It is possible to make KBH still work!

I'm making a Ragnarok clone of my own.. and while I was trying to hook the chat to get variables to load game.

I've found this. Very deep inside the iframe which loads the chat and game!.

This is the code that ragnorak needs to update to get it to work again.. they started to follow the KBH packet sending format much more.. as you can see {"game_id":"####"} all that is in javascript and yes without any encryption.. they didn't add any encryption or forgot? or don't care

/flash/konduit_1240464075.swf","konduit","1","1","9",null,{"game_id":"35596","chat_username":getChatUsername(),"chat_host":"of1.kongregate.com","permission_chat_api":"false","chat_password":getChatPassword(),"chat_port":"5222","debug_level":"","user_vars":"%5B%22pkedpker%22%2C%22d%22%2C45%2C%22http://cdn4.kongregate.com/assets/avatars/defaults_chat_sized/bird.jpg%22%2C%22Bars%20of%20Black%20and%20White%22%2C%22http://www.kongregate.com/games/GregoryWeir/bars-of-black-and-white%22%5D","game_title":"Bars%20of%20Black%20and%20White","game_permalink":"bars-of-black-and-white","javascript_listener":"konduitToHolodeck","game_url":"http://www.kongregate.com/games/GregoryWeir/bars-of-black-and-white","channel_id":channel_id,"permission_slk":"false","user_vars_sig":"n6g5tvpu72rade9VkCb1Tg%3D%3D","connect":"true","chat_ip":"216.246.59.237","permission_mtx_api":"false"},{},{});
//]]>

konduit_########.swf is the new game loader? (no idea)
but they made a ton of javascript methods to get data.. like
getChatUsername(); gets the chat's username
getChatPassword(); gets the kongregate password SessionID

for example put this in your address bar (when your inside some game)
javascript:var myChatPass = getChatPassword(); alert(myChatPass);
it should print out your kongregate password (session ID)
javascript:var myChatPass = getChatUsername(); alert(myChatPass);
it should print out your kongregate username

javascript:var myChatPass = getChatPassword(); window.clipboardData.setData("Text",myChatPass);
gets the kongregate password (session ID) and it copy's it into your clipboard (well it copies it enough said) (so you can paste it in KBH or notepad where ever)

this nifty trick can be used to revive KBH/KABH and make some other hacks much easier..
javascript hacking the new kongregate hack? LOL..
Seems they keep making it easier and easier to hack..

Plus this means getting ChatPassword is much easier then in the pervious ways where you had to lose or win a game.. to get packet.. HELL you don't even need WPE PRO now!

try it..

proof of how it works =)


figured out that the chatpassword's first numbers 422396 are the user_id .. and user_id is increased everytime someone makes a account..

lets say Greg was the first person to register... his user_id is 1.. so you can tell how old your account is.. im the 422,396th user to register on kongregate =P

This below is for flash variable changing
javascript: document.gamediv.SetVariable("_root.max", "999999");

its gamediv! thats the flashobject.... I knew there was no way kongregate could disable javascript as the chat is half javascript half flash.. so there you go..

But wait a second it won't work for you? and why is that? because gamediv is not even in the code its in a iframe which you have to get first. By doing

javascript:var theURL= window.document.getElementById("gameiframe").getAttribute("src"); window.clipboardData.setData("Text", theURL);

or to show without copying to clipboard

javascript:var theURL= window.document.getElementById("gameiframe").getAttribute("src"); alert(theURL);

Found a even better code!

javascript:var theURL= window.document.getElementById("gameiframe").getAttribute("src"); window.open(theURL);

that gets the place where the flash object sits then it opens up a new browser window (tested in chrome/internet explorer works)

then you can do the

javascript: document.gamediv.SetVariable("_root.max", "999999");

codes

which will copy to your clipboard the URL needed to visit deep into the kongregate flash game iframe.


try that code on my game chain reaction on kongregate

Here is a youtube video I made in a minute or so to show you that it works.
http://www.youtube.com/watch?v=NiVUvmC80ks

it works =)

not to mention you can now (well you always could of I just didn't use javascript) use javascript to submit scores/triggers to get badges/cards

send score
javascript: document.embeds[0].SetVariable("_root.HighScore", "999999");
get score to print out
javascript var score = document.embeds[0].GetVariable("_root.HighScore"); alert(score);

Holy crap i've just noticed this, you guys won't believe it!
/flash/konduit_1240464075.swf","konduit","1","1","9"
swfobject.embedSWF("FlashToLoad.swf", width,height,flashversion,etc);

if you notice this konduit_####.swf has width and height set to 1,1.

means the flash chat is still there.. it's size is just 1,1 making it 1 pixel big.. hard/impossible to even see it.. i was thinking why is kongregate lagging so badly..

