Request Afk Arena

ADIDA5 · July 5, 2019

Yep bump

Princetofu · July 8, 2019

People keep saying server sided games can't be messed with and its nonsense, Someone with knowledge could write a proxy that works as a middle man but until then

BUMP

Maulenmelis · July 8, 2019

Nice

Maulenmelis · July 10, 2019

Gg

JoshyCC · July 10, 2019

On 5/30/2019 at 12:07 PM, mank3n said:

@DiDA

@K_K

@Laxus

@Joka

@DanYal

@Zahir

can no one help us?

we dont need any high dmg Hack or smth Else, it‘s enough to make a function, where the enemys just Deal low dmg

The mods seem to have little to no time dealing with things like this. It’s all about their new app and keeping a steady flow of hacks for their older games and the newer games that are easier to hack.

Ive seen many games come out recently and there will be hack requests for months. Not even a reply or anything.

Zirak · July 11, 2019

On 7/8/2019 at 2:04 PM, Princetofu said:

People keep saying server sided games can't be messed with and its nonsense, Someone with knowledge could write a proxy that works as a middle man but until then

BUMP

I wrote a proxy that does exactly this, they initially use JSON to do the initial communication (to get stuff like the host IP and port), and then it establishes a WebSocket connection to it.

If you change the WIN/LOSS flag to 0x01 (0x02 being a loss), it gets detected and fails their battle key check. The same goes if you manipulate the received packet to make the game think your heroes are like, let's say 120 when they are 90, if you win the match, the game battle key check fails and marks it as a loss... I've even tried by messing with the # of enchantments on weapons (spoiler alert, you can make them over 120, so you get HUGE stat bonuses).

I'd need someone who is an expert at disassembling the binary of the game to identify how it's generating the packet, and see if we can identify what it uses to validate the packet the mobile device sends back to the server. Based at a glance, each sent packet seems to have a hash of some sort, but I have no clue how it's generated. I've tried enumerating each byte and creating separate md5 hashes to see if it'll match (e.g. take bytes 0 to 1, take bytes 0 to 2 ... take bytes 10 to 40, take bytes 11 to 40... basically all iterations) but nothing appeared to match that way. The funny thing is, if you manipulate the packet (like change a random byte which doesn't impact your hero stats), and you win the battle, the game doesn't cause any battle_key check errors, and it sends a successful response back, as if everything went smoothly... which throws the hash theory out the window, or does it? Again, would need someone expert at disassembling the binary to help me find out how the packets are structured.

PM me if anyone knows more about this at a technical level (no leechers/beggers please).

Updated July 11, 2019 by Zirak

bader69 · July 11, 2019

Nicest

NinjaRpa · July 12, 2019

@ZirakHi. I’ve seen people selling cheap (not much, like 30% off) diamonds and other IAP items as well. I guess they used App Store glitch or currency difference. Have you ever heard of this?

XyZzByMe · July 14, 2019

please

fallton13 · July 14, 2019

@Zirak

That’s extremely similar to how the old FF game was hacked before it was taken down. How did you manage the weapon stat change? I’d like to try it. Does it actually manage to work with the boost or does it still act at the original level? And does it cause a bad battle key return if it’s used?

if it works it could be a step toward a possible high dmg hack.