Right, I tried out the method using "You have to burn the rope":

I used the following packet:

{"msg.id":1,"stamp":"9229216122396","game_id":8650,"slk":"1594186_ff42f2d5d3d293817562eff5811dc9078db1bca4","stats":"[{"name":"You Have Burned the Rope","value":1}]","user":"iamamachine"}

The username is: "iamamachine" and the password is: "123456" (as always).
The game ID is: 8650
The variable is: [{"name":"You Have Burned the Rope","value":1}]

I used the javascript commands to find out my username/password (the long one with numbers). But nothing...

Any ideas?

Interestingly you can abuse this on some games by using a proxy, such as webscarab or paros, to inject a button that calls the javascript method from within the frame.

This doesn't work on all games, but I got it working on B29 Assault (though I already had the badge). This seems to be related to the flash itself, how I did this on B29 Assault was to do the following (all in FF3).

Load up webscarab and set it to intercept responses (intercept tab and check Intercept responses). Set the proxy up in FF3 (by default localhost:8008). Now load the page and accept all responses until you come across the iframe, which will have a URL like http://a.kongregate.com/games/FreeWorldGroup/b29-assault/frame/1241548010558?gameplays_count=0&user_id=12345&username=abcdef.
Once we have the iframe, set the tab to "Text" and scroll down until you get to gamediv, it'll look like:</script><script type="text/javascript">
//<![CDATA[
swfobject.embedSWF("http://chat.kongregate.com/flash/GameShell_1241113218.swf","gamediv","399","550","6",null,{"kongregate":"true","kongregate_host":"http%3A%2F%2Fwww.kongregate.com","kongregate_username":"abcdef","kongregate_game_url":"http%3A%2F%2Fa.kongregate.com%2Fgames%2FFreeWorldGroup%2Fb29-assault","game_url":"http%3A%2F%2Fa.kongregate.com%2Fgames%2FFreeWorldGroup%2Fb29-assault","kongregate_user_id":"12345","kongregate_channel_id":channel_id,"api_path":"%2Fflash%2FAPI_1241113218.swf","game_swf":"http%3A%2F%2Fchat.kongregate.com%2Fgame_files%2F0000%2F0618%2Fb29-assault.swf%3Fkongregate_game_version%3D1205904559","kongregate_game_id":"933","kongregate_game_version":"1205904559"},{"bgcolor":"#000000","allowscriptaccess":"never","allownetworking":"all","base":"http://chat.kongregate.com/gamez/0000/0933/live/"},{});
//]]>
</script>After this, enter the below bit of HTML:<button type="button" onClick="javascript:document.gamediv.SetVariable('roleLife','999');">Life</button>
<button type="button" onClick="javascript:document.gamediv.SetVariable('stageID','5');">Level</button>
And you should have nice little buttons to press to get the cheats.

And did it with the Max Mesiria battle mode (finally I've got that badge!). Moved the buttons to the top, as it stops the flash object overlaying the buttons.



I need to think of a good way to freezing variables (probably setting up a time to reset every few microseconds. Then just need to whip together a quick proxy in perl to do this automatically!

It doesn't work on all games though. The permission to use the Javascript->Flash methods depend on the flash object itself and what domains it trusts. The Lion's share of the Flash games won't let this work and generally these are ones that have been hosted on sites like Armor [sic] Games etc.

I've got this to work on Max Mesiria Chapter 2, Mindscape and B29 Assault; but little success on others. Fortunately there's a simple test: load up the game iframe in (say Firefox) and do a javascript:document.gamediv.GetVariable("health") (or another valid variable). If you get an error in the Error Console about a method failed with NPObject, then this technique won't work.

I don't get the part where it changes the ingame values.

I'm not entirely sure this is newbie-friendly, so is there a quick yet non-dirty way to do this? Thanks

im learning _root variables hacking and already understood it since i have basic knowledge on CE

bytecode hacking also seems pretty easy... it looks easy but the brain part is pretty hard. :geek: