Packet scrambling?

[Sonicmaster13]

From my research, the packets appear to be scrambled, as in every different packet that i send is not the same. The init packets appear to be the same, the 2nd changing every hour. But the other packets, such as MoveTo and facebook login, appear to be different every time. explanation: one time the facebook login packet might be 34 and the next time you login the packet is 71. I do not think it is possible to guess which packet will be the next packet, but if you can see some packet similarities between connections you might be able to detect if at least 1 packet is always received that might contain some important info. -Mr.Sonic Master

[ghost]

Fake Sonic, the real one dosent have that name

[mayed505]

@XtremePlayzCODE lol

[ghost]

I don't fake protocol stuff.

[ZfsrGhS953]

I think I found out how to decrypt the world border packet:

1. Make sure the packet is 40 bytes long. Otherwise it can’t be the border packet.
2. XOR 33 and the second byte of the packet. Now we have the bytes 2-4 of encryption key in the 2nd to 4th byte, and byte 1 of the encryption key in byte 5.
3. Now apply the decryption XOR the encryption key with bytes 1-4, 5-8, 9-12, etc until you get to bytes 37-40
4. Byte 1 must be 255 and byte 8 must be 64, otherwise it isn’t the border packet. Now remove the first 7 bytes and you got a normal border packet like in protocol 5.

[ghost]

Thanks for the world border packet decryption tutorial @ZfsrGhS953

[ZfsrGhS953]

I'm not sure about it yet, try it and tell if it works.

[ghost]

Too busy doing other stuff. Try it yourself

[ZfsrGhS953]

To get the key, bytes of packet 255 get xored with bytes of packet 241. I don't understand how it's changed after 18, but anyway, for bots only getting the world border packet is needed, and send the move packet, eject and split packet. The sent packets appear to be either encrypted with two keys, or the coordinates are being scrambled by a very large number(both x and y have been very large numbers in the hundreds of millions in packets I decrypted. You can get the 1st byte of the key from the packet's last byte, and bytes 2-4 from the bytes before it. By the way, Bаgаr.IO already is close to working, so we need make free bots before they start getting money.

[ZfsrGhS953]

They can't just "change" it in 2 hours. It requires at least a day because if you just make a new protocol and remove support for old one, clients that didn't refresh the page will not work anymore and they don't know what to do.

[ZfsrGhS953]

Then there make bots by completely loading agar.io(with all html, css, canvas etc) and grabbing variables from JS(world border decrypted) and writing them back(for mouse,eject,split). It will be more CPU consuming, though

[ZfsrGhS953]

Change code? And what will that do to stop the way I mentioned before?

[ZfsrGhS953]

1-2 hours? Impossible, when they change protocol and upload new server version it will still take around 3 hours for the servers to restart and get the updated version. And when they released the protocol 6 update, some bot site named "СlientM.рw" was fixed 10 May and worked for a WEEK until 17 May when they released protocol 7. So I disagree that they fix it in 10 minutes. And mass feeding bots don't affect server performance a lot, they have very small viewing range due to their low mass (10-129). I spent about 2 hours for reversing. It's not a DDoS attack either.

[hassanila]

Ok ok

[MrSonicMaster]

@XtremePlayzCODE No, that was me, its my other account

[ZfsrGhS953]

I only said that the bots wouldn't affect performance A LOT. Of course, any connection will affect performance. As for the collision, it will increase linearly, not QUADratically because agar.io uses QUADtrees. That means for each cells it only checks for cells that are near(how near depends on quadtree depth) And universal zoom may be possible with a browser modification that reduces scale of all canvases.

[ghost]

@MrSonicMaster kk sorry

[ZfsrGhS953]

Bаgаr.IО has started working. Now let's see if they can fix it in 3 hours.

