PlusEmulator Exploit Fix

[Encode]

Welcome,

Short story: When a user connects to the hotel, it sends a packet with the SWF revision (header id of "4000"). Basically, this packet changes the global variable "PlusEnvironment.SWFRevision". The global variable is shown on the ":about" (hotel information) command. A user can manipulate this string to anything they'd like; putting your users in danger of a potential URL threat.

Here's the fix

• Locate the file 'GetClientVersionEvent.cs' - Communication > Packets > Incoming > Handshake
• Replace the class content with the code below.

using Plus.HabboHotel.GameClients;using Plus.Communication.Packets.Incoming;


namespace Plus.Communication.Packets.Incoming.Handshake
{
    public class GetClientVersionEvent : IPacketEvent
    {
        public void Parse(GameClient Session, ClientPacket Packet)
        {
            string Build = Packet.PopString();


            if (!Build.ToLower().StartsWith("production"))
                return;


            Session.SWFRevision = Build;
        }
    }
}

• Locate file "GameClient.cs" - HabboHotel > GameClients
• Find "private readonly int _id;" (at top) and above it, add the code:

internal string SWFRevision { get; set; }

• Save the file.
• Locate the file "InfoCommand.cs" - HabboHotel > Rooms > Chat > Commands > User
• Search for

  PlusEnvironment.SWFRevision

• Replace with

Session.SWFRevision

Credits for fix
Ali (me) - 100%

You're welcome.

 

[Mackors]

Where is your proof that this is possible?

It's not possible IMO to change that string in whatever url the "hacker" want to like to change it.

 

[Encode]

Mackors, I don't see why you're in doubt.
I've done it on plenty of hotels (including Rise, Dream and others)

P.S: SORRY if i did this on your hotel - it was for testing purposes.. and advertising

Why would I release a fix, if you "couldn't do it"? Lmao. Mackors

 

[Mackors]

Because you have created a another help thread for simple 'scripting'.
That's why I'm askin' for a proof.

Greetings RaGEZONE,

I am in urgent need of a scripting tool, similar to Tanji or NovoFatum for the revision specified below.

SWF Revision: PRODUCTION-201601012205-226667486

If anyone can help that would be awesome, thank you!

Regards, Encode.

Don't understand still how this will be possible, as far I know It's not possible.

 

[</Meap>]

This is possible because I've seen him do it, cheers for the fix dude, I already did this the other day but it's good for people who didn't know how to fix it if they've witnessed it

 

[Jonteh]

Removing this part from your about command would also be useful. I don't see why people need to know what revision your hotel is running.

 

[Mackors]

This is possible because I've seen him do it, cheers for the fix dude, I already did this the other day but it's good for people who didn't know how to fix it if they've witnessed it

Nah, first he abused the 'leak' many times and than he share the fix with us.
That's a bad thing, you know? Take a good example from Ryan , he shared immediately the PlusEmu exploits and fixes without abusing w/ other things.

Removing this part from your about command would also be useful. I don't see why people need to know what revision your hotel is running.

Hehe, you're 101% right.
Easy solution (lol), people want to show off on what production they are at that moment.

 

[streamhotel]

I don't see the point why there must be a info command to display things like swf revision and server info, not useful for players and I think they don't care about it.

 

[Jonteh]

people want to show off on what production they are at that moment.

People are dumb

 

[cabeludo007]

Hmmm.... How can i 'hack' an hotel changing the habbo.swf?

Can you explain more about this exploit?

 

[Keiz]

Makes 0 sense, why show every user their own swf revision, why show it in the first place?

Like any user knows what a revision is anyways.
Don't show off to users with "plus emu", "latest revision", they'll have no clue, only hotel creators do.
IMO anyways.

OT: The fix is a way of showing the user the production without hackers (pathetic skids) manipulating it. So thanks for that for sure

Hmmm.... How can i 'hack' an hotel changing the habbo.swf?

Can you explain more about this exploit?

Don't be that guy.

But in the tiny case you'll use it for good purposes, (as said in the topic: ), the client sends a packet on joining the hotel to let the server know on what revision they are. Plus emu idiotically updates a string whenever a user joins the hotel, so if you enter the hotel with your spoofed/replaced 4000 packet with for instance your hotel name, people will see this in the :about command, (until another user logs in)

 

[cabeludo007]

Makes 0 sense, why show every user their own swf revision, why show it in the first place?



Don't be that guy.

But in the tiny case you'll use it for good purposes, (as said in the topic: ), the client sends a packet on joining the hotel to let the server know on what revision they are. Plus emu idiotically updates a string whenever a user joins the hotel, so if you enter the hotel with your spoofed/replaced 4000 packet with for instance your hotel name, people will see this in the :about command, (until another user logs in)

And how does this 'fix' protect me from a edited .swf with the same release code (or, as i see, just starting with "production") ?

 

[Keiz]

And how does this 'fix' protect me from a edited .swf with the same release code (or, as i see, just starting with "production") ?

This "fix" shows every user the production they sent themselves, so unknowing normal people will see their non-hacked production, while pathetic skids see their "h4ck3d by 3l1t3Z"
edit:
they'll see "production h4cked by 3l1t3Z"

:blush:

 

[m3th]

This thread is actually retarded xD!
Such 'exploit' which you're going on about can still be done by putting

production dank hax go here

Why not use the event for the actual purpose...
Have a static variable with the build, then check the users build if not the same then disconnect the user...

 

[Mackors]

This thread is actually retarded xD!
Such 'exploit' which you're going on about can still be done by putting

production dank hax go here

Why not use the event for the actual purpose...
Have a static variable with the build, then check the users build if not the same then disconnect the user...

If I'm understand it so far, after this exploit fix, it's only client side possible to change it. So, only you 'the exploiter' will see it. Correct me if i'm wrong.

 

[Keiz]

This thread is actually retarded xD!
Such 'exploit' which you're going on about can still be done by putting

production dank hax go here

Why not use the event for the actual purpose...
Have a static variable with the build, then check the users build if not the same then disconnect the user...

I agree it should be either a static variable or not show it at all, though are you wrong

This "fix" shows every user the production they sent themselves, so unknowing normal people will see their non-hacked production, while pathetic skids see their "h4ck3d by 3l1t3Z"
edit:
they'll see "production h4cked by 3l1t3Z"

 

[Encode]

I can see the dislike everyone has for this fix which I released.
Next time, when I do find something, I'll be sure NOT to release to you guys lol.

 

[Keiz]

I can see the dislike everyone has for this fix which I released.
Next time, when I do find something, I'll be sure NOT to release to you guys lol.

Liking other options more is not the same as disliking yours.
It's a really useful fix, though are the alternatives more logical.

 

[iConnor]

I can see the dislike everyone has for this fix which I released.
Next time, when I do find something, I'll be sure NOT to release to you guys lol.

You guys expect to be spoon fed and then when you are, you all complain and wonder why this community is so toxic, thank you for the exploit fix Encode.

 

[Francis Joseph]

Regardless if its client-side or server-side, it should not be happening.

Very impressive catch!