Local Flash client editing to server-side Flash hacking
Hi, this is my first post here and I have questions related to editing the client side flash files for a game as a possible means of hacking/gaining an advantage on a server-side game.
I understand that when things are restricted to server-side input/output that the data is limited to what is recieved/sent. This leaves me two options: Packet editing on packets once I have reversed/NOP'ed the encryption, or [AND THIS IS MAINLY TO WHAT MY QUESTION PRETAINS] decompiling the client flash files, altering the action scripts within the "core" data file, and then recompiling the file. The reason I am not simply just trying to get around the encryption which would ultimately be the most useful is that I am currrently bogged down in school, and with what little free time I have not to mention the amature decryption/ASM skills, I could only see myself able to manage the flash attempt.
I tried decompiling and altering the core data action scripts' math to gain ingame advantages, and then recompiling them back into the original .swf format; and, with this the file did not properly load when attempting to start the game.
So, either there is a bit check/datecheck on the file done by the server that I have not accounted for which I could easily fix with adding blank code caves/ wintime altering for the date check or the scheme of decompiling/recompiling is just flawed in general.
[Questions…finally]
Is it possible for a functioning edited flash client to manipulate input data from the server to gain a desired outcome once it is sent to the server?
Are decompiled flash files ever able to be recompiled to their former usable state (I have had some issues with this)?
What would you do?
Thats all. Thank you :)
I dont want to sound rude but I asked valid questions, and have made my own progress with my own skills - now I am stuck and want an outside opinion about what is wrong with my attempt thus far, and if my attempt is plausable.
The decryption part is not what I am asking for, simply if my method is possible - and if it is, what would be your next step if you were in the same place as I am.
it really depends on the type of game or whatever your trying to edit.
depending on the size and populairty of whatever it is your editing, will most likely depend on how much processing is done on the server side.
yes your idea will work, but its results will vary depending on what server / game you try it on.
what you could do for isntance is.. log the heacers being sent whilst your playing. Then i.e if you scrore 60 points, log hte headers and then keep on re-sending the same header so you get increased points… again this depends on how much processing is done server side and how the program deals with requests etc. each site/game will be designed differently.
its a bit tricky to help yu any further seeing as i dont really know anything else about what your trying to edit.
when you say header, do you mean the pretext in a packet?
The game right now has packet encryption that adds variables to packets that match up with the server, allowing the packet through - these are not in the packets header, they are sent along with the data part of the packet.
I assume there is some client manipulation of data(beside what is obvious) that is sent to the server because of the action scripts that preform calculations for the sale of items, the amount of an item gained from a skill, and the amount of hp gained at one second intervals.
This is what I am looking to change.
If it works, then I don't need to manipulate the packets to achieve the desired effect - I can just add code in the action scripts.
i woudl take a guess that the items you mentioned would be stored on the server, and the client wont send any useful data in hte packets to the server.
so say you wre trying to alter the rpice of a weapon, if you clikc purchase im sure the client would send the weapon_id and then the server would calculate the price etc.
however i may be wrong.
what i would do if in your position is decompile the program and see if you can change certain values in it. bceause if the packets are encyrption as you say, then its going to be hard to manipulate it, unless ofcourse you can understand the alithogram.