Archived

This topic is now archived and is closed to further replies.

SND

Yugioh Duellinks - Duel IT PC - REVERSING THREAD

Started by SND,

5 posts in this topic

Posted

hi ,

i took a quick look on the bot for duel links here : 

Please login or register to see this link.

Download the files here = 

Please login or register to see this link.

Coding language = AutoIT 3.X 

Decompiled with pearl script taken from here : 

Please login or register to see this link.

 

 

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

Reversing // DAY 01 

- Decompiled the files

- Sniffed WEB traffic 

( File is sending SSL encrypted traffic to host ) 

- Weblinks extracted from binaries.

 

DECOMPILED CODE = 

Please login or register to see this link.

 

5 people like this

Share this post

Link to post
Share on other sites

Posted

Possibly the first interesting line of code =  

$ha = InetRead($ck & "/duelitAuth.php?user=" & $h2 & "&pass=" & $h9 & "&v=" & $cj & "&h=" & $h7 & "&sess=" & $h6 & "&pc=1", 1)

 

 

Share this post

Link to post
Share on other sites

Posted

This is the whole login code 

 

Looks like we just need a fake server response or maybe just patch out the EXIT code 

3 people like this

Share this post

Link to post
Share on other sites

Posted

This is how a good response with a valid account logged in looks like stripped down and sorted. 

17:
iDhzDi+BC;
iDhtsi+h;
iDhtsi+C;
iDhtsi+lh;
iDhtsi+Dbt;
iDhtsi+DAt;
iDhtli+h;
iDhtsi+DAh;
iDhzDi+ii;
iDhzDi+iC;
iDhzDi+At;
iDhzDi+lhh;
iDhzDi+lls;
iDhzDi+lli;
iDhzDi+lss;
iDhzDi+lst;
iDhzDi+lsE;
iDhzDi+lzh;
iDhzDi+lms;
iDhzDi+lzC;
iDhzDi+lzE;
iDhzDi+lts;
iDhzDi+lzt;
iDhzDi+lze;
iDhzDi+ltt;
iDhzDi+lte;
iDhzDi+lti:
ExitLoop;
1;
@SW_SHOW;
\dliteaf_;
tessdata;
Yu-Gi-Oh! DUEL LINKS;
duelit;
settings.ini;
npcColors.ini;
gatefarm.ini;
npcColorConfig.ini;
easyasfark_duelit;
dliteaf_*:1573120247

The very last number looks like it could be the remaining time for the account expiration.

The top looks like offsets . 

This being said, it looks like not possible to patch the software unless you get your hands on the required offsets on your own..

Server only sends the login OK token when user is valid in the database. In the same response it sends the offsets.

1 person likes this

Share this post

Link to post
Share on other sites

Posted

i tested serval methods such as the good old fake server emulation which works well but in the end still at least ONE ACTIVE legit account has to stay in the system to recieve the new offsets from the server otherwise the crack wont work at all .

2 people like this

Share this post

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Go To Topic Listing General Chat