Jump to content

Recommended Posts

Hi guys. Im a new member and this is my first topic. 

Im not good in english, so i will try to explain my idea in better way i can. 🙂 Ty in advance for any kind of answers.

This is just an idea, and i think someone else too had it the same before me. 

If we cant hack server-side games its because the values like coins, bills, mana etc. are stored in the server. This means we recive and send constantly packets containing these informations, between our device and server... Right??? 

If yes, this is the idea :

Its possible to sniff packets traffic and manipulate them, like a mitm attack??? 

Its possible do this with pc?? 

1) i have all the tools (softwares and hardwares) for do this with PC, im a Linux user with the right distros to do this stuff and i have just a bit of knowledge about hacking.

But i never try something like this. can anyone tell me how i should work or how this kind of operation work? 

... Even if its possible :) 

And if not... why?? 

2) its possible to create a GG version with this capability??

Ty all you guys for yours time and attention.

----------------------------

Keep Calm and "rm -rf /* - - no-preserve-root" 

Link to comment
Share on other sites

  • 3 months later...
  • 1 month later...

Yes you can intercept the request you are "sending" with burpsuit or something and change the packets data but you are already doing the same thing with game guardian too.

It's on the server how it queries your request. If somehow you can capture game packets in wireshark and change values (still client sided) you can do many things with those bu fooling the server.

Link to comment
Share on other sites

  • 3 weeks later...

the real info u are seeking to change are encrypted even intercepting it is useless the only real server side hack etc is to hack the whole server like ssh attack or sql injection etc to be able to change ur current data (in which most server save it as json) ur idea is possible if the server forget to make "put / remove / update" request method  forbidden and the data isn't encrypted (if u can breake the encryp algo u passed the hard step) so u can grab the data u want to change and put it in request as put or update and push it to the server *congrate u hack the game server side*

Link to comment
Share on other sites

  • 4 weeks later...
On 1/29/2022 at 8:43 AM, -KASTIELH- said:

Hi guys. Im a new member and this is my first topic. 

Im not good in english, so i will try to explain my idea in better way i can. 🙂 Ty in advance for any kind of answers.

This is just an idea, and i think someone else too had it the same before me. 

If we cant hack server-side games its because the values like coins, bills, mana etc. are stored in the server. This means we recive and send constantly packets containing these informations, between our device and server... Right??? 

If yes, this is the idea :

Its possible to sniff packets traffic and manipulate them, like a mitm attack??? 

Its possible do this with pc?? 

1) i have all the tools (softwares and hardwares) for do this with PC, im a Linux user with the right distros to do this stuff and i have just a bit of knowledge about hacking.

But i never try something like this. can anyone tell me how i should work or how this kind of operation work? 

... Even if its possible 🙂

And if not... why?? 

2) its possible to create a GG version with this capability??

Ty all you guys for yours time and attention.

----------------------------

Keep Calm and "rm -rf /* - - no-preserve-root" 

 

 

Hi, used to do something similair like this with Fiddler and GG years ago. Im quite sure with decent knowledge of Lua/Python scripting, Java, GG and networking you can pull of some good things.

With only GG its not possible to find the right data to modify before its been sended to the server because that info changes all the time, and sometimes gets removed from the process and mapped somewhere else in process vm.

And you don't know how it looks so proxy debuggers like Fiddler or Burpsuite are a good bet but you can also make your own proxy debugger, if you do it in Lua i heard you can use Luasocket/Lapis, if you don't have PC you can use packet capture app on mobile.

You need to set up a proxy. Then you can sniff HTTP, HTTPS, HTTP/2 and websockets, You can then analyze each session and see if there is something of interest.

Let's say for example that the URL of one of the sessions is of interests, and needs to be modified. You can use Gameguardian to find that URL on the client. Then see how or what you have to modify about it and then use the gg.makeRequest() with modified info. Usually the URL string, application parameters is encrypted (beside server name indicator) and private key is stored on the server. So if you don't modify the data correctly you could receive an invalid response from the server. So you should modify the URL with data which is already encrypted on the client but your aware of what it does. Like that you could get a valid response from the server to which the client acts on accordingly. I do advise you to check out the GG help.

But for currency hacks modifying http packages will not help. No one in their right mind sends over currency data though HTTP(S), it was done on some old games, But in reallity they usually use UDP. So you probably need WireShark. But to be fair i don't think GG and Wireshark can be properly used, at least i think so. But quite sure with the right knowledge its possible.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.