    12/10
    DL/UL
    1/0
    Mentioned
    36 times
    Time Online
    N/A
    Avg. Time Online
    N/A
    @(you need an account to see links), no. I remember him talking about it. It just makes it so you don't gotta wait for 2 hours, as far as I know.

  6. #5
    Saiyan Race
    j03's Avatar
    Joined
    Dec 2011
    Posts
    13,720
    Userbars
    166
    Thanks
    5,906
    Thanked
    33,077/6,608
    DL/UL
    23/36
    Mentioned
    3,867 times
    Time Online
    563d 5h 6m
    Avg. Time Online
    3h 13m
    This is code for any programmers. Moving to appropriate section.
    (you need an account to see links)
    (you need an account to see links)(you need an account to see links)

    ------------------------
    [02/24/2013] Stealth CORE is made into the first standalone Neopets auto-player.
    ------------------------


  7. #6
    Evelsaint's Avatar
    Joined
    Dec 2011
    Posts
    1,983
    Userbars
    6
    Thanks
    261
    Thanked
    345/246
    DL/UL
    89/0
    Mentioned
    201 times
    Time Online
    7h 1m
    Avg. Time Online
    N/A
    This would be great for the wheel of monotony. Don't have to wait like crazy and we can use it in a daily doer

  8. The Following User Says Thank You to Evelsaint For This Useful Post:

    zxzero (08-05-2012)

  9. #7

    Joined
    Dec 2011
    Posts
    457
    Userbars
    2
    Thanks
    78
    Thanked
    78/55
    DL/UL
    66/0
    Mentioned
    63 times
    Time Online
    9d 2h 21m
    Avg. Time Online
    3m
    How detectable would it be? Also, am I supposed to use that raw information you have given me above to be able to do it, or does a programmer have to construct a program from it? Never the less, thanks for the share!

  10. #8

    Joined
    Jun 2012
    Posts
    1,699
    Thanks
    876
    Thanked
    2,881/1,142
    DL/UL
    44/1
    Mentioned
    562 times
    Time Online
    118d 6h 45m
    Avg. Time Online
    40m
    The single packet is all thats needed , the html reply looks like this:



    The flash game itself sends no packet at all when spinning the wheel , its just a animation that plays and then sends this packet when the animations complete.

  11. The Following User Says Thank You to DarkByte For This Useful Post:

    Evelsaint (08-05-2012)

  12. #9

    Joined
    Jun 2012
    Posts
    1,699
    Thanks
    876
    Thanked
    2,881/1,142
    DL/UL
    44/1
    Mentioned
    562 times
    Time Online
    118d 6h 45m
    Avg. Time Online
    40m
    Quote Originally Posted by jongeh View Post
    How detectable would it be? Also, am I supposed to use that raw information you have given me above to be able to do it, or does a programmer have to construct a program from it? Never the less, thanks for the share!
    double post as ive done some research now a little deeper...

    this is the only sql command used by the game.
    UPDATE personal SET neopoints = neopoints + 20000 WHERE username = 'rareness'; UPDATE neopets SET current_hp = FLOOR(current_hp / 3) WHERE owner = 'rareness' AND current_hp >= 4 LIMIT 4; INSERT INTO play_limiter2 (username, unixtime, game_id, plays) VALUES ('rareness', 1344782341, 'wheel_monotony', 1) ON DUPLICATE KEY UPDATE plays = plays + 1; "


    in the above 1344782341 = unix timestamp , if u exploited it to spin more than once they would see it easily. This is fine atm for a legit account.

    I found a way to make amf crash everytime and show me the sql commands its using .
    Last edited by DarkByte; 08-12-2012 at 09:55 AM.

  13. #10

    Joined
    Dec 2011
    Posts
    457
    Userbars
    2
    Thanks
    78
    Thanked
    78/55
    DL/UL
    66/0
    Mentioned
    63 times
    Time Online
    9d 2h 21m
    Avg. Time Online
    3m
    Quote Originally Posted by raredaredevil View Post
    double post as ive done some research now a little deeper...

    this is the only sql command used by the game.
    UPDATE personal SET neopoints = neopoints + 20000 WHERE username = 'rareness'; UPDATE neopets SET current_hp = FLOOR(current_hp / 3) WHERE owner = 'rareness' AND current_hp >= 4 LIMIT 4; INSERT INTO play_limiter2 (username, unixtime, game_id, plays) VALUES ('rareness', 1344782341, 'wheel_monotony', 1) ON DUPLICATE KEY UPDATE plays = plays + 1; "


    in the above 1344782341 = unix timestamp , if u exploited it to spin more than once they would see it easily. This is fine atm for a legit account.
    So basically, only use it once a day/12 hours?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •