HLog - Habbo Hotel Packetlogger

[PeanutButterHam]

Hey guys, I've made two very basic loggers for Habbo, I saw that general guy asking for one in a thread so I thought I'd post it here, also because I won't be working on Tanji for a while. Actually there are two of them, one of them is using the same UI as the logger in Tanji, and the other is just a simple console app writing to a file as it reads data.

TheClient

Spoiler

HLog

Spoiler

This thread isn't intended to be kept updated, just a single release for those who need it. [STRIKE]If you men want the source, I'll get back to that tomorrow, I shall enjoy a nap for now.[/STRIKE] The source code for both applications have been added below as an attachment.

Requirements(Binary Use):

• .NET Framework 4.6

Requirements(Source Use):

• IDE with C# 6.0 support

 

[Emily]

Let's see how long this one will be working fellas. Looking good, will def. start logging now.

 

[Reboot Retro]

Would be nice if you could release the source...

 

[PeanutButterHam]

Would be nice if you could release the source...

The source code has been added, unfortunately the code was written in VS15 using the C#6 features. If you're using any version other than 2015, you will have to do some very minor​ refactoring.

---

Let's see how long this one will be working fellas. Looking good, will def. start logging now.

Well Tanji is still working, and I made that like a couple of months ago, probably even a year already. This will most likely continue to work, unless someone decides to bot the tits out of the hotel again.

 

[The General]

@Arachis

Not sure the correct way to open things but:

It sits there on replacing client for a long time.

Also visiting Habbo.com gives me a blank page.

 

[PeanutButterHam]

@Arachis
Not sure the correct way to open things but:
It sits there on replacing client for a long time.
Also visiting Habbo.com gives me a blank page.

If you're using Chrome, make sure every proxy related extension is disabled, also make sure no proxy/VPN is running while attempting to connect.
If you're trying it on Habbo.com, and not ex.Habbo.com, then you will need to launch the application before logging in.
If the application is closed before being connected, it will not revert back the proxy settings. To fix this go to: Internet Options > Connections > LAN Settings > Uncheck 'Use a proxy server for your...'

If you can no longer open the hotel client because you ran this application go to: C:\Windows\System32\drivers\etc
Open the 'hosts' file with a text editor, and remove the lines in the file that contains the word '#Sulakore'.

---

The 'Replacing Client' step will also attempt to replace the RSA keys in the SWF, so this might take a while since it needs to iterate through all the tags to find the keys. This does take a while, but shouldn't take that long; Maybe about 4-8 seconds.

That sucks that you can't get it to work, since I mostly released this because I saw your post asking for a logger. The source is there though, so maybe it can help you understand to make your own; If you've got any questions regarding the handshake process, ask away, but I'm sure most of the people on here are very smart themselves about the subject.

---

PLEASE MAKE SURE 'makecert.exe' is in the same folder as the application, this is in-charge of creating a certificate, if you don't have this file it will not be able to intercept the traffic "successfully".

If you're using it from source, then simple go to: Solution Explorer > Right Click 'makecert.exe' > Properties > Set 'Copy To Output Directory' to 'Copy Always':

---

PS: AD BLOCKING EXTENSIONS DO NOT NEED TO BE DISBALED, THEY'RE FINE

 

[The General]

Managed to get it working. Thanks

EDIT:

Something I've noticed:

It doesn't really show the order / packetflow. For example I receive a lot of INCOMING and then a lot of OUTGOING even though I'm certain a lot of the INCOMING are responses from the server for client messages.

Maybe something you could improve : Perhaps limit the client sending packet so you can send one packet at each time and then analyze server response.

 

[PeanutButterHam]

Managed to get it working. Thanks

EDIT:

Something I've noticed:

It doesn't really show the order / packetflow. For example I receive a lot of INCOMING and then a lot of OUTGOING even though I'm certain a lot of the INCOMING are responses from the server for client messages.

Maybe something you could improve : Perhaps limit the client sending packet so you can send one packet at each time and then analyze server response.

So you suggest something like this:

1. Read outgoing data.
2. Once the client has sent a packet, wait until a response is given to continue reading more request/outgoing data?

The thing is, what if a response is never received, and even if I add a sort of timer to determine the max wait time, it will cause a delay in the flow of data itself, which is a no-no.

Do not worry brother, as the solution is simpler than you think, thread locking. For now as you may have noticed, packets are being received in their own thread, this will obviously cause a race condition to see which packet is displayed first.

The solution would probably look something like this:

(In my defense of using 'repetitive code', well I've got nothing, just too lazy to refactor it.)
Of course you can set up a little queue/read system in addition to the lock statement to continue reading more data quickly, all while staying in-order.

This is sort of how HLog is setup, but I just barely found out I forgot to lock the 'PushToQueue' method, whoops.

---

Can you maybe give me an example of where it does not come in-order, as I have zero experience with emulators and will most likely not realize what should come first/second, it would help me man.

