masterking32 / MasterHamsterKombatBot

Master Hamster Kombat Bot is a Python-based automation tool specifically designed for the game Hamster Kombat. This bot is capable of performing all in-game tasks, including auto-tapping, cipher tasks, and purchasing the best cards on your behalf. It's a free and fully automated farming bot that enhances your Hamster Kombat gaming experience.
https://github.com/masterking32/MasterCryptoFarmBot
Apache License 2.0
280 stars 90 forks source link

mini games Tiles #268

Closed russel5 closed 2 months ago

russel5 commented 3 months ago

[Master HamsterKombat Bot][ERROR] 2024-08-29 23:41:27 [Account 1] Status code is not 200 [Master HamsterKombat Bot][ERROR] 2024-08-29 23:41:27 [Account 1] Response: <!DOCTYPE html> [Master HamsterKombat Bot][ERROR] 2024-08-29 23:41:27 [Account 1] Unable to claim mini game Tiles.

All config by default "mg_max_tiles_points_percent": 20 After today's first start, games is working few times, then always get this error

tboy1337 commented 3 months ago

ive been having general errors all day, i dont think its the bot i think its hamster kombat servers

joshuazzz1 commented 3 months ago

I got the same issue, it was working fine few hours ago

[Master HamsterKombat Bot][ERROR] 2024-08-29 22:06:00 [Account 1] Status code is not 200 [Master HamsterKombat Bot][ERROR] 2024-08-29 22:06:00 [Account 1] Response: {"error_code":"DAILY_KEYS_MINI_GAME_WRONG","error_message":"DailyKeysMiniGame is wrong NjkxMTAyMzE1OHw2ODgzMTA0MjYwfFRpbGVzfDM0NTAxMDEwMjh8RnlWM09qOFFpbENlSHc3S3RPaE1IRTJhaU1WWlo3blhxMmVjY3o4SjNuZz0="} [Master HamsterKombat Bot][ERROR] 2024-08-29 22:06:00 [Account 1] Unable to claim mini game Tiles.

Fy0urM commented 3 months ago

Most likely the cipher generation on the server has been changed, to disable attempts to send an incorrect cipher to the server, I recommend making such a change. https://github.com/masterking32/MasterHamsterKombatBot/blob/124e5c8f098c21ca20c7ff93553eb72f6256dbb8/main.py#L746 replace this

        for game in minigames:
            if game["id"] not in ["Candles", "Tiles"]:

with this

        for game in minigames:
            if game["id"] == "Tiles":
                continue
            if game["id"] not in ["Candles", "Tiles"]:
Fy0urM commented 3 months ago

ah, the cipher is wrong for both mini games, then just disable mini games in the config “auto_finish_mini_game”: False,

russel5 commented 3 months ago

any fix or this is not fixed?

MeninSun commented 3 months ago

Maybe the server auto generate this every day? image @Fy0urM

Fy0urM commented 3 months ago

Maybe the server auto generate this every day? image @Fy0urM

maybe, idk who found and decrypt this cipher.

MeninSun commented 3 months ago

Maybe the server auto generate this every day? image @Fy0urM

maybe, idk who found and decrypt this cipher.

After i find out, it's still same : image

Fy0urM commented 3 months ago

Maybe the server auto generate this every day? image @Fy0urM

maybe, idk who found and decrypt this cipher.

After i find out, it's still same : image

well, the something chenged in other blocks, in first or in 4th. can u tell me how u decode last block?

MeninSun commented 3 months ago

Maybe the server auto generate this every day? image @Fy0urM

maybe, idk who found and decrypt this cipher.

After i find out, it's still same : image

well, the something chenged in other blocks, in first or in 4th. can u tell me how u decode last block?

just try to reverse this : f"415t1ng{score_cipher}0ra1cum5h0t".encode()

by all of this : data_string = "|".join( [ res, AccountID, responseGameData["id"], str(score_cipher), base64.b64encode( hashlib.sha256( f"415t1ng{score_cipher}0ra1cum5h0t".encode() ).digest() ).decode(), ] ).encode()

as we know, the first it seems response (idk what it mean) 2nd = acc id 3rd = minigameID 4th = score_cipher

let me know if it's wrong @masterking32

nevs83 commented 3 months ago

hashlib.sha256( f"R1cHard_AnA1{score_cipher}G1ve_Me_y0u7_Pa55w0rD".encode() ).digest()

Fy0urM commented 3 months ago

R1cHard_AnA1{score_cipher}G1ve_Me_y0u7_Pa55w0rD

yep, found this too. its work

nevs83 commented 3 months ago

Hard_AnA1 )))

nevs83 commented 3 months ago

image

MeninSun commented 3 months ago

R1cHard_AnA1{score_cipher}G1ve_Me_y0u7_Pa55w0rD

yep, found this too. its work

good! how you found that?

