- Joined
- Feb 22, 2012
- Messages
- 2,103
- Reaction score
- 1,271
Ok guys so,
First of all, this isn't going to be a tutorial, because 1) I don't have as much time, and 2) I can't remember most of what I did.
Apparently Incapsula is blocking the Android Package file extension name, so I'll write only Android Package.
So, a few months ago I've cracked HabboTablet.swf and made it work on Android Devices. Since Habbo for android has been long forgotten, I'm here to release what I did, but remember this package is old thus must be updated.What I did first was to packetlog everything, thus I changed (on this swf version) the keys located in the namespace _-4ZA class _-4Sj, method _-3Ub.
base64 :
It contains a string that's a base64, so all I did was to change to my keys.
After packetlogging (some of which can be found here:
Source code from the packetlogger:
So I had to crack the SWF, so first the crypto was using my keys, now I had to disable a few security checks. I can't recall correctly, first because I'm tired, second because it has been around 5 months that I did it, and lots has happened.Anyway, I've also defined the hostname to a fixed host, so you must change this in JPEXS or RABCDasm.
Again in namespace _-4ZA, I've altered the method _-eL that contains some crossdomain urls. I can't remember if this was necessary, but duck that, it's in there.
---------------------------------------------------------------------
To recompile and reassign the package:
I've uploaded the rar, and there's a folder called "build":
Put the original SWF named "Habbo dot apk" and open "decompile.bat", and it will save the output data to HabboTabletOutput.
To recompile use recompile.bat, in which will create a new apk from HabboTabletOutput folder, and create HabboNew.apk.
To resign and install in other devices, just click in one_click_signer.cmd, in which will use HabboNew.apk and save it in signed-HabboNew.apk.
---------------------------------------------------------------------
There's already an unsigned and a signed version included in the downloadable file.
----------------------------------------------------------------------
To login and register you must create an API (you can simply use Chocolatey CMS for that, there's only a few new requests, such as /api/ssotoken that returns the ssotoken based on your logged in user. A few modifications on Chocolatey and you'll be ready to go. In my case I've written a test php project.
----------------------------------------------------------------------
To make your emulator compatible in a quick and hardcoded way:
I've used the packet 4000, to check whether you are on X or Y release. If you are on mobile version it will patch the header bytes, and with little changes on the packetmanager I was able to patch it everytime the client was in Android.
If server receives a packet, it will first get the header of the packet that it is translated to (for instance, 123 is on desktop, but air is 456, so I have to make 456 to point to 123). On the outgoing I do the reverse: I must have a list of desktop packets pointing to mobile packets. I didn’t had to modify much of my current source code, and it made sure both desktop and android would communicate between each other. HARDCODZ
Something like this.
The structures are usually the same, in except of some of the catalogue, and navigator. But most of the functionalities used didn't need a different packet structure.
----------------------------------------------------------------------
You can change all configurations in common_configuration_txt located in the binarydata.
save it as an txt, edit it, and reimport.
----------------------------------------------------------------------
E = "3";
N = "86851dd364d5c5cece3c883171cc6ddc5760779b992482bd1e20dd296888df91b33b936a7b93f06d29e8870f703a216257dec7c81de0058fea4cc5116f75e6efc4e9113513e45357dc3fd43d4efab5963ef178b78bd61e81a14c603b24c8bcce0a12230b320045498edc29282ff0603bc7b7dae8fc1b05b52b2f301a9dc783b7";
D = "59ae13e243392e89ded305764bdd9e92e4eafa67bb6dac7e1415e8c645b0950bccd26246fd0d4af37145af5fa026c0ec3a94853013eaae5ff1888360f4f9449ee023762ec195dff3f30ca0b08b8c947e3859877b5d7dced5c8715c58b53740b84e11fbc71349a27c31745fcefeeea57cff291099205e230e0c7c27e8e1c0512b";
----------------------------------------------------------------------
HabboTablet.swf is located in assets/HabboTablet.swf
Download can be found in:
Images:
SWF won't work with compressed resources! so your gordon/RELWHATEVER must be all uncompressed. I tip you to do clone your version, and create one that only the swf uses it. Use this method:
Thanks to B3T4T3ST3 Martim (Paulo) to be my partner in crime and for being a great help during the process (added ur real rz name, witch.).
Thanks to @Arachis @Joopie and @Quackster !
@The General thanks for arcturus
Thanks tons for Biesmen for fixing the thread, luv ya mate
I'd like if credits were kept: be it in your server or whatever, just to show some gratitude to the developers.
First of all, this isn't going to be a tutorial, because 1) I don't have as much time, and 2) I can't remember most of what I did.
Apparently Incapsula is blocking the Android Package file extension name, so I'll write only Android Package.
