Habbo-images updated. (bypass anti ddos from habbo)

[djoeyk]

heyy guys,

I found a new methode to still get the avatars from habbo becouse file_get_contens isn`t working anymore.


it caches the avatars in the avatars folder, u can always change that to a other folder.

<?php
header('Content-Type: image/png');

$map = './avatars'; //the map where everything will be saved

if (!is_dir($map)) 
    {
        if (!mkdir($map, 0, true)) 
            {
                die('Cant make the folder chmod this folder');
            }
    }

    
$figure = $_GET['figure'];

if(isset($_GET['size'])){
$size = $_GET['size'];
} else { 
$size= 'b';
}

if(isset($_GET['direction'])){
$direction = $_GET['direction'];
} else { 
$direction = '2';
}

if(isset($_GET['head_direction'])){
$head = $_GET['head_direction'];
} else { 
$head = '2'; 
}

if(isset($_GET['gesture'])){
$gesture = $_GET['gesture'];
} else { 
$gesture = '';
}

$lookhash = md5("$figure$size$direction$head$gesture");


if (file_exists("$map/$lookhash.png")) {
    $finalavatar = require("$map/$lookhash.png");
    
} else {
    function downloadavatar($image_url, $image_file){
    $fp = fopen ($image_file, 'w+');

    $ch = curl_init($image_url);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); 
    curl_setopt($ch, CURLOPT_FILE, $fp);         
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($ch, CURLOPT_TIMEOUT, 1000);      
    curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0');
    curl_exec($ch);

    curl_close($ch);                              
    fclose($fp);                                  
}

downloadavatar("https://www.habbo.nl/habbo-imaging/avatarimage?figure=".$figure."&size=".$size."&direction=".$direction."&head_direction=".$head."&gesture=".$gesture."", "$map/$lookhash.png");
$finalavatar = require("$map/$lookhash.png");
}


echo $finalavatar; 
?>

it is maybe bad coded but u can always modified and share it with us

sorry for my bad english

 

[Boraida]

Smart of you to use curl. I didn't like the code so I'd a quick modify.

<?php

define('DS', DIRECTORY_SEPARATOR);

// default settings
$look = array (
	'figure' => 'hr-145-31.hd-180-1.ch-210-62.lg-285-64.sh-290-62',
	'size' => 'b',
	'direction' => '2',
	'head_direction' => '2',
	'gesture' => ''
);

// default map : ./avatars
if (!is_dir($map = './avatars')) {
	if (!mkdir($map, 0, true)) {
		exit('Can\'t make the folder chmod this folder');
	}
}

foreach ($look as $k => $v) {
	if (!empty($part = filter_input(INPUT_GET, $k))) {
		$look[$k] = $part;
	}
}

$image_path = $map . DS . md5(implode($look)) . '.png';

if (!file_exists($image_path)) {
	$fp = fopen($image_path, 'w+');

	$ch = curl_init('https://www.habbo.nl/habbo-imaging/avatarimage?' . http_build_query($look));
	curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); 
	curl_setopt($ch, CURLOPT_FILE, $fp);         
	curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
	curl_setopt($ch, CURLOPT_TIMEOUT, 1000);      
	curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0');
	curl_exec($ch);

	curl_close($ch);                              
	fclose($fp);  
}

$im = imagecreatefrompng($image_path);

imagesavealpha($im, true); 

header('Content-Type: image/png');
imagepng($im);
imagedestroy($im);

 

[retrostudios]

Can you remake this script to grab the look from the database pelase?

 

[djoeyk]

Can you remake this script to grab the look from the database pelase?

I hope it works haven`t tested it, if not i will fix it for you

<?php
header('Content-Type: image/png');

     function safe($value){ 
		$value = stripslashes($value);
		$value = strip_tags($value);
		$value = trim($value);
	if(get_magic_quotes_gpc())
		{
			$value = stripslashes($value);
		}
		return $value; } 


$mysqli = new mysqli("localhost", "username", "password", "datebase");

$username = safe($_GET["username"]);
$getlook = $mysqli->query("SELECT look FROM users WHERE username = '". $username ."'");
    while ($record = mysqli_fetch_assoc($getlook))
    {
        $look = $record["look"];
    }
    
$map = './avatars'; //the map where everything will be saved

if (!is_dir($map)) 
    {
        if (!mkdir($map, 0, true)) 
            {
                die('Cant make the folder chmod this folder');
            }
    }

    

if(isset($_GET['size'])){
$size = $_GET['size'];
} else { 
$size= 'b';
}

if(isset($_GET['direction'])){
$direction = $_GET['direction'];
} else { 
$direction = '2';
}

if(isset($_GET['head_direction'])){
$head = $_GET['head_direction'];
} else { 
$head = '2'; 
}

if(isset($_GET['gesture'])){
$gesture = $_GET['gesture'];
} else { 
$gesture = '';
}

$lookhash = md5("$look$size$direction$head$gesture");


if (file_exists("$map/$lookhash.png")) {
    $finalavatar = require("$map/$lookhash.png");
    
} else {
    function downloadavatar($image_url, $image_file){
    $fp = fopen ($image_file, 'w+');

    $ch = curl_init($image_url);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); 
    curl_setopt($ch, CURLOPT_FILE, $fp);         
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($ch, CURLOPT_TIMEOUT, 1000);      
    curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0');
    curl_exec($ch);

    curl_close($ch);                              
    fclose($fp);                                  
}

downloadavatar("https://www.habbo.nl/habbo-imaging/avatarimage?figure=".$look."&size=".$size."&direction=".$direction."&head_direction=".$head."&gesture=".$gesture."", "$map/$lookhash.png");
$finalavatar = require("$map/$lookhash.png");
}


echo $finalavatar; 
?>

 

[pel]

I hope it works haven`t tested it, if not i will fix it for you

<?php
header('Content-Type: image/png');

     function safe($value){ 
		$value = stripslashes($value);
		$value = strip_tags($value);
		$value = trim($value);
	if(get_magic_quotes_gpc())
		{
			$value = stripslashes($value);
		}
		return $value; } 


$mysqli = new mysqli("localhost", "username", "password", "datebase");

$username = safe($_GET["username"]);
$getlook = $mysqli->query("SELECT look FROM users WHERE username = '". $username ."'");
    while ($record = mysqli_fetch_assoc($getlook))
    {
        $look = $record;
    }
    
$map = './avatars'; //the map where everything will be saved

if (!is_dir($map)) 
    {
        if (!mkdir($map, 0, true)) 
            {
                die('Cant make the folder chmod this folder');
            }
    }

    

if(isset($_GET['size'])){
$size = $_GET['size'];
} else { 
$size= 'b';
}

if(isset($_GET['direction'])){
$direction = $_GET['direction'];
} else { 
$direction = '2';
}

if(isset($_GET['head_direction'])){
$head = $_GET['head_direction'];
} else { 
$head = '2'; 
}

if(isset($_GET['gesture'])){
$gesture = $_GET['gesture'];
} else { 
$gesture = '';
}

$lookhash = md5("$figure$size$direction$head$gesture");


if (file_exists("$map/$lookhash.png")) {
    $finalavatar = require("$map/$lookhash.png");
    
} else {
    function downloadavatar($image_url, $image_file){
    $fp = fopen ($image_file, 'w+');

    $ch = curl_init($image_url);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); 
    curl_setopt($ch, CURLOPT_FILE, $fp);         
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($ch, CURLOPT_TIMEOUT, 1000);      
    curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0');
    curl_exec($ch);

    curl_close($ch);                              
    fclose($fp);                                  
}

downloadavatar("https://www.habbo.nl/habbo-imaging/avatarimage?figure=".$look."&size=".$size."&direction=".$direction."&head_direction=".$head."&gesture=".$gesture."", "$map/$lookhash.png");
$finalavatar = require("$map/$lookhash.png");
}


echo $finalavatar; 
?>

this function called "save" is totally shenanigans. why dont you use $mysqli->real_escape_string($_GET['username']); wth

 

[Spot Ify]

this function called "save" is totally shenanigans. why dont you use $mysqli->real_escape_string($_GET['username']); wth

Both are stupid just use prepared statements its much safer. ->

You must be registered to see links

Btw is this not already posted 1000 times.... pfff..
The only thing I see diffrent of the other is that you added a user-agent

 

[Emily]

Instead of grabbing poop from Habbo, why not create your own script to generate the looks so you don't need to use Habbo's script? Would be much better.

 

[retrostudios]

It didn't work it just shows a naked person instead of the look

 

[djoeyk]

Both are stupid just use prepared statements its much safer. ->

You must be registered to see links

Btw is this not already posted 1000 times.... pfff..
The only thing I see diffrent of the other is that you added a user-agent

file_get_contents isn`t working anymore i only release a new fix for it.

