Habbo-images updated. (bypass anti ddos from habbo)

[djoeyk]

heyy guys,

I found a new methode to still get the avatars from habbo becouse file_get_contens isn`t working anymore.


it caches the avatars in the avatars folder, u can always change that to a other folder.

PHP Code:

<?php
header('Content-Type: image/png');

$map = './avatars'; //the map where everything will be saved

if (!is_dir($map)) 
    {
        if (!mkdir($map, 0, true)) 
            {
                die('Cant make the folder chmod this folder');
            }
    }

    
$figure = $_GET['figure'];

if(isset($_GET['size'])){
$size = $_GET['size'];
} else { 
$size= 'b';
}

if(isset($_GET['direction'])){
$direction = $_GET['direction'];
} else { 
$direction = '2';
}

if(isset($_GET['head_direction'])){
$head = $_GET['head_direction'];
} else { 
$head = '2'; 
}

if(isset($_GET['gesture'])){
$gesture = $_GET['gesture'];
} else { 
$gesture = '';
}

$lookhash = md5("$figure$size$direction$head$gesture");


if (file_exists("$map/$lookhash.png")) {
    $finalavatar = require("$map/$lookhash.png");
    
} else {
    function downloadavatar($image_url, $image_file){
    $fp = fopen ($image_file, 'w+');

    $ch = curl_init($image_url);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); 
    curl_setopt($ch, CURLOPT_FILE, $fp);         
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($ch, CURLOPT_TIMEOUT, 1000);      
    curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0');
    curl_exec($ch);

    curl_close($ch);                              
    fclose($fp);                                  
}

downloadavatar("https://www.habbo.nl/habbo-imaging/avatarimage?figure=".$figure."&size=".$size."&direction=".$direction."&head_direction=".$head."&gesture=".$gesture."", "$map/$lookhash.png");
$finalavatar = require("$map/$lookhash.png");
}


echo $finalavatar; 
?>

it is maybe bad coded but u can always modified and share it with us :)

sorry for my bad english :P

[MentaL]

[Boraida]

Smart of you to use curl. I didn't like the code so I'd a quick modify.

PHP Code:

<?php

define('DS', DIRECTORY_SEPARATOR);

// default settings
$look = array (
    'figure' => 'hr-145-31.hd-180-1.ch-210-62.lg-285-64.sh-290-62',
    'size' => 'b',
    'direction' => '2',
    'head_direction' => '2',
    'gesture' => ''
);

// default map : ./avatars
if (!is_dir($map = './avatars')) {
    if (!mkdir($map, 0, true)) {
        exit('Can\'t make the folder chmod this folder');
    }
}

foreach ($look as $k => $v) {
    if (!empty($part = filter_input(INPUT_GET, $k))) {
        $look[$k] = $part;
    }
}

$image_path = $map . DS . md5(implode($look)) . '.png';

if (!file_exists($image_path)) {
    $fp = fopen($image_path, 'w+');

    $ch = curl_init('https://www.habbo.nl/habbo-imaging/avatarimage?' . http_build_query($look));
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); 
    curl_setopt($ch, CURLOPT_FILE, $fp);         
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($ch, CURLOPT_TIMEOUT, 1000);      
    curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0');
    curl_exec($ch);

    curl_close($ch);                              
    fclose($fp);  
}

$im = imagecreatefrompng($image_path);

imagesavealpha($im, true); 

header('Content-Type: image/png');
imagepng($im);
imagedestroy($im);

[retrostudios]

Can you remake this script to grab the look from the database pelase?

[djoeyk]

Can you remake this script to grab the look from the database pelase?

I hope it works :P haven`t tested it, if not i will fix it for you :P

PHP Code:

<?php
header('Content-Type: image/png');

     function safe($value){ 
        $value = stripslashes($value);
        $value = strip_tags($value);
        $value = trim($value);
    if(get_magic_quotes_gpc())
        {
            $value = stripslashes($value);
        }
        return $value; } 


$mysqli = new mysqli("localhost", "username", "password", "datebase");

$username = safe($_GET["username"]);
$getlook = $mysqli->query("SELECT look FROM users WHERE username = '". $username ."'");
    while ($record = mysqli_fetch_assoc($getlook))
    {
        $look = $record["look"];
    }
    
$map = './avatars'; //the map where everything will be saved

if (!is_dir($map)) 
    {
        if (!mkdir($map, 0, true)) 
            {
                die('Cant make the folder chmod this folder');
            }
    }

