Jump to content

Recommended Posts

Posted (edited)
2 hours ago, kunkunkh said:

Hello does anyone have the script for item swap. I have found one but it doesn't work on the new update version 

why do you need item swap? We have all the hacks we need to do whatever. Just to get the items from past events? Mate, whatever.

 

  

3 hours ago, AngelWolf said:

fun fact 
on your savefile it has 2 thing inside of it, a 128 random letters and a readable json
and you thinks maybe i can tamper the save, nope you cant, cuz on load the game did server checks on it using that 128 random letters or SHA512, basically it goes like
- read the file
- do request to a server and fetch the save file (cloud save using that sha512 as identifier)
- compare both local and server, and if it mismatch, start new game,
and i was thinking what if i send external rest api call to their server and says, here my new save, and remember this sha512 okie,
and since the loads always be checked on load, for example, if you start a new game from existing game then play abit, then quit and then resume same save, it'll ask if you want to load cloud or use local, soo basically that what i mean.
sooooooooo....... :3
basically, i can tamper it all i want, since it has deviceID, userID, caps, and most importantly ShoppingList where you can just insert stuff in it as "topup", i admit it, using irreversible method of checking is quite good than old save file that add this (i found this specifically on 1.462 to compare what changes)

L3_2.****YouCoolHackerSuckMyBinaryBalls = {}

lol, kinda defeats the purpose of the sumchecks when you can easily tamper it. i also understand WHY you need UserID for the topup, cuz you can ask for pincode, and then from that pincode you can basically do everything, Changename, tampersave, unban yourself, add items to yourself, basically Admin priv, in scope of your own account obviously
you'll understand what i mean by 128 SHA512 on 1st line and then JSON data on 2nd line, if you see the datas 

I would expect it to be under RSA and stuff, but if you have the source of the client to the point where you can rebuild it then yeah, you can effectively edit the save.

But! If you can go through that length, doesn't it mean you can do it for any game that allows the client to upload the whole save as is? Pretty terrific. Sounds like you could make a business out of hacking it. The unban service would definitely make use in the community, heh. Sometimes I regret I didn't go into mobile coding deeper than just the university. I chose web/backend dev instead, heh.

Edited by cth
Posted

Ok folks, I need some help here. I want to make some biomass. I think the easiest way is to edit this recipe:

image.thumb.png.86d8feb7185aa2e82adcac5b5c9c21a7.png

Looking for 1;3:: is too borad. I get about 17k 3s. That is too much to change and check. I keep breaking the game whenever I try and I think it's risky if I get on server sync, so I'm trying to be careful.

I found it in the code here: https://github.com/Angelix1/dayr/blob/c7b6b16a29edceed363baffa20ea5f23c56e376e/src/1.764/lib/items/season_emba.lua#L34

image.thumb.png.a7247ec97ad5efda7b9f5939a14ba1ae.png

I tried looking for 1;1;3;10, but to no avail.

Anyone knows has a better idea for the biomass extraction?

Posted
1 hour ago, cth said:

Ok folks, I need some help here. I want to make some biomass. I think the easiest way is to edit this recipe:

image.thumb.png.86d8feb7185aa2e82adcac5b5c9c21a7.png

Looking for 1;3:: is too borad. I get about 17k 3s. That is too much to change and check. I keep breaking the game whenever I try and I think it's risky if I get on server sync, so I'm trying to be careful.

I found it in the code here: https://github.com/Angelix1/dayr/blob/c7b6b16a29edceed363baffa20ea5f23c56e376e/src/1.764/lib/items/season_emba.lua#L34

image.thumb.png.a7247ec97ad5efda7b9f5939a14ba1ae.png

I tried looking for 1;1;3;10, but to no avail.

Anyone knows has a better idea for the biomass extraction?

I did that with 1;1;3 then if you find 7k you must delete 3k then you have 4k And edit 1k until you find the code

Posted
42 minutes ago, dzete said:

I did that with 1;1;3 then if you find 7k you must delete 3k then you have 4k And edit 1k until you find the code

you just blindly delete the first 3k of results?

Posted
4 hours ago, cth said:

Ok folks, I need some help here. I want to make some biomass. I think the easiest way is to edit this recipe:

image.thumb.png.86d8feb7185aa2e82adcac5b5c9c21a7.png

Looking for 1;3:: is too borad. I get about 17k 3s. That is too much to change and check. I keep breaking the game whenever I try and I think it's risky if I get on server sync, so I'm trying to be careful.