[ZfsrGhS953]

I think this function encrypts packets and send them to the server: ` {

        function Uc(b) { b = b >> 0;
        var d = 0
          , e = 0
          , f = 0
          , g = 0
          , h = 0
          , j = 0;
        g = i;
        i = i + 32 >> 0;
        e = g + 16 >> 0;
        f = g;
        c[e >> 2] = 0;
        c[e + 4 >> 2] = 0;
        c[e + 8 >> 2] = 0;
        d = e + 8 >> 0;
        j = dg(1) >> 0;
        h = j + 1 >> 0;
        a[j >> 0] = -2;
        c[e + 4 >> 2] = j;
        c[d >> 2] = h;
        c[e + 12 >> 2] = h;
        Vc(e, 8);
        e = e + 4 >> 0;
        h = c[e >> 2] >> 0;
        ic(b, h, (c[d >> 2] >> 0) - h >> 0);
        e = c[e >> 2] >> 0;
        if (e) {
            if ((c[d >> 2] >> 0) != (e >> 0))
                c[d >> 2] = e;
            fg(e)
        }
        if (!(a[13840] >> 0))
            d = 0;
        else
            d = td() >> 0;
        c[f >> 2] = 0;
        c[f + 4 >> 2] = 0;
        c[f + 8 >> 2] = 0;
        e = f + 8 >> 0;
        h = dg(1) >> 0;
        j = h + 1 >> 0;
        a[h >> 0] = -1;
        c[f + 4 >> 2] = h;
        c[e >> 2] = j;
        c[f + 12 >> 2] = j;
        Vc(f, d);
        j = f + 4 >> 0;
        h = c[j >> 2] >> 0;
        ic(b, h, (c[e >> 2] >> 0) - h >> 0);
        c[b + 40 >> 2] = d ^ 673720360;
        a[b + 36 >> 0] = 1;
        d = c[j >> 2] >> 0;
        if (!d) {
            mb(40);
            i = g;
            return
        }
        if ((c[e >> 2] >> 0) != (d >> 0))
            c[e >> 2] = d;
        fg(d);
        mb(40);
        i = g;
        return
    }

`

[Barbosik]

ZfsrGhS953: you're wrong, it's decrypt key generator

[ZfsrGhS953]

@MasonBurdette , but keep in mind that it will be more CPU consuming. Run separate node.js for each bot and have them connect to a master server which broadcasts the mouse position, eject and split commands. That's how I fixed lag problem when bots were not patched: I set the bots per ip limit to 1 and ran 3 bot servers. That means 3 threads and 3 bots per IP. @Barbosik , then what is this? Maybe you're wrong because I replaced | with >> in the code above(and this one)? I did that so that you could paste the function straight into agario-client(2) without much effort. If it doesn't work, add ()

e = c[p >> 2] >> 0; f = c[q >> 2] >> 0; if (((a[13825] >> 0) != 0 ? (a[n >> 0] >> 0) != 0 : 0) ? (g = nd() >> 0, c[r >> 2] = c[o >> 2] ^ g, (f >> 0) != 0) : 0) { g = 0; do { t = e + g >> 0; a[t >> 0] = a[t >> 0] ^ a[r + (g & 3) >> 0]; g = g + 1 >> 0 } while ((g >> 0) != (f >> 0)) } e = c[p >> 2] >> 0; f = c[q >> 2] >> 0; if ((f >> 0) != 0 ? (c[r >> 2] = e, c[j >> 2] = f, c[l >> 2] = 1, k = c[(c[m >> 2] >> 0) + ((d[e >> 0] >> 0) * 24 >> 0) + 16 >> 2] >> 0, (k >> 0) != 0) : 0) { tb[c[(c[k >> 2] >> 0) + 24 >> 2] & 127](k, r); e = c[p >> 2] >> 0 } li(e);

[Barbosik]

ZfsrGhS953: I just found this function in my analysis notes, I was marked it as decryption key generator. I didn't added other comments for this function, because this function is not important for encryption/decryption/authentication, so I didn't analysed it. But this is definitely not a place where outgoing message is encrypted. Because there is another function with 3 arguments which doing it for all outgoing messages, I analysed it very well, and know all details, so I'm sure that your finding is wrong. Sorry, but I cannot share this info, because I don't want to help for botters.

[ZfsrGhS953]

With three arguments? This one seems to be it. I won't replace | this time! Replace it yourself, Mr. Botter-Hater! function Hd(a, b, d) { a = a | 0; b = b | 0; d = d | 0; var e = 0 , f = 0 , h = 0 , i = 0.0 , j = 0 , k = 0 , l = 0.0 , m = 0 , n = 0 , o = 0 , p = 0 , q = 0.0; switch (b - a >> 2 | 0) { case 2: { d = b + -4 | 0; e = c[d >> 2] | 0; f = c[a >> 2] | 0; if (!(+g[e + 20 >> 2] < +g[f + 20 >> 2])) { a = 1; return a | 0 } c[a >> 2] = e; c[d >> 2] = f; a = 1; return a | 0 } case 3: { k = a + 4 | 0; h = b + -4 | 0; e = c[k >> 2] | 0; j = c[a >> 2] | 0; l = +g[e + 20 >> 2]; i = +g[j + 20 >> 2]; f = c[h >> 2] | 0; d = +g[f + 20 >> 2] < l; if (!(l < i)) { if (!d) { a = 1; return a | 0 } c[k >> 2] = f; c[h >> 2] = e; d = c[k >> 2] | 0; e = c[a >> 2] | 0; if (!(+g[d + 20 >> 2] < +g[e + 20 >> 2])) { a = 1; return a | 0 } c[a >> 2] = d; c[k >> 2] = e; a = 1; return a | 0 } if (d) { c[a >> 2] = f; c[h >> 2] = j; a = 1; return a | 0 } c[a >> 2] = e; c[k >> 2] = j; d = c[h >> 2] | 0; if (!(+g[d + 20 >> 2] < i)) { a = 1; return a | 0 } c[k >> 2] = d; c[h >> 2] = j; a = 1; return a | 0 } case 4: { p = a + 4 | 0; o = a + 8 | 0; n = b + -4 | 0; j = c[p >> 2] | 0; f = c[a >> 2] | 0; q = +g[j + 20 >> 2]; i = +g[f + 20 >> 2]; d = c[o >> 2] | 0; l = +g[d + 20 >> 2]; h = l < q; e = j; k = d; m = f; do if (q < i) { if (h) { c[a >> 2] = k; c[o >> 2] = m; e = m; break } c[a >> 2] = e; c[p >> 2] = m; if (l < i) { c[p >> 2] = k; c[o >> 2] = m; e = m } else { f = d; e = k } } else if (h) { c[p >> 2] = k; c[o >> 2] = e; if (+g[d + 20 >> 2] < i) { c[a >> 2] = d; c[p >> 2] = m; f = j; e = j } else f = j } else { f = d; e = k } while (0);d = c[n >> 2] | 0; if (!(+g[d + 20 >> 2] < +g[f + 20 >> 2])) { a = 1; return a | 0 } c[o >> 2] = d; c[n >> 2] = e; e = c[o >> 2] | 0; d = c[p >> 2] | 0; if (!(+g[e + 20 >> 2] < +g[d + 20 >> 2])) { a = 1; return a | 0 } c[p >> 2] = e; c[o >> 2] = d; d = c[a >> 2] | 0; if (!(+g[e + 20 >> 2] < +g[d + 20 >> 2])) { a = 1; return a | 0 } c[a >> 2] = e; c[p >> 2] = d; a = 1; return a | 0 } case 5: { Gd(a, a + 4 | 0, a + 8 | 0, a + 12 | 0, b + -4 | 0, d) | 0; a = 1; return a | 0 } case 1: case 0: { a = 1; return a | 0 } default: { f = a + 8 | 0; n = a + 4 | 0; o = c[n >> 2] | 0; e = c[a >> 2] | 0; q = +g[o + 20 >> 2]; i = +g[e + 20 >> 2]; d = c[f >> 2] | 0; l = +g[d + 20 >> 2]; h = l < q; j = o; k = d; m = e; do if (q < i) { if (h) { c[a >> 2] = k; c[f >> 2] = m; break } c[a >> 2] = j; c[n >> 2] = m; if (l < i) { c[n >> 2] = k; c[f >> 2] = m } else e = d } else if (h) { c[n >> 2] = k; c[f >> 2] = j; if (+g[d + 20 >> 2] < i) { c[a >> 2] = d; c[n >> 2] = m; e = o } else e = o } else e = d; while (0);d = a + 12 | 0; if ((d | 0) == (b | 0)) { a = 1; return a | 0 } else { j = e; e = 0 } while (1) { h = c[d >> 2] | 0; k = h; if (+g[h + 20 >> 2] < +g[j + 20 >> 2]) { j = h + 20 | 0; h = d; while (1) { c[h >> 2] = c[f >> 2]; if ((f | 0) == (a | 0)) break; h = f + -4 | 0; if (+g[j >> 2] < +g[(c[h >> 2] | 0) + 20 >> 2]) { o = f; f = h; h = o } else break } c[f >> 2] = k; e = e + 1 | 0; if ((e | 0) == 8) break } f = d + 4 | 0; if ((f | 0) == (b | 0)) { d = 1; p = 42; break } o = d; j = c[d >> 2] | 0; d = f; f = o } if ((p | 0) == 42) return d | 0; a = (d + 4 | 0) == (b | 0); return a | 0 } } return 0 }

