Late post.
Sorry for the lack of updates recently been busy with a few other things, but this blog isn’t about that!
The decodeBitmap() function i’m working on isn’t acting aswell as it should. I’m pretty certain that the only incorrect piece of code is this one:
pixels.position = position + channel;
That line alone is the cause of what I think is making the Sandbox give me the incorrect p&g keys. Currently the SandBox outputs:
P len is 53 G len is 51 P is 72057331058456166916582840012450119041673124206131971 G is 860860017052136081176025452969014307125978262247352
P should be almost double that length. However i’ve debugged through all the code and yeah, I’m pretty certain it’s just pixels.position that’s incorrect. The obfuscated version of it is unclear in every single habbo.swf that i’ve looked at.
Alongside that i’ve been working on injecting my own swf into the client. It’s been going pretty well I guess. The few first attempts churned out the following error from the flash client:
Warning: Ignoring 'secure' attribute in policy file from http://hotel-uk.habbo.com/crossdomain.xml. The 'secure' attribute is only permitted in HTTPS and socket policy files. See http://www.adobe.com/go/strict_policy_files for details. Warning: Not a known player download type, http://images.habbo.com/c_images/hotel_view_images_hq/hotelview_dec09.png --> attempting to inject malicious swf... TypeError: Error #1009: Cannot access a property or method of a null object reference. at com.sulake.core.assets::_-4z/_-WM() at com.sulake.core.runtime.events::EventDispatcher/_-nd() at flash.events::EventDispatcher/dispatchEventFunction() at flash.events::EventDispatcher/dispatchEvent() at com.sulake.core.runtime.events::EventDispatcher/dispatchEvent() at com.sulake.core.utils::LibraryLoader/loadEventHandler()
The source of the problem seemed to be related to the Habbo.swf not inheriting hh_hack.swf as it should. So I decided to try an alternative root. After a few attempts I got what seems to be a successfull injection!
--> Warning: Ignoring 'secure' attribute in policy file from http://hotel-uk.habbo.com/crossdomain.xml. The 'secure' attribute is only permitted in HTTPS and socket policy files. See http://www.adobe.com/go/strict_policy_files for details. Found Pet Pack: dog Found Pet Pack: cat Found Pet Pack: croco Found Pet Pack: terrier Found Pet Pack: bear Found Pet Pack: pig Found Pet Pack: terrier Found Pet Pack: bear Found Pet Pack: pig (x=0, y=0, w=66, h=22) (x=0, y=1, w=66, h=19) (x=0, y=0, w=66, h=22) (x=0, y=1, w=66, h=19) (x=0, y=0, w=55, h=22) (x=0, y=1, w=55, h=19) (x=0, y=0, w=55, h=22) (x=0, y=1, w=55, h=19) (x=0, y=0, w=88, h=22) (x=0, y=1, w=88, h=19) (x=0, y=0, w=88, h=22) (x=0, y=1, w=88, h=19) --> attempting to inject malicious swf... --> Injected Successfully................ TypeError: Error #1010: A term is undefined and has no properties. at com.sulake.core.assets::_-4z$/_-1ld() at com.sulake.core.assets::_-4z/_-WM() at com.sulake.core.runtime.events::EventDispatcher/_-nd() at flash.events::EventDispatcher/dispatchEventFunction() at flash.events::EventDispatcher/dispatchEvent() at com.sulake.core.runtime.events::EventDispatcher/dispatchEvent() at com.sulake.core.utils::LibraryLoader/loadEventHandler() Warning: Ignoring 'secure' attribute in policy file from http://www.habbo.co.uk/crossdomain.xml. The 'secure' attribute is only permitted in HTTPS and socket policy files. See http://www.adobe.com/go/strict_policy_files for details.
That particular error hasn’t managed to cause any actual client errors and Habbo itself still works as it should. I think I know what’s causing the error and needless to say it’s nothing to particularly worry about! Next step is to completely fix decodeBitmap(), and possibly try and call some functions through hh_hack.