Based on behavior, interception of a flash game server-side functions, using an open source simulation server-side

This article only makes notes as a year ago crack log records, without any value!!!

1. Download the client, download SWF files and all kinds of weapons, scenes, sounds and so on all resources. (using the website's overall download function, one of the vulnerabilities of this game, the file list is placed in the XML)

2. Decompile the partial SWF file with the Anti-compilation tool, and some SWF files are not encrypted, which makes it easy to decompile parts of the software using the Anti-compilation tool (like a detective, you can find clues in any seemingly unimportant file)

3. Use the Grab tool to grab the command, (some commands, even most of the command code, even if the encryption is simple encryption, or by anti-compilation can find the way to compile), the establishment of a simple server, save the packet capture file, the use of file simulation server return instructions. (The instructions received by the client are not validated, including validation of the server-side real-time and authenticity).

4. Through testing, even if the client dropped the line, the character can still achieve jumping, shooting, walking, the identification of object obstacles, all the verification is done by the client, reducing the pressure of the server-side simulation

5. Use the open source common game server side to simulate the required instruction behavior and complete some instructions.

Summary, unfortunately no energy to continue to study, has stopped research, no motivation, as long as the curiosity to make the completion of this crack.

Based on behavior, interception of a flash game server-side functions, using an open source simulation server-side