Fy0urM commented 3 months ago

in the neighboring repository

MeninSun commented 3 months ago

can you share the link please?

Fy0urM commented 3 months ago

can you share the link please?

https://github.com/shamhi/HamsterKombatBot/issues/2268

masterking32 commented 3 months ago

References: https://github.com/shamhi/HamsterKombatBot/issues/2268 https://github.com/shamhi/HamsterKombatBot/discussions/2272 Closes: https://github.com/masterking32/MasterHamsterKombatBot/issues/236

I suggest disabling auto_finish_mini_game at this moment. https://github.com/masterking32/MasterHamsterKombatBot/blob/124e5c8f098c21ca20c7ff93553eb72f6256dbb8/config.py.example#L30

Boomkuze commented 3 months ago

image

does it really work for you? O_o f'R1cHard_AnA1{score}G1ve_Me_y0u7_Pa55w0rD' is shit and should not work.

That works for me several time but then again break image I think there's a whole set of encoded crap that changes every time.

yurii-zadryhun commented 3 months ago

It seems I figured it out. The problem is in the cipher (the first part of the data string). It started working fine with the value 2602032939 for me

yurii-zadryhun commented 3 months ago

but only for the Tiles game

image

lolyinseo commented 3 months ago

It seems I figured it out. The problem is in the cipher (the first part of the data string). It started working fine with the value 2602032939 for me

'R1cHard_AnA1{score}G1ve_Me_y0u7_Pa55w0rD' Только если сравнить это с подписями от реальной игры - они не сходятся. Похоже на дорогу к бану. Я бы не спешил

AKTanara commented 3 months ago

It seems I figured it out. The problem is in the cipher (the first part of the data string). It started working fine with the value 2602032939 for me

You mean this is the one worked for you? f"2602032939{score_cipher}G1ve_Me_y0u7_Pa55w0rD" I cant get it write... I get this: 2024-08-30 01:03:46 | ERROR | 37 - Unknown error while Claim Mini Game: 400, message='Bad Request', url=URL('https://api.hamsterkombatgame.io/clicker/claim-daily-keys-minigame') | Response text: {"error_code":"DAILY_KEYS_MINI_GAME_WRONG","error_message":"DailyKeysMiniGame is wrong MDEyMTM2NTAwM3w1ODY5NTY2MzMyfFRpbGVzfDM0NDk5MTE4NTR8bitGT0VMY2RsOFZocmYxV2RySG95a3hDWDJlOTlIbStkVk9MZXJvK2k1dz0="}... 2024-08-30 01:03:51 | ERROR | 539 - NZ | Unknown error: 'remainSecondsToNextAttempt'

yurii-zadryhun commented 3 months ago

You mean this is the one worked for you? f"2602032939{score_cipher}G1ve_Me_y0u7_Pa55w0rD"

No. I meant the value before the user id. But I agree with @lolyinseo and would recommend you to not use that "Richard..." shit since it's indeed not real.

AKTanara commented 3 months ago

You mean this is the one worked for you? f"2602032939{score_cipher}G1ve_Me_y0u7_Pa55w0rD"

No. I meant the value before the user id. But I agree with @lolyinseo and would recommend you to not use that "Richard..." shit since it's indeed not real.

Thanks for the advice...

I'm using https://github.com/shamhi/HamsterKombatBot Where should I put this 2602032939? like this: body = f"{cipher}|2602032939{user_id}|{daily_mini_game_name}|{score_cipher}|{sig}"

Fy0urM commented 3 months ago

no where, just disable auto play minigame function and wait for solution

AKTanara commented 3 months ago

no where, just disable auto play minigame function and wait for solution

OK Thanks I was just trying to foul around using an account that is idle and has nothing to loose if banned...

yurii-zadryhun commented 3 months ago

OK Thanks I was just trying to foul around using an account that is idle and has nothing to loose if banned...

Got it. Ok I meant the cipher which is before the user id. Like this "2602032939|user_id|..." But... the fact it works for me doesn't guarantee it will work for you. It may be calculated based on user id or something, so it might not pass the validation for your account.

AKTanara commented 3 months ago

OK Thanks I was just trying to foul around using an account that is idle and has nothing to loose if banned...

Got it. Ok I meant the cipher which is before the user id. Like this "2602032939|user_id|..." But... the fact it works for me doesn't guarantee it will work for you. It may be calculated based on user id or something, so it might not pass the validation for your account.

You are right. While I was waiting for your reply I tested it and got the same error as before! As you have mentioned, tt got to be user specific. I do not want to bother you but could you please tell me how you got that number?

AKTanara commented 3 months ago

OK Thanks I was just trying to foul around using an account that is idle and has nothing to loose if banned...

Got it. Ok I meant the cipher which is before the user id. Like this "2602032939|user_id|..." But... the fact it works for me doesn't guarantee it will work for you. It may be calculated based on user id or something, so it might not pass the validation for your account.

I got it: I decoded message sent by browser and got this: (REDACTED MY USER ID TO XXXXXXXXX FOR SECURITY REASONS) 2602032939|XXXXXXXXXX|Tiles|3449911822|pvJwSYkqnEYou20m4Zbda8dDKhjpVb1cjDUW3OL3TUE= So as you can see it is the same number but when I change the code to this: body = f"2602032939|{user_id}|{daily_mini_game_name}|{score_cipher}|{sig}" it still returns that error: DAILY_KEYS_MINI_GAME_WRONG

I'm curious to my bones to know how did you people get those phrases: 415t1ng....0ra1cum5h0t & R1cHard_AnA1.....G1ve_Me_y0u7_Pa55w0rD As long as I know it is impossible to reverse hash! So is that a leak from inside people or what?

Boomkuze commented 3 months ago

I'm curious to my bones to know how did you people get those phrases: 415t1ng....0ra1cum5h0t & R1cHard_AnA1.....G1ve_Me_y0u7_Pa55w0rD As long as I know it is impossible to reverse hash! So is that a leak from inside people or what?

https://github.com/shamhi/HamsterKombatBot/discussions/2272

AKTanara commented 3 months ago

Found something: For each account each time you play the {cipher} value changes but interesting part is that it is a list that repeats for all accounts: 1st is: 2602032939 2nd is: 1800064280 3rd is: 4696075080 4th is: 2900005567 ... Probably there is a generator or a list in the game that experts can find but for now we can manually get these codes once on browser, then use them for everyone!

xauspro commented 3 months ago

изображение_2024-08-30_080423482 Кто знает как исправить ошибку?

MeninSun commented 3 months ago

image_2024-08-30_080423482 Does anyone know how to fix this error?

You can find this : 0ra1cum5h0t and on your script, then just read at this issues carefully, you will found the solution. Or you can go to here https://github.com/shamhi/HamsterKombatBot/discussions/2272

tboy1337 commented 3 months ago

solution shamhi/HamsterKombatBot/discussions/2272

Fy0urM commented 3 months ago

solution shamhi/HamsterKombatBot/discussions/2272

ok, let's understand a little bit. if we look at what the game sends on completion, we will find this base64 string. decrypt it in any convenient way and we get this 0260232939|ACCOUNT_ID|Tiles|3450031220|bZ/8KA5FdYfZKc7FqAVvvpP++mcyeF8UC6Dk8vpzXPA=

the last block is a signature consisting of 2 phrases on the left and right and a score in the middle. let's try to repeat it. score = 3450031220 sig = base64.b64encode(hashlib.sha256(f “R1cHard_AnA1{score}G1ve_Me_y0u7_Pa55w0rD”.encode()).digest()).decode()

in this case the signature we created will be ltVCkbkBk6WyKiO13WK1y7o6mcUlmzGWg1EAKpfB7O4= and the same in the proposed function.

yes, the server will accept this cipher, but how secure is it?

