RotMG Unity Client Thread

[Azuki]

Let's see if not naming it works, since that wasn't the point of it.

There is already a client for Unity that has predictive autonexus and autoaim. The ones here aren't predictive and are just starting to get autoaim.

that's crazy. your point being?

[imreallyded]

that's crazy. your point being?

just curious, can you list the programs you are using for the unity decompiling/hacking?

[lemon250]

I'm trying to read packets sent by the client, but they don't seem decrypted properly. I also tried injecting dll into flash version, it also doesn't work. The cipher key and packet structures are from decompiled flash version, for rc4 i'm using crypto++ library. Is there something i'm missing?

Code:

_loc1_ = Crypto.getCipher("rc4",MoreStringUtil.hexStringToByteArray("6a39570cc9de4ec71d64821894c79332b197f92ba85ed281a023".substring(0,26)));
_loc2_ = Crypto.getCipher("rc4",MoreStringUtil.hexStringToByteArray("6a39570cc9de4ec71d64821894c79332b197f92ba85ed281a023".substring(26)));
serverConnection.setOutgoingCipher(_loc1_);
serverConnection.setIncomingCipher(_loc2_);

key definition

Code:

constexpr size_t key_length = 13;
constexpr uint8_t client_to_server_key[key_length] {0x6a,0x39,0x57,0x0c,0xc9,0xde,0x4e,0xc7,0x1d,0x64,0x82,0x18,0x94};

packet definitions

Code:

class SlotObjectData
{
private:
    int object_id;
    uint8_t slot_id;
    int object_type;

public:
    int GetObjectId() const
    {
        return _byteswap_ulong(object_id);
    }

    uint8_t GetSlotId() const
    {
        return slot_id;
    }

    int GetObjectType() const
    {
        return _byteswap_ulong(object_type);
    }
};

class InvDrop
{
private:
    SlotObjectData slot_object_data;

public:
    std::string ToString() const
    {
        return "object_id=" + std::to_string(slot_object_data.GetObjectId()) +
            " slot_id=" + std::to_string(slot_object_data.GetSlotId()) +
            " object_type=" + std::to_string(slot_object_data.GetObjectType());
    }
};

class PacketHeader
{
private:
    uint32_t packet_size;
    PacketType packet_type;

public:
    PacketType GetPacketType() const
    {
        return packet_type;
    }

    uint32_t GetPacketSize() const
    {
        return _byteswap_ulong(packet_size);
    }

};

code inside hooked send packet

Code:

const RotmgExaltSdk::PacketHeader *packet_header = (decltype(packet_header))buf;

if(packet_header->GetPacketType() == RotmgExaltSdk::PacketType::INVDROP)
{
    constexpr uint8_t header_size = sizeof(RotmgExaltSdk::PacketHeader);
    const uint32_t packet_data_size = packet_header->GetPacketSize() - header_size;
    const uint8_t *packet_data = (uint8_t*)(buf + header_size);

    arc4.SetKey(client_to_server_key, key_length);
    arc4.ProcessData(decrypted_packet_data, packet_data, packet_data_size);

    for(uint32_t i = 0; i < packet_data_size; ++i)
    {
        printf("%d ", decrypted_packet_data[i]);
    }
    putchar('\n');

    RotmgExaltSdk::InvDrop *inv_drop = (decltype(inv_drop))decrypted_packet_data;
    std::cout << inv_drop->ToString() << std::endl;
}

packets

Code:

34 219 51 30 252 147 60 170 92
object_id=584790814 slot_id=252 object_type=1543503872
24 142 237 147 180 221 109 30 49
object_id=412020115 slot_id=180 object_type=822083584
177 53 83 199 230 177 204 205 252
object_id=-1321905209 slot_id=230 object_type=-67108864
8 28 163 180 94 211 45 228 183
object_id=136094644 slot_id=94 object_type=-1224736768
230 148 17 152 98 184 9 8 239
object_id=-426503784 slot_id=98 object_type=-285212672

[Azuki]

just curious, can you list the programs you are using for the unity decompiling/hacking?

il2cppdumper, dnspy, ida 7.0, visual studio

[index.html]

Let's see if not naming it works, since that wasn't the point of it.

There is already a client for Unity that has predictive autonexus and autoaim. The ones here aren't predictive and are just starting to get autoaim.

The guy from rbot, who made that client is doing it for money. No one here is trying to compete or release asap , i think people who make cheats for mpgh are having fun reversing games.

[DIA4A]

The guy from rbot, who made that client is doing it for money. No one here is trying to compete or release asap , i think people who make cheats for mpgh are having fun reversing games.

As index.html stated, were it a competition then people would keep all info to themselves but there have been some quality posts from azuki and index.html

[Azuki]

As index.html stated, were it a competition then people would keep all info to themselves but there have been some quality posts from azuki and index.html

also on another note, the rbot cheat has absolutely NOTHING to do with what we're doing here.
it's a simple proxy hack, and nothing special. we're doing internal work.

[DIA4A]

also on another note, the rbot cheat has absolutely NOTHING to do with what we're doing here.
it's a simple proxy hack, and nothing special. we're doing internal work.

And besides, I've had an aimbot for over a week and linear extrapolation based on weapon data for 4 days now https://gyazo.com/e1f07b6760a38c1e428c8238d5f1e5f9 (shit cropping to hide info)

[kr_nekdo]

And besides, I've had an aimbot for over a week and linear extrapolation based on weapon data for 4 days now https://gyazo.com/e1f07b6760a38c1e428c8238d5f1e5f9 (shit cropping to hide info)

Collab with them then. It would sincerely speed up the process of making a client.

[DIA4A]

For anyone interested/wants to use this (probs just azuki and index.html lol) here are some of the option stringids of the menu (amongst a few other things)
https://i.gyazo.com/2a7beac247b800d6...a3f9e43885.png
https://i.gyazo.com/2018ab5e9c7dc582...2fa3ef7dad.png
https://i.gyazo.com/a116db6c8229e455...5b5f79d613.png

[DerpyyWulf]

I tried dcing some players with my krelay dc plugin and i found out that ppl exalt take way more packet spam to dc than flash.

[kr_nekdo]

I tried dcing some players with my krelay dc plugin and i found out that ppl exalt take way more packet spam to dc than flash.

Interesting. Is it still effective tho?

[Azuki]

/snip

I mean Naru is gonna be opensource in a bit, I just have to tidy the source and add some more features

[DerpyyWulf]

Interesting. Is it still effective tho?

it works on flash players, tho it only lags exalt players

[Matthew]

Just a reminder, outside links/flaming/off-topic posts are against the rules and will result in an infraction/ban