Sign in to follow this  
Followers 0
SND

Yugioh Duellinks - Duel IT PC - REVERSING THREAD

5 posts in this topic

hi ,

i took a quick look on the bot for duel links here : 

Please login or register to see this link.

Download the files here = 

Please login or register to see this link.

Coding language = AutoIT 3.X 

Decompiled with pearl script taken from here : 

Please login or register to see this link.

 

 

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

Reversing // DAY 01 

- Decompiled the files

- Sniffed WEB traffic 

( File is sending SSL encrypted traffic to host ) 

- Weblinks extracted from binaries.

 

DECOMPILED CODE = 

Please login or register to see this link.

 

5 people like this

Share this post


Link to post
Share on other sites

Possibly the first interesting line of code = 

$ha = InetRead($ck & "/duelitAuth.php?user=" & $h2 & "&pass=" & $h9 & "&v=" & $cj & "&h=" & $h7 & "&sess=" & $h6 & "&pc=1", 1)

 

 

Share this post


Link to post
Share on other sites

This is the whole login code 

GqEeNPO.jpg

 

Looks like we just need a fake server response or maybe just patch out the EXIT code 

3 people like this

Share this post


Link to post
Share on other sites

This is how a good response with a valid account logged in looks like stripped down and sorted.

17:
iDhzDi+BC;
iDhtsi+h;
iDhtsi+C;
iDhtsi+lh;
iDhtsi+Dbt;
iDhtsi+DAt;
iDhtli+h;
iDhtsi+DAh;
iDhzDi+ii;
iDhzDi+iC;
iDhzDi+At;
iDhzDi+lhh;
iDhzDi+lls;
iDhzDi+lli;
iDhzDi+lss;
iDhzDi+lst;
iDhzDi+lsE;
iDhzDi+lzh;
iDhzDi+lms;
iDhzDi+lzC;
iDhzDi+lzE;
iDhzDi+lts;
iDhzDi+lzt;
iDhzDi+lze;
iDhzDi+ltt;
iDhzDi+lte;
iDhzDi+lti:
ExitLoop;
1;
@SW_SHOW;
\dliteaf_;
tessdata;
Yu-Gi-Oh! DUEL LINKS;
duelit;
settings.ini;
npcColors.ini;
gatefarm.ini;
npcColorConfig.ini;
easyasfark_duelit;
dliteaf_*:1573120247

The very last number looks like it could be the remaining time for the account expiration.

The top looks like offsets . 

This being said, it looks like not possible to patch the software unless you get your hands on the required offsets on your own..

Server only sends the login OK token when user is valid in the database. In the same response it sends the offsets.

1 person likes this

Share this post


Link to post
Share on other sites

i tested serval methods such as the good old fake server emulation which works well but in the end still at least ONE ACTIVE legit account has to stay in the system to recieve the new offsets from the server otherwise the crack wont work at all .

2 people like this

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0