Sign in to follow this  
Followers 0
Morgisto

Reverse Engineering ActionScript 3 Adobe Flex Adobe Flash Game

4 posts in this topic

Posted (edited)

4:14 P

Reverse Engineering ActionScript 3 Adobe Flex Adobe Flash Game

Ok the reverse engineering job...
yes..its a game from kixeye.com..called battle pirates...
now basically we r creating mods for the game, which we supply to our clients...
now until about 6 months ago.. were able to do all mods, including ship related ones...eg.ship builds, and ship repairs...then they did a big update, and put an json_p server call on the ship stuff, which gets checked via an salted hash...
or so im told...
wseve been strugling to get it working for th past few months, and had about 8 developers failing already...mostly cause of abfuscation of files and lack of understanding the action script...
i can supply link to game...game accounts for use...and our current modded swf files
we basically need a mod on the swf file or other method viable to make ship builds and repairs viable again...
https://www.kixeye.com/game/battlepirate
 
Regards
Edited by Morgisto

Share this post


Link to post
Share on other sites

Posted (edited)

Try to patch the old swf file that worked, remove the version check..  And test if the protocol is still the same. Maybe it's server sided now?
Look in login.as class. All other code is indeed "obfuscated" (variables names just randomized) but still understandable but it just takes a lot of time. 

Maybe if you enable debug flag in the swf file it will show hints, because I see a lot of debugging shit in the release version lol.

hmm lol....

		final public static function checkHack() : void
		{
			var _loc_2:Array = null;
			var _loc_3:int = 0;
			var _loc_1:int = 0;
			var _loc_4:int = 0;
			var _loc_5:* = obfuscatedName0DBE;
			for each(_loc_2 in _loc_5)
			{
				var _loc_6:int = 0;
				var _loc_7:* = _loc_2;
				for each(_loc_3 in _loc_7)
				{
					_loc_1 = _loc_1 + _loc_3;
				}
			}
			if(_loc_1 != obfuscatedName6078)
			{
				_log.logRemote("HACK.FORTIFICATION.checkHack", "Fortification CheckHack Fail! received:" + _loc_1 + ", expected:" + obfuscatedName6078);
				xxx600e46adacee48ffb1816c683a3764fe.errorMessage(xxxd399f2469a5545a79b09c650b7bf6d74.getString(xxxbb08d94205de4063a96903ed910c6360.MAIN, "fortification_error_unexpected_message"), "FORTIFICATION.checkHack", true);
			}
		}

 

Edited by FLdtL9

Share this post


Link to post
Share on other sites

Have you tried wiresharking the protocol and attempting to reverse it?

Share this post


Link to post
Share on other sites

Posted (edited)

On 2017-6-1 at 10:28 PM, Protocol said:

Have you tried wiresharking the protocol and attempting to reverse it?

It's SSL encrypted, I have found the domain urls, but the code looks for the certificate if I remember correctly.

Maybe if OP patches this function and downgrade SSL so all traffic becomes plain text. But this will only work if the server runs the same application on a ''unsecure'' http 80 service).

Edited by FLdtL9

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0