Sam's new security

[GoogleCodeExporter]

What steps will reproduce the problem?
1.Ummm.. the game?
2.
3.

What is the expected output? What do you see instead?

What version of the product are you using? On what operating system?

Please provide any additional information below.
Sams's new security doesn't look very hard to crack to me.
Can't you just tell the save editor to tell the game to tell the server false 
messages?
I really want to have kyogre back, and i want to keep those legendary dogs.
If you don't have time to work on this, that's okay. You deserve a break.

Original issue reported on code.google.com by williamc...@gmail.com on 20 Jul 2011 at 1:13

[GoogleCodeExporter]

@ #50 :
Nothing interesting there but thanks anyway.  :)

Original comment by mat.pokemontrash on 26 Aug 2011 at 8:16

[GoogleCodeExporter]

i can give u information?

P.S. my name isnt arkarl

Original comment by lwingami...@gmail.com on 26 Aug 2011 at 8:57

[GoogleCodeExporter]

http://www.swf-reader.com/news.php

here?

Original comment by williamc...@gmail.com on 26 Aug 2011 at 2:05

[GoogleCodeExporter]

@ #53 :
I did try this one already but it does not work.  :(

I just did something new though : I dumped the SWF from the .exe version of the 
game and it is also obfuscated. Nothing interesting there.  :/
I kinda hoped it would be an unecrypted version.

Original comment by mat.pokemontrash on 26 Aug 2011 at 7:49

[GoogleCodeExporter]

aww... at least we know the legendary dogs aren't banned from the system

hmm...have you tried obfuscating pre-security code with secureSWF to see what 
happens?
try the version on arcadeprehacks

Original comment by williamc...@gmail.com on 26 Aug 2011 at 8:04

[GoogleCodeExporter]

I like #55's idea. I wouldnt use arcadeprehacks game though maybe like the code 
for the version right before the security buff. Also, maybe before Sam updates 
the game tomorrow, you can figure something out with the help of Cheat Engine? 

Finally I am talking to some people I know for you to help with the coding. No 
promises yet but I am trying. 

Original comment by Fattyboi...@gmail.com on 27 Aug 2011 at 1:48

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

i dunno where to find a pre-security buff game, though.
all the sites that have that update weekly, i think

I have a name, William. Please call me William

Original comment by williamc...@gmail.com on 30 Aug 2011 at 12:55

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

I've been trying to decipher the source code for the trading center, and it 
seems as though every time you save, a new ID is created for your profile.  Any 
future save will check against the ID on the server to make sure that you don't 
overwrite a profile with a previous save.  I don't know how the ID is 
calculated, or how the game uses it, but it's something :/

Original comment by SMetagr...@gmail.com on 1 Sep 2011 at 12:12

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

Hmm. That's some usuable information.
I was going to say to hack the conversation between game and trading center, 
instead of game and server, but your already working on this, so thats good.

Original comment by williamc...@gmail.com on 2 Sep 2011 at 11:21

[GoogleCodeExporter]

Yeah, I was trying to find a loophole to clone pokemon.  There's another 
variable called "pokeID," and it's unique to every instance of a pokemon, both 
UFT and in your profile.  When ever you put a pokemon into the trading 
center(so people can offer on it) or call it back, the "pokeID" changes.  A lot 
of the information is in the url, actually.  

Original comment by SMetagr...@gmail.com on 3 Sep 2011 at 6:36

[GoogleCodeExporter]

wow this is insane. Smetagr can u help mat and work together? Plz dont say 
anything bad but if this keeps goin i think the whole game will blow up

Original comment by lwingami...@gmail.com on 3 Sep 2011 at 11:29

[GoogleCodeExporter]

I know that already, but the main problem is the calculation of the checksum in 
the communications between the game and the server.
The Trading Center is not really interesting, because it is not possible to 
create a Pokémon, change your money/inventory/..., etc.

Original comment by mat.pokemontrash on 3 Sep 2011 at 2:32

[GoogleCodeExporter]

Something like this Mat, http://en.wikipedia.org/wiki/Cheating_in_online_games

Original comment by litled...@hotmail.com on 4 Sep 2011 at 9:48

[GoogleCodeExporter]

Before the trading was changed, I had a short conversation with Sam about his 
plans to fix the trading system and he said he wanted to make a savestate 
variable, and I would bet that the trading center uses the same variable as the 
game for saving.  Like I said, I was only investigating this to find a loophole 
for cloning pokemon, rather than save editing.

Original comment by SMetagr...@gmail.com on 5 Sep 2011 at 5:17

[GoogleCodeExporter]

is it possible to unobfuscate the actionscript with a brute force decoder?

Original comment by williamc...@gmail.com on 5 Sep 2011 at 4:44

[GoogleCodeExporter]

Did u see what graphic force did ===> http://www.youtube.com/watch?v=mqOb5RcWIhU
how?

Original comment by alex_ngu...@yahoo.com on 7 Sep 2011 at 12:20

[GoogleCodeExporter]

@ #70 :
A bruteforce decoder can't be used for that...

@ #71 :
That's quite old and it was made with Cheat Engine.
Sam fixed it a short time after GF posted the video.

Original comment by mat.pokemontrash on 7 Sep 2011 at 6:06

[GoogleCodeExporter]

oh...

Original comment by alex_ngu...@yahoo.com on 8 Sep 2011 at 12:43

[GoogleCodeExporter]

um why dont you just ask sam he might have some boundreys but you could still 
do it

Original comment by tinbo...@gmail.com on 8 Sep 2011 at 11:23

[GoogleCodeExporter]

Perhaps you can try convincing him to make a version purely for Save Editor but 
have the trading limited to only that version. And no importing accounts from 
different versions.

Original comment by aaronle...@gmail.com on 9 Sep 2011 at 1:18

[GoogleCodeExporter]

will the save editor be done?

