Inoffensive Links got you down?
Get an awesome offensive link today!
click-bitch.ovh
Call of Gods
-migrated-
Call of Gods
Submitted By:
Launch Trainer!
Fantasy MMO Multiplayer RPG Strategy

Wondering where the hacks are at? Register or Sign In to find out!


Wondering where the sol files are at? Register or Sign In to find out!

Call of Gods

-migrated-
Last Updated: 02/28/2014 17:47

Call of Gods

Auto-Post
Last Updated: 09/19/2012 02:29

Call of Gods - 50 pts. (new window)
5
 

Interior Decorator

  Build any 5 buildings within your castle
15
 

Heroic Growth

  Level up to level 20
30
 

Master Spelunker

  Complete 4 different dungeons on "hell" difficulty

Game Dscription
Gather your heroes to defend against fierce monsters in Masure Mainland.
RE: Call of Gods Posted on: 02/25/2014 4:34pm
Quote Post

Hi guys,

First post in here. Didn't see any introduction section, so that... I won't introduce myself

I'm totally new to hacking. We did some RE on Diablo 3, and we have a very nice C# .NET bot running (better than most public ones)
But I'm totally new to hacking flash games

As I was myself a player of CoG, I will try to automate the game. Here is what I manage to do so far:
- packet sniffing and decoding (plain or chunked+gziped JSON strings); i can see all messages between server and client (bidirectional)
- i can locate images in the flash application by taking a screenshot and matching patterns

Technologies used: LabVIEW (+modules, i.e vision), WinPcaP, AutoIt

This is already enough to set some automation up.

My objectives are the following: 
- Automating the search for good wheel of fortune by automatically generating wheels and stopping when a wheel scores a high value (score algorithm TBD - items + positioning on wheel)
- Automating hero hour refresh. Very easy. Almost there
- Automating traning. Very easy. Almost there
- Automating dungeons. Less easy, but can be done without too much pain
- More to be added. Will come with experience

I'm still wondering if it would be possible to directly interact with the memory of the flash game to simulate player actions (button clicks mainly...)
I will try again to get the .swf file of the game when I have time (is that the way to start identifying the memory layout of the game ?). Tried to follow some tutorials here, but I failed...

Any recommandation is welcome. I'll try to keep updating this post

I know this topic is reaaaally old, but I didn't know which section to create a new one, so that I posted in here.
If mods think it belongs to another place, just let me know

Cheers,
Mat




Yes, I'm a newbie. Don't hit to hard on the head if I ask for newbities, it hurts !

RE: Call of Gods Posted on: 02/25/2014 5:54pm
Quote Post
Never let a computer tell me shit.

I posted a bot for this 2 or 3 years ago. I couldnt be bothered to sniff packets so I just listened to the debug output from trace.

my preference for flash bots was always to load the game directly into a c# app and then interact with it using the windows api, (send message, etc) strictly because this method requires little to no effort. Once you can bother yourself to set up a socket system, there is absolutely no reason to not go one step further and make a  fully clientless bot. It is a flash game ffs. I mean you can have a clientless bot up and running in under 1000 lines of code. 

the dungeon is very easy to bot. just bfs/dfs and done. of course if you come to an exit, make sure the floor is completely cleared before entering. 




I use this AoB tool to make all the AoBs I post. Try the online version if you dont feel like downloading it.
"Obviously, windows are central to Windows. They are so important that they named the operating system after them. But what is a window?"

RE: Call of Gods Posted on: 02/25/2014 8:29pm
Quote Post

Hi Kolonel,

As for now, I didn't manage to feed my ActiveX flash object to embed the game
I am able to embed IE browser in the GUI and have the game work this way.

Tons of things at the same time, I feel slow to integrate everything

Will double check you suggestions

Thanks
Mat




Yes, I'm a newbie. Don't hit to hard on the head if I ask for newbities, it hurts !

