Results 1 to 9 of 9

Thread: A breif Overview Of flash Hacking methods Past and Present

  1. #1
    Banned
    Join Date
    Jun 2012
    Gender
    Location
    90 90
    Age
    31
    Posts
    1,714
    Thanks
    876
    Thanked 2,877 Times in 1,139 Posts


    Downloads
    44
    Uploads
    1
    Mentioned
    562 Post(s)
    Time Online
    118 d 6 h 45 m
    Avg. Time Online
    1 h 30 m
    Rep Power
    0
    Gamer IDs

    Gamertag: DarkByt3 PSN ID: raredaredevil

    A breif Overview Of flash Hacking methods Past and Present

    I will expand on this and give some working examples on each method when I am back online... Also I have a new method for hacking As3 called As3 Code injection via asm I will add a tut on this soon. I did all these guides with no internet so right now they are just a brief overview.

    Method 1. As2 Variable Getting / Setting:




    Method overview
    ---------------
    When you install flash a activeX is also installed witch can be used in the ide of your choice. I use vb.net
    but I have done this before on vb6 , delphi and c++. The concept is the same although the syntax is not. Anyway included with this
    .swf file is 2 inbuilt functions we can use for Var Setting and Getting inside as2 games. Take for e.g the following code:

    function loadnewgame()
    {
    playerlives=3;
    playertime=60;
    playerround=1;
    }

    With this method we would simply be able to set the playerlives via calling this code:
    Call swfcontolname.SetVarible("_level0.playerlives" , 99)

    This would give us 99 lives , why did we add "_level0" ? This is due to how neopets loads the game files. The standard level
    is used by the game loader , level100 is used for score sending and level0 is used for the actual game content.

    We can also use text1.text=swfcontrol.GetVarible("_level0.playerli ves"). You should use a "on error resume next" function with both these as if the game is not loaded or the varible is not found a message box will show by default.


    Method Ban Rate
    ---------------
    May be detection on this though I have never seen any. Make sure you keep all scores within a valid range and decent time spent
    collecting them.


    Method Bad Points
    -----------------
    Impossible to access Global variables although neopets never really realized this.
    Only As2 games
    --------------------------------------------------------------------------------

    Programs Needed:
    ArtMoney
    FireFox (this is what I use , if you know how to view ur browser of choices cache then you wont be forced to use firefox but im not explaining every browser here )
    Cache Viewer (firefox addon)
    Sothink Swf Decompiler (cracked)
    Vb.net or a ide you are comftable with that can load activeX files


    Method 2. As2 Variable and function fuzzing:
    Method overview
    ---------------

    As2 variable and function names are loaded directly into memory via flash. Using a value/step method we can edit the code
    to a game live in memory and simply make certain variables or entire functions not work. Lets say we remove the
    variable that holds the players lives. Now when you die in game the variable that holds lives will no longer be valid so when
    the game trys to remove 1 life , nothing will happen and you have unlimited lives.

    The same concept can be used to remove entire functions , simply search for a function name and use value/step method to
    make the entire function break. Like above you can use this to remove "looselive" functions ect.


    Method Ban Rate
    ---------------
    Some early games had protection against some basic variable fuzzing but only in a few areas. Although you would not get
    banned when being detected a popup would show saying you had been detected as a cheater and your score would be invalid.
    It is unlikely you will run into this anymore but if you do , do not send a score.


    Method Bad Points
    -----------------
    Some small built in detections on very old games

    Only works on As2 games (there is less and less of these every month as old games get updates)

    Can kill your game making it impossible to end or other strange side effects , usually you will need to end the game
    via a end game button.


    -------------------------------------------------------------------------------------------

    Programs Needed:
    ArtMoney (similar to cheat engine but allows , stepping of values)
    FireFox (this is what I use , if you know how to view ur browser of choices cache then you wont be forced to use firefox but im not explaining every browser here )
    Cache Viewer (firefox addon)
    Sothink Swf Decompiler (cracked)


    Method 3. As2 Value Shifting:
    Method overview
    ---------------
    Method overview
    ---------------

    In the source code to many games there will be default values set when a new game is loaded such as:

    function loadnewgame()
    {
    playerlives=3;
    playertime=60;
    playerround=1;
    }

    With this method we would search the memory for "playerlives" then "playertime". We would then find to results close together
    In memory (within about 50 bytes). Once we have the adress of the playerlives code in the above we would than take away 50 bytes
    from the memory adress and also add 50 bytes to the memory adress. Now using these two numbers as a range of adresses to search for
    we would search for the value "3". Changing this in memory to 99 would make the code say:

    function loadnewgame()
    {
    playerlives=99;
    playertime=60;
    playerround=1;
    }

    Loading a new game would then give us a default of 99 lives.

    Method Ban Rate
    ---------------
    0 ban rate on this outside of the normal risk of getting impossible scores or winning a game to fast ect. The actual method itself
    has no detection on it.


    Method Bad Points
    -----------------
    Can be tricky when dealing with array values
    Some flash version will multiply values by 8 , so if you have 2 lives by default you should search for 16 , also when setting
    a varible it would also have to be a multiple of 9 , for 99 lives this would be 792 (99 * 9).

    -------------------------------------------------------------------------------------------

    Programs Needed:
    ArtMoney
    FireFox (this is what I use , if you know how to view ur browser of choices cache then you wont be forced to use firefox but im not explaining every browser here )
    Cache Viewer (firefox addon)
    Sothink Swf Decompiler (cracked)

    Method 4. As2 Function Calling:

    Method overview
    ---------------
    When you install flash a activeX is also installed wich can be used in the ide of your choice. I use vb.net code in this tutorial
    but I have done this before on vb6 , delphi and c++. The concept is the same although the syntax is not. Anyway included with this
    .swf file is a function called "Loadmovie". This allows us to load our own custom .swf file into a game.

    Inside this hacked .swf we can place our own action script code to call functions take for example the following code:

    function setplayerlives(theamount)
    {
    _this.playerlives = theamount;
    }

    Now we would open up our flash ide and make a new as2 .swf , inside this we would put this code:

    _level0.setplayerlives(99);

    To get this code to execute we would add the following code in a button to load our hacked .swf into the game:
    swfcontrol.loadmovie("c:\somepath\filename.swf",66 )

    This would give us 99 lives , the 66 above just says what layer to load the movie into you should never use layer 1 , 100 or 0 as they are used by neopets.
    Also when injecting multiple .swf files never inject to the same layer twice as you will cause conflicts.



    Method Ban Rate
    ---------------
    No detection on this as you call neopets own functions coded by there own staff. Of course detection exist for invalid scores
    or getting a super score in seconds.


    Method Bad Points
    -----------------
    Hard to access global varibles , but not impossible (requires exact same flash version the game was coded with)
    as2 only

    --------------------------------------------------------------------------------

    Programs Needed:
    ArtMoney
    FireFox (this is what I use , if you know how to view ur browser of choices cache then you wont be forced to use firefox but im not explaining every browser here )
    Cache Viewer (firefox addon)
    Sothink Swf Decompiler (cracked)
    Vb.net or a ide you are comftable with that can load activeX files
    Adobe Flash Cs3+ or Macromedia Flash 9+ Ide (use as2 mode always)


    Method 5. As3 Aobing:
    Method overview
    ---------------
    This method is a cross between as2 varible fuzzing and bytehacking. What we need to do is to find some code we want to change in swf decompiler such as:

    if (this.lives==0)
    {
    gameover();
    }

    Now we would switch to the hex code view in swf decompiler and view the hex code that makes up the function. We would find the hex code for the "==" symbol and change this to "<". Or we could just change the 1 to 99 or something impossible. To do this we would take the entire line of old hex code and search for it as an array
    of bytes in memory. Now we would replace the byte that makes up the "==" symbol and change it to a byte that makes up a "<" value this way the code would now say:

    if (this.lives<0)
    {
    gameover();
    }

    The above code will only get called if lives are < 0 instead of if lives = 0. Probly not the best way to go about things but you get the idea. Some people can be really creative with these codes.

    Method Ban Rate
    ---------------
    I have seen no bans yet for Aob hacking but keep the scores none illegal as usual.


    Method Bad Points
    -----------------
    Kind of hard to get started but when you have been doing it a while you will remember certain byte values from memory. Trust me it gets easier , start on a simple game
    first using a simple aob that just changes text of a in game item or something.

    --------------------------------------------------------------------------------

    Programs Needed:
    ArtMoney
    FireFox (this is what I use , if you know how to view ur browser of choices cache then you wont be forced to use firefox but im not explaining every browser here )
    Cache Viewer (firefox addon)
    Sothink Swf Decompiler (cracked)





    As3 Code injection is a new method I have come up with , it will be released shortly.

  2. The Following 11 Users Say Thank You to DarkByte For This Useful Post:

    Ban (07-18-2013),damian002 (12-30-2012),Death (12-30-2012),hectorvazc (12-30-2012),Infamous Joe (12-30-2012),John (12-30-2012),kooldude888 (01-02-2013),Nik (12-30-2012),Shawn (12-30-2012),SmileYaDead (01-01-2013),utahclock (02-07-2013)

  3. #2
    Death's Avatar
    Join Date
    Jun 2012
    Gender
    Posts
    509
    Thanks
    451
    Thanked 572 Times in 252 Posts


    Downloads
    25
    Uploads
    0
    Mentioned
    161 Post(s)
    Time Online
    15 d 11 h 30 m
    Avg. Time Online
    11 m
    Rep Power
    8
    You must spread some Reputation around before giving it to @raredaredevil again.

    Damn. =/

  4. #3

    Join Date
    Oct 2012
    Gender
    Posts
    201
    Thanks
    11
    Thanked 87 Times in 50 Posts


    Downloads
    18
    Uploads
    0
    Mentioned
    30 Post(s)
    Time Online
    5 d 9 h 44 m
    Avg. Time Online
    4 m
    Rep Power
    6
    I built a custom proxy that downloads all files from images.neopets.com when they're accessed. Once the SWF files are downloaded I decompress them, analyse the code, change the code with a hex editor, recompress the code, place it back in the proxy cache. Means I only need to hack it once, then it's done for every time I play.

    Care to screw with gravity?


    There's more, but my laptop hates making videos
    Last edited by Celestial; 12-30-2012 at 11:04 PM.

  5. #4

    Join Date
    Dec 2011
    Gender
    Posts
    143
    Thanks
    3
    Thanked 161 Times in 44 Posts


    Downloads
    14
    Uploads
    9
    Mentioned
    64 Post(s)
    Time Online
    5 d 21 h 53 m
    Avg. Time Online
    4 m
    Rep Power
    7
    You can also look through the game code to find where the swf checks to see how many times an in-game cheat is used and change/stop the count. This allows an in-game cheat to be used more than the alotted limit (once).

  6. #5

    Join Date
    Oct 2012
    Gender
    Posts
    201
    Thanks
    11
    Thanked 87 Times in 50 Posts


    Downloads
    18
    Uploads
    0
    Mentioned
    30 Post(s)
    Time Online
    5 d 9 h 44 m
    Avg. Time Online
    4 m
    Rep Power
    6
    Quote Originally Posted by Soredavide View Post
    You can also look through the game code to find where the swf checks to see how many times an in-game cheat is used and change/stop the count. This allows an in-game cheat to be used more than the alotted limit (once).
    I could, and as I recall have,

  7. #6

    Join Date
    Oct 2012
    Gender
    Posts
    201
    Thanks
    11
    Thanked 87 Times in 50 Posts


    Downloads
    18
    Uploads
    0
    Mentioned
    30 Post(s)
    Time Online
    5 d 9 h 44 m
    Avg. Time Online
    4 m
    Rep Power
    6
    Quote Originally Posted by Soredavide View Post
    You can also look through the game code to find where the swf checks to see how many times an in-game cheat is used and change/stop the count. This allows an in-game cheat to be used more than the alotted limit (once).
    I could, and as I recall have, but this is fun too...


  8. #7
    Banned
    Join Date
    Jun 2012
    Gender
    Location
    90 90
    Age
    31
    Posts
    1,714
    Thanks
    876
    Thanked 2,877 Times in 1,139 Posts


    Downloads
    44
    Uploads
    1
    Mentioned
    562 Post(s)
    Time Online
    118 d 6 h 45 m
    Avg. Time Online
    1 h 30 m
    Rep Power
    0
    Gamer IDs

    Gamertag: DarkByt3 PSN ID: raredaredevil
    Omg that proxy idea rocks.... I can do alot with that.

  9. #8

    Join Date
    Oct 2012
    Gender
    Posts
    201
    Thanks
    11
    Thanked 87 Times in 50 Posts


    Downloads
    18
    Uploads
    0
    Mentioned
    30 Post(s)
    Time Online
    5 d 9 h 44 m
    Avg. Time Online
    4 m
    Rep Power
    6
    Quote Originally Posted by raredaredevil View Post
    Omg that proxy idea rocks.... I can do alot with that.
    @raredaredevil

    I bet, that's why I invented the idea. ^^
    Now you have to add me on Skype

  10. #9

    Join Date
    Jun 2015
    Gender
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts


    Downloads
    0
    Uploads
    0
    Mentioned
    0 Post(s)
    Time Online
    1 h 15 m
    Avg. Time Online
    N/A
    Rep Power
    0
    good job,
    Where is your code AS3 injection?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •