[Day R Survival]

8 hours ago, cth said:

While I really wanna join this bangwagon of hacking the game via custom http requests, I'm not quite there yet. I'm quite good at JS, but... maybe later. Don't wanna bother with encrypting/decrypting, looking into network logs and whatnot. And this is while 90% of the game is easily owned with simple memory editing. Here, another one:

I can't find this info in the repo. Is the caps store there? Oh, this store must have been added in 767, and the repo is 766.

You are right, this is a GG forum. I don't know if JS has anything to do with GG but we should talk about memory editing.

[Day R Survival]

10 hours ago, AngelWolf said:

it's AES-256-CBC with custom String Replace after, i already found it, the thing i wanted is replicate it with Nodejs or perhaps JS, on browser or back end, soo i dont need to runs it on lua, and that's what makes me spent alot of time, it just send different thing while has the same message in it, on lua i can just send Data + Key and done, while i do that on js, Data + Key, it send absolutely different thing,maybe im just too dumb to know it. 

What I showed before was already in web using js.

On 6/29/2023 at 2:16 PM, AngelWolf said:

BROOOOOO. DID I JUST DO THAT OR THAT'S JUST A FLUKE

My example is using basic js only.

 

[Day R Survival]

3 minutes ago, AngelWolf said:

i see the AccessLevel you mentions, tho im unsure on how to modify it, i will experiment more, but you can get premium on profile level but items still getting checked locally i think, i'll test more, today i spent good 10 hours making a website page to encrypt and decrypt a SaveData, so im not bound to do it manually

 

80% of the time spent on figuringing the encryptions

The encryption method you provided before is correct. All encrypted data will be readable as json. After that, it's not difficult.

 

[Day R Survival]

19 minutes ago, AngelWolf said:

unsure, ill see bout it

yea, i still wondering on how to ban and such, there's no exposed endpoint, and im incline to believe it's websocket connection rather post request, i also dont know where tf the pincode is
the code keeps refering to main.multiplayer.masterServer.pincode, and when i look into it, it gives
main.profile.get('pincode') and when i look both profile and saves, no key is called pincode, i'll assume it's either the name obfuscated or it just doesnt exist without websocket connection

 

There are clues how to ban, basically use chat (via websocket). Some of the basic commands are "/ban", "/unban" , "/mute", "unmute", you need special access to be able to use those commands (getAccessLevel). 

pincode is used to gain access. It's also something that is given to each moderator with a different pincode. If you can bypass this and force yourself to gain the access level then chances are you can do it.