RE: Call of Gods Posted on: 02/25/2014 9:35pm
Quote Post
Never let a computer tell me shit.

running it in a browser object completely defeats the purpose of embedding it in the app. make sure you are including references to AxInterop.ShockwaveFlashObjects and Interop.ShockwaveFlashObjects

the biggest thing that buys you is a window handle to the swf that you can pass to winapi functions. never mind the actual interop controls...




I use this AoB tool to make all the AoBs I post. Try the online version if you dont feel like downloading it.
"Obviously, windows are central to Windows. They are so important that they named the operating system after them. But what is a window?"

RE: Call of Gods Posted on: 02/26/2014 7:46am
Quote Post

Gonna try that in C# this morning
Appreciate the help

Mat

Edit: Code is easy, but the result is the same in C# and in LabVIEW

I guess I don't have the right SWF files to feed the flash object
I had been getting one named "cog.swf" from AdBlock Plus using Firefox.

Then, I started to use the" SWF Memory Dumper.exe" and the SoThink SWF Catcher.
I can see that the game is in fact broken into many SWFs files, which are only downloaded when needed

I gave a try to "CogLoading.swf": won't work either

Two questions: 
- I guess I need to perform logging first (and kinda attach the game to a server IP address and the flash object to a SWF source "server" as well). Any hint on how you performed this with your bot ?
- How to know which swf file I need to feed the flash object with ?

Googling on trying to fix that by myself
Mat




Yes, I'm a newbie. Don't hit to hard on the head if I ask for newbities, it hurts !

RE: Call of Gods Posted on: 02/26/2014 1:07pm
Quote Post
Never let a computer tell me shit.

login stuff
login is very easy

  private string gameBaseURL = ".kongregate.callofgods.com/php/platform/kongregate/login.php?";         private string gameUserIDString = "kongregate_user_id=";         private string gameAuthString = "kongregate_game_auth_token="; 


 

 browser.Navigate("http://s"+(cb_server.SelectedIndex+1)+gameBaseURL+gameUserIDString+tb_uname.Text+"&"+gameAuthString+tb_upass.Text); 




dont forget the flashvars....
 

 public AxShockwaveFlashObjects.AxShockwaveFlash swf_warflow;  HtmlElementCollection col = browser.Document.GetElementsByTagName("script");              string tempString = col[2].OuterHtml; tempString = Regex.Replace(tempString, "\\s|\r\n|\n|\"|'", "", RegexOptions.Multiline);   string flashvars = Regex.Match(tempString, "swfobject.embedSWF.*{.*}").Value;  tempString = LoginScripts.parseFlashVars(flashvars); _mw.swf_warflow.FlashVars = tempString; 




