MAGZ26 / ptd-save-editor

Automatically exported from code.google.com/p/ptd-save-editor
0 stars 0 forks source link

Sam's new security #5

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1.Ummm.. the game?
2.
3.

What is the expected output? What do you see instead?

What version of the product are you using? On what operating system?

Please provide any additional information below.
Sams's new security doesn't look very hard to crack to me.
Can't you just tell the save editor to tell the game to tell the server false 
messages?
I really want to have kyogre back, and i want to keep those legendary dogs.
If you don't have time to work on this, that's okay. You deserve a break.

Original issue reported on code.google.com by williamc...@gmail.com on 20 Jul 2011 at 1:13

GoogleCodeExporter commented 8 years ago
If you know how his new security works and how the checksums are calculated, 
I'd be glad to hear it.
However, I have no time to work on it at the moment, sorry.

Original comment by mat.pokemontrash on 22 Jul 2011 at 8:55

GoogleCodeExporter commented 8 years ago
the security makes it so u have to log in right when u click start and if u had 
any hacked pokemon(above the lvl limit or had a pokemon that was unable to be 
caught like kyogre)..anything else. but ya thx for helping with the pokemon b4 
the update screwed it all up :D

Original comment by rake...@yahoo.com on 24 Jul 2011 at 10:10

GoogleCodeExporter commented 8 years ago
The security has nothing to do with logging in.
Sam added several checksums in the HTTP POST request when the game sends the 
data to the server and you need to know how they are calculated for the server 
to accept what you sent.
Sam also obfuscated the source code of the game so I can't see how it is 
calculated.

I can't work on it ATM, maybe later, sorry.

Original comment by mat.pokemontrash on 26 Jul 2011 at 4:45

GoogleCodeExporter commented 8 years ago
My idea is to change the coding to make the server think the save editor is a 
game. Try downloading the game to see the coding.

Original comment by aaronle...@gmail.com on 26 Jul 2011 at 8:07

GoogleCodeExporter commented 8 years ago
@ #4 :
That's exactly how it used to work before the update.
And it turns out I can't decompile the ActionScript source code in the .swf 
anymore because Sam obfuscated it.

THIS is precisely why I can't update the Save Editor ATM.  :°

Original comment by mat.pokemontrash on 28 Jul 2011 at 5:20

GoogleCodeExporter commented 8 years ago
I know that the new security is hard to hack and that you dont have time. 
However isnt there a way to use 
http://www.hackedarcadegames.com/game/5714/Pokemon-Tower-Defense.html that 
already hacked version to get the source codes and checksums you need?

Original comment by Fattyboi...@gmail.com on 30 Jul 2011 at 2:15

GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
@ #6 :
I did try it already but it is also obfuscated.  :/
I don't know how they hacked it, I'm not a pro in Flash hacking.

Original comment by mat.pokemontrash on 1 Aug 2011 at 8:57

GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
im just wondering, have you ever checked with the actual author to see if he 
would allow an actual official Save editor of the game? just wondering...

Original comment by k1for...@gmail.com on 7 Aug 2011 at 6:11

GoogleCodeExporter commented 8 years ago
@ #10 :
Yes, I did talk to Sam several times and he does not want a save editor at all.

Original comment by mat.pokemontrash on 7 Aug 2011 at 7:18

GoogleCodeExporter commented 8 years ago
Not surprised really, for their are people who abuse the editor and others who 
help. I mean I have used this editor but to never accomplish achivments or 
lvl's just to get a few shinies for me and for other people.  What Sam is doing 
it protecting his game and I respect that to the fullest, and I understand that 
is securit system is top notch so take your time mat and don't over think about 
this.

Original comment by litled...@hotmail.com on 8 Aug 2011 at 3:13

GoogleCodeExporter commented 8 years ago
So, I hate to say it but after this 3.5.1 update. That not even Cheat Engine 
can hack. Im going to guess this is a fallen hero. I dont want to jump  the gun 
though, so if its still possible and you are going to continue this project 
then you have my dearest respects.

Original comment by Fattyboi...@gmail.com on 10 Aug 2011 at 3:32

GoogleCodeExporter commented 8 years ago
AHHHGH! sam's really stepping up the security.

hackedarcadegames is an official hacked site, endorsed by sam

so the obfuscated code is the only problem then? (+bunch of new checksums)
that can be eventually cracked

Take your time, mat, don't let this take over your life.

Original comment by williamc...@gmail.com on 11 Aug 2011 at 3:17

GoogleCodeExporter commented 8 years ago
I HAVE AN IDEA! HOW ABOUT WE ALL SEND HIM AN EMAIL ABOUT THIS AND HE MIGHT GET 
PISSED OFF SOON THEN HE WILL PUT THE SECURITY OFF!

P.S. sorry about the caps

Original comment by lwingami...@gmail.com on 13 Aug 2011 at 4:18

GoogleCodeExporter commented 8 years ago
@ #15 :
My goal is not to piss Sam off, I just want to help players who want a 
different game experience.

Original comment by mat.pokemontrash on 13 Aug 2011 at 9:13

GoogleCodeExporter commented 8 years ago
wouldn't it be better if u wait till he is done with the game then make the 
save editor?

Original comment by alex_ngu...@yahoo.com on 14 Aug 2011 at 12:44

GoogleCodeExporter commented 8 years ago
@17, The only problem at the moment is the security once Mat as bypassed he's 
golden, If  am correct Mat.

Original comment by litled...@hotmail.com on 14 Aug 2011 at 12:50

GoogleCodeExporter commented 8 years ago
i mean wont Sam raise the security once he knows the save editors is out again.