Quote from: "pkedpker"

not to mention you can now (well you always could of I just didn't use javascript) use javascript to submit scores/triggers to get badges/cards

send score

Code: [Select]

javascript: document.embeds[0].SetVariable("_root.HighScore", "999999");
get score to print out

Code: [Select]

javascript var score = document.embeds[0].GetVariable("_root.HighScore"); alert(score);


You can get badges by doing that?

Didn't actually do anything for me when I changed it to 'Insane' and 0 score. =/

They disabled javascript. I don't know if they enabled it again now.

Edit: It doesn't work.

something like this

javascript: alert(document.GetElementById("game_id").GetAttribute("value"));
javascript: alert(document.All("game_id"));
javascript: alert(document.All("game_id").value);

but it doesn't seem to work.. I don't know much javascript

but it should of worked

<input name="game_id" type="hidden" value="38794" />

thats how it is in html

I'd noticed that the flash chat was still around, I just hadn't even thought about it.

Here's a picture to show where the flash chat is embedded. Using FlashBlock, you can see it clearly.

Should still be pretty much possible to hijack the js they send either with greasemonkey or through a rewriting proxy.(an easy one to do that is privoxy).
If it's really js then replacing the content is very easy.

Quote from: "Maximillian"

Quote from: "pkedpker"

not to mention you can now (well you always could of I just didn't use javascript) use javascript to submit scores/triggers to get badges/cards

send score

Code: [Select]

javascript: document.embeds[0].SetVariable("_root.HighScore", "999999");
get score to print out

Code: [Select]

javascript var score = document.embeds[0].GetVariable("_root.HighScore"); alert(score);


You can get badges by doing that?

Didn't actually do anything for me when I changed it to 'Insane' and 0 score. =/

They disabled javascript. I don't know if they enabled it again now.

Edit: It doesn't work.

I've cracked it kongregateHack!

it's

javascript: document.gamediv.SetVariable("_root.max", "999999");

its gamediv! thats the flashobject.... I knew there was no way kongregate could disable javascript as the chat is half javascript half flash.. so there you go..

But wait a second it won't work for you? and why is that? because gamediv is not even in the code its in a iframe which you have to get first. By doing

javascript:var theURL= window.document.getElementById("gameiframe").getAttribute("src"); window.clipboardData.setData("Text", theURL);

or to show without copying to clipboard

javascript:var theURL= window.document.getElementById("gameiframe").getAttribute("src"); alert(theURL);

Found a even better code!

javascript:var theURL= window.document.getElementById("gameiframe").getAttribute("src"); window.open(theURL);

that gets the place where the flash object sits then it opens up a new browser window (tested in chrome/internet explorer works)

then you can do the

javascript: document.gamediv.SetVariable("_root.max", "999999");

codes

which will copy to your clipboard the URL needed to visit deep into the kongregate flash game iframe.


try that code on my game chain reaction on kongregate


it works =)

This means i could quit working on PKRagnorak and start a easier project just a webbrowser with a custom built in javascript: document.gamediv.SetVariable("_root.max", "999999"); sender .. that just sends a bunch of them based on the variables it finds.

javascript: document.gamediv.SetVariable("_root.max", "999999"); 's


Here is a youtube video I made in a minute or so to show you that it works.
http://www.youtube.com/watch?v=NiVUvmC80ks

yes it should be connected to kongregate api and support badges!

still have to make a scanner.. unless you can help me out I heard you got some source to atlas.

I'm so confused as to what's going on. What exactly does the 2nd piece of code do?

change flash game variables value based on variable name. You can either guess the names or use variable scanners.