[ZfsrGhS953]

3 more of them. Good luck finding the right one, Mr. Booter-Hatter! function Ki(b, d, e) { b = b | 0; d = d | 0; e = e | 0; var f = 0 , g = 0 , h = 0 , j = 0 , k = 0 , l = 0 , m = 0 , n = 0; n = i; i = i + 32 | 0; l = n; m = n + 8 | 0; c[m >> 2] = 0; c[m + 4 >> 2] = 0; c[m + 8 >> 2] = 0; if (!(a[m >> 0] & 1)) f = 10; else f = (c[m >> 2] & -2) + -1 | 0; qi(m, f, 0); h = a[m >> 0] | 0; j = m + 1 | 0; k = m + 8 | 0; g = h; h = (h & 1) == 0 ? (h & 255) >>> 1 : c[m + 4 >> 2] | 0; while (1) { f = (g & 1) == 0 ? j : c[k >> 2] | 0; g = l; c[g >> 2] = d; c[g + 4 >> 2] = e; f = Vg(f, h + 1 | 0, 22105, l) | 0; if ((f | 0) > -1) { if (f >>> 0 <= h >>> 0) break } else f = h << 1 | 1; qi(m, f, 0); g = a[m >> 0] | 0; h = f } qi(m, f, 0); c[b >> 2] = c[m >> 2]; c[b + 4 >> 2] = c[m + 4 >> 2]; c[b + 8 >> 2] = c[m + 8 >> 2]; c[m >> 2] = 0; c[m + 4 >> 2] = 0; c[m + 8 >> 2] = 0; mi(m); i = n; return } function Li(b, d, e) { b = b | 0; d = d | 0; e = e | 0; var f = 0 , g = 0 , h = 0 , i = 0; g = d; f = e - g | 0; if (f >>> 0 > 4294967279) $f(b); if (f >>> 0 < 11) { a[b >> 0] = f << 1; h = b + 1 | 0 } else { i = f + 16 & -16; h = bg(i) | 0; c[b + 8 >> 2] = h; c[b >> 2] = i | 1; c[b + 4 >> 2] = f } b = e - g | 0; if ((d | 0) != (e | 0)) { f = h; while (1) { a[f >> 0] = a[d >> 0] | 0; d = d + 1 | 0; if ((d | 0) == (e | 0)) break; else f = f + 1 | 0 } } a[h + b >> 0] = 0; return } function Mi(b, d, e) { b = b | 0; d = d | 0; e = e | 0; var f = 0 , g = 0 , h = 0 , i = 0; h = d; f = e - h | 0; g = f >> 2; if (g >>> 0 > 1073741807) $f(b); if (g >>> 0 < 2) { a[b >> 0] = f >>> 1; b = b + 4 | 0 } else { i = g + 4 & -4; f = bg(i << 2) | 0; c[b + 8 >> 2] = f; c[b >> 2] = i | 1; c[b + 4 >> 2] = g; b = f } g = (e - h | 0) >>> 2; if ((d | 0) != (e | 0)) { f = b; while (1) { c[f >> 2] = c[d >> 2]; d = d + 4 | 0; if ((d | 0) == (e | 0)) break; else f = f + 4 | 0 } } c[b + (g << 2) >> 2] = 0; return }