then load the movie

 _mw.swf_warflow.LoadMovie(0, "http://s" + (cb_server.SelectedIndex + 1) + ".kongregate.callofgods.com/flash/cog.swf?_v="+swf_version); 
 public static string parseFlashVars(string vars)         {             if (!Regex.IsMatch(vars, @"{[\s\w\W]*}", RegexOptions.Multiline))             {                 //MessageBox.Show("Flashvars input should have the following form" + Environment.NewLine +                 //    "{" + Environment.NewLine + "userID : 1234567," + Environment.NewLine + "ip : 'k2.kgwf.dovogame.com'," + Environment.NewLine + "ports : '6002'," + Environment.NewLine + "sessionKey : \"2b7e81274e0d16b5b5083e20bef9adc4\"," + Environment.NewLine + "locale:\"en_US\"," + Environment.NewLine + "version:\"1.01\"," + Environment.NewLine + "reportURL:\"http://k2.kgwf.dovogame.com/\"," + Environment.NewLine + "customerURL:\"http://k2.kgwf.dovogame.com/sfadm/\"," + Environment.NewLine + "gameURL:\"http://k2.kgwf.dovogame.com\"," + Environment.NewLine + "loginURL:\"http://www.warflow.com/\"," + Environment.NewLine + "rechargeURL:\"\"," + Environment.NewLine + Environment.NewLine + "fid:\"null\"," + Environment.NewLine + "bfid:\"null\"," + Environment.NewLine + "rootpath:\"http://img.kgwf.dovogame.com/1_2_4_0_01/\"" + Environment.NewLine + "}",                 //    "Input Error",                 //    MessageBoxButtons.OK);                 return "error";             }             else             {                 string tempString = vars;                 tempString = Regex.Match(tempString, @"{[\s\w\W]*}", RegexOptions.Multiline).ToString();                 tempString = tempString.Substring(tempString.IndexOf("{") + 1, tempString.LastIndexOf("},") - 1);                 tempString = Regex.Replace(tempString, "\\s|\r\n|\n|\"|'", "", RegexOptions.Multiline);                 tempString = Regex.Replace(tempString, @"gods.com:(\d{4})", "gods.comÖ$1", RegexOptions.Multiline);                 tempString = Regex.Replace(tempString, @":", "=", RegexOptions.Multiline);                 tempString = Regex.Replace(tempString, @"Ö", ":", RegexOptions.Multiline);                 tempString = Regex.Replace(tempString, @",", "&", RegexOptions.Multiline);                 tempString = Regex.Replace(tempString, @"http=", "http:", RegexOptions.Multiline);                 return tempString;             }         }  


 




I use this AoB tool to make all the AoBs I post. Try the online version if you dont feel like downloading it.
"Obviously, windows are central to Windows. They are so important that they named the operating system after them. But what is a window?"

RE: Call of Gods Posted on: 02/28/2014 10:12am
Quote Post

Hi

Thanks for this answer

Seems it somehow changed a bit
 

Get request for login
GET /php/platform/kongregate/login.php?kongregate_user_id=myuserid&kongregate_game_auth_token=b68464c251085146b9c30ce7179ecd7da5550be7c0e1997048ead04bec68e300&sid=s10&time=1393579686&sign=mysign HTTP/1.1 Host: s10-kongregate.callofgods.com


And this is how they load the SWF

 

SWF embed source code
swfobject.embedSWF(
  "http://s10-kongregate.callofgods.com/flash/cog.swf_v=1393554734", "myContent", "1000", "590", "10.0.0", "http://s10-kongregate.callofgods.com/js/expressInstall.swf",
  {
  "url":"http://s10-kongregate.callofgods.com/flash/data/networkConfig.json",
  "versionTag":"_v=1393554734",
  "configTag":"_v=1393554734",
   
  "httpConnectURL":"http://s10-kongregate.callofgods.com/php/do.php",
  "avatarConnectURL":"http://s10-kongregate.callofgods.com/php/avatar.php",
  "badgeConnectURL":"http://s10-kongregate.callofgods.com/php/badge.php",
  "badgecConnectURL":"http://s10-kongregate.callofgods.com/php/badgec.php",
  "loadingConnectURL":"http://s10-kongregate.callofgods.com/php/loading.php",
  "socketConnectURL":"s10-kongregate.callofgods.com:7843",
  "groupBadgeURL":"http://s10-kongregate.callofgods.com/groupBadge/",
  "characterAvatarURL":"http://s10-kongregate.callofgods.com/characterAvatar/",
  "loadingImgURL":"http://s10-kongregate.callofgods.com/loading/",
   
  "flashURL":"http://s10-kongregate.callofgods.com/flash/",
  "flashResourceURL":"http://s10-kongregate.callofgods.com/flashresource/",
  "imgprefix":"http://s10-kongregate.callofgods.com/flashresource/",
  "isHttps":"false",
  "policyAddr":"http://s10-kongregate.callofgods.com/crossdomain.xml",
   
  "session":"gs4get4ae74djt7belrumfbdp7",
  "id":"47099",
  "raceId":"2",
  "debug":"false",
  "enableFB":"false",
  "enableAchievement":"true",
  "enableContextMenu":"false"
  },
  {
  wmode: "window",
  allowFullScreen: "true",
  allowScriptAccess: "always",
  allowFullscreenInteractive:"true"
  }
  ); 


Edit : having problem expanding my spoilers. Anyone else with the same problem ? How can I fix that ?

