Tutorial How To Hack Some Online Games with Charles Proxy

Swagter123 · March 6, 2017

Requirements:

PC/MAC with Charles Proxy installed
Brain (most important)

You can find tutorial how to set up charles proxy and connect your device to it here in Tutorial section, just search "Charles". I hope you dont need tutorial how to use search

Ok, now seriosly: be ready that 95% of what you wanna hack you cant hack, there are many reasons: strong protection, hashes, checks, your low lvl knowledge, etc. So dont give up, search and you will find

Now lets start learning that "easy" hacking style

Lesson 1: Traffic Monitoring

First step is to find what we can hack, it look like that

1 - Main structure where we can see url's

2 - Content (request, response) is the place where we search things to hack and copy them to create rewrite rules

* "unknown" means that traffic is protected (SSL/TSL), press right mouse button on url and select "SSL Proxying", if its symmetric SSL you will see content in next packet, if assymetric you need to hack server and get private key (good luck ) if you enabled SSL and still cant see what inside packet i recommend you to turn off SSL to that url coz it can block packets.

I will not explain how to find what you need, its individually to every game you wanna hack, so look everywhere (request, response, headers, even url's can contain useful stuff)

When you find anything useful you neet to try hack it and we go to lesson 2

Lesson 2: Creating rewrite rule

Go to "Tools -> Rewrite" and you will see that (but empty)

It contains 3 main blocks

1 - Here you add Set's and see names of your sets

2 - Here is url's list, it's different to every set

3 - Here is rewrite rules

Now how to add rewrite rule step by step

Press add button in block 1 to add your first set
Now wery important part, all rewrite rules in that set will be applied only to packets with specific url adress and i recommend you dont ignore that, coz if you will leave block 2 empty rules will be applien to all packets that goes thru charles and it can cause a probles. Take url from block 1 lesson 1, you can add it like i did (room.tankdomination.com) or more specify like room.tankdomination.com/battle/ (just example)
Rewrite rules block, here we add rules and that is most important part, so we move to lesson 3

Lesson 3: Rewrite Rule

How it look like

1 - Here we select location of information that we want to change (it depends on where you find useful stuff to hack, so select carefully (you can see what type to select in block 2 from lesson 1)

2 - Here is match value, where you enter what you wanna to be rewritten

3 - Here is replace value, what you will got after replace (replace first/all - depends on what you hacking, for example if you hacking HP and your and enemies HP in one packet "Replace all" will cause everyones HP to be modified)

Now more info about replace hacking:

Important: when you take something to replace from request/responce always turn to "Text" type of view (block 2 from lesson 1 lower part)

For example you wanna hack resourses and found something like that in request/response

gold=100,wood=20,rock=15

if you just put that values to rewrite match field only that values will be replaced and if your amount of gold will be 101 nothing will be replaced. So to replace values that always changed you need enable "Regex" in 2 block and input in match field

gold=.?[0-9]{1,},wood=.?[0-9]{1,},rock=.?[0-9]{1,}

What that mean: .? mean that replacing value unknown, [0-9] mean that it contains only numbers and {1,} mean that it contains any amount of symbols

Next you just input in replace block something like that

gold=999999,wood=999999,rock=999999

And values will be replaced.

______________________________

Another example, you playing RPG and find out that you can edit equipment and got something like that

Player(Armor=NoobArmor,Weapon=StickOfPainInAss,HPpotions=5,MPpotions=5)

Like in previous example, better to use regex coz if any of item/amoun will be changed charles will not apply rewrite. So you input in match field that

Player(Armor=.?[a-zA-Z]{1,},Weapon=.?[a-zA-Z]{1,},HPpotions=.?[0-9]{1,},MPpotions=.?[0-9]{1,})

So [a-z] and [A-Z] means that value contains upper and lowercase symbols from a to z

Now you replace it to something like that

Player(Armor=GodOfDefence,Weapon=SwordOfWorldDomination,HPpotions=500,MPpotions=500)

Yeah, now you are cool

______________________________

Ok, now example, where some values need to be leaved as they are, like

PlayerHP=100,PlayerMP=100,sessionID=12443652,PlayerGold=500,PlayerExp=1000

Here we need to leave sessionID as it is, it happens sometimes that appear values that need to be leaved as they are for any reasons, so in match field we will input that

PlayerHP=.?[0-9]{1,},PlayerMP=.?[0-9]{1,},(sessionID=.?[0-9]{1,}),PlayerGold=.?[0-9]{1,},PlayerExp=.?[0-9]{1,}

you see that i taken sessionID in ( ) - used to create group, and i added .?[0-9]{1,} coz value can be any.

