Oh gotcha. It's kind of a lot of code, I can give you a dl link, that'd probably be best.
[QUOTE=VoiDeD;20922564]Right.. Because I didn't have a major hand in OSW at all.[/QUOTE]
*copies from already-public steam headers and other private sources i'm not going to name*
So what are you trying to achieve? Cause just saying you want to remove a check/sync doesn't give a whole lot of info.
Well, two things. One to remove the synchronous check with the server, this part is what prevents cheat engine from modifying things in the game. Second is to instantly grant the user X amount of cash and X amount of exp after injecting the DLL. Basically, do what various scam sites attempt to charge you for but don't actually do.
[QUOTE=<ToD> Aaron;20923632]One to remove the synchronous check with the server, this part is what prevents cheat engine from modifying things in the game.[/QUOTE]
uh i don't think that's even possible.
unless the developers are really silly and fucked it up somehow.
Replace the function with a return "whateverthehelltheprogramexpectstoreturn"
It's the server that keeps track of how much money and experience you have. You can trick the Flash client into displaying faked values instead of real values from the server, but that won't actually make any permanent changes to your account. When the client sends requests to the server to buy stuff, they're checked against your balance on the server, which isn't affected by your client-side fakery.
By analogy to the real world: you can't get a million dollars in your bank account by printing a fake bank statement that says you have a million dollars. You (the client) can read the fake statement and decieve yourself all you want, but the bank (the server) knows what you really have. If you write a check to someone for a million dollars, it's going to bounce.
That's not my goal, I'm well aware that it doesn't work with Cheat Engine. However, there has to be a point where it saves it to the server. I plan on using that to change what the server has stored.
You're assuming that the client downloads all your account info from the server, manipulates it locally however it wants, and then uploads it at the end, and the server trusts the client and lets it freely change anything. I strongly doubt that's the case.
Most likely, the server keeps track of everything, and just tells the client what it should display to the player. That's standard practice in multiplayer client/server game design, specifically to prevent this sort of cheating.
I don't play Farmville, but you mentioned that there's money, and I assume that you have some sort of inventory of plants or whatever that you own. So the gameplay might go something like this:
[LIST]
[*]You start up the game and the server says "you have $5000 and a shrubbery".
[*]The Flash client displays the number 5000 and a picture of a shrubbery in your browser.
[*]You click a button to shop and the client asks the server for a list of items and prices.
[*]The server sends back "a shrubbery costs $100".
[*]You click the buy button, and the client sends to the server "buy one shrubbery".
[*]The server updates your account in its database, adding one shrubbery to your inventory and deducting its price from your bankroll.
[*]The server sends back "You now have $4900 and two shrubberies".
[*]The client changes the number on the screen and draws another shrubbery picture next to the first one.
[/LIST]
At no point does the client get to tell the server what items or money you have.
No, but flash games that don't have a server end have it. Cheat engine + any game without a server side will lead to results.
But whatever game he's trying to hack does use a server.
[QUOTE=Wyzard;20927381]You're assuming that the client downloads all your account info from the server, manipulates it locally however it wants, and then uploads it at the end, and the server trusts the client and lets it freely change anything. I strongly doubt that's the case.
Most likely, the server keeps track of everything, and just tells the client what it should display to the player. That's standard practice in multiplayer client/server game design, specifically to prevent this sort of cheating.
I don't play Farmville, but you mentioned that there's money, and I assume that you have some sort of inventory of plants or whatever that you own. So the gameplay might go something like this:
[LIST]
[*]You start up the game and the server says "you have $5000 and a shrubbery".
[*]The Flash client displays the number 5000 and a picture of a shrubbery in your browser.
[*]You click a button to shop and the client asks the server for a list of items and prices.
[*]The server sends back "a shrubbery costs $100".
[*]You click the buy button, and the client sends to the server "buy one shrubbery".
[*]The server updates your account in its database, adding one shrubbery to your inventory and deducting its price from your bankroll.
[*]The server sends back "You now have $4900 and two shrubberies".
[*]The client changes the number on the screen and draws another shrubbery picture next to the first one.
[/LIST]
At no point does the client get to tell the server what items or money you have.[/QUOTE]
Well, there's points where you gain money too. I'm assuming that atleast part of the code for that is client side, because the client needs to be able to tell the server when the payment or however occurs. There's the part where it starts. You make X calls to something that pays the user whatever amount. Getting you lots of money. Since the company really isn't what I'd consider professional and the game is mediocre and isn't obscured or anything, I assume this is going to be exploitable in some way.
Not really, you send a message to the server saying you want X item, the server updates it's data (Aka your money amount and inventory) and then tells you what your new amount is.
Server -> {Message containing how much money you have and your inventory data} -> Client
Client: Display Money/Inventory
Client: Ask to Buy something
Client -> {Message to Buy} -> Server
Server: Automatically look up how much money you will lose.
Server: Take Money from your account. (You can't modify this)
Server: Change Your inventory to have X item (You can't modify this)
Server -> {Message telling you to update what your inventory and money displays} -> Client
You can't make X calls to something that pays the user whatever amount because that all happens on the server.
Consider that fact that money is stored server side it is highly likely that all money modifications are also done server side.
There has to be SOME part on the client side where it tells the server you're getting money. Otherwise it wouldn't work at all. Make the call a bunch of times and the server will handle getting you money.
Most servers will have sanity checks on any incoming data. If they receive a request to increase user's money by amount x, they would check if this is actually supposed to be happening before doing anything else.
Why would the client need to tell the server you're getting money? I admit I don't know anything about moneymaking in Farmville, but I'd imagine it involves the client telling the server what you're clicking on and the server deciding that you should get money for it.
[QUOTE=<ToD> Aaron;20930367]There has to be SOME part on the client side where it tells the server you're getting money. Otherwise it wouldn't work at all. Make the call a bunch of times and the server will handle getting you money.[/QUOTE]
That would work... if the developers coded poorly. You could easily add limits and checks to see if someone is getting too much money in a given amount of time or is getting too much requests... Not very hard to block.
No there doesn't unless it's very poorly coded.
What has to be on the client is a request to perform an action that effects money rather then a money change. For example the client can request to buy an item but they can't request to change their money from 500 to 1000 for no reason.
Basically clients can only ask the server to do something, the server then checks if that falls within the parameters of the game, i.e do you have enough money? If so then your request is accepted and the money is removed server side which you have no control over.
To summarize the client can ask to buy something or to move somewhere but they don't have enough control to directly edit their position or money or inventory. They can only ask the server to edit it for them. Which means the server defines the rules under which you can change things and as such isn't breakable.
Unless you can find some sort of bug and exploit it that is, i.e the server accepting requests it shouldn't.
Your best bet would be to automate whatever you do in the game to gain money.
Sigh... you guys don't understand what I'm saying.
Say there's a function : plantCrop()
That starts planting a crop then tells the server that you did that.
You gain EXP and lose the price of that crop.
Call that function a bunch of times and you get a bunch of EXP but lose a bunch of cash.
If there's a function : getRewardFromInvitingFriends()
and it gives you money, call it a bunch of times.
You get lots of money.
Since speedhacks work on this game (except for plants growing since that's server side), they probably don't have a [good] check for speed.
EDIT :
For the EXP gaining, it'd be what noctune said rather than calling that function since it'd probably take a pointer to the field it's being planted in.
[QUOTE=<ToD> Aaron;20940422]Sigh... you guys don't understand what I'm saying.
Say there's a function : plantCrop()
That starts planting a crop then tells the server that you did that.
You gain EXP and lose the price of that crop.
Call that function a bunch of times and you get a bunch of EXP but lose a bunch of cash.
If there's a function : getRewardFromInvitingFriends()
and it gives you money, call it a bunch of times.
You get lots of money.
Since speedhacks work on this game (except for plants growing since that's server side), they probably don't have a [good] check for speed.
EDIT :
For the EXP gaining, it'd be what noctune said rather than calling that function since it'd probably take a pointer to the field it's being planted in.[/QUOTE]
The server still checks if you can do such action first.. You could request the server to run getRewardFromInvitingFriends() how many times you wanted, but for each time it would check the server if you could.
Well, it'd probably work more like :
userHelpedAFriend()
userHelpedAFriend()
userHelpedAFriend()
userHelpedAFriend()
userHelpedAFriend()
getRewardFromInviting5Friends()
basically, you keep going back to the point where you can in the long run get money. Since it'll still always be faster than waiting X days for plants to grow, even if it takes a few minutes it'll still be worth it.
[QUOTE=<ToD> Aaron;20941646]Well, it'd probably work more like :
userHelpedAFriend()
userHelpedAFriend()
userHelpedAFriend()
userHelpedAFriend()
userHelpedAFriend()
getRewardFromInviting5Friends()
basically, you keep going back to the point where you can in the long run get money. Since it'll still always be faster than waiting X days for plants to grow, even if it takes a few minutes it'll still be worth it.[/QUOTE]
Those functions would probably serverside. In most games it works like this:
1. Client Connected
2. Server sends stats and tells client to display a button
3. Client displays that crap and you click the button.
4. Client says that you clicked a button.
Helping friends would be serverside, and also sanity checks would prevent that. And unless you add a delay, sanity checks will catch you and nullifiy it.
I'm sure it is, but there is going to be a point as you just said where the client says something happened. Let's say it's that the you clicked the button.
userClickedHelpAFriendButton()
then the server adds 1 to the amount of friends you've helped.
repeat that however many times, the server continues counting up and granting rewards the way it normally does. As for sanity checks, so long as it's faster than X days and requires no work, it's still effective.
[QUOTE=<ToD> Aaron;20942641]I'm sure it is, but there is going to be a point as you just said where the client says something happened. Let's say it's that the you clicked the button.
userClickedHelpAFriendButton()
then the server adds 1 to the amount of friends you've helped.
repeat that however many times, the server continues counting up and granting rewards the way it normally does. As for sanity checks, so long as it's faster than X days and requires no work, it's still effective.[/QUOTE]
Then you don't need to reverse engineer it, just make a bot. Your method would die against the sanity checks since you will send so many requests it is impossible for you not to have been disconnected because of lag and it will boot you. Just make a bot.
A bot is mediocre and isn't really as fun since there's nothing really to learn. Also, the bot would have to wait through the X days for the plant to finish growing, so it wouldn't work.
[QUOTE=<ToD> Aaron;20948113]A bot is mediocre.[/QUOTE]
Just like the game then init
[QUOTE]I'm sure it is, but there is going to be a point as you just said where the client says something happened. Let's say it's that the you clicked the button.
userClickedHelpAFriendButton()
then the server adds 1 to the amount of friends you've helped.
repeat that however many times, the server continues counting up and granting rewards the way it normally does. As for sanity checks, so long as it's faster than X days and requires no work, it's still effective.[/QUOTE]I doubt it the server would be set up in such a simple way.
As I said before, the server would likely check any incoming data before processing it:
User clicks "help a friend" button.
Server checks if the player is allowed to do this at this time.
Server checks if the friend is valid.
Server processes request.
Server adds one to friends helped count.
[QUOTE=layla;20948602]Just like the game then init[/QUOTE]
Never said it wasn't, I find it quite mediocre.
I was interested in this when some stupid kid at my school spent like 4 hours trying to use cheat engine on Farmville.
Sorry, you need to Log In to post a reply to this thread.