So, a few months ago I've cracked HabboTablet.swf and made it work on Android Devices. Since Habbo for android has been long forgotten, I'm here to release what I did, but remember this package is old thus must be updated.What I did first was to packetlog everything, thus I changed (on this swf version) the keys located in the namespace _-4ZA class _-4Sj, method _-3Ub.
base64 :
Encoded as:xIBlMDUyODA4YzFhYmVmNjlhMWE2MmMzOTYzOTZiODU5NTVlMmZmNTIyZjUxNTc2MzlmYTZhMTlhOThiNTRlMGU0ZDZlNDRmNDRjNGMwMzkwZmVlOGNjZjY0MmEyMmI2ZDQ2ZDcyMjhiMTBlMzRhZTZmZmZiNjFhMzVjMTEzMzM3ODBhZjZkZDFhYWFmYTczODhmYTZjNjViNTFlODIyNWM2YjU3Y2Y1ZmJhYzMwODU2ZTg5NjIyOTUxMmUxZjlhZjAzNDg5NTkzN2IyY2I2NjM3ZWI2ZWRmNzY4YzEwMTg5ZGYzMGMxMGQ4YTNlYzIwNDg4YTE5ODA2MzU5OWNhNmFkBTEwMDAx
{char:NLength}{string:Modulus}{char:ELength}{string:Exponent}
It contains a string that's a base64, so all I did was to change to my keys.
After packetlogging (some of which can be found here:
You must be registered to see links
) with a packetlogger based on @Arachis :Source code from the packetlogger:
You must be registered to see links
So I had to crack the SWF, so first the crypto was using my keys, now I had to disable a few security checks. I can't recall correctly, first because I'm tired, second because it has been around 5 months that I did it, and lots has happened.Anyway, I've also defined the hostname to a fixed host, so you must change this in JPEXS or RABCDasm.
Again in namespace _-4ZA, I've altered the method _-eL that contains some crossdomain urls. I can't remember if this was necessary, but duck that, it's in there.
---------------------------------------------------------------------
To recompile and reassign the package:
I've uploaded the rar, and there's a folder called "build":
Put the original SWF named "Habbo dot apk" and open "decompile.bat", and it will save the output data to HabboTabletOutput.
To recompile use recompile.bat, in which will create a new apk from HabboTabletOutput folder, and create HabboNew.apk.
To resign and install in other devices, just click in one_click_signer.cmd, in which will use HabboNew.apk and save it in signed-HabboNew.apk.
---------------------------------------------------------------------
There's already an unsigned and a signed version included in the downloadable file.
----------------------------------------------------------------------
To login and register you must create an API (you can simply use Chocolatey CMS for that, there's only a few new requests, such as /api/ssotoken that returns the ssotoken based on your logged in user. A few modifications on Chocolatey and you'll be ready to go. In my case I've written a test php project.
----------------------------------------------------------------------
To make your emulator compatible in a quick and hardcoded way:
I've used the packet 4000, to check whether you are on X or Y release. If you are on mobile version it will patch the header bytes, and with little changes on the packetmanager I was able to patch it everytime the client was in Android.
If server receives a packet, it will first get the header of the packet that it is translated to (for instance, 123 is on desktop, but air is 456, so I have to make 456 to point to 123). On the outgoing I do the reverse: I must have a list of desktop packets pointing to mobile packets. I didn’t had to modify much of my current source code, and it made sure both desktop and android would communicate between each other. HARDCODZ
Something like this.
The structures are usually the same, in except of some of the catalogue, and navigator. But most of the functionalities used didn't need a different packet structure.
----------------------------------------------------------------------
You can change all configurations in common_configuration_txt located in the binarydata.
save it as an txt, edit it, and reimport.
----------------------------------------------------------------------
E = "3";
N = "86851dd364d5c5cece3c883171cc6ddc5760779b992482bd1e20dd296888df91b33b936a7b93f06d29e8870f703a216257dec7c81de0058fea4cc5116f75e6efc4e9113513e45357dc3fd43d4efab5963ef178b78bd61e81a14c603b24c8bcce0a12230b320045498edc29282ff0603bc7b7dae8fc1b05b52b2f301a9dc783b7";
D = "59ae13e243392e89ded305764bdd9e92e4eafa67bb6dac7e1415e8c645b0950bccd26246fd0d4af37145af5fa026c0ec3a94853013eaae5ff1888360f4f9449ee023762ec195dff3f30ca0b08b8c947e3859877b5d7dced5c8715c58b53740b84e11fbc71349a27c31745fcefeeea57cff291099205e230e0c7c27e8e1c0512b";
----------------------------------------------------------------------
HabboTablet.swf is located in assets/HabboTablet.swf
- Build folder (contains the tools you need to decompile, recompile, and re-sign)
- Original APK that I used to base (contains the original swf)
- Signed and Unsigned APK
- Cracked SWF
Download can be found in:
You must be registered to see links
or
You must be registered to see links
Images:
SWF won't work with compressed resources! so your gordon/RELWHATEVER must be all uncompressed. I tip you to do clone your version, and create one that only the swf uses it. Use this method:
You must be registered to see links
to decompress a single SWF file, also you can use it to decompress everything by enumerating files and sending to this method, and saving the output.Thanks to B3T4T3ST3 Martim (Paulo) to be my partner in crime and for being a great help during the process (added ur real rz name, witch.).
Thanks to @Arachis @Joopie and @Quackster !
@The General thanks for arcturus
Thanks tons for Biesmen for fixing the thread, luv ya mate
I'd like if credits were kept: be it in your server or whatever, just to show some gratitude to the developers.
Attachments
You must be registered for see attachments list
Last edited: