Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

HabboAir AIR63-201708251331-359388093 + Crack method

Joined
Feb 22, 2012
Messages
2,100
Reaction score
1,271
Ok guys so,

First of all, this isn't going to be a tutorial, because 1) I don't have as much time, and 2) I can't remember most of what I did.

Apparently Incapsula is blocking the Android Package file extension name, so I'll write only Android Package.

So, a few months ago I've cracked HabboTablet.swf and made it work on Android Devices. Since Habbo for android has been long forgotten, I'm here to release what I did, but remember this package is old thus must be updated.What I did first was to packetlog everything, thus I changed (on this swf version) the keys located in the namespace _-4ZA class _-4Sj, method _-3Ub.

base64 :
xIBlMDUyODA4YzFhYmVmNjlhMWE2MmMzOTYzOTZiODU5NTVlMmZmNTIyZjUxNTc2MzlmYTZhMTlhOThiNTRlMGU0ZDZlNDRmNDRjNGMwMzkwZmVlOGNjZjY0MmEyMmI2ZDQ2ZDcyMjhiMTBlMzRhZTZmZmZiNjFhMzVjMTEzMzM3ODBhZjZkZDFhYWFmYTczODhmYTZjNjViNTFlODIyNWM2YjU3Y2Y1ZmJhYzMwODU2ZTg5NjIyOTUxMmUxZjlhZjAzNDg5NTkzN2IyY2I2NjM3ZWI2ZWRmNzY4YzEwMTg5ZGYzMGMxMGQ4YTNlYzIwNDg4YTE5ODA2MzU5OWNhNmFkBTEwMDAx
Encoded as:
{char:NLength}{string:Modulus}{char:ELength}{string:Exponent}

It contains a string that's a base64, so all I did was to change to my keys.
GUyrDRJ - HabboAir AIR63-201708251331-359388093 + Crack method - RaGEZONE Forums



After packetlogging (some of which can be found here: ) with a packetlogger based on @Arachis :

Source code from the packetlogger:

So I had to crack the SWF, so first the crypto was using my keys, now I had to disable a few security checks. I can't recall correctly, first because I'm tired, second because it has been around 5 months that I did it, and lots has happened.Anyway, I've also defined the hostname to a fixed host, so you must change this in JPEXS or RABCDasm.

Again in namespace _-4ZA, I've altered the method _-eL that contains some crossdomain urls. I can't remember if this was necessary, but duck that, it's in there.

hDnqaRO - HabboAir AIR63-201708251331-359388093 + Crack method - RaGEZONE Forums


---------------------------------------------------------------------
To recompile and reassign the package:

I've uploaded the rar, and there's a folder called "build":

Put the original SWF named "Habbo dot apk" and open "decompile.bat", and it will save the output data to HabboTabletOutput.
To recompile use recompile.bat, in which will create a new apk from HabboTabletOutput folder, and create HabboNew.apk.

To resign and install in other devices, just click in one_click_signer.cmd, in which will use HabboNew.apk and save it in signed-HabboNew.apk.

---------------------------------------------------------------------

There's already an unsigned and a signed version included in the downloadable file.

----------------------------------------------------------------------

To login and register you must create an API (you can simply use Chocolatey CMS for that, there's only a few new requests, such as /api/ssotoken that returns the ssotoken based on your logged in user. A few modifications on Chocolatey and you'll be ready to go. In my case I've written a test php project.

----------------------------------------------------------------------

To make your emulator compatible in a quick and hardcoded way:

I've used the packet 4000, to check whether you are on X or Y release. If you are on mobile version it will patch the header bytes, and with little changes on the packetmanager I was able to patch it everytime the client was in Android.

If server receives a packet, it will first get the header of the packet that it is translated to (for instance, 123 is on desktop, but air is 456, so I have to make 456 to point to 123). On the outgoing I do the reverse: I must have a list of desktop packets pointing to mobile packets. I didn’t had to modify much of my current source code, and it made sure both desktop and android would communicate between each other. HARDCODZ

Mx5ekXF - HabboAir AIR63-201708251331-359388093 + Crack method - RaGEZONE Forums


Something like this.

The structures are usually the same, in except of some of the catalogue, and navigator. But most of the functionalities used didn't need a different packet structure.

----------------------------------------------------------------------
You can change all configurations in common_configuration_txt located in the binarydata.
8xLdFYL - HabboAir AIR63-201708251331-359388093 + Crack method - RaGEZONE Forums

save it as an txt, edit it, and reimport.

