PDA

View Full Version : Wheel of monotony exploit


DarkByte
08-05-2012, 05:42 AM
Allows instant spin without wait or pulling leaver. You shoudl change the reffering url below.


Dim thepacket As String = Chr(0) & Chr(3) & Chr(0) & Chr(0) & Chr(0) & Chr(1) & Chr(0) & Chr(22) & "WheelService.spinWheel" & Chr(0) & Chr(2) & Chr(47) & Chr(49) & Chr(0) & Chr(0) & Chr(0) & Chr(9) & Chr(10) & Chr(0) & Chr(0) & Chr(0) & Chr(1) & Chr(2) & Chr(0) & Chr(1) & "5"

Dim html As String = thewrapper.Request("AMF", "[Only registered and activated users can see links]" & thepacket, "[Only registered and activated users can see links]")



Wrapper..

[CODE]
Imports System
Imports System.Collections.Generic
Imports System.Text
Imports System.Text.RegularExpressions
Imports System.IO
Imports System.IO.Compression
Imports System.Net.Sockets

Public Class [Only registered and activated users can see links]
'[Only registered and activated users can see links] Credits to glurak and whoever converted this to vb.net
'This is not my work except for some slight chagnges and tweaks where i see fit
Implements ICloneable

Private TCP_Client As TcpClient
Private colCookies As Dictionary(Of String, String) = New Dictionary(Of String, String)
Public strCookies As String = String.Empty
Public LastPage As String = String.Empty

Private pUseProxy As Boolean = False
Private pProxyAddress As String = String.Empty
Private pProxyPort As Integer = 80

Public Const constHeaderUserAgent As String = "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8"

Public headerAccept As String = "text/html,application/xhtml+xml,application/xml,0.9,*/*;q=0.8"
Public headerUserAgent As String = "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8"
Public headerAcceptLanguage As String = "en-us,en;q=0.5"
Public headerAcceptCharset As String = "ISO-8859-1,utf-8;q=0.7,*;q=0.7"
Public alternativePostdataSeparator As String = "
Poptarts
08-05-2012, 09:31 AM
i don't get it
Shawn
08-05-2012, 09:41 AM
Can this decide on the prize
Poptarts
08-05-2012, 09:50 AM
Shawn, no. I remember him talking about it. It just makes it so you don't gotta wait for 2 hours, as far as I know.
j03
08-05-2012, 10:32 AM
This is code for any programmers. Moving to appropriate section.
Evelsaint
08-05-2012, 10:43 AM
This would be great for the wheel of monotony. Don't have to wait like crazy and we can use it in a daily doer
jongeh
08-05-2012, 12:54 PM
How detectable would it be? Also, am I supposed to use that raw information you have given me above to be able to do it, or does a programmer have to construct a program from it? Never the less, thanks for the share!
DarkByte
08-05-2012, 01:39 PM
The single packet is all thats needed , the html reply looks like this:

[Only registered and activated users can see links]

The flash game itself sends no packet at all when spinning the wheel , its just a animation that plays and then sends this packet when the animations complete.
DarkByte
08-12-2012, 09:46 AM
How detectable would it be? Also, am I supposed to use that raw information you have given me above to be able to do it, or does a programmer have to construct a program from it? Never the less, thanks for the share!

double post as ive done some research now a little deeper...

this is the only sql command used by the game.
UPDATE personal SET neopoints = neopoints + 20000 WHERE username = 'rareness'; UPDATE neopets SET current_hp = FLOOR(current_hp / 3) WHERE owner = 'rareness' AND current_hp >= 4 LIMIT 4; INSERT INTO play_limiter2 (username, unixtime, game_id, plays) VALUES ('rareness', 1344782341, 'wheel_monotony', 1) ON DUPLICATE KEY UPDATE plays = plays + 1; "


in the above 1344782341 = unix timestamp , if u exploited it to spin more than once they would see it easily. This is fine atm for a legit account.

I found a way to make amf crash everytime and show me the sql commands its using :D.
jongeh
08-12-2012, 09:50 AM
double post as ive done some research now a little deeper...

this is the only sql command used by the game.
UPDATE personal SET neopoints = neopoints + 20000 WHERE username = 'rareness'; UPDATE neopets SET current_hp = FLOOR(current_hp / 3) WHERE owner = 'rareness' AND current_hp >= 4 LIMIT 4; INSERT INTO play_limiter2 (username, unixtime, game_id, plays) VALUES ('rareness', 1344782341, 'wheel_monotony', 1) ON DUPLICATE KEY UPDATE plays = plays + 1; "


in the above 1344782341 = unix timestamp , if u exploited it to spin more than once they would see it easily. This is fine atm for a legit account.

So basically, only use it once a day/12 hours?
DarkByte
08-12-2012, 10:01 AM
yeah this dosent exploit the time between spins anyway , some people asked me if that was possible in the release thread it would just get u banned even if it was. If you run my bot twice it will just show a error the second time as it would if you did it through the real game its a simulation of the real spin packet. Ironically you could not automate this wheel without exploiting it so I am sure someone has found this before me.