rehack

Hacking Farmville

91 posts in this topic

Hi all,

Since farmville has something like 10% of all of facebook's hits, that puts it at a rediculous 50 million per month.

and since its only been around for a few months at time of writing, I think its high time we hacked it.

I've allready noticed that they have an XML file containing rules; which plainly contains all the different xp levels

required to level up, etc. Different settings.

I created a server, and uploaded a modified version of the HTML which loads the SWF in, but passed it my modified

version of the rules file. Problem is, The flash loads, and then hangs in loading. must be checksummed.

Next step is to throw it through SWF decompiler and see if I can find any vulnerabilities that way.

Peace,

Rehack

-2

Share this post


Link to post
Share on other sites

Hi all,

Since farmville has something like 10% of all of facebook's hits, that puts it at a rediculous 50 million per month.

and since its only been around for a few months at time of writing, I think its high time we hacked it.

I've actually been kind of amazed at the popularity of this game. I suppose it mirrors any other RPG that somewhat mirrors real life: put time into a skill, and it'll develop. It's just sad that the skill we want to put time into is making clothing in an online world etc. Or maybe it's not sad, I haven't decided yet.

Regardless, I've been tossing around scripting my own facebook game where people have to do laundry, take out the garbage, and vacuum the carpet. I figure, if they like everyday activity so much, maybe this game'll be a hit by association. Or maybe they could just do my laundry. Either way.

1

Share this post


Link to post
Share on other sites

Hi

Can you think of anything else more productive, worth while and possibly notable to do then a lame online multi player game on a social networking site like facebook ?

I would suggest you redirect your energy to more constructive hacking projects then this one.

Just my 2p.

B

-1

Share this post


Link to post
Share on other sites

Hi

Can you think of anything else more productive, worth while and possibly notable to do then a lame online multi player game on a social networking site like facebook ?

I would suggest you redirect your energy to more constructive hacking projects then this one.

Just my 2p.

B

If its so lame, Belial, Then you won't have any problem getting your giant leet ass to level 70, without pumping any time or money into the hands of zynga.

-2

Share this post


Link to post
Share on other sites

Its just a shame that you've overlooked my give to the community, forward-thinking kind of approach. Farmville is only going to grow, and Zynga only going to net more profit. Do you think that is right? For an online farming application? What a waste of time. The fact that people really pay for it too, that sours my milk.

Edited by rehack
-1

Share this post


Link to post
Share on other sites

Its just a shame that you've overlooked my give to the community, forward-thinking kind of approach. Farmville is only going to grow, and Zynga only going to net more profit. Do you think that is right? For an online farming application? What a waste of time. The fact that people really pay for it too, that sours my milk.

It sounds like you have a problem with capitalism, which is fine, but cracking one of its manifestations isn't going to to do much as a retort. I don't see any other reason to attack any particular company.

You might also want to consider that this company wouldn't be in business if there weren't a demand (created arbitrarily is another issue) for such a game. Any particular company fulfilling this niche is arbitrary.

You want to attack a placeholder? I think your fight is better directed at capitalism.

You want to change patterns of demand? I think you want to fight human nature (aka culture?).

You want to do either of those things? I think you're wasting your time.

MT

2

Share this post


Link to post
Share on other sites

Its just a shame that you've overlooked my give to the community, forward-thinking kind of approach. Farmville is only going to grow, and Zynga only going to net more profit. Do you think that is right? For an online farming application? What a waste of time. The fact that people really pay for it too, that sours my milk.

Why not make your own farming game and rake in the millions that Zyaga is making...

1

Share this post


Link to post
Share on other sites

Its just a shame that you've overlooked my give to the community, forward-thinking kind of approach. Farmville is only going to grow, and Zynga only going to net more profit. Do you think that is right? For an online farming application? What a waste of time. The fact that people really pay for it too, that sours my milk.

It sounds like you have a problem with capitalism, which is fine, but cracking one of its manifestations isn't going to to do much as a retort. I don't see any other reason to attack any particular company.

You might also want to consider that this company wouldn't be in business if there weren't a demand (created arbitrarily is another issue) for such a game. Any particular company fulfilling this niche is arbitrary.

