Check your emails if you applied.
A total of 36 applicants were accepted, and 40 applicants were declined.
Note to people wasting my time: FUCK OFF (Oh, and don’t bother checking your emails – I wouldn’t have bothered even sending a response.)
Enjoy!
- Mike
Right, I thought I best make a post after seeing this on Shenk’s shoutbox.
Shenk:
@Scott – I think they changed the SSL Ticket implementation actually… but yeah, it broke all of them apart from Dashboard because Dom created it with a bypass method! ^-^
Scott:
@Alex – I’m aware, but it was my impression that they implemented a new packet structure for initiating encryption that broke most packet loggers in Release 47.
To my knowledge, nothing has been changed in terms of initializing the encryption, there’s been a few mathematical changes in the actual algorithm itself but other than that it’s pretty much the same. Oh, and they’re reading a few ‘new’ files (well i’ve not seen them before anyway)
var _loc_1:* = _-sc.assets.loadAssetFromFile(“config.xml”, new URLRequest(“config_habbo.xml”));
Might just be me who has missed them.
Anyway, with Dashboard. The reason it’s still working is because it never, ever used a legitimate login method to log you in. IE, it didn’t use POST or set cookies, it cheated. Therefore it should continue to work for the foreseeable future. Infact, I can only see it not working should they change the old ‘credentials.username’ and ‘credentials.password’ (I think that’s what they are!). So you guys are all safe on that side.
It seems upon releasing my ‘Flash Unbanner’ I forgot to do some proper research, every Habbo account has a unique Flash ID that Habbo re-assigns to your computer everytime you login on said account. So I don’t actually think the flash unbanner would be much use, you could try loading the client up and then during cilent boot-time running the unbanner, but as I haven’t been flash banned i’m unable to test it!
There’s also another ‘Sandbox’ ready to be released soon, this one however is for the real Habbo. It may come hand in hand with a suprise that’s being packed for the day of the merge. However, don’t hold me to that. 
Things getting a little hectic in real life and i’m finding it hard to allocate time to this little project; however i’m pretty certain i’m done. Almost.
I’ve finally managed to peace together the problems with my decodeBitmap() and decodeBitmapString() and together they’re now generated a decrypted bitmap string is indeed a BigInt(), which. You guessed it, holds the P&G keys! Waaaaaaaaay!
My next post will be the final heave on this encryption cracking; and i’m pretty certain by the next post it will be done. However for now i have another little gift.
As you’re aware a Habbo user known to a few of you on Shenkx.co.uk as Imadj recently found an exploit in the facebook method of Habbo registration; allowing you to create mutant figures! Exciting as that is, he was quick to find out that Habbo have a new sort of ban. Remember the old shockwave ban? Well think of this one was a flash ban! Needless to say, you have no need to fear. Here’s a tool that will do exactly the same as SonicMouse’s Unbanner did, and will restore you to your former Habbo Glory. Click here, to download!
Sorry for the ridiculously late post, stuff’s been going on and I really wanted to have something to give you guys before I made another post, but that’s not going to happen just yet. So I thought i’d throw this up for you.
I’ve decided to go about the encryption another way; as oppose to waiting for Sulake to screw up with one of their obfuscations, which could take a lifetime! The new idea is to dissamble the Habbo.swf into AVM2 bytecode, modify the functions we need (decodeBitmap etc) then recompile the result back into native AVM2 code. Hopefully allowing me to use something along the lines of trace(param1); just to make sure they’re not doing anything sneaky! I’m going to be using as3c to do this. Feel free to have a look and a bit of a mess-around with it, if you get far enough you’ll notice that it wont work off the bat with static classes. That’s a rather easy fix though, however if you can’t be bothered to figure it out, just wait for the post entailing how to crack the encryption! (a detailed guide!) ;]
I also plan to release tutorials on how to inject your own .swf’s into the client, and an opensource C# Habbo applicaton. Those will probably be in the next few posts so stay tuned.
One final thing, I do have a present for Habbo emulator users. The Sandbox application that I want for the offical Habbo Hotel obviously needs to be designed and tested somewhere! So what other place than on unsecure Habbo Emulators! Here’s a version that was designed for HabboRP, it’s not complete nor do I promise that any of the features will still work. Just remember guys, because it’s open-source Aaron also has access to it, so when he patches things don’t come moaning to me. I’m not going to help you! Also this isn’t me attacking anyones retro, purely just releasing an application that’ll help people do so! You can download the binarys and source code by clicking here.
Oh, and check out http://suelake.com. It’s a great Habbo V5 emulator!
Until next time guys.
One of two of you may have noticed that SOM has been all over the place today, and yesterday! Well i’m glad to say it’s now back on it’s feet and none of that should be happening again! There’s still a few things to sort out regarding the blog (Categories, links and what not!), but they’ll be done in time.
Regardless, hope you’re all having a great day and have got everything you wanted. I know i’ll be having fun later tonight, you should too! Merry Christmas!
