search

Sunderw3k / Pillow

A protocol recreation (both server and client) for the Old School RuneScape botting client DreamBot.
1 stars 1 forks source link

readme

Project Pillow

Sit down dreambot.

About The Project

DreamBot costs a lot.

At least for me. If I can use my programming skills to get it for free, that's great. The client is free with paid VIP features, but they are just locked behind an account status, which can be spoofed. Even just on the client-side with some byte code patching.

Their script trial makes me able to get my hands on the script jar. That's not good security. After sniffing and downloading the jars, I can put them up on my own server implementation, and even set the trial duration to... owned.

A lot of the code that scripts use to verify whether you actually own their script can also be bypassed (as seen in the hooks to ScriptManager).

One thing I find funny is that the packets MIGHT be stored as obfuscated on their server side, due to ALL OF THEM being valid java class names, whereas the rest get obfuscated to start with a digit.

Getting Started

Running the client requires you to set the environment variables defined in the client handler to your account's info.

Then make an account on their website and try some scripts.

Hardware ID

Crucial. Hardware ID bans exist, thus it's important to set this properly.

Windows

wmic csproduct get UUID

Mac

system_profiler SPHardwareDataType

Anything else (Linux)

cat /etc/machine-id
cat /var/lib/dbus/machine-id // As a backup in case the first fails

Downloading

When you run the client revision.txt will be automatically downloaded into a new folder in the current directory called output. That contains everything necessary for the server setup.

Make sure to set the correct path in downloaded config files or copy them to the server working directory.

Server

Make a file config.json for the server config, yes the filename is important.

{
    "revisionFile": "revision.txt",
    "scriptConfigDir": "configs/",
    "serverUrl": "http://localhost:6666/"
}

Replace serverUrl in case you want to use your own webserver, obviously.

The config directory contains config files, also autogenerated by the client. They contain metadata about the script; you can probably guess how that works.

The options/_.txt files are also generated, not sure what they're trying to protect by doing that.

Change the server options in the server main file, make sure the NETTY_PORT matches the one in the agent. And that the HTTP_PORT matches the domain above.

Usage

To run the server set the environment variable defined in the server main (default: CONFIG_DIR) to the directory with the config.json file.

java -jar /path/to/server.jar

To run the client, get the DreamBot client jar from their website. Then run

java -javaagent:/path/to/agent.jar -jar /path/to/dreambot.jar

If everything works, you should be connected and get the SPONSOR role. There are logs on the server, so take a look at that in case issues emerge.