 

[retrostudios]

Can you fix mine please and add me on skype xxkile

 

[Bifi2000]

just use my links if you like, they're always updated to work

normal

You must be registered to see links

xl

You must be registered to see links

head + a bit of the body (you can adjust how much to show of the body with ?y=100 - y parameter any number)

You must be registered to see links

head with body cutted out

You must be registered to see links

group badges

You must be registered to see links

furniture big

You must be registered to see links

furniture zoom-out (small)

You must be registered to see links

furniture icon

You must be registered to see links

yey.

 

[N0tis]

Instead of grabbing poop from Habbo, why not create your own script to generate the looks so you don't need to use Habbo's script? Would be much better.

Everyone is lazy these days.

 

[Jonteh]

Everyone is lazy these days.

Yeah because it sounds really fun to extract all the clothes from habbo, for each direction, and then code a script to place everything where it needs to go for all of the different combinations

 

[Droppy]

Well, instead of using server resources, why not just redirect to habbo page? If you can't, because most of your files are going through some local file, then in this local file instead of file_get_contents and redirects...

It's just an alternative for those whom doesn't want to use server resources... I don't know if it's the best approach though.

<?php
function arrayToString($get)
{
    $fields = "";
    foreach($get as $key=>$value) { 
        $fields .= $key.'='.$value.'&'; 
    }		
    return rtrim($fields, '&') . "&";
}
header("Location: http://www.habbo.com.br/habbo-imaging/avatarimage?" . arrayToString($_GET));
?>

It works? Yes, it does. Now, feel free to flame me all you want for this 1337 h4x approach.

 

[Emily]

Yeah because it sounds really fun to extract all the clothes from habbo, for each direction, and then code a script to place everything where it needs to go for all of the different combinations

Yes because if I can recall I've seen people doing that. If I remember Tsuka did it for R35 and Bas did it for some R63 version. It's just laziness of the people nowadays.

 

[Exonize]

Smart of you to use curl. I didn't like the code so I'd a quick modify.

<?php

define('DS', DIRECTORY_SEPARATOR);

// default settings
$look = array (
	'figure' => 'hr-145-31.hd-180-1.ch-210-62.lg-285-64.sh-290-62',
	'size' => 'b',
	'direction' => '2',
	'head_direction' => '2',
	'gesture' => ''
);

// default map : ./avatars
if (!is_dir($map = './avatars')) {
	if (!mkdir($map, 0, true)) {
		exit('Can\'t make the folder chmod this folder');
	}
}

foreach ($look as $k => $v) {
	if (!empty($part = filter_input(INPUT_GET, $k))) {
		$look[$k] = $part;
	}
}

$image_path = $map . DS . md5(implode($look)) . '.png';

if (!file_exists($image_path)) {
	$fp = fopen($image_path, 'w+');

	$ch = curl_init('https://www.habbo.nl/habbo-imaging/avatarimage?' . http_build_query($look));
	curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); 
	curl_setopt($ch, CURLOPT_FILE, $fp);         
	curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
	curl_setopt($ch, CURLOPT_TIMEOUT, 1000);      
	curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0');
	curl_exec($ch);

	curl_close($ch);                              
	fclose($fp);  
}

$im = imagecreatefrompng($image_path);

header('Content-Type: image/png');
imagepng($im);
imagedestroy($im);

Looks pretty but returns figures with white backgrounds.

 

[Boraida]

Looks pretty but returns figures with white backgrounds.

Oh lol add

imagesavealpha($im, true);

below $im = ...

Well, instead of using server resources, why not just redirect to habbo page? If you can't, because most of your files are going through some local file, then in this local file instead of file_get_contents and redirects...

It's just an alternative for those whom doesn't want to use server resources... I don't know if it's the best approach though.

<?php
function arrayToString($get)
{
    $fields = "";
    foreach($get as $key=>$value) { 
        $fields .= $key.'='.$value.'&'; 
    }		
    return rtrim($fields, '&') . "&";
}
header("Location: http://www.habbo.com.br/habbo-imaging/avatarimage?" . arrayToString($_GET));
?>

It works? Yes, it does. Now, feel free to flame me all you want for this 1337 h4x approach.

Why creating a function like that if there's already a function called:

You must be registered to see links