I found it in the code here: https://github.com/Angelix1/dayr/blob/c7b6b16a29edceed363baffa20ea5f23c56e376e/src/1.764/lib/items/season_emba.lua#L34

image.thumb.png.a7247ec97ad5efda7b9f5939a14ba1ae.png

I tried looking for 1;1;3;10, but to no avail.

Anyone knows has a better idea for the biomass extraction?

perhaps get the item id and then pointerscan the item id adn then add pointer offset by idk 4 or so? then refine the double value by 3, since the game always need to do pointer  call to get the item data yk 

i also add 1.766 to the repo btw

Posted
8 hours ago, AngelWolf said:

perhaps get the item id and then pointerscan the item id adn then add pointer offset by idk 4 or so? then refine the double value by 3, since the game always need to do pointer  call to get the item data yk 

i also add 1.766 to the repo btw

Sweet! Thanks for adding the 766 to the repo!

Finally it's time for me to start being exposed to the pointers, heh.

But first, it looks like there might be an easy way of getting rid of the soft ban. I'm gonna go test it out. I have a soft-banned account. Or a few 🙂

Posted

Yeah, no I looked into the structure of the save file. Yes, that sha512 protection makes it virtually impossible to edit stuff through just editing the save file. We'd need to make the client send garbage to the server 🙂

Posted
On 6/25/2023 at 12:15 AM, AngelWolf said:

 

POGGERS, IT WORKS, pepepog ( watch the caps )

it doesnt work if you dont have caps to start with, bare minimun is 50, cuz that's iirc the cheapest thing on the store, there's a check for it, but since i have 25k i cant test it lmao

here's the code lmao, this is what responsible for those free stuffies

target = spendCaps
replace = addCaps

0x00				L4_2 = main
0x10				L4_2 = L4_2.profile
0x20				L5_2 = L4_2
0x30				L4_2 = L4_2.spendCaps

 

Very cool, how can I try this out pls

Posted

i think this is how AUTH_SAVE works, this can be used after you already made a handshake or whatever the thing called, basically already authenticate with the server and made a connection 

MasterServer = Library.Multiplayer.HandShake().Auth();

    MasterServer.Request("https://auth.tltgames.net/save_2.0", 
    {
      Headers: {
        method: POST
        "Content-Type": "application/x-www-form-urlencoded"
        "Accept-Language": "en-US"
        "Cache-Control": "no-cache"
      },
      Body: {
        data: {
          Base64(
            AES_Encrypted(
              JSON.stringify(
                {UserSaveJSONFile}
              ),
              "6g83zKNShmZcYE747WaLuKdzyMNspM4Y"
            )
          )
        }
      }
    })

which makes me think, i'll do analysis with the dumped datas i have since it's yeah, kinda interest me

Posted (edited)

So it sends a simple https request of the base64ed AES encrypted save file...

Aaaand... that AES key. The 6g83zKNShmZcYE747WaLuKdzyMNspM4Y. Is it the same for all clients? Hardcoding an encryption key on the client side... Wow...

Still, the problem remains. We need to generate the correct SHA hash to put into the save file. They generate it with salt, what looks like. Or they do something to the object before generating it. I tried generating a 512 sha for my save and it doesn't look like what it has at the top. I only took the minified json.

If you shove a save with a wrong sha to the server, either server will reject it if it has the SHA check, but then if it doesn't, then the client will reject it for sure after getting it from the server since the client checks it on every load.

Edited by cth
Posted (edited)

BROOOOOO. DID I JUST DO THAT OR THAT'S JUST A FLUKE

 

Edited by AngelWolf
Posted

you've just posted your nick in there. Did you just send a request to the server to change your nick and it changed? What if you save and load?

Posted (edited)
On 6/29/2023 at 1:26 PM, cth said:

you've just posted your nick in there. Did you just send a request to the server to change your nick and it changed? What if you save and load?

BEHOLD
second test changing to alex
alextest.thumb.png.f3254c1b850746026cd94f7c478364d5.png

third to other name,
noicebabytest.thumb.png.15866b54d4a1d8c080fac7e240dbe23a.png

and NO LIMIT, normal peeps will only get once, and pay after

explanation below

 

on the decrypt, it should be JSON.stringify(response.body), ma bad

Edited by AngelWolf

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.