Sign in to follow this  
Followers 0
SND

Yugioh Duellinks - Duel IT PC - REVERSING THREAD

5 posts in this topic

hi ,

i took a quick look on the bot for duel links here : 

Please login or register to see this link.

Download the files here = 

Please login or register to see this link.

Coding language = AutoIT 3.X 

Decompiled with pearl script taken from here : 

Please login or register to see this link.

 

 

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

Reversing // DAY 01 

- Decompiled the files

- Sniffed WEB traffic 

( File is sending SSL encrypted traffic to host ) 

- Weblinks extracted from binaries.

 

DECOMPILED CODE = 

Please login or register to see this link.

 

1 person likes this

Share this post


Link to post
Share on other sites

Possibly the first interesting line of code = 

$ha = InetRead($ck & "/duelitAuth.php?user=" & $h2 & "&pass=" & $h9 & "&v=" & $cj & "&h=" & $h7 & "&sess=" & $h6 & "&pc=1", 1)

 

 

Share this post


Link to post
Share on other sites

This is the whole login code 

GqEeNPO.jpg

 

Looks like we just need a fake server response or maybe just patch out the EXIT code 

Share this post


Link to post
Share on other sites

This is how a good response with a valid account logged in looks like stripped down and sorted.

17:
iDhzDi+BC;
iDhtsi+h;
iDhtsi+C;
iDhtsi+lh;
iDhtsi+Dbt;
iDhtsi+DAt;
iDhtli+h;
iDhtsi+DAh;
iDhzDi+ii;
iDhzDi+iC;
iDhzDi+At;
iDhzDi+lhh;
iDhzDi+lls;
iDhzDi+lli;
iDhzDi+lss;
iDhzDi+lst;
iDhzDi+lsE;
iDhzDi+lzh;
iDhzDi+lms;
iDhzDi+lzC;
iDhzDi+lzE;
iDhzDi+lts;
iDhzDi+lzt;
iDhzDi+lze;
iDhzDi+ltt;
iDhzDi+lte;
iDhzDi+lti:
ExitLoop;
1;
@SW_SHOW;
\dliteaf_;
tessdata;
Yu-Gi-Oh! DUEL LINKS;
duelit;
settings.ini;
npcColors.ini;
gatefarm.ini;
npcColorConfig.ini;
easyasfark_duelit;
dliteaf_*:1573120247

The very last number looks like it could be the remaining time for the account expiration.

The top looks like offsets . 

This being said, it looks like not possible to patch the software unless you get your hands on the required offsets on your own..

Server only sends the login OK token when user is valid in the database. In the same response it sends the offsets.

Share this post


Link to post
Share on other sites

i tested serval methods such as the good old fake server emulation which works well but in the end still at least ONE ACTIVE legit account has to stay in the system to recieve the new offsets from the server otherwise the crack wont work at all .

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0