• Content count

  • Joined

  • Last visited

Community Reputation

-7 Noobie

About rehack

  • Rank
    I broke 10 posts and all I got was this lousy title!

Profile Information

  • Gender
  1. Hey man, sorry but my concept with the gamesettings.xml file was only a test. It didn't work out. It was a possibility to alter the settings, then pass the new gamesettings.xml to the flash with a proxy, or by editing. but as of yet, no one has found a way to beat the fact that the server always keeps a track of what you're doing; imagine it as though the client only had controls like farm(land); and plant(crop, land); and then the server uses the result of these commands to tally 1) how much money you have and 2) what actions you're allowed to perform. so really, unless there is some unchecked value, or buffer overflow then there isn't much we can do.
  2. Personally, I disagree. I have a batchelors, and I found that working for a company (my first professional job) doing oracle database stuff, with .net frontends, I found my degree to be of absoloutely next to zero value. Most of the learning was done on the job. Also, just like anyone else, I still got exploited to fuck. Paid the wage, (20k salary) but then excused after 6 months because of the recession. The Boss was winding me up to fuck aswell, with his increasingly incredible expectations. Arsehole. So my 2 Cents? If your right for the job, you'll get it, degree or not. Its who you are, not what you have.
  3. Man, cellphones make this so much more fun. too true Thats how I got into this game, playing around on a badly configured system. Ahh, lets remember: It was an old windows 95 RM network, and I recall getting hold of the RM setup disk, reading some files and learning all about the setup account, password "changeme" lmfao. Much fun was had!
  4. The contents were interesting. The date would be an issue: most high profile attacks today seem to be on web applications. Many countermeasures to older attacks have been invented since 2001. (That's an understatement.) The main value I see in this book would be a deeper understanding of network protocols used in network-level hacking. For more modern attacks, books like Hacking Exposed series, Anti-Hacker toolkit, C.E.H. exam guide (excellent tool coverage), shellcoder's handbook, etc. are more useful. I can confirm that his sources and/or experiences are relevant. Ah, the power of peer review. wow, thanks.
  5. First of all, can somone delete that guys huuuuuge portion of garbage script? it crashes ie, firefox and safari on every windows PC i've used to view the thread. It seems the server keeps everything in sync anyway. However, using memory editors such as CheatEngine it seems to be possible to find values and edit them. Search for your current amount of coins, for example, and replace with 999,999. However, most people have trouble making this stick, undoubtably because the server doesn't really accept anything from the client. I propose another approach: have a look at what the client does to communicate with the server, and see if any of these methods could be vulnerable to attack. If anyone else has any ideas, please share.
  6. Sorry, Im pretty sure thats what I've attempted. However, I didn't use Pharos Proxy to redirect it, It was more of a php Editing approach. That guy ^ recons that its because of facebook keys, but I edited the file to point to my modified GameSettings.xml within a minuite of obtaining them. oviously theres something i've missed.. BTW: SO pleased that you guys are on board for this one, with multiple brains it surely can't be long. @Zeldo: If its hard coded into the client, That looks like a good route to me. A simple hex 'n then as you said, will be plowing for gold! Question is - does the client tell the server whats happened in that case, how much gold we've earned, or does the server tell us how much gold we should have?
  7. bindun; farmtown. 2nd most popular to farmville.
  8. It sounds like you have a problem with capitalism, which is fine, but cracking one of its manifestations isn't going to to do much as a retort. I don't see any other reason to attack any particular company. You might also want to consider that this company wouldn't be in business if there weren't a demand (created arbitrarily is another issue) for such a game. Any particular company fulfilling this niche is arbitrary. You want to attack a placeholder? I think your fight is better directed at capitalism. You want to change patterns of demand? I think you want to fight human nature (aka culture?). You want to do either of those things? I think you're wasting your time. MT So either you don't care or you can't. I'll get round to having a look at it again, just as soon as I get off this damn forum..
  9. Its just a shame that you've overlooked my give to the community, forward-thinking kind of approach. Farmville is only going to grow, and Zynga only going to net more profit. Do you think that is right? For an online farming application? What a waste of time. The fact that people really pay for it too, that sours my milk.
  10. If its so lame, Belial, Then you won't have any problem getting your giant leet ass to level 70, without pumping any time or money into the hands of zynga.
  11. Hi all, Since farmville has something like 10% of all of facebook's hits, that puts it at a rediculous 50 million per month. and since its only been around for a few months at time of writing, I think its high time we hacked it. I've allready noticed that they have an XML file containing rules; which plainly contains all the different xp levels required to level up, etc. Different settings. I created a server, and uploaded a modified version of the HTML which loads the SWF in, but passed it my modified version of the rules file. Problem is, The flash loads, and then hangs in loading. must be checksummed. Next step is to throw it through SWF decompiler and see if I can find any vulnerabilities that way. Peace, Rehack