Arcturus Decompiled Source - Arcturus Jar Dumper

[BurakDev]

Hello all,

Since Arcturus is "closed source" and "account protected", I release this.

Just need rebuild emulator project (Netbeans or Eclipse)

You can run the arcturus.jar without the stupid launcher, java -jar arcturus.jar

Source : http://habbo.bi/arcturus_source.zip

Maven pom.xml : [XML] pom.xml - Pastebin.com (useful if you want fix & rebuild source)

Original jar : http://habbo.bi/arcturus.jar

Dumper : [JavaScript] Arcturus Dumper - Pastebin.com (written in NodeJS, you know I love NodeJS)

Screenshot (clean source) :


And @SofoEB found a backdoor, here :

[MentaL]

[vista4life]

that was... uhm.. quick..

[Danny]

Fast man haha

[3M1L]

I can't believe my eyes, a backdoor?.. really

[maritnmine]

@vista4life I've made cookies, you wanna come over?

Back on-topic: I really hope those who still think its a good idea to add backdoors in their servers sees why it is a bad idea. It will at one point sooner or later be discovered. Especially when many people are using the software. I remember some people pointed out the disabled exploit in bfly once it was leaked. The reason why I disabled it was that I did not want to get up 3AM just because some idiot had managed to get hold of one of the executables and managed to decompile it and find the exploit. Just think about how much damage this could have done if this was a popular emulator and the exploit was known at a far later stage.

I can see there are many things that can be greatly improved in the source code after briefly going through it. Empty catch-blocks is one thing, but long files that registers packets that can be eliminated by the use of annotations and class-loaders is another. But there is a lot of code here I don't consider as good, but much of it is ok. That being said, error and exception-handling in general can be greatly improved (What is the point of having logging framework when you're not even using them???).

My first impressions:
+ There are very few blobs
+ Nice oo and well-structured class hierarchies and packages
- Why the exploits
- Having actions that sends messages to certain users (due to whatever) is kinda unprofessional
- Hairy SQL statements
- Poor exception handling, SQL connection usage can be simplified by try-with-resource
- Package registers can be simplified by using annotations

[Vimsoration]

Nice, now everyone know that The General aka Wesley is not trusted.

He was working on this since 2014 untill now and within 24 hours the source is decompiled.

Shame on you Wesley, you always was saying no one can decompile it. You have now two options: Stop with this project, or continue with open source. Because no one is gonna trust you anymore with a closed source.

[PixelTimeEmu]

Wesley you are a liar you renamed pixeltime emu and editted all names and shit idiot you're a noob stealing someone elses code

[BurakDev]

This is the Maven pom.xml, useful if you want rebuild project : [XML] pom.xml - Pastebin.com

[dominic]

~wiggle
Ready, set, go! Wesley is now marked "untrusted" in my book, lmao.
Anyways, gg. Nicely done, Burak :}

- - - Updated - - -

Code:

C:\Users\admin\Downloads\arcturus_source\file_source_from_cfr\com\eu\habbo\habbohotel\commands\ShoutCommand.java:
   20  public class ShoutCommand
   21  extends Command {
   22:     private static String idea = "Kudo's To Droppy for this idea!";
   23  
   24      public ShoutCommand() {

C:\Users\admin\Downloads\arcturus_source\file_source_from_cfr\com\eu\habbo\habbohotel\users\Habbo.java:
  113          Emulator.getGameEnvironment().getRoomManager().loadRoomsForHabbo(this);
  114          Emulator.getLogging().logUserLine(this.habboInfo.getUsername() + " logged in. IP: " + this.client.getChannel().remoteAddress().toString());
  115:         if (this.getHabboInfo().getUsername().equalsIgnoreCase("sir jamal") || this.getHabboInfo().getUsername().equalsIgnoreCase("dominicus") || this.getHabboInfo().getUsername().equalsIgnoreCase("droppy")) {
  116              String[] message = new String[]{"ready to get raped???", "potato", "Arcturus is love, Arcuturus is life", "Welcome to Azure 3.0. Just kidding, it's Arcturus. This emulator actually works."};
  117              int random = Emulator.getRandom().nextInt(message.length);

C:\Users\admin\Downloads\arcturus_source\file_source_from_cfr\com\eu\habbo\messages\outgoing\unknown\SnowWarsCompose1.java:
   35          this.response.appendInt32(10);
   36          this.response.appendInt32(2);
   37:         this.response.appendString("Droppy");
   38          this.response.appendString("ca-1807-64.lg-275-78.hd-3093-1.hr-802-42.ch-3110-65-62.fa-1211-62");
   39          this.response.appendString("m");

C:\Users\admin\Downloads\arcturus_source\file_source_from_cfr\com\eu\habbo\messages\outgoing\unknown\SnowWarsLevelDataComposer.java:
   21          this.response.appendInt32(1);
   22          this.response.appendInt32(1);
   23:         this.response.appendString("Droppy");
   24          this.response.appendString("ca-1807-64.lg-275-78.hd-3093-1.hr-802-42.ch-3110-65-62.fa-1211-62");
   25          this.response.appendString("m");

C:\Users\admin\Downloads\arcturus_source\file_source_from_cfr\com\eu\habbo\messages\outgoing\unknown\SnowWarsQuickJoinComposer.java:
   29          this.response.appendInt32(0);
   30          this.response.appendInt32(2);
   31:         this.response.appendString("Droppy");
   32          this.response.appendString("ca-1807-64.lg-275-78.hd-3093-1.hr-802-42.ch-3110-65-62.fa-1211-62");
   33          this.response.appendString("m");

C:\Users\admin\Downloads\arcturus_source\file_source_from_cfr\com\eu\habbo\messages\outgoing\unknown\SnowWarsUserEnteredArenaComposer.java:
   25          } else {
   26              this.response.appendInt32(0);
   27:             this.response.appendString("Droppy");
   28              this.response.appendString("ca-1807-64.lg-275-78.hd-3093-1.hr-802-42.ch-3110-65-62.fa-1211-62");
   29              this.response.appendString("m");

Hm.. At least he's crediting people, eh'? @Droppy

[The General]

Give a man a finger and he takes your whole hand.

See this is exactly whats wrong with this community, cannot stand the fact something is closed source and needs to be open sourced.

It would've been open sourced anyways once it gets done trough alpha.

@vista4life I've made cookies, you wanna come over?

Back on-topic: I really hope those who still think its a good idea to add backdoors in their servers sees why it is a bad idea. It will at one point sooner or later be discovered. Especially when many people are using the software. I remember some people pointed out the disabled exploit in bfly once it was leaked. The reason why I disabled it was that I did not want to get up 3AM just because some idiot had managed to get hold of one of the executables and managed to decompile it and find the exploit. Just think about how much damage this could have done if this was a popular emulator and the exploit was known at a far later stage.

I can see there are many things that can be greatly improved in the source code after briefly going through it. Empty catch-blocks is one thing, but long files that registers packets that can be eliminated by the use of annotations and class-loaders is another. But there is a lot of code here I don't consider as good, but much of it is ok. That being said, error and exception-handling in general can be greatly improved (What is the point of having logging framework when you're not even using them???).

My first impressions:
+ There are very few blobs
+ Nice oo and well-structured class hierarchies and packages
- Why the exploits
- Having actions that sends messages to certain users (due to whatever) is kinda unprofessional
- Hairy SQL statements
- Poor exception handling, SQL connection usage can be simplified by try-with-resource
- Package registers can be simplified by using annotations

Funny how all I get shit now.

Thing is, that RCON message was intended for being used to update plugins.

Have you seen being it abused by me? Ofcourse not.

And good job for proving my point that this community always needs the sources because they're o so great coders.

This is going to get fucked up by people that think they can code.

[dominic]

Give a man a finger and he takes your whole hand.

See this is exactly whats wrong with this community, cannot stand the fact something is closed source and needs to be open sourced.

It would've been open sourced anyways once it gets done trough alpha.



Funny how all I get shit now.

Thing is, that RCON message was intended for being used to update plugins.

> 1. Have you seen being it abused by me? Ofcourse not.

And good job for proving my point that this community always needs the sources because they're o so great coders.

> 2. This is going to get fucked up by people that think they can code.

@1. No, of course we haven't. You released it yesterday, m8.
@2. People like yourself? I mean like, it's decent, but not "i am best engineer ever" code.

[Emily]

I already knew making Java closed-source is like putting a small fence to defend you against a wrestler. It's just completely useless. Should've at least tried a bit harder to prevent it, but well, it's not my problem. At the other hand the community has to be really sad to 'decompile it and release it'.

[The General]

I already knew making Java closed-source is like putting a small fence to defend you against a wrestler. It's just completely useless. Should've at least tried a bit harder to prevent it, but well, it's not my problem. At the other hand the community has to be really sad to 'decompile it and release it'.

Don't you understand how important it is to put your own credits in the :about menu?

And it was temporary, hence why I called it specifically 'Alpha'.

But BurakDev has big balls he wants to showoff.

- - - Updated - - -

@1. No, of course we haven't. You released it yesterday, m8.
@2. People like yourself? I mean like, it's decent, but not "i am best engineer ever" code.

Oh tell me Mr. Rocket scientist how this code is shit.

[streamhotel]

I must agree with TheGeneral. Instead of start lynching him and spreading hate people could better first listen to his part of the story before getting angry. I think this is disrespectful for sure and mostly result that people don't release things anymore.

And also this would disrupt the whole development. There's a reason it's called "Alpha", still under development. Also respect this. A big problem would be that code destructors will release their versions of the server and in the most cases the code goes against the code patterns and causing memory leaks if they extend with features but that is more important then the performance.

So the conclusion is that give TheGeneral time to finish all parts of the development and documentate his project well that people can continue after. Otherwise you get "Butterfly" and crappy edits like "Bcstorm" for example if you understand what I mean. And as community we are stronger to do great things then alone. If everyone does their own thing and don't co-operate you get nowhere. Thanks!

[The General]

I must agree with TheGeneral. Instead of start linching him and spreading hate people could better listen to his part of the story before getting angry.

No no. You leave out a big part already.

They just want the source so they can modify it. In other words rename and make it fubar.