Sorry for the lack of updates recently been busy with a few other things, but this blog isn’t about that!
The decodeBitmap() function i’m working on isn’t acting aswell as it should. I’m pretty certain that the only incorrect piece of code is this one:
pixels.position = position + channel;
That line alone is the cause of what I think is making the Sandbox give me the incorrect p&g keys. Currently the SandBox outputs:
P len is 53 G len is 51 P is 72057331058456166916582840012450119041673124206131971 G is 860860017052136081176025452969014307125978262247352
P should be almost double that length. However i’ve debugged through all the code and yeah, I’m pretty certain it’s just pixels.position that’s incorrect. The obfuscated version of it is unclear in every single habbo.swf that i’ve looked at.
Alongside that i’ve been working on injecting my own swf into the client. It’s been going pretty well I guess. The few first attempts churned out the following error from the flash client:
Warning: Ignoring 'secure' attribute in policy file from http://hotel-uk.habbo.com/crossdomain.xml. The 'secure' attribute is only permitted in HTTPS and socket policy files. See http://www.adobe.com/go/strict_policy_files for details. Warning: Not a known player download type, http://images.habbo.com/c_images/hotel_view_images_hq/hotelview_dec09.png --> attempting to inject malicious swf... TypeError: Error #1009: Cannot access a property or method of a null object reference. at com.sulake.core.assets::_-4z/_-WM() at com.sulake.core.runtime.events::EventDispatcher/_-nd() at flash.events::EventDispatcher/dispatchEventFunction() at flash.events::EventDispatcher/dispatchEvent() at com.sulake.core.runtime.events::EventDispatcher/dispatchEvent() at com.sulake.core.utils::LibraryLoader/loadEventHandler()
The source of the problem seemed to be related to the Habbo.swf not inheriting hh_hack.swf as it should. So I decided to try an alternative root. After a few attempts I got what seems to be a successfull injection!
--> Warning: Ignoring 'secure' attribute in policy file from http://hotel-uk.habbo.com/crossdomain.xml. The 'secure' attribute is only permitted in HTTPS and socket policy files. See http://www.adobe.com/go/strict_policy_files for details. Found Pet Pack: dog Found Pet Pack: cat Found Pet Pack: croco Found Pet Pack: terrier Found Pet Pack: bear Found Pet Pack: pig Found Pet Pack: terrier Found Pet Pack: bear Found Pet Pack: pig (x=0, y=0, w=66, h=22) (x=0, y=1, w=66, h=19) (x=0, y=0, w=66, h=22) (x=0, y=1, w=66, h=19) (x=0, y=0, w=55, h=22) (x=0, y=1, w=55, h=19) (x=0, y=0, w=55, h=22) (x=0, y=1, w=55, h=19) (x=0, y=0, w=88, h=22) (x=0, y=1, w=88, h=19) (x=0, y=0, w=88, h=22) (x=0, y=1, w=88, h=19) --> attempting to inject malicious swf... --> Injected Successfully................ TypeError: Error #1010: A term is undefined and has no properties. at com.sulake.core.assets::_-4z$/_-1ld() at com.sulake.core.assets::_-4z/_-WM() at com.sulake.core.runtime.events::EventDispatcher/_-nd() at flash.events::EventDispatcher/dispatchEventFunction() at flash.events::EventDispatcher/dispatchEvent() at com.sulake.core.runtime.events::EventDispatcher/dispatchEvent() at com.sulake.core.utils::LibraryLoader/loadEventHandler() Warning: Ignoring 'secure' attribute in policy file from http://www.habbo.co.uk/crossdomain.xml. The 'secure' attribute is only permitted in HTTPS and socket policy files. See http://www.adobe.com/go/strict_policy_files for details.
That particular error hasn’t managed to cause any actual client errors and Habbo itself still works as it should. I think I know what’s causing the error and needless to say it’s nothing to particularly worry about! Next step is to completely fix decodeBitmap(), and possibly try and call some functions through hh_hack.
Sorry to contradict myself, in the last post I stated that the next post would talk to you about how the encryption works, with a demonstration and such. However I felt it important to tell you all that Script-o-matic is under DDoS attack. We’re not sure why or by who in particular but I thought you should all know about it, just incase we happen to go down.
On a brighter note, everything is going strong. decodeBitmap() is almost done. It’s grabbing p&g keys nicely, just need to tweak a few things to finalise it completely! Until next time.
Hey Guys, hope you’re all enjoying the christmas season and that your advent chocolates are being eaten (Though you should’ve only eaten four!!)
So, the reason this is now here. After some nagging at Mike he’s agreed to let me use this site to post up my discoveries in regards to Habbos encryption.
Alot of the functions haven’t changed too much since we last attempted to crack it, and so I thought I’d give it another shot. Currently i’m in the process of reverse engineering the client. Going strong, the BigInt() function is almost done, found pretty much all the RC4 Functions and i’m certain I know where the decodeBitmap() functions are. Check back later I guess!