    

if(isset($_GET['size'])){
$size = $_GET['size'];
} else { 
$size= 'b';
}

if(isset($_GET['direction'])){
$direction = $_GET['direction'];
} else { 
$direction = '2';
}

if(isset($_GET['head_direction'])){
$head = $_GET['head_direction'];
} else { 
$head = '2'; 
}

if(isset($_GET['gesture'])){
$gesture = $_GET['gesture'];
} else { 
$gesture = '';
}

$lookhash = md5("$look$size$direction$head$gesture");


if (file_exists("$map/$lookhash.png")) {
    $finalavatar = require("$map/$lookhash.png");
    
} else {
    function downloadavatar($image_url, $image_file){
    $fp = fopen ($image_file, 'w+');

    $ch = curl_init($image_url);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); 
    curl_setopt($ch, CURLOPT_FILE, $fp);         
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($ch, CURLOPT_TIMEOUT, 1000);      
    curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0');
    curl_exec($ch);

    curl_close($ch);                              
    fclose($fp);                                  
}

downloadavatar("https://www.habbo.nl/habbo-imaging/avatarimage?figure=".$look."&size=".$size."&direction=".$direction."&head_direction=".$head."&gesture=".$gesture."", "$map/$lookhash.png");
$finalavatar = require("$map/$lookhash.png");
}


echo $finalavatar; 
?>

[pel]

I hope it works :P haven`t tested it, if not i will fix it for you :P

PHP Code:

<?php
header('Content-Type: image/png');

     function safe($value){ 
        $value = stripslashes($value);
        $value = strip_tags($value);
        $value = trim($value);
    if(get_magic_quotes_gpc())
        {
            $value = stripslashes($value);
        }
        return $value; } 


$mysqli = new mysqli("localhost", "username", "password", "datebase");

$username = safe($_GET["username"]);
$getlook = $mysqli->query("SELECT look FROM users WHERE username = '". $username ."'");
    while ($record = mysqli_fetch_assoc($getlook))
    {
        $look = $record;
    }
    
$map = './avatars'; //the map where everything will be saved

if (!is_dir($map)) 
    {
        if (!mkdir($map, 0, true)) 
            {
                die('Cant make the folder chmod this folder');
            }
    }

    

if(isset($_GET['size'])){
$size = $_GET['size'];
} else { 
$size= 'b';
}

if(isset($_GET['direction'])){
$direction = $_GET['direction'];
} else { 
$direction = '2';
}

if(isset($_GET['head_direction'])){
$head = $_GET['head_direction'];
} else { 
$head = '2'; 
}

if(isset($_GET['gesture'])){
$gesture = $_GET['gesture'];
} else { 
$gesture = '';
}

$lookhash = md5("$figure$size$direction$head$gesture");


if (file_exists("$map/$lookhash.png")) {
    $finalavatar = require("$map/$lookhash.png");
    
} else {
    function downloadavatar($image_url, $image_file){
    $fp = fopen ($image_file, 'w+');

    $ch = curl_init($image_url);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); 
    curl_setopt($ch, CURLOPT_FILE, $fp);         
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($ch, CURLOPT_TIMEOUT, 1000);      
    curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0');
    curl_exec($ch);

    curl_close($ch);                              
    fclose($fp);                                  
}

downloadavatar("https://www.habbo.nl/habbo-imaging/avatarimage?figure=".$look."&size=".$size."&direction=".$direction."&head_direction=".$head."&gesture=".$gesture."", "$map/$lookhash.png");
$finalavatar = require("$map/$lookhash.png");
}


echo $finalavatar; 
?>

this function called "save" is totally bullshit. why dont you use $mysqli->real_escape_string($_GET['username']); wth

[Spot Ify]

this function called "save" is totally bullshit. why dont you use $mysqli->real_escape_string($_GET['username']); wth

Both are stupid just use prepared statements its much safer. -> PHP: mysqli::prepare - Manual
Btw is this not already posted 1000 times.... pfff..
The only thing I see diffrent of the other is that you added a user-agent

[Emily]

Instead of grabbing shit from Habbo, why not create your own script to generate the looks so you don't need to use Habbo's script? Would be much better.

[retrostudios]

It didn't work it just shows a naked person instead of the look

[djoeyk]

Both are stupid just use prepared statements its much safer. -> PHP: mysqli::prepare - Manual
Btw is this not already posted 1000 times.... pfff..
The only thing I see diffrent of the other is that you added a user-agent

file_get_contents isn`t working anymore i only release a new fix for it.