You want to attack a placeholder? I think your fight is better directed at capitalism.

You want to change patterns of demand? I think you want to fight human nature (aka culture?).

You want to do either of those things? I think you're wasting your time.

MT

So either you don't care or you can't.

I'll get round to having a look at it again, just as soon as I get off this damn forum..

-1

Share this post


Link to post
Share on other sites

Why not make your own farming game and rake in the millions that Zyaga is making...

bindun; farmtown. 2nd most popular to farmville.

-1

Share this post


Link to post
Share on other sites

Farmville seems to be one of these things that comes up in my notifications every once in a while... then i promptly ignore it.

haxxxoring fayceboox ; so leet

You think "it's time we hacked it" ? Who are you?

Bye

2

Share this post


Link to post
Share on other sites

If this game is interesting to him and this is what he wants to hack, why bash him? I would like to hear how this works and turns out. Some people have different interests in hacking than others. You don't have to agree with them, but if it isn't utterly destructive (and I do not think that hacking an online game is that destructive...annoying maybe...but not destructive) why belittle someone with different interests?

And no, i don't know anything about this game and don't even have a facebook account.

1

Share this post


Link to post
Share on other sites

Guys I'm on the side of rehack here. I know, as a flash game developer, I often wonder how games tick inside. I don't know anything about the game mentioned, as I don't have a facebook. If the game doesn't verify things server-side, the developer is asking for trouble.

1

Share this post


Link to post
Share on other sites

Guys I'm on the side of rehack here. I know, as a flash game developer, I often wonder how games tick inside. I don't know anything about the game mentioned, as I don't have a facebook. If the game doesn't verify things server-side, the developer is asking for trouble.

I have also noticed what rehack said about the xml config file used. I don't know if you've ever tried installing custom software on your U3 smart drive, but one of the steps involves tricking the update software into thinking that the U3 website is in fact localhost, so that you can then host your custom .iso on your local web server and install anything you want on it. Maybe something similar could be done with farmville: if you can redirect the url at which the xml file is hosted to your own server instead, you could probably do pretty much what you want. Just an idea.

Let's put aside the fact that Farmville is just a lame game. Yeah, it may be fun to try to hack it.

Here is the interesting part of the page where you can see farmville:

<div id="flashOuterContainer">
<object id="flashapp" width="760" height="594" type="application/x-shockwave-flash" name="flashapp" data="http://facebook.farmville.static.zynga.com/embeds/FV_Preloader.swf">
<param name="allowScriptAccess" value="always"/>
<param name="wmode" value="opaque"/>
<param name="allowFullScreen" value="true"/>
<param name="flashvars" value="type=&fb_sig_in_iframe=1&fb_sig_iframe_key=c51ce410e124b10f0db5e4b97fc2af39&fb_sig_locale=fr_CA&fb_sig_in_new_facebook=1&fb_sig_time=1255421271.2388&fb_sig_added=1&fb_sig_profile_update_time=1253414855&fb_sig_expires=1155579200&fb_sig_user=571685700&fb_sig_session_key=2._9Emw4Ulr6_rcwBD5mvSDQ__.86400.1255579200-571685560&fb_sig_ss=84uhZnBeM96WiXpwlzXQBw__&fb_sig_ext_perms=auto_publish_recent_activity&fb_sig_api_key=80c6ec0028efd9a465dd223190a65bbc&fb_sig_app_id=102452126776&fb_sig=786b966bb07ff8ff368f91f164f8efad&app_url=http://fb-0.farmville.zynga.com/current/&sn_app_url=http://apps.facebook.com/onthefarm/&asset_url=http://facebook.farmville.static.zynga.com/v5854/&swfLocation=http://facebook.farmville.static.zynga.com/embeds/FarmGame.5865.swf&game_config_url=http://facebook2.farmville.static.zynga.com/current/v5854/gameSettings.xml&fotd=http://facebook.farmville.static.zynga.com/v5854/assets/fotd/PreLoaderFarm12.jpg&localization_url=http://facebook2.farmville.static.zynga.com/current/v5854/flashLocaleXml.xml&flashRevision=5865"/>
</object>
</div>

Here is a sample farmville XML config file:

http://facebook2.farmville.static.zynga.com/current/v5854/gameSettings.xml

EDIT: pasting the entire XML file in this post made this thread load very slowly, so now I'm linking to it instead.

0

Share this post


Link to post
Share on other sites

Hi

Can you think of anything else more productive, worth while and possibly notable to do then a lame online multi player game on a social networking site like facebook ?

I would suggest you redirect your energy to more constructive hacking projects then this one.

Just my 2p.

B

To be quite honest I see this as a productive method of learning. Look outside the box for a moment. He is developing skills at not only debugging a production quality game, he is taking the time, effort, and resources to tinker with something in hopes to overcome its natural boundaries. Unless he is all er33t and already knows how to get this to work... he will gain a variable of new information.

It's not what your hacking, its what you gain from the experience.

0

Share this post


Link to post
Share on other sites

If this game is interesting to him and this is what he wants to hack, why bash him? why belittle someone with different interests?

And no, i don't know anything about this game and don't even have a facebook account.

I didn't bash him and I didn't even belittle him. Please elaborate exactly where I did that in my post. I just have an opposing view of what he and others here find a constructive hacking project. So if you want to spend your time RE'ing a flash online game then knock yourself out. -: I just want to provide some alternative criticism, I am entitled to my opinion here like everyone else is right? . As far as learning is concerned then that's fine, learning is completely different but Rehack's agenda seemed to be a little different to just 'learning'

"Its just a shame that you've overlooked my give to the community, forward-thinking kind of approach. Farmville is only going to grow, and Zynga only going to net more profit. Do you think that is right? For an online farming application? What a waste of time. The fact that people really pay for it too, that sours my milk."
Fight the Farmvill! Fight the power!!
1

Share this post


Link to post
Share on other sites

public function init() : void
{
var _loc_5:* = this.stage;
GlobalEngine.stage = this.stage;
Global.stage = _loc_5;
GlobalEngine.parseFlashVars(this.parameters);
var _loc_1:* = Config.BASE_PATH + "gameSettings.xml";
var _loc_2:* = Config.BASE_PATH + "flashLocaleXml.xml";
if (parameters.game_config_url)
{
_loc_1 = parameters.game_config_url;
}
if (parameters.localization_url)
{
_loc_2 = parameters.localization_url;
}
if (parameters.visitId)
{
Global.setVisiting(parameters.visitId);
}
GlobalEngine.log("Init", "Base URL: " + Config.SERVICES_GATEWAY_PATH);
GlobalEngine.log("Init", "Asset URL: " + Config.ASSET_BASE_PATH);
GlobalEngine.log("Init", "Game Config URL: " + _loc_1);
var _loc_3:* = parameters.skipFacebook == true;
var _loc_4:* = new InitializationManager();
new InitializationManager().add(new GameSettingsInit(_loc_1));
_loc_4.add(new LocalizationInit(_loc_2));
_loc_4.add(new FacebookInit(_loc_3));
_loc_4.add(new TransactionsInit());
_loc_4.add(new GlobalsInit());
_loc_4.add(new MyLifeAvatarInit());
_loc_4.add(new UIInit());
_loc_4.add(new AssetLoadingInit());
_loc_4.addEventListener(ProgressEvent.PROGRESS, onInitProgress);
_loc_4.addEventListener(Event.COMPLETE, onAllInitComplete);
_loc_4.execute();
return;
}// end function

Decompiled init script, not sure if that will help anyone :P

For some reason they have the flashVars send the config file location and then it compiles the location itself?

Edit:

I created a server, and uploaded a modified version of the HTML which loads the SWF in, but passed it my modified

version of the rules file. Problem is, The flash loads, and then hangs in loading. must be checksummed.

Next step is to throw it through SWF decompiler and see if I can find any vulnerabilities that way.

Peace,

Rehack

I don't think it's check-summed, but it uses some variables from facebook to see if its been loaded from the page or not... How these variables are determined I do not know.