Now we input in replace that

PlayerHP=1000,PlayerMP=1000,$1,PlayerGold=500000,PlayerExp=100000

$1 means that here will be reference group 1 at it is. You can create many groups and put them in typing $1 $2 etc, count from left to right in match field

______________________________

Now i will show you part of my Tank Domination hack

Here is match value

<tank><stts>(<f_.?[0-9.-]{1,}><f_.?[0-9.-]{1,}><f_.?[0-9.-]{1,}><f_.?[0-9.-]{1,}><f_.?[0-9.-]{1,}>)<f_.?[0-9.-]{1,}>(<f_.?[0-9.-]{1,}><f_.?[0-9.-]{1,}><f_.?[0-9.-]{1,}><f_.?[0-9.-]{1,}><f_.?[0-9.-]{1,}><f_.?[0-9.-]{1,}><f_.?[0-9.-]{1,}><f_.?[0-9.-]{1,}><f_.?[0-9.-]{1,}><f_.?[0-9.-]{1,}><f_.?[0-9.-]{1,}><f_.?[0-9.-]{1,}><f_.?[0-9.-]{1,}><f_.?[0-9.-]{1,}><f_.?[0-9.-]{1,}><f_.?[0-9.-]{1,}><f_.?[0-9.-]{1,}><f_.?[0-9.-]{1,}>)<f_.?[0-9.-]{1,}><f_.?[0-9.-]{1,}><f_.?[0-9.-]{1,}><f_.?[0-9.-]{1,}>(<f_.?[0-9.-]{1,}><f0_.?[0-9.-]{1,}><f_.?[0-9.-]{1,}><f_.?[0-9.-]{1,}>)<f_.?[0-9.-]{1,}><f_.?[0-9.-]{1,}><f_.?[0-9.-]{1,}>(<f0_.?[0-9.-]{1,}><f_.?[0-9.-]{1,}><f_.?[0-9.-]{1,}><f_.?[0-9.-]{1,}><f_.?[0-9.-]{1,}><f_.?[0-9.-]{1,}>)<f_.?[0-9.-]{1,}>(<f_.?[0-9.-]{1,}><f_.?[0-9.-]{1,}><f_.?[0-9.-]{1,}><f_.?[0-9.-]{1,}><f_.?[0-9.-]{1,}><f_.?[0-9.-]{1,}><f_.?[0-9.-]{1,}><f0_.?[0-9.-]{1,}><f_.?[0-9.-]{1,}>)<f_.?[0-9.-]{1,}>(<f_.?[0-9.-]{1,}><f_.?[0-9.-]{1,}>)<f_.?[0-9.-]{1,}>(<f_.?[0-9.-]{1,}>)<f_.?[0-9.-]{1,}>

and rewrite

<tank><stts>$1<f_1100>$2<f_30><f_550><f_450><f_150>$3<f_0.11><f_0.12><f_0.99>$4<f_1.99>$5<f_80>$6<f_0.20>$7<f_0.99>

Why so many groups? Coz sometimes in request/response functions can be without any ID's or names, just <f_1><f_2> etc. that goes one by one. They contains everything, reload time, aim time, power, speed etc but also contain stuff that dont need to be changed. I cant just take <f_*> as match coz it will cause all values to change. What i did... i start match field with <tank> coz all tank info are stored afrer that, than i grouped values that dont need to be changed with ( ), and put in rewrite only what i need to hack with groups between rewritten values.

And few tips:

Be careful, remember that when you replace something you can miss one symbol and packet will be returned with error by server/game
When your match value contains ( { [ symbols you cant use regex, so try to take part without them, for example of you wanna replace something like that "[gold=100][wood=100] just create two rewrite rules for each resourse
You can input anything inside [ ], for example of your match look like HP=150,5 you input in match field "HP=.?[0-9,] just add any symbol you need.
Dont give up

Credits:ISky

Updated March 6, 2017 by Infamous-Ash