100% Habbo-Camera [WORKAROUND] by Steve Winfield

[DJGOMEZV]

This is not this api, it's another app.

Is Blob Emulador from Daniel? You could spend this API to test my old camera?

 

[cabeludo007]

Is Blob Emulador from Daniel? You could spend this API to test my old camera?

From Daniel?
Where is saying that is from Daniel?

And no. I can't

 

[DJGOMEZV]

From Daniel?
Where is saying that is from Daniel?

And no. I can't

OK, I could spend the API of your current camera, to test the Blob Emulator I have?

 

[cabeludo007]

OK, I could spend the API of your current camera, to test the Blob Emulator I have?

I just don't know if i will rly release blob emulator. that emulator is like "Oh! a bug, fixed this... Oh no! two more bugs!!" and i don't wanna be replying post about fixing bugs for noobs... i hate do that

 

[Quackster]

Good job, it's a shame it's limited to this single swf though.

Would you ever release the source so we can inject it into our own swf versions? :

 

[cabeludo007]

Good job, it's a shame it's limited to this single swf though.

Would you ever release the source so we can inject it into our own swf versions? :

Edit a swf source to work with a code without the real source of the swf e a weird, rly rly weird thing. A lot of variables changes her names each every swf version, even if this variable/class/constant/anything does the same thing that the older swf does

 

[MRBruth]

Hey, i have a question, when i try make a photo on my hotel (Not localhost) when process, first response are 200 ok and next, it's 500 Server Internal Error and on emulator, doesn't appear message of parse mus command 'add_preview'

Maybe are for i'm using cloudflare on domain? Anyone can help me?

 

[Kyle Betts]

Not really a workaround when you are now forced to use this Habbo.swf.

So basically anyone that edited their SWF is forced to use yours.

Nah thanks. I'll just improve my camera script for Arcturus. Don't want people script poop like porn and stuff.

Yep, so true, I am sure is vulnerable to inject other images.

 

[The General]

Yep, so true, I am sure is vulnerable to inject other images.

Script ads furniture with links to porn. Easy.
Capture post request, modify and poof done.

I am just sayin'

 

[Kyle Betts]

Script ads furniture with links to porn. Easy.
Capture post request, modify and poof done.

I am just sayin'

True, but one bypassed it without ads furniture.

I think.. is not worth to use it, if is possible bypass easly!

 

[steffchef]

Good job, it's a shame it's limited to this single swf though.
Would you ever release the source so we can inject it into our own swf versions? :

I actually did it right away without writing down the changes, sorry.

Yep, so true, I am sure is vulnerable to inject other images.

Just as I mentioned:
"The PHP script got some protections for wannabes, however an advanced user could have the ability to bypass them."

Nonetheless I assure you that you won't find an invulnerable solution online (somebody proves me wrong pls).
Always think about murphy's law and compare consequences to profit.

Cheers,
Steve Winfield

 

[Kyle Betts]

I actually did it right away without writing down the changes, sorry.



Just as I mentioned:
"The PHP script got some protections for wannabes, however an advanced user could have the ability to bypass them."

Nonetheless I assure you that you won't find an invulnerable solution online (somebody proves me wrong pls).
Always think about murphy's law and compare consequences to profit.

Cheers,
Steve Winfield

You'll check a solution for the community?
I know you like work for the community, and I hope you'll find a method for stop the bypass!

 

[steffchef]

You'll check a solution for the community?
I know you like work for the community, and I hope you'll find a method for stop the bypass!

"1. Client sends objects (+ x and y positions) to the server (just like Sulake got it) + server verifies the data (None of the scripts I know verify it) + server creates an image out of it
2. Server fetches the current room situation + renders it by itself (no client interaction)"

Got no time for it, sorry.

Cheers,
Steve Winfield

 

[cabeludo007]

Get this:
https://mega.nz/#!UtNHnKKa!Zdk_F7VVl6vSyp5plcx1MY9fmm6THA1-Auy4ux_OX7k

Any questions?
R: I don't wanna know

 

[steffchef]

Get this:
https://mega.nz/#!UtNHnKKa!Zdk_F7VVl6vSyp5plcx1MY9fmm6THA1-Auy4ux_OX7k

Be aware though, it contains multiple vulnerabilities (and it doesn't seem to look neat lol - just seeing the pictures directory).

Cheers,
Steve Winfield

 

[cabeludo007]

Be aware though, it contains multiple vulnerabilities.

Cheers,
Steve Winfield

Yes, some. Easy to get it clean.

 

[steffchef]

Yes, some. Easy to get it clean.

Nah, it isn't (limiting the sprites and planes would be a start though)

 

[cabeludo007]

Nah, it isn't.

Why? which 'vulnerabilities' you found that isn't easy to fix?

 

[steffchef]

Why? which 'vulnerabilities' you found that isn't easy to fix?

The possibility to place any sprite (the ones that were saved) anywhere you want.

 

[cabeludo007]

Oh, its logic... what for some guy will decode the zlib json code to change the sprite order and encode that again and send to server by a hack app? I don't see the importance of the order of that... habbo is a place where, actually, just noob are currently playing. Less of the half of them knows even what is a php code.
And a good coder knows how to fix this