----------------------------------------------------------------------

E = "3";
N = "86851dd364d5c5cece3c883171cc6ddc5760779b992482bd1e20dd296888df91b33b936a7b93f06d29e8870f703a216257dec7c81de0058fea4cc5116f75e6efc4e9113513e45357dc3fd43d4efab5963ef178b78bd61e81a14c603b24c8bcce0a12230b320045498edc29282ff0603bc7b7dae8fc1b05b52b2f301a9dc783b7";
D = "59ae13e243392e89ded305764bdd9e92e4eafa67bb6dac7e1415e8c645b0950bccd26246fd0d4af37145af5fa026c0ec3a94853013eaae5ff1888360f4f9449ee023762ec195dff3f30ca0b08b8c947e3859877b5d7dced5c8715c58b53740b84e11fbc71349a27c31745fcefeeea57cff291099205e230e0c7c27e8e1c0512b";

----------------------------------------------------------------------

HabboTablet.swf is located in assets/HabboTablet.swf

  • Build folder (contains the tools you need to decompile, recompile, and re-sign)
  • Original APK that I used to base (contains the original swf)
  • Signed and Unsigned APK
  • Cracked SWF

Download can be found in: or
Images:
f7CHJUm - HabboAir AIR63-201708251331-359388093 + Crack method - RaGEZONE Forums
4rNBWmo - HabboAir AIR63-201708251331-359388093 + Crack method - RaGEZONE Forums
xLfMV4A - HabboAir AIR63-201708251331-359388093 + Crack method - RaGEZONE Forums
EU26z8Y - HabboAir AIR63-201708251331-359388093 + Crack method - RaGEZONE Forums
f9Khhy9 - HabboAir AIR63-201708251331-359388093 + Crack method - RaGEZONE Forums



SWF won't work with compressed resources! so your gordon/RELWHATEVER must be all uncompressed. I tip you to do clone your version, and create one that only the swf uses it. Use this method: to decompress a single SWF file, also you can use it to decompress everything by enumerating files and sending to this method, and saving the output.

Thanks to B3T4T3ST3 Martim (Paulo) to be my partner in crime and for being a great help during the process (added ur real rz name, witch.).

Thanks to @Arachis @Joopie and @Quackster !

@The General thanks for arcturus :)

Thanks tons for Biesmen for fixing the thread, luv ya mate

I'd like if credits were kept: be it in your server or whatever, just to show some gratitude to the developers.
 

Attachments

You must be registered for see attachments list
Last edited:
Joined
Feb 22, 2012
Messages
2,100
Reaction score
1,271
Well this is news to me, is this a new thing?

Fairly new I guess. I made it last year around octuber. But life went to poop from then to now. All in all ,there you go how I did it. I had to gather everything from my HDD before I format, so I decided to post. Plus I'll have a crappy week once again so I wanted to be free from the data once and for all.
 
git bisect -m
Loyal Member
Joined
Sep 2, 2011
Messages
2,171
Reaction score
916
Amazing work, my friend. I know you were doing this job since some months. I also know you were creating an emulator for it. What are your planos for the emulator?
 
Joined
Feb 22, 2012
Messages
2,100
Reaction score
1,271
Amazing work, my friend. I know you were doing this job since some months. I also know you were creating an emulator for it. What are your planos for the emulator?

No plans for a server anymore, I did the emulator for it and also ported an already-established emulator to fully support it, but I’ve been too busy to even think about this. This project has been left untouched for months now, and that sucks.
 
Last edited:
Junior Spellweaver
Joined
May 15, 2014
Messages
165
Reaction score
34
Finally something new being released, great work, I'm sure alot of people will benefit from this! Thanks

I hope you'll be better and rise up!

Skickat från min FRD-L09 via Tapatalk
 
Experienced Elementalist
Joined
Jun 7, 2012
Messages
288
Reaction score
250
I also started on a Habbo air emulator a while ago but stopped with Habbo at that time. But basically it works almost the same as the Habbo client only some structures are different but most of them are the same (at that time idk if changed) .If someone wants my old source (it's pretty outdated) will upload it soon. btw I recommend using Apk studio: if you don't like to use the command line to build and sign the app and install the app all the time. (woops didn't read the whole post <<)

Btw in the .bin files, you can specify (and add) your hotel so you don't have to hardcode the connection. So maybe in the feature, we can just make an app with retro's because most kids play multiple hotels.

But nice structured release with a lot of info
 
Last edited:
Joined
Feb 22, 2012
Messages
2,100
Reaction score
1,271
I also started on a Habbo air emulator a while ago but stopped with Habbo at that time. But basically it works almost the same as the Habbo client only some structures are different but most of them are the same (at that time idk if changed) .If someone wants my old source (it's pretty outdated) will upload it soon. btw I recommend using Apk studio: if you don't like to use the command line to build and sign the app and install the app all the time. (woops didn't read the whole post <<)

Btw in the .bin files, you can specify (and add) your hotel so you don't have to hardcode the connection. So maybe in the feature, we can just make an app with retro's because most kids play multiple hotels.