Edit 53: (or maybe it's 54, can't remember)

Got some code running. It's almost running as I would like it to run
Almost

Here it is:
 

  private void button1_Click(object sender, EventArgs e) {  // login  webBrowser1.Navigate("http://s10-kongregate.callofgods.com/php/platform/kongregate/login.php?kongregate_user_id=XXXXXXX&kongregate_game_auth_token=b68464c251085146b9c30ce7179ecd7da5550be7c0e1997048ead04bec68e300&sid=s10&time=1393581185&sign=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");  webBrowser1.DocumentCompleted += new WebBrowserDocumentCompletedEventHandler(webBrowser1_DocumentCompleted); }  private void webBrowser1_DocumentCompleted(object sender,WebBrowserDocumentCompletedEventArgs e) {  //Retrieve page source code string tempString = webBrowser1.Document.ActiveElement.OuterHtml;   // Parse flashvars from source code /* tempString = Regex.Replace(tempString, "\\s|\r\n|\n|\"|'", "", RegexOptions.Multiline); string flashvars = Regex.Match(tempString, "swfobject.embedSWF.*{.*}").Value; tempString = parseFlashVars(flashvars); axShockwaveFlash1.FlashVars = tempString;*/   // the lazy and bad method to get there axShockwaveFlash1.FlashVars = "url=http://s10-kongregate.callofgods.com/flash/data/networkConfig.json&versionTag=_v=1393554734&configTag=_v=1393554734&httpConnectURL=http://s10-kongregate.callofgods.com/php/do.php&avatarConnectURL=http://s10-kongregate.callofgods.com/php/avatar.php&badgeConnectURL=http://s10-kongregate.callofgods.com/php/badge.php&badgecConnectURL=http://s10-kongregate.callofgods.com/php/badgec.php&loadingConnectURL=http://s10-kongregate.callofgods.com/php/loading.php&socketConnectURL=s10-kongregate.callofgods.com:7843&groupBadgeURL=http://s10-kongregate.callofgods.com/groupBadge/&characterAvatarURL=http://s10-kongregate.callofgods.com/characterAvatar/loadingImgURL=http://s10-kongregate.callofgods.com/loading/&flashURL=http://s10-kongregate.callofgods.com/flash/&flashResourceURL=http://s10-kongregate.callofgods.com/flashresource/&imgprefix=http://s10-kongregate.callofgods.com/flashresource/&isHttps=false&policyAddr=http://s10-kongregate.callofgods.com/crossdomain.xml&session=XXXXXXXXXXXXXXXXXXXXXXXXXXX&id=XXXXX&raceId=2&debug=false&enableFB=false&enableAchievement=true&enableContextMenu=false";   axShockwaveFlash1.EmbedMovie = true; axShockwaveFlash1.LoadMovie(0, "http://s10-kongregate.callofgods.com/flash/cog.swf_v=1393554734"); } 

Note: XXXXX are my ids...

It loads the swf (probably with the right FlashVars) into the Flash object but also into the webBrowser. I end up, with a message (in the flash object) stating "you are already logged on another computer". I can hear the game music playing (in the invisible webBrowser)

What is that that I'm doing wrong ?

Mat




Yes, I'm a newbie. Don't hit to hard on the head if I ask for newbities, it hurts !