import base64
import hashlib

originalSig = "bZ/8KA5FdYfZKc7FqAVvvpP++mcyeF8UC6Dk8vpzXPA="
cipherScore = 3450031220
secret1 = "R1cHard_AnA1"
secret2 = "G1ve_Me_y0u7_Pa55w0rD"
combined_string = secret1 + str(cipherScore) + secret2

sig1 = base64.b64encode(hashlib.sha256(combined_string.encode()).digest()).decode()
print(f"SIG1: {sig1}")

hashObject = hashlib.sha256(combined_string.encode('utf-8'))
hashBytes = hashObject.digest()
sig2 = base64.b64encode(hashBytes).decode('utf-8')

print(f"SIG2: {sig2}")
print(f"Original SIG: {originalSig}")
Fy0urM commented 3 months ago

you can check original java code on any web playground for example use this https://www.sololearn.com/ru/compiler-playground/java

import java.security.MessageDigest;
import java.nio.charset.StandardCharsets;
import java.util.Base64;

public class Program
{
    public static void main(String[] args) {
        String form_hash;
        String secret1 = "R1cHard_AnA1";
        String secret2 = "G1ve_Me_y0u7_Pa55w0rD";

        String cipher_score = "3450031220";

        String combined_string = secret1 + cipher_score + secret2;
        try {
            MessageDigest digest = MessageDigest.getInstance("SHA-256");

            byte[] hash = digest.digest(combined_string.getBytes(StandardCharsets.UTF_8));

            String sig = Base64.getEncoder().encodeToString(hash);
            System.out.println("SIG: " + sig);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}
yurii-zadryhun commented 3 months ago

...and we get this **0260232939**|ACCOUNT_ID|...

Very interesting... I had this cipher yesterday 2602032939 for Tiles with the start date of 1724955900

They're pretty similar, as you can see: 2602032939 0260232939

2602 and 32939 are in common, the only difference is the position of 0; it's known that 0 is placed at a calculated position. So it seems we only need to find where those 2 common parts come from.

Of course, it might be a coincidence but the theory has a right to exist.

Well... I'd better continue with implementing the unpacker...

lolyinseo commented 3 months ago

...and we get this **0260232939**|ACCOUNT_ID|...

Very interesting... I had this cipher yesterday 2602032939 for Tiles with the start date of 1724955900

They're pretty similar, as you can see: 2602032939 0260232939

2602 and 32939 are in common, the only difference is the position of 0; it's known that 0 is placed at a calculated position. So it seems we only need to find where those 2 common parts come from.

Of course, it might be a coincidence but the theory has a right to exist.

Well... I'd better continue with implementing the unpacker...

Не знаю, что там ты пытаешься понять, код у меня выложен для cipher. Положение 0 (SUCCES_FLAG) должно меняться в зависимости от числа (в данном случае дата). Еще и длина может меняться.

По поводу sig. Если запустить Candles(а подпись одна) с параметрами

  method: "StartGame",
  level: "- - - - - -.0 0 - - - -.- - - - - -.- - - - - -.- - - - - -",
  number: 0,
  score_coef: 0,
  start_timestamp: 0

те на входе все нули (а score там тоже 0) то получим 8 разных подписей, потом они начинают повторяться. Те в расчёте sig участвует, number (дата), start_timestamp (дата) + 8 солей(хз что это, строка или число), которые выбираются рандомно.

Fy0urM commented 3 months ago

https://github.com/OxFF00FF/Hamster_Mayhem?tab=readme-ov-file

This bot the only one right now, which able to complete both mini game!!

https://github.com/OxFF00FF/Hamster_Mayhem/blob/master/Src/salt.json is not safe, 1 salt for thousands of users, while in a real game it is dynamic

Fy0urM commented 3 months ago

https://github.com/OxFF00FF/Hamster_Mayhem?tab=readme-ov-file This bot the only one right now, which able to complete both mini game!!

https://github.com/OxFF00FF/Hamster_Mayhem/blob/master/Src/salt.json is not safe, 1 salt for thousands of users, while in a real game it is dynamic

How isn't safe? 🥲🥲 Am a gonna ban or what?

No one knows. maybe your account will be banned, flagged as dishonest, maybe not. Use it at your own risk.

Ashwin3454 commented 3 months ago

Mini game tiles were removed. (edit : added again after sometime.)

russel5 commented 3 months ago

Mini game tiles were removed from the hamster. we can close this issue now.

This is wrong info, game still here