But nice structured release with a lot of info

Thanks! I've used apkstudio too, but I deemed I was somewhat bored for that. As I said, I should've pushed the string from the configuration at that point. I remember this was just to bypass a habbo verification on the hostname, I'll check later today if I can remember everything.. but I'd rather be sleeping and drinking tonight after work, so let's see.

The bin files from the cracked swf is already set with my hostname, but I still hardcode it and didn't bother to push it.
 
Last edited:
Newbie Spellweaver
Joined
May 14, 2014
Messages
43
Reaction score
1
Does anyone still have the download link? (free)?
 
Junior Spellweaver
Joined
Aug 13, 2012
Messages
162
Reaction score
38
I tried this on my own, api is working and so. But I'm stuck now on packet 1415.

dwNnlio - HabboAir AIR63-201708251331-359388093 + Crack method - RaGEZONE Forums


The body says it's empty

Your packetlogs says:
1415[0][0][0][2][5]?



Packet 1415:

Code:
        private function _SafeStr_5922(_arg_1:Event=null):void        {
            var _local_2:_SafeStr_213 = _communication.connection;
            if (_local_2 != null)
            {
                _SafeStr_5962();
                _SafeStr_5935._SafeStr_3806("HABBO_CONNECTION_EVENT_ESTABLISHED");
                _SafeStr_5971 = false;
                _SafeStr_5964 = true;
                _SafeStr_5935._SafeStr_3806("HABBO_CONNECTION_EVENT_HANDSHAKING");
                _local_2._SafeStr_19277(new _SafeStr_1174());
                _local_2._SafeStr_19277(new _SafeStr_1447());
            };
        }

Could be the
HABBO_CONNECTION_EVENT_HANDSHAKING but I don't find anything thats help me.

 

Attachments

You must be registered for see attachments list
Joined
Feb 22, 2012
Messages
2,100
Reaction score
1,271
I tried this on my own, api is working and so. But I'm stuck now on packet 1415.

dwNnlio - HabboAir AIR63-201708251331-359388093 + Crack method - RaGEZONE Forums


The body says it's empty

Your packetlogs says:
1415[0][0][0][2][5]?



Packet 1415:

Code:
        private function _SafeStr_5922(_arg_1:Event=null):void        {
            var _local_2:_SafeStr_213 = _communication.connection;
            if (_local_2 != null)
            {
                _SafeStr_5962();
                _SafeStr_5935._SafeStr_3806("HABBO_CONNECTION_EVENT_ESTABLISHED");
                _SafeStr_5971 = false;
                _SafeStr_5964 = true;
                _SafeStr_5935._SafeStr_3806("HABBO_CONNECTION_EVENT_HANDSHAKING");
                _local_2._SafeStr_19277(new _SafeStr_1174());
                _local_2._SafeStr_19277(new _SafeStr_1447());
            };
        }

Could be the
HABBO_CONNECTION_EVENT_HANDSHAKING but I don't find anything thats help me.


[STRIKE]1415 in this context is Client to Server.

Notice right after it sends:
[S>C] 884

and you should send this packet to the client. Remember that you must have crypto implemented firsthand in your emulator. It's not entirely cracked, only the public keys patched (and a few other things).[/STRIKE]

See: http://forum.ragezone.com/f353/habb...388093-crack-1147564-post8881661/#post8881661

Edit: added crypto keys on the main thread.
 

Attachments

You must be registered for see attachments list
Last edited:
Initiate Mage
Joined
Jun 6, 2017
Messages
2
Reaction score
0
I dont understand it.
Who can help me pls a little bit?
Add me skype: iprinz96
Thanks :)

 
Joined
Feb 22, 2012
Messages
2,100
Reaction score
1,271
I dont understand it.
Who can help me pls a little bit?
Add me skype: iprinz96
Thanks :)


Ask your question here. This isn't a straightforward tutorial on how to run it. If you still need help, you can add me on Skype: droppyff.



By the way, Keyuko

1415[0][0][0][2][5]?

is am empty-body packet.

It's 4 byte length [0][0][0][2]

+ 2 byte header [5]?

So yes, it's empty.

I've misinterpreted your question before, my bad, but upon re-reading this i came to my senses.

My packetlogging includes LENGTH + HEADER (6 bytes in total before packet body). So yes it's empty-body like I said.



Hardcode way for multiple packet handlers:

Mx5ekXF - HabboAir AIR63-201708251331-359388093 + Crack method - RaGEZONE Forums


I would recommend a smarter way but as I said on the main post, this was my attempt to implement quick and painlessly in the server.
 

Attachments

You must be registered for see attachments list
Back
Top