[MrSonicMaster]

This chat has become very inactive xd

[NuclearC]

lol

probs because everyone left agar bots xD

[ghost]

Yes, there are no good free ones anymore XD

[ghost]

We could develop one one a github page... I'll make a repo

[NuclearC]

no we are not gonna make the protocol public

[ghost]

You might not

[MrSonicMaster]

Nobody will

[ghost]

True, unless that one guy does

[NuclearC]

he stopped researching it cuz there is no point... even with the full protocol, you cant bypass captcha

[ghost]

I meant someone just might expose it but now that you mention it, captcha seems likely since nobody is making any new breakthroughs

[MrSonicMaster]

Feeder bots are trashed, no use in trying to bypass captcha, while its still in effect, bots wont work.

[ghost]

Nice.

[ghost]

Anyone making an Ogar-based server is gonna get lots more attention

[MrSonicMaster]

Anyone who uses or used Ogar-Feeder-Bot was most likely a skid who wanted to feel cool about themselves, so they renamed it and re-released it under their name. I hate ogar-feeder-bot.

[ghost]

Yes, what I was saying is Ogar-based servers now have minions, which is now the only source of feeder bots :p

[MrSonicMaster]

What games other than agar do people want bots for? My cellcraft bot video got 2x as many views as my agar bot video in half the time...

[ghost]

oh wow XD

[ZfsrGhS953]

@MrSonicMaster @NuclearC I was researching protocol 9 and was going to make it public, but stopped because I realised that agar is dead. Some clones like petridish or gota have over 2000 players AND are easier to bot. The reason I was going to make it public was not because I wanted to ruin the game, but because bots make the game more interesting, add a lot of new strategies to the game like doublesplitting near the bot owner to block bots from coming, fights that can last more than a few minutes near the bot mouse position when the owner left and forgot to turn bots off and more.

[NuclearC]

@ZfsrGhS953 you are right but sadly Moneyshit doesnt understand that :( Even with full protocol we cant bypass captcha.

[MrSonicMaster]

Agar.io is dead, even bad clones like Cellcraft, which are easy as all hell to bot, get more people interested in bots than my hard work on agario bots. I personally dont even think gota.io is a good game, I think the physics are bad/rendering is bad.

[ZfsrGhS953]

@MrSonicMaster Gota.io was agarp.co before, but Moneyclip sued them and they had to change their name and client, they were developing the client in a hurry.

[ZfsrGhS953]

@NuclearC And Barbosik too, that's why I trolled him. I didn't manage to get him triggered though.

[Barbosik]

I already implemented high performance native client. Also I have web client in beta state, which is faster than vanilla, and has some cool features like sound effects and other. But I stopped to work on these, due to behavior of some peoples, such as ZfsrGhS953. I just decided not to publish it and stop to work on it. Sorry, but this area is no more interesting for me. Good luck

[NuclearC]

@Barbosik alive xD I also made my own client in C++ and it works with Official Servers

[ZfsrGhS953]

@NuclearC In case you didn't understand what @Barbosik said: But I stopped working on it due to people like ZfsrGhS953 trying to keep the game alive. @Barbosik If you wanted agar to die, why were you working on a client in the first place?

[MrSonicMaster]

@Barbosik can you tell me everything you know about 112/113, I already have the protocol, but my method of getting a valid 113 is by using the agario.core.js, which, obviously isn't the best.

[TheJustExper]

I found this somehow :D