Original comment by alex_ngu...@yahoo.com on 14 Aug 2011 at 1:06

GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
Mat i know ur goal is NOT to piss off sam but i think it might be a good idea 
but anyway lets keep the editor a secret. But i am pissed off about those damm 
hacking websites and that made sam angry (i think) and also i think u should 
start recruiting hackers and I mean GOOD people

Original comment by lwingami...@gmail.com on 14 Aug 2011 at 7:01

GoogleCodeExporter commented 8 years ago
that could work.......

Original comment by williamc...@gmail.com on 14 Aug 2011 at 3:25

GoogleCodeExporter commented 8 years ago
@ #17 and #19 :
You're absolutely right, he's making this game to improve his coding skills 
(PTD is still in Alpha stage).
Then he knows exactly how to make his next games secure.

The problem is that once the game is finished (ie. he stops the development 
because he has other projects), there will be less players, so a save editor 
would be almost useless.
Players who want a save editor want it NOW, not in several years when the game 
is abandoned.

This is the dilemma : either make a cheating program early, but the developer 
can patch his game ; or wait for the developer to abandon the game, but the 
program becomes useless.

@ #21 :
What "hacking websites" are you talking about ?

Original comment by mat.pokemontrash on 14 Aug 2011 at 9:17

GoogleCodeExporter commented 8 years ago
I have an idea!
What if you try and hack into the trading center website instead of the actual 
game? then have x number of shinys and legendarys put on that are accepted for 
anything. I know nothing past cheat engine about hacking so sorry if it sounds 
dumb

Original comment by ranttd...@gmail.com on 14 Aug 2011 at 11:25

GoogleCodeExporter commented 8 years ago
what i mean by "hacking websites" is that there are only 2 websites that can 
hack the games.One is Arcadeprehacks and another one is Hacked Arcade games. Oh 
and what does dilemma?

P.S. im only 10

Original comment by lwingami...@gmail.com on 15 Aug 2011 at 8:33

GoogleCodeExporter commented 8 years ago
@ #24 :
Hacking the trading center is not as easy as hacking the communications between 
the game and the server.
In the trading center, everything is server-side, so I can't hack what happens 
there.

The only way would be to find a vulnerability in the code (such as an SQL 
injection) and exploit it, but I found none at the moment.

@ #25 :
ArcadePreHacks.com are still with v2.1, but anyway, Sam condones those hacking 
websites, because there's a hacked version on PlayTowerDefenseGames.com.

Original comment by mat.pokemontrash on 15 Aug 2011 at 9:49

GoogleCodeExporter commented 8 years ago
wow. sorry mat i cant give u any help right now im not in the mood

Original comment by lwingami...@gmail.com on 16 Aug 2011 at 7:10

GoogleCodeExporter commented 8 years ago
sam's so frustrating......

Original comment by williamc...@gmail.com on 17 Aug 2011 at 1:11

GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
mat so what would solve this problem?
could a 

1) exe version of the game help
2) a deobfuscated code (decrypted code)
3) or maybe making the save editor a flash application?

Original comment by williamc...@gmail.com on 22 Aug 2011 at 1:00

GoogleCodeExporter commented 8 years ago
@ #30 :

The only thing I'd need is the deobfuscated code, but the crypter used by Sam 
(secureSWF) seems pretty good and I don't have amazing Flash hacking skills.

Original comment by mat.pokemontrash on 22 Aug 2011 at 9:39

GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
@# 30 :
That's the first thing I did when v3.2 was released...  :°

Original comment by mat.pokemontrash on 23 Aug 2011 at 9:46

GoogleCodeExporter commented 8 years ago
AWW... so no decrypter for secureSWF, huh?
maybe i can find one
i do have amazing program finding skills
but then it would have to exist somewhere
off to find the decrypter!!!

Original comment by williamc...@gmail.com on 23 Aug 2011 at 1:06

GoogleCodeExporter commented 8 years ago
what decrypters have you tried so far?
have you tried using secureSWF by yourself, multiple times to see what results 
you get?
it might help to know how secureSWF works

Original comment by williamc...@gmail.com on 23 Aug 2011 at 4:52

GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
yeah. it is possible to beak them, but how?

and also does anyone know how to get snd coins?

Original comment by williamc...@gmail.com on 23 Aug 2011 at 11:02

GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
it is true. mat, you're our only hope.
if you pull this off, you will be our god!!!!!!!!!!!!

Original comment by williamc...@gmail.com on 23 Aug 2011 at 11:14

GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
@ #41 :
Do you even know what you're talking about ?...

Original comment by mat.pokemontrash on 24 Aug 2011 at 9:25

GoogleCodeExporter commented 8 years ago
mat, what code decrypters have you tried already, i could help you find some 
solutions to secureSWF

Original comment by williamc...@gmail.com on 25 Aug 2011 at 12:13

GoogleCodeExporter commented 8 years ago
i need to know what you've tried, though

Original comment by williamc...@gmail.com on 25 Aug 2011 at 12:13

GoogleCodeExporter commented 8 years ago
have u ever even thought of recruiting other people into hacking business

Original comment by lwingami...@gmail.com on 25 Aug 2011 at 9:59

GoogleCodeExporter commented 8 years ago
i agree with arkarl. mat u need help and there are some people that can help u 
out there. try recruiting a few.

Original comment by alex_ngu...@yahoo.com on 25 Aug 2011 at 6:34

GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
@ #44/45 :
I tried like 2 or 3 decrypters but they didn't work. I don't remember their 
names, sorry.

@ #46/47/48 :
This is an open-source project, and if some people want to contribute, they are 
free to help if they want to (by deobfuscating the ActionScript, modifying the 
program source, etc.)

However, I know nobody who could help me with that.
I know GraphicForce and he can't do that.

Original comment by mat.pokemontrash on 25 Aug 2011 at 10:21

GoogleCodeExporter commented 8 years ago
[deleted comment]