Edit2:

What is the URL of this code?

<div id="flashOuterContainer">
<object id="flashapp" width="760" height="594" type="application/x-shockwave-flash" name="flashapp" data="http://facebook.farmville.static.zynga.com/embeds/FV_Preloader.swf">
<param name="allowScriptAccess" value="always"/>
<param name="wmode" value="opaque"/>
<param name="allowFullScreen" value="true"/>
<param name="flashvars" value="type=&fb_sig_in_iframe=1&fb_sig_iframe_key=c51ce410e124b10f0db5e4b97fc2af39&fb_sig_locale=fr_CA&
fb_sig_in_new_facebook=1&fb_sig_time=1255421271.2388&fb_sig_added=1&fb_sig_profile_update_time=1253414855&
fb_sig_expires=1155579200&fb_sig_user=571685700&fb_sig_session_key=2._9Emw4Ulr6_rcwBD5mvSDQ__.
86400.1255579200-571685560&fb_sig_ss=84uhZnBeM96WiXpwlzXQBw__&fb_sig_ext_perms=auto_publish_recent_activity&
fb_sig_api_key=80c6ec0028efd9a465dd223190a65bbc&fb_sig_app_id=102452126776&fb_sig=786b966bb07ff8ff368f91f164f8efad&
app_url=http://fb-0.farmville.zynga.com/current/&sn_app_url=http://apps.facebook.com/onthefarm/&
asset_url=http://facebook.farmville.static.zynga.com/v5854/&swfLocation=http://facebook.farmville.
static.zynga.com/embeds/FarmGame.5865.swf&game_config_url=http://facebook2.farmville.static.zynga.
com/current/v5854/gameSettings.xml&fotd=http://facebook.farmville.static.zynga.com/v5854/assets/fotd/
PreLoaderFarm12.jpg&localization_url=http://facebook2.farmville.static.zynga.com/current/v5854/flashLocaleXml.
xml&flashRevision=5865"/>
</object>
</div>

If I can get that URL and extract the code using a program I make every time we want to load the client, I can load it in the program and control the functions of the SWF...

Ahaha! That will work, I tried sending your keys to the client and watched the outgoing connections, and it gets stuck loading while asking api.facebook.com for permission, and obviously since those are your keys and well past expired it stops loading there.

Edited by Zeldo
0

Share this post


Link to post
Share on other sites

I wouldn't try to load the app out of facebook, but I would try using Paros Proxy to intercept the HTTP response in which the flash app parameters are sent, so that you can change them to whatever url you want. gameSettings.xml lists a lot of relative paths to files located at the path given in the asset_url parameter. To successfully mirror the game on your own server, you need to make sure that the game can load all those files successfully. The first thing you need to do is gather all those files, and I write a perl script just for that:


#!/usr/bin/perl

my $url;
my $file;
my $path;

my $app_url = "fb-0.farmville.zynga.com/current/";
my $sn_app_url = "apps.facebook.com/onthefarm/";
my $asset_url = "facebook.farmville.static.zynga.com/v5854/";
my $swf_location = "facebook.farmville.static.zynga.com/embeds/FarmGame.5865.swf";
my $game_config_url = "facebook2.farmville.static.zynga.com/current/v5854/gameSettings.xml";
my $fotd = "facebook.farmville.static.zynga.com/v5854/assets/fotd/PreLoaderFarm4.jpg";
my $localization_url = "facebook2.farmville.static.zynga.com/current/v5854/flashLocaleXml.xml";

if(not -e $swf_location) {
system("wget -x " . $swf_location);
}

if(not -e $game_config_url) {
system("wget -x " . $game_config_url);
}

if(not -e $ftod) {
system("wget -x " . $ftod);
}

if(not -e $localization_url) {
system("wget -x " . $localization_url);
}

open("CFG", $game_config_url);

while($line = <CFG>)
{
if($line =~ m/.+url=\"(\S+)\".*/)
{
$url = $1;

if($url =~ m/(.+\/)([^\/]+\.\w+)$/)
{
$path = $1;
$file = $2;

if(not -e $asset_url . $url) {
system("wget -x " . $asset_url . $url);
}
}
}
}

close(CFG);

Run the script, wait a few minutes and voila... you got a backup copy of all the .swf, .xml, and .jpg files for FarmVille. This should help going to the next step.

0

Share this post


Link to post
Share on other sites

I wouldn't try to load the app out of facebook, but I would try using Paros Proxy to intercept the HTTP response in which the flash app parameters are sent, so that you can change them to whatever url you want. gameSettings.xml lists a lot of relative paths to files located at the path given in the asset_url parameter. To successfully mirror the game on your own server, you need to make sure that the game can load all those files successfully. The first thing you need to do is gather all those files, and I write a perl script just for that:


#!/usr/bin/perl

my $url;
my $file;
my $path;

my $app_url = "fb-0.farmville.zynga.com/current/";
my $sn_app_url = "apps.facebook.com/onthefarm/";
my $asset_url = "facebook.farmville.static.zynga.com/v5854/";
my $swf_location = "facebook.farmville.static.zynga.com/embeds/FarmGame.5865.swf";
my $game_config_url = "facebook2.farmville.static.zynga.com/current/v5854/gameSettings.xml";
my $fotd = "facebook.farmville.static.zynga.com/v5854/assets/fotd/PreLoaderFarm4.jpg";
my $localization_url = "facebook2.farmville.static.zynga.com/current/v5854/flashLocaleXml.xml";

if(not -e $swf_location) {
system("wget -x " . $swf_location);
}

if(not -e $game_config_url) {
system("wget -x " . $game_config_url);
}

if(not -e $ftod) {
system("wget -x " . $ftod);
}

if(not -e $localization_url) {
system("wget -x " . $localization_url);
}

open("CFG", $game_config_url);

while($line = <CFG>)
{
if($line =~ m/.+url=\"(\S+)\".*/)
{
$url = $1;

if($url =~ m/(.+\/)([^\/]+\.\w+)$/)
{
$path = $1;
$file = $2;

if(not -e $asset_url . $url) {
system("wget -x " . $asset_url . $url);
}
}
}
}

close(CFG);

Run the script, wait a few minutes and voila... you got a backup copy of all the .swf, .xml, and .jpg files for FarmVille. This should help going to the next step.

Thanks for the script but there are hundreds of files that the game downloads when it needs, and as a side note, I am on windows :X

But I had another question, is there anyway to redirect just that one link to my server? (The config one) so that when I load it on facebook it loads everything from there server except that file which gets redirected to my server.

Thanks, Zeldo.

0

Share this post


Link to post
Share on other sites

Thanks for the script but there are hundreds of files that the game downloads when it needs, and as a side note, I am on windows :X

But I had another question, is there anyway to redirect just that one link to my server? (The config one) so that when I load it on facebook it loads everything from there server except that file which gets redirected to my server.

Thanks, Zeldo.

Here's a copy:

http://www.awakecoding.com/farmville/farmville.zip

At this time I don't know if it's possible, but I'll go for the "safest" way. I mirrored the files on my website, for but some reason requests to my website do not go through paros proxy... which causes problems.

0

Share this post


Link to post
Share on other sites

They updated the game while I was trying to tamper the HTTP response so that it loads my files instead of the original:

fvversionupdate.png

Check that when you're trying to tamper your config file you're in sync with the current version.

0

Share this post


Link to post
Share on other sites

They updated the game while I was trying to tamper the HTTP response so that it loads my files instead of the original:

fvversionupdate.png

Check that when you're trying to tamper your config file you're in sync with the current version.

You get that message when the farm in your client doesn't match the farm they have on there server (each request is handled and if a few get lost, you get the error).

