Creating a custom client for a game

[323]

Note, I'm not talking about Gaia, but this could be put towards Gaia I guess.

How would one create a custom client that just logs everything received from a gameserver, masquerading as a real game client? The game in question is written in Java.

I've been looking into this for a while with no avail. If anyone could help, that would be great. And I don't just mean capturing packets or whatever, I mean like all of the data that the server sends the client, because from there reverse engineering the client would be MUCH simpler than trying to locate and de-obfuscate code.

[Artificial]

Just look at what the client is sending the server and replicate it.

[323]

Just look at what the client is sending the server and replicate it.

Client = obfuscated, and really hard to find the source. The newest source people have is a few years old. Almost guaranteed that the packets are encrypted too.

[Artificial]

So you have two options. Deobfuscate the source, or decrypt the packets.

[323]

So you have two options. Deobfuscate the source, or decrypt the packets.

I think I'm going to try to locate the source of this game (They hid it really freaking well on their website, the last source people have is from a few years ago) or grab an old leaked source and see if they have the encryption algorithm in there, or ask people how they deobfuscated the old source, and see if I can do it with the new one. Thanks for the tips.

[Artificial]

What's the game?

[323]

What's the game?

Runescape. Don't even ask why I felt like reverse engineering it, haha. I got bored, decided to see how much things have changed on there. Then I got the little thing that said "This Java Applet needs your permission to run. world13.runescape.com" which I thought was interesting that they have a different subdomain for each server, or "world". So I checked out that subdomain, and eventually stumbled upon this weird gamepack file that (upon opening in a java decompiler) told me that it's source was obfuscated and it's a crime to deobfuscate it. The file is too small to be the entire client, so I'm not really sure what it is yet. I plan on trying to de-obfuscate it though.

I was talking to MattSmith about this and he said I probably won't get too far on this, and if I want an easier game to experiment on, try zOMG or Towns 2 or something. I was looking at Towns 2 and it doesn't seem too hard, but this Runescape thing really interested me for some weird reason. I guess maybe because there are no hacks for the game at all, and never have been, only a few bots. It would be interesting to see if it's just a lack of effort on the hacker's parts, or if the game really is that locked down.

[Riddle]

You might have better luck trying to decrypt the packets. It's not an easy task though. While I have not looked into this, perhaps there exists a Java disassembler in which you would try to locate the packet encryption method. You could also try using a different program to translate the Java bytes into something more readable, even if the result is obfuscated. All you really need is to figure out how the packets are encrypted and their format.

Once you have the encryption protocol and the format of the packets, you can make your own client (or even hijack sessions from a legit client).

[323]

You might have better luck trying to decrypt the packets. It's not an easy task though. While I have not looked into this, perhaps there exists a Java disassembler in which you would try to locate the packet encryption method. You could also try using a different program to translate the Java bytes into something more readable, even if the result is obfuscated. All you really need is to figure out how the packets are encrypted and their format.

Once you have the encryption protocol and the format of the packets, you can make your own client (or even hijack sessions from a legit client).

Yeah, it looks like I'm going to be in for quite the adventure with this one haha. I'll decompile the gamepack .jar file, and see if I can try to deobfuscate it somehow, or just convert it like you said lol. Will post back.

[323]

Well, tits. I unzipped the gamepack file and it LOOKS like the client, it has a few images that I'm 99% sure are from the client, but the java classes are all named letters and heavily use assembly. It's annoying.

If you guys want, I can upload a .zip of the gamepack.jar's classes and files and stuff.

Also lol, this was in a file called "SOFTWARE_DISCLAIMER.TXT" within gamepack.jar:

THIS SOFTWARE IS ENCRYPTED AND ANY ATTEMPT BY YOU TO BREAK OR CIRCUMVENT THIS ENCRYPTION OR OTHERWISE INTERFERE WITH OR DISRUPT JAGEX LIMITED’S LEGITIMATE OPERATION OF ITS SERVICES AND GAMES MAY BE A VIOLATION OF CIVIL AND/OR CRIMINAL LAWS.