Original comment by alex_ngu...@yahoo.com on 11 Sep 2011 at 2:29

[GoogleCodeExporter]

u cant convince him and u cant ask him. seriously he already did that of course 
it wont be done.Geez goddammit if only we had graphic force

Original comment by lwingami...@gmail.com on 11 Sep 2011 at 6:45

[GoogleCodeExporter]

I honestly don't know if it will ever be done, sorry.
However, think about it : if I manage to crack the new security and release a 
save editor, Sam will make an even harder protection and I doubt I would be 
able to crack it again.
Better wait for a more stable version.

Ah, and GraphicForce is good with Cheat Engine, but he can't help us with the 
save editor, I know him.

Original comment by mat.pokemontrash on 11 Sep 2011 at 7:56

[GoogleCodeExporter]

aww...

Original comment by williamc...@gmail.com on 11 Sep 2011 at 1:02

[GoogleCodeExporter]

i have to agree. wait till single player is done then hack single player while 
Sam is doing multiplayer.

Original comment by alex_ngu...@yahoo.com on 11 Sep 2011 at 8:52

[GoogleCodeExporter]

i mean release the save editor when single player is done not start it.

Original comment by alex_ngu...@yahoo.com on 11 Sep 2011 at 9:02

[GoogleCodeExporter]

Why can't GraphicForce help you

Original comment by lwingami...@gmail.com on 13 Sep 2011 at 11:55

[GoogleCodeExporter]

Because he's not good in programming or reverse-engineering.

Original comment by mat.pokemontrash on 13 Sep 2011 at 2:40

[GoogleCodeExporter]

have the save editor gone anywhere so far?
what is done and what needs to be done to finish this project?

Original comment by alex_ngu...@yahoo.com on 13 Sep 2011 at 11:45

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

@ #84 :
I did not develop anything else since PTD v3.2 (PTD Save Editor v2.2 was not 
released because Sam improved the security with PTD v3.2.2 before I could 
release it).

What needs to be done is to find a way to get the game source code, or at least 
reverse-engineer the checksum calculation in the communication protocol between 
the game and the server.

The problem is that if someone manages to do that, Sam will change the security 
again and that will be even harder.  :/

@ #85 :
They seem to use CheatEngine, not a save editor, sorry.
And thanks for the encouragements, I hope we will work it out.  :)

Original comment by mat.pokemontrash on 14 Sep 2011 at 8:16

[GoogleCodeExporter]

@Mat involving #85 

Do you know how they did it with Cheat Engine?? 

Original comment by Fattyboi...@gmail.com on 14 Sep 2011 at 9:15

[GoogleCodeExporter]

http://forum.codecall.net/security-tutorials/5114-hacking-flash-games-part-1-a.h
tml, I have been looking for ways if hacking Flash games using google and other 
browsing sites, so far this seems ok but need to go in deeper

Original comment by litled...@hotmail.com on 14 Sep 2011 at 11:51

[GoogleCodeExporter]

i say wait till development is over, then, develop one. also, try to reverse 
engineer checksums, but DON"T TELL ANYONE, incluing us. sam could be watching 
this

Original comment by williamc...@gmail.com on 15 Sep 2011 at 12:03

[GoogleCodeExporter]

I agree :D

Original comment by alex_ngu...@yahoo.com on 15 Sep 2011 at 12:17

[GoogleCodeExporter]

@Mat re: #88

     Have you looked at the site that #88 has? Maybe he can help you? He's already looking into it. But i really want to see what the save editor can do. Please try to crack Sam's code.

Original comment by ttc.chri...@gmail.com on 15 Sep 2011 at 2:44

[GoogleCodeExporter]

@ #87 :
I did not try it by myself, sorry.

@ #88/91 :
The main problem is that Sam obfuscated the source code, thus making all those 
tools useless.

Original comment by mat.pokemontrash on 15 Sep 2011 at 6:46

[GoogleCodeExporter]

@Mat
Its alright, not going to lie the only reason I want to do it is so I can get 
my last GD shiny eevee...

Original comment by Fattyboi...@gmail.com on 15 Sep 2011 at 7:26

[GoogleCodeExporter]

brute force defuscator??

Original comment by williamc...@gmail.com on 16 Sep 2011 at 1:26

[GoogleCodeExporter]

Mat do you know how to hack it or are you stuck?

Original comment by alex_ngu...@yahoo.com on 16 Sep 2011 at 2:10

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

@ #94 :
It does not work that way...

@ #95 :
To make a save editor, I need the checksum calculation algorithm.
However, it *is* possible to hack a single save with a different approach, 
which I won't explain here (not involving Cheat Engine or any other RAM editing 
tools, only online save editing).
It has the same capabilities as the save editor (eg. editing money, Pokémon, 
etc.), but it can't be implemented on a large scale (it must be done on a 
case-by-case basis with each save).

I showed it to Sam a long time ago (it was with PTD v3.3) and he was impressed, 
and it should still be working.

@ #96 :
AFAIK, that is not possible for several reasons (the save structure completely 
changed and a "ver" variable was added to the requests to identify the game 
version).

However, with the method I described above, it should be possible to manually 
recreate the old save on a newer PTD version.

I won't provide any tutorial about this because Sam would certainly patch it 
right away.

Original comment by mat.pokemontrash on 16 Sep 2011 at 9:19

[GoogleCodeExporter]

don't say a thing about that, mat. and in the meantime, check if it still works.
don't tell anybody about it

Original comment by williamc...@gmail.com on 17 Sep 2011 at 2:02

[GoogleCodeExporter]

no more talkin...

Original comment by alex_ngu...@yahoo.com on 17 Sep 2011 at 2:32

[GoogleCodeExporter]

[deleted comment]