We're looking for the IPAQuote:
Originally Posted by AWA
Printable View
We're looking for the IPAQuote:
Originally Posted by AWA
Well, that is the file which TheOleg releasedQuote:
Originally Posted by Dominicus
Not sure if you wanted the latest .ipa but if so, then here ya go. Took it from the app store a second ago.
https://mega.nz/#!ngJU2JoI!T3q9X-W8P...oLAWFpI07EQlhw
o/
Nah, eould most likely need the 1.0.6 ipa :)Quote:
Originally Posted by eMagic
@eMagic: unfortunately the newer releases aren't useful, but thanks for trying to help. The older ones weren't properly obfuscated, so I can reverse them and get an unobfuscated copy of the client's source code, which would shed extensive light on how most (if not all) the game functions are implemented.
I'll also need access to an iOS device that's on iOS 7 (or possibly 8, but I'm not 100%) which has been jailbroken, if that's something you can help with, I'll keep you posted. The .IPA is encrypted and it needs to be dumped from memory on an actual device that's capable of running it.
This seemed to spit out some stuff(can extract .ipa): DMG Extractor free download - extract DMG files on WindowsQuote:
Originally Posted by scottstamp851
How to peek into air app?
https://forum.ragezone.com/cache.php...%2FtztbGbI.png
Extract "HabboAir", it should contain the 'native' code, I wouldn't know how to read from it though :[
[s]That's the payload file inside the app itself, which actually has all the useful shit in it. Hmm. I might see if I can repack it and get it working.[/s]Quote:
Originally Posted by Arachis
Never mind, supporting files are totally different between versions. Can't repack. :(
HabboTablet.swf is the stub file, it's got all the unobfuscated objects, but no code. The code is cross-compiled to native ARMv7 (v9?) instructions, that's held inside HabboAir, which is annoying encrypted. IDA Pro can handle it once it's been decrypted by an iOS device but without the .ipa packaging I don't know how to actually decompile it. I know someone who might know how, though. I'll ask him later.
Btw, you can't put the SWF through AS3 Sorcerer / SoThink, the AIR bytecode is slightly different than standard AVM bytecode. ASV supports it (kind of), though.
Raspberry Pi is ARM.
Sure is, this won't run on it though. Apple's using some proprietary instructions. Kind of annoying, but meh. You need to use an iOS device to decrypt these binaries, it's a DRM thing.Quote:
Originally Posted by The General
Yo, how did Oleg just get the names, they're located in the ABC blocks but that is what gets translated to ARM right? Did I misinterpret something man
Binary data contained the names if I recall correctly.Quote:
Originally Posted by Arachis
No worries, it's easy to get confused. The SWF is a stub, it's just class and method names, and the ARM native instruction stack contains pointers to the SWF stubs. No idea why they do it that way, but we don't question Adobe. They've got enough problems as it is.Quote:
Originally Posted by Arachis
ASV can pull the ABC blocks apart in these SWFs, and read out translated stubs as AS3 code. You could probably do it manually also, not sure. I wrote some tooling that helped with it a few months ago when Oleg first sent me this stuff but I'm next to certain I've since formatted the disk it was on. v_v
The only way to get the actual AS3 code back from this is to decrypt it with an iOS device first (which requires the entire .ipa file), then run the decrypted memory dump through some reversing tools. Or do it the old-fashioned way with IDA Pro and just trace the instruction stack.
Dissembled to pure Binary...
Found Names:
MuteAllInRoomComposer
GetEmailStatusComposer
RemoveSaddleFromPetMessageComposer
ForwardToARoomPromotedMessageComposer
CustomizePetWithFurniComposer
SetRelationshipStatusMessageComposer
GetNowPlayingMessageComposer
ExtendRentOrBuyoutStripItemMessageComposer
Game2RequestFullStatusUpdateMessageComposer
GetRentOrBuyoutOfferMessageComposer
ShoutMessageComposer
DeletePendingCallsForHelpMessageComposer
LeaveQueueMessageComposer
GetGuildCreationInfoMessageComposer
GetConcurrentUsersGoalProgressMessageComposer
Game2QuickJoinGameMessageComposer
LibraryProgressEvent ~ Don't know what this is for.
DisconnectReasonEvent
PingMessageEvent
RoomEngineToWidgetEvent
UserChangeMessageEvent
FurnitureAliasesMessageEvent
RoomSessionPropertyUpdateEvent
RoomSessionQueueEvent
RoomSessionPresentEvent
RoomSessionDimmerPresetsMessageEvent
GetGuestRoomResultEvent
FloorHeightMapMessageEvent
ProductOfferEvent
I'll keep updating when I find more...
Release the disassembled pure binary!Quote:
Originally Posted by Wotsuba
I'll release it after removing the unnecessary shit known as bullshit.Quote:
Originally Posted by Dominicus