RE: Call of Gods Posted on: 02/28/2014 2:01pm
Quote Post
Never let a computer tell me shit.

so it took me a bit more work than expected  to get mine running again...
so a few notes.
I use the webbrowser to get the info and handle cookies and stuff

because they added time and sign to the login script, I have to load the server selection page  kongregate.callofgods.com/server/server.php?{0}{1}&{2}{3}  first. this page will tell me the sign and the time
so now I can pass that info along and call the login page 

 sign=Regex.Matches(browser.Document.Body.InnerHtml, "sign=(?<sign>[\\da-zA-Z]+)\"")[0].Groups["sign"].Value;                                          browser.Navigate(string.Format("http://s{0}{1}{2}{3}&{4}{5}&sid=s{0}&time={6}&sign={7}", cb_server.SelectedIndex + 1, gameBaseURL, gameUserIDString, tb_uname.Text, gameAuthString, tb_upass.Text, Regex.Matches(browser.Document.Body.InnerHtml, "time=(?<time>\\d+)")[0].Groups["time"].Value,sign),                 "_self", null,                 string.Format("Referer: http://kongregate.callofgods.com/server/server.php?{0}{1}&{2}{3}", gameUserIDString, tb_uname.Text, gameAuthString, tb_upass.Text)                 ); 


from here, I get redirected to the play page ttp://s10-kongregate.callofgods.com/php/play.php?session_id=s4ltsp4
this page gives me the flash vars

 HtmlElementCollection col = browser.Document.GetElementsByTagName("script");              //foreach(HtmlElement x in col) //    System.Diagnostics.Debug.WriteLine(x.OuterHtml); //return;  string tempString = col[2].OuterHtml;  tempString = Regex.Replace(tempString, "\\s|\r\n|\n|\"|'", "", RegexOptions.Multiline);  //System.Diagnostics.Debug.WriteLine(tempString);  string flashvars = Regex.Match(tempString, "swfobject.embedSWF.*{.*}").Value;  System.Diagnostics.Debug.WriteLine("unprocessed flashvars:::" + flashvars);  tempString = LoginScripts.parseFlashVars(flashvars);  




from the flashvars i need to get the swf version before i load the swf (although i just inline it out of laziness)

  _mw.swf_warflow.FlashVars = tempString;                                   _mw.swf_warflow.LoadMovie(0, string.Format("http://s{0}-kongregate.callofgods.com/flash/cog.swf?_v={1}",cb_server.SelectedIndex + 1,Regex.Matches(browser.Document.Body.InnerHtml, "versionTag=_v=(?<version>\\d+)")[0].Groups["version"].Value));  browser.Dispose(); 




 




I use this AoB tool to make all the AoBs I post. Try the online version if you dont feel like downloading it.
"Obviously, windows are central to Windows. They are so important that they named the operating system after them. But what is a window?"

RE: Call of Gods Posted on: 02/28/2014 5:47pm
Quote Post

Thanks for that! Got it working now (it's embedded into the flash object)
My previous code was probably missing only the webBrowser1.Dispose()

With your code, it's a way more adaptable to the kongregate login procedure (everything was hardcoded in my code)

Appreciate the help, especially since i'm not used to all those technologies (cookies, chrome dev tools etc...). And I don't know much about regexes
Gonna have to dig into those two topics

Will post more when I have more result

Mat

Edit: 

I guess that this would be a way to find the Window Handle of a flash aplication running into a browser
But I like running the application only by the way

 [DllImport("user32.dll",SetLastError=true)]publicstaticexternIntPtrFindWindowEx(IntPtr parentHandle,IntPtr childAfter,string className,IntPtr windowTitle);publicIntPtrFlash(){IntPtr pControl;         pControl =FindWindowEx(webBrowser1.Handle,IntPtr.Zero,"Shell Embedding",IntPtr.Zero);         pControl =FindWindowEx(pControl,IntPtr.Zero,"Shell DocObject View",IntPtr.Zero);         pControl =FindWindowEx(pControl,IntPtr.Zero,"Internet Explorer_Server",IntPtr.Zero);         pControl =FindWindowEx(pControl,IntPtr.Zero,"MacromediaFlashPlayerActiveX",IntPtr.Zero);return pControl;}



Yes, I'm a newbie. Don't hit to hard on the head if I ask for newbities, it hurts !