[retrostudios]

Can you fix mine please and add me on skype xxkile

[Bifi2000]

just use my links if you like, they're always updated to work

normal
http://hubba.cc/hubba-imaging/avatar...g-3384-88-1333

xl
http://hubba.cc/hubba-imaging/avatar...g-3384-88-1333

head + a bit of the body (you can adjust how much to show of the body with ?y=100 - y parameter any number)
http://hubba.cc/hubba-imaging/headim...g-3384-88-1333

head with body cutted out
http://hubba.cc/hubba-imaging/headcu...g-3384-88-1333

group badges
http://hubba.cc/hubba-imaging/badge/...114s185111.gif

furniture big
http://hubba.cc/img/furni/b/xmas15_nutcrackerltd.png

furniture zoom-out (small)
http://hubba.cc/img/furni/s/xmas15_nutcrackerltd.png

furniture icon
http://hubba.cc/img/furni/i/xmas15_nutcrackerltd.png

yey.

[N0tis]

Instead of grabbing shit from Habbo, why not create your own script to generate the looks so you don't need to use Habbo's script? Would be much better.

Everyone is lazy these days.

[Jonteh]

Everyone is lazy these days.

Yeah because it sounds really fun to extract all the clothes from habbo, for each direction, and then code a script to place everything where it needs to go for all of the different combinations

[Droppy]

Well, instead of using server resources, why not just redirect to habbo page? If you can't, because most of your files are going through some local file, then in this local file instead of file_get_contents and redirects...

It's just an alternative for those whom doesn't want to use server resources... I don't know if it's the best approach though.

PHP Code:

<?php
function arrayToString($get)
{
    $fields = "";
    foreach($get as $key=>$value) { 
        $fields .= $key.'='.$value.'&'; 
    }        
    return rtrim($fields, '&') . "&";
}
header("Location: http://www.habbo.com.br/habbo-imaging/avatarimage?" . arrayToString($_GET));
?>

It works? Yes, it does. Now, feel free to flame me all you want for this 1337 h4x approach.

[Emily]

Yeah because it sounds really fun to extract all the clothes from habbo, for each direction, and then code a script to place everything where it needs to go for all of the different combinations

Yes because if I can recall I've seen people doing that. If I remember Tsuka did it for R35 and Bas did it for some R63 version. It's just laziness of the people nowadays.

[Exonize]

Smart of you to use curl. I didn't like the code so I'd a quick modify.

PHP Code:

<?php

define('DS', DIRECTORY_SEPARATOR);

// default settings
$look = array (
    'figure' => 'hr-145-31.hd-180-1.ch-210-62.lg-285-64.sh-290-62',
    'size' => 'b',
    'direction' => '2',
    'head_direction' => '2',
    'gesture' => ''
);

// default map : ./avatars
if (!is_dir($map = './avatars')) {
    if (!mkdir($map, 0, true)) {
        exit('Can\'t make the folder chmod this folder');
    }
}

foreach ($look as $k => $v) {
    if (!empty($part = filter_input(INPUT_GET, $k))) {
        $look[$k] = $part;
    }
}

$image_path = $map . DS . md5(implode($look)) . '.png';

if (!file_exists($image_path)) {
    $fp = fopen($image_path, 'w+');

    $ch = curl_init('https://www.habbo.nl/habbo-imaging/avatarimage?' . http_build_query($look));
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); 
    curl_setopt($ch, CURLOPT_FILE, $fp);         
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($ch, CURLOPT_TIMEOUT, 1000);      
    curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0');
    curl_exec($ch);

    curl_close($ch);                              
    fclose($fp);  
}

$im = imagecreatefrompng($image_path);

header('Content-Type: image/png');
imagepng($im);
imagedestroy($im);

Looks pretty but returns figures with white backgrounds.

[Boraida]

Looks pretty but returns figures with white backgrounds.

Oh lol add

PHP Code:

imagesavealpha($im, true); 


below $im = ...

Well, instead of using server resources, why not just redirect to habbo page? If you can't, because most of your files are going through some local file, then in this local file instead of file_get_contents and redirects...

It's just an alternative for those whom doesn't want to use server resources... I don't know if it's the best approach though.

PHP Code:

<?php
function arrayToString($get)
{
    $fields = "";
    foreach($get as $key=>$value) { 
        $fields .= $key.'='.$value.'&'; 
    }        
    return rtrim($fields, '&') . "&";
}
header("Location: http://www.habbo.com.br/habbo-imaging/avatarimage?" . arrayToString($_GET));
?>

It works? Yes, it does. Now, feel free to flame me all you want for this 1337 h4x approach.

Why creating a function like that if there's already a function called: http-build-query