Sign up with Google
Morgisto
Well-Known Member
- Joined
- Oct 29, 2012
- Messages
- 161
Hi All its still me grinding away at this.
As stated in a previous thread my partner that is well above average on the LUA and Actionscript field is trying to figure out the JSON addition that has been made to this game we play.
Previously when i would commence building a ship this feature could be reduced from 20days per ship to immediatly.But then the company made a few substantial changes to the code.We were then informed via a reliable source that the changes have been made in the JSON in form of a callback which the game server sends back and forth to confirm whether the correct amount of coin actually is available to complete the transaction.I as the writer am not fluent in javascript or JSON. My partner is coming along fine with JSON but seems to be stumped on this one.
I have posted an extract that my partner posted to somebody on facebook which i think suposedly explain s mostly what our issue is.He will compile a more detailed extract and froward it to me soon.
ive tried many many things...
one thing im trying i cant seem to get woking in bytecode...
loadRequest(url,"Y9U653YU641VUU3U1U6Z497075076655",args,id,onSuccessInternal,onFailure,true,"POST",true,true);<normally it got only 6 vars...but the function can receive up to 13...the rest got default values if not sent, but one of the values is checking the hash...
then i looked also at badnum in SecNum class...
i tried rewrites...
i made changes to these functions...
public static function verifyHash
protected function handleSecurityError
function handleIOError
function get data() : Object
function get isError() : Boolean
function doCall
function handleLoadComplete
function speedupRocketBuild
class_179.speedup(param1,param2,param3,serverCallSuccess(param4),serverCallSuccess(param4));
var_456 <object>
private static function commonRequest
function serverCallSuccess
function serverCallFailure
i tried rewriting the code back inrockets to its original form before they updated rockets that time<as rockets are one of the frst instances they used json>....yes i been at this json story or 4 months now...but cant figure out how to get past...
from what ive heard u got past the json succesfully...
from what i understand around the json...it sends the data from your pc, inwhich case u receive the json back
, which gets verified with salted hash, and it verifies acording to the data u got on your side...
my main issue is:
my thoughts...right its a json server CHECK...thers 2 functions...server call success...server call failure...also diff formats for the json reply...and a hash to verify it...right...so atm...i can get past the server call success//failure to do the popup or not for data correct...I CANT however change the vector//object from the Json...I might hv a way around the hash...so my main problem is...if i hack the data...i can get around the popup...in whicj case because of fake data, the json got the wrong object//vector reply<need to modify that>...then they re-verify the data wit the salted hash...might hv a way around...tho frst neet to get past obstacle 2...
obtsacle 2 is setting up the vector//object in the same format as the json reply
I know this may be a lot sketchy but i realise that we have gotto start somewhere.
I do realise that this is prolly gonna take a whole lot of hours by somebody that thinks he may be able to beat this. Please take a look guys and any ...... help or guidance will be gladly accepted
regards
Morgs
As stated in a previous thread my partner that is well above average on the LUA and Actionscript field is trying to figure out the JSON addition that has been made to this game we play.
Previously when i would commence building a ship this feature could be reduced from 20days per ship to immediatly.But then the company made a few substantial changes to the code.We were then informed via a reliable source that the changes have been made in the JSON in form of a callback which the game server sends back and forth to confirm whether the correct amount of coin actually is available to complete the transaction.I as the writer am not fluent in javascript or JSON. My partner is coming along fine with JSON but seems to be stumped on this one.
I have posted an extract that my partner posted to somebody on facebook which i think suposedly explain s mostly what our issue is.He will compile a more detailed extract and froward it to me soon.
ive tried many many things...
one thing im trying i cant seem to get woking in bytecode...
loadRequest(url,"Y9U653YU641VUU3U1U6Z497075076655",args,id,onSuccessInternal,onFailure,true,"POST",true,true);<normally it got only 6 vars...but the function can receive up to 13...the rest got default values if not sent, but one of the values is checking the hash...
then i looked also at badnum in SecNum class...
i tried rewrites...
i made changes to these functions...
public static function verifyHash
protected function handleSecurityError
function handleIOError
function get data() : Object
function get isError() : Boolean
function doCall
function handleLoadComplete
function speedupRocketBuild
class_179.speedup(param1,param2,param3,serverCallSuccess(param4),serverCallSuccess(param4));
var_456 <object>
private static function commonRequest
function serverCallSuccess
function serverCallFailure
i tried rewriting the code back inrockets to its original form before they updated rockets that time<as rockets are one of the frst instances they used json>....yes i been at this json story or 4 months now...but cant figure out how to get past...
from what ive heard u got past the json succesfully...
from what i understand around the json...it sends the data from your pc, inwhich case u receive the json back
, which gets verified with salted hash, and it verifies acording to the data u got on your side...
my main issue is:
my thoughts...right its a json server CHECK...thers 2 functions...server call success...server call failure...also diff formats for the json reply...and a hash to verify it...right...so atm...i can get past the server call success//failure to do the popup or not for data correct...I CANT however change the vector//object from the Json...I might hv a way around the hash...so my main problem is...if i hack the data...i can get around the popup...in whicj case because of fake data, the json got the wrong object//vector reply<need to modify that>...then they re-verify the data wit the salted hash...might hv a way around...tho frst neet to get past obstacle 2...
obtsacle 2 is setting up the vector//object in the same format as the json reply
I know this may be a lot sketchy but i realise that we have gotto start somewhere.
I do realise that this is prolly gonna take a whole lot of hours by somebody that thinks he may be able to beat this. Please take a look guys and any ...... help or guidance will be gladly accepted
regards
Morgs
Last edited:
![[)roi(]](/forum/data/avatars/m/8/8711.jpg?1563828683){kind=avatar}