Edit:

Getting closer... I downloaded some JS files off there server that wern't in the zip but I am still missing a few, need to figure out what they are, log digging time... Here's what I have so far

[Thu Oct 15 23:47:48 2009] [error] [client 127.0.0.1] File does not exist: C:/wamp/www/current/images, referer: http://apps.facebook.com/onthefarm/index.php?ref=bookmark
[Thu Oct 15 23:47:48 2009] [error] [client 127.0.0.1] File does not exist: C:/wamp/www/current/css, referer: http://fbpr1.farmville.zynga.com/current/flash.php?&type=&fb_sig_in_iframe=1&fb_sig_iframe_key=9bf31c7ff062936a96d3c8bd1f8f2ff3&fb_sig_locale=en_US&fb_sig_in_new_facebook=1&fb_sig_time=1255664870.4234&fb_sig_added=1&fb_sig_profile_update_time=1244001464&fb_sig_expires=1255752000&fb_sig_user=1633669734&fb_sig_session_key=2.hkQv27z4CtH185brIDvd4w__.86400.1255752000-1633669734&fb_sig_ss=Vs_WOLzdJZKNGQBBUfsZ1Q__&fb_sig_ext_perms=status_update%2Cphoto_upload%2Cvideo_upload%2Ccreate_note%2Cshare_item%2Cauto_publish_short_feed%2Cpublish_stream%2Cauto_publish_recent_activity&fb_sig_api_key=80c6ec6628efd9a465dd223190a65bbc&fb_sig_app_id=102452128776&fb_sig=235a333a9c23d0428038c684148385f1
[Thu Oct 15 23:47:48 2009] [error] [client 127.0.0.1] File does not exist: C:/wamp/www/current/css, referer: http://fbpr1.farmville.zynga.com/current/flash.php?&type=&fb_sig_in_iframe=1&fb_sig_iframe_key=9bf31c7ff062936a96d3c8bd1f8f2ff3&fb_sig_locale=en_US&fb_sig_in_new_facebook=1&fb_sig_time=1255664870.4234&fb_sig_added=1&fb_sig_profile_update_time=1244001464&fb_sig_expires=1255752000&fb_sig_user=1633669734&fb_sig_session_key=2.hkQv27z4CtH185brIDvd4w__.86400.1255752000-1633669734&fb_sig_ss=Vs_WOLzdJZKNGQBBUfsZ1Q__&fb_sig_ext_perms=status_update%2Cphoto_upload%2Cvideo_upload%2Ccreate_note%2Cshare_item%2Cauto_publish_short_feed%2Cpublish_stream%2Cauto_publish_recent_activity&fb_sig_api_key=80c6ec6628efd9a465dd223190a65bbc&fb_sig_app_id=102452128776&fb_sig=235a333a9c23d0428038c684148385f1
[Thu Oct 15 23:47:50 2009] [error] [client 127.0.0.1] File does not exist: C:/wamp/www/current/v6013, referer: http://facebook.farmville.static.zynga.com/embeds/FV_Preloader.swf
[Thu Oct 15 23:47:50 2009] [error] [client 127.0.0.1] File does not exist: C:/wamp/www/current/v6013, referer: http://facebook.farmville.static.zynga.com/embeds/FV_Preloader.swf

Looks like they are actually on version 6013 but didn't update all the files :P

Edit2:

Log files from what it is missing

127.0.0.1 - - [15/Oct/2009:23:47:48 -0400] "GET /current/images/FV_logo_header_bar.png HTTP/1.1" 404 235
127.0.0.1 - - [15/Oct/2009:23:47:48 -0400] "GET /current/css/reset.css HTTP/1.1" 404 219
127.0.0.1 - - [15/Oct/2009:23:47:48 -0400] "GET /current/css/main.css HTTP/1.1" 404 218
127.0.0.1 - - [15/Oct/2009:23:47:50 -0400] "GET /current/v6013/gameSettings.xml HTTP/1.1" 404 228
127.0.0.1 - - [15/Oct/2009:23:47:50 -0400] "GET /current/v6013/flashLocaleXml.xml HTTP/1.1" 404 230

It wants ANOTHER set of gameSettings?? I think they are screwing with people now...

Edit3:

DAMN IT they updated when I was downloading the files and I have to redownload them!!!

Edit4:

Successfully loaded the client from my computer... including the config file(s)... I can plow for 1 (What I changed it to) and it only works client side... after a refresh it ends up being plowed for the original 15... It seems they have alot server sided and the config files are only for your appearance... they serve no use for the accounts...

Next step... Automating function sends, since Aghaster helped me get all the files, hopefully I can create a custom client by decompiling and recompiling the client...

Thanks again Aghaster, I am still a newb at this stuff ^^

Edited by Zeldo
-1

Share this post


Link to post
Share on other sites

Ok, here's an updated perl script:


#!/usr/bin/perl

my $url;
my $file;
my $path;

my $app_url = "fb-0.farmville.zynga.com/current/";
my $sn_app_url = "apps.facebook.com/onthefarm/";
my $asset_url = "facebook.farmville.static.zynga.com/v6013/";
my $swf_location = "facebook.farmville.static.zynga.com/embeds/FarmGame.6011.swf";
my $game_config_url = "facebook2.farmville.static.zynga.com/current/v6013/gameSettings.xml";
my $fotd = "facebook.farmville.static.zynga.com/v6013/assets/fotd/PreLoaderFarm14.jpg";
my $localization_url = "facebook2.farmville.static.zynga.com/current/v6013/flashLocaleXml.xml";
my $fv_logo_url = "facebook2.farmville.static.zynga.com/current/images/FV_logo_header_bar.png";
my $main_css_url = "facebook2.farmville.static.zynga.com/current/css/main.css";
my $reset_css_url = "facebook2.farmville.static.zynga.com/current/css/reset.css";

if(not -e $swf_location) {
system("wget -x " . $swf_location);
}

if(not -e $game_config_url) {
system("wget -x " . $game_config_url);
}

if(not -e $ftod) {
system("wget -x " . $ftod);
}

if(not -e $localization_url) {
system("wget -x " . $localization_url);
}

if(not -e $fv_logo_url) {
system("wget -x " . $fv_logo_url);
}

if(not -e $main_css_url) {
system("wget -x " . $main_css_url);
}

if(not -e $reset_css_url) {
system("wget -x " . $reset_css_url);
}

open("CFG", $game_config_url);

while($line = <CFG>)
{
if($line =~ m/.+url=\"(\S+)\".*/)
{
$url = $1;

if($url =~ m/(.+\/)([^\/]+\.\w+)$/)
{
$path = $1;
$file = $2;

if(not -e $asset_url . $url) {
system("wget -x " . $asset_url . $url);
}
}
}
}

close(CFG);

I've replaced the older version with v6013 on my site:

http://www.awakecoding.com/farmville/farmville.zip

0

Share this post


Link to post
Share on other sites

Ok, here's an updated perl script:


#!/usr/bin/perl

my $url;
my $file;
my $path;

my $app_url = "fb-0.farmville.zynga.com/current/";
my $sn_app_url = "apps.facebook.com/onthefarm/";
my $asset_url = "facebook.farmville.static.zynga.com/v6013/";
my $swf_location = "facebook.farmville.static.zynga.com/embeds/FarmGame.6011.swf";
my $game_config_url = "facebook2.farmville.static.zynga.com/current/v6013/gameSettings.xml";
my $fotd = "facebook.farmville.static.zynga.com/v6013/assets/fotd/PreLoaderFarm14.jpg";
my $localization_url = "facebook2.farmville.static.zynga.com/current/v6013/flashLocaleXml.xml";
my $fv_logo_url = "facebook2.farmville.static.zynga.com/current/images/FV_logo_header_bar.png";
my $main_css_url = "facebook2.farmville.static.zynga.com/current/css/main.css";
my $reset_css_url = "facebook2.farmville.static.zynga.com/current/css/reset.css";

if(not -e $swf_location) {
system("wget -x " . $swf_location);
}

if(not -e $game_config_url) {
system("wget -x " . $game_config_url);
}

if(not -e $ftod) {
system("wget -x " . $ftod);
}

if(not -e $localization_url) {
system("wget -x " . $localization_url);
}

if(not -e $fv_logo_url) {
system("wget -x " . $fv_logo_url);
}

if(not -e $main_css_url) {
system("wget -x " . $main_css_url);
}

if(not -e $reset_css_url) {
system("wget -x " . $reset_css_url);
}

open("CFG", $game_config_url);

while($line = <CFG>)
{
if($line =~ m/.+url=\"(\S+)\".*/)
{
$url = $1;

if($url =~ m/(.+\/)([^\/]+\.\w+)$/)
{
$path = $1;
$file = $2;

if(not -e $asset_url . $url) {
system("wget -x " . $asset_url . $url);
}
}
}
}

close(CFG);

I've replaced the older version with v6013 on my site:

http://www.awakecoding.com/farmville/farmville.zip

They already updated to 6015 :P, but thanks, I got the files :)

I have made a discovery thought, When plowing there is a chance of getting a 100 coin bonus, it appears as I dig through the mounds of code this game has... that the change of getting it is hard coded into the client, so if we can change that value from a 1/1000 chance to 1/1 chance we can plow for +85GP +1XP :D

*goes back to trying to figure this out*

Edit:

Currently downloading FLEX and decompiling the SWF to flex files, but here is the function I am planning on editing (Removing the if)

public function TPlow(param1:Plot, param2:int)
{
var _loc_13:Vector2 = null;
m_energy = param2;
var _loc_3:* = param1.getPosition().x;
var _loc_4:* = param1.getPosition().y;
var _loc_5:* = Global.player.gold;
var _loc_6:* = Global.player.getId();
var _loc_7:* = Global.player.getId().toString() + _loc_5.toString() + _loc_3.toString() + _loc_4.toString();
var _loc_8:* = MD5.hash(_loc_7);
var _loc_9:int = 7;
var _loc_10:* = parseInt("0x" + _loc_8.substr(-_loc_9)) % 1000;
var _loc_11:* = Global.gameSettings.getNumber("coinFountainProbability") * 1000;
var _loc_12:* = Global.gameSettings.getInt("coinFountainYield");
if (_loc_10 < _loc_11)
{
Global.player.gold = Global.player.gold + _loc_12;
_loc_13 = IsoMath.tilePosToPixelPos(param1.getPosition().x, param1.getPosition().y, param1.getPosition().z);
Global.ui.displayOverlaySWF(Global.getAssetURL(FOUNTAIN_URL), new Point(_loc_13.x - param1.getActualDisplayObjectSize().x / 8, _loc_13.y - param1.getActualDisplayObjectSize().y / 3));
Global.selectedAvatar.displayStatus(GlobalEngine.quickLocalize("FarmGame", "Status_HarvestPlot", [100]));
}
super(param1);
return;
}// end function

Feel free to tell me I am wasting my time, I don't know if any of this is possible, just taking shots in the dark to try and get somewhere ^^

Bah this decompiler says its exporting it but it always finishes with no files...

Edited by Zeldo
0

Share this post


Link to post
Share on other sites

Feel free to tell me I am wasting my time, I don't know if any of this is possible, just taking shots in the dark to try and get somewhere ^^

You're never wasting your time :P We're making progress here. As long as you're learning in the process of doing it, it's worth it. I have never decompiled flash apps, however, but I think that there are possible outcomes from this.

The frequent updates to the game are a pain in the ass... we should automate updates. Maybe I could try making a script that will poll the website every 15 seconds for updates and download any new version and host that on my website.

@rehack: You remain silent? We're hacking Farmville now...

0

Share this post


Link to post
Share on other sites
But I had another question, is there anyway to redirect just that one link to my server? (The config one) so that when I load it on facebook it loads everything from there server except that file which gets redirected to my server.

Thanks, Zeldo.

Sorry, Im pretty sure thats what I've attempted. However, I didn't use Pharos Proxy to redirect it, It was more of a php Editing approach. That guy ^ recons that its because of facebook keys, but I edited the file to point to my modified GameSettings.xml within a minuite of obtaining them. oviously theres something i've missed..

BTW: SO pleased that you guys are on board for this one, with multiple brains it surely can't be long. :)

@Zeldo: If its hard coded into the client, That looks like a good route to me. A simple hex 'n then as you said, will be plowing for gold!

Question is - does the client tell the server whats happened in that case, how much gold we've earned, or does the server tell us how much gold we should have?

Edited by rehack
0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now