 

[The General]

Well upon connecting I receive for example:

> Outgoing(4000 - 52) > [0][0][0]4 [0]!PRODUCTION-201506161211-776084490[0][5]FLASH[0][0][0][1][0][0][0][0]
---------------
> Outgoing(112 - 2) > [0][0][0][2][0]p
---------------
Processing Handshake...
---------------
< Incoming(2172 - 518) < [0][0][2][6][8]|[1][0]58f067b301041a5cc1a604513b1c769d8d0752a367dc92b343a4c0959461bae9c82292796601b87e6d23286acaf247582c132fc1b2e31eb68e616052f332af48813b4cc3775bdfbed7a3c94d30926f2d6afecde7e8d512f81c0c23763d3a65c7e967a95893bb0dc203c6996854d26d70ba79a595512241902db90ab2399f8355[1][0]102fc444ed067ea931285a3d74cf757f916c3674cf690d01d7af09f7f0f3c02d1c8d63e57043a1558d4fe22d628f966dd38150d2983ba6ce97e46872a6b0752b5d392a0061d39dd2c4873632757b33a9bf7e5fa2cbddb3c96a94412997fb965bdca268b8a582f11e0ec836421dc6a0f24bbc7f6b6a225c6a2f9cb29d7285788a
---------------
> Outgoing(3713 - 260) > [0][0][1][4][1][0]df278f61c1adeeadb446eea92daef9bf0f55a5bd009a5a69446a9d28e4b65b1c05d1f0791b117cd0d2e97f0d8e8b734cc56ad90f35a32157d3af2044c92a429c4da34d6cf99018fb4199f3284c4478760bbc1f5d78361c120f795ff2089d70a0a1260a293f3ca4b32302238f484fabf5b311757c8acc06a9994f953da8b21b29
---------------
< Incoming(690 - 261) < [0][0][1][5][2]²[1][0]61defc11c75d4a164e158f60381d5c4dc39d97421d0cdc88e3461c7d71717bbfd6e8004f03a1972956bf3f23132ed2cafe034cda97a2a7a79c2208fbf772f3d6a264c3b0fb129865333252ed223a8bc94b258bb32456de6bb1560956a50cc1c3021a29c126c042ba23b7acc27e441d7533bbb6d305fdc7770dae5230f64932ba[1]
---------------
Handshake Finished!
---------------
> Outgoing(881 - 171) > [0][0][0]«[3]q[0][0][1]‘[0]Ghttps://habboo-a.akamaihd.net/gordon/PRODUCTION-201506161211-776084490/[0]Zhttps://www.habbo.com/gamedata/external_variables/00667976af31cf436536685496ee0aaa9a3d77fc
---------------
> Outgoing(135 - 114) > [0][0][0]r[0]‡[0]////
---------------
> Outgoing(2649 - 53) > [0][0][0]5[10]Y[0]////[0][0]Ÿ
---------------
< Incoming(3151 - 2) < [0][0][0][2][12]O
---------------
< Incoming(689 - 6) < [0][0][0][6][2]±[0][0][0][0]
---------------
< Incoming(1773 - 18) < [0][0][0][6]í[0][0][0][1][0][0][0][4][0][0][0][1][0][0][0]Ø
---------------
< Incoming(3281 - 10) < [0][0][0][10][12]Ñ[0][0][0][0][0][0][0][0]
---------------
< Incoming(2895 - 6) < [0][0][0][6][11]O[0][0][0][0]
---------------
< Incoming(2895 - 6) < [0][0][0][6][11]O[0][0][0][0]
---------------
< Incoming(2895 - 6) < [0][0][0][6][11]O[0][0][0][0]
---------------
< Incoming(2895 - 6) < [0][0][0][6][11]O[0][0][0][0]
---------------
< Incoming(2895 - 6) < [0][0][0][6][11]O[0][0][0][0]
---------------
< Incoming(2895 - 6) < [0][0][0][6][11]O[0][0][0][0]
---------------
< Incoming(2895 - 6) < [0][0][0][6][11]O[0][0][0][0]
---------------
< Incoming(2895 - 6) < [0][0][0][6][11]O[0][0][0][0]
---------------
< Incoming(2895 - 6) < [0][0][0][6][11]O[0][0][0][0]
---------------
< Incoming(3978 - 6) < [0][0][0][6]Š[0][0][0][0]
---------------
< Incoming(925 - 11) < [0][0][0][11][3][0][0][0][0][0][0][0][0][0]
---------------
< Incoming(820 - 5) < [0][0][0][5][3]4[1][0][1]
---------------
< Incoming(1711 - 3) < [0][0][0][3][6]¯[1]
---------------
< Incoming(74 - 94) < [0][0][0]^[0]J[0][0][0][11][0][0][0][0][0][0][2]Š[0][0][0][1][0][0][0][0][0][0][0][2][0][0][0][0][0][0][0][3][0][0][0][0][0][0][0][4][0][0][0][0][0][0][0][5][0][0][0][0][0][0][0]e[0][0][0][0][0][0][0]f[0][0][0][0][0][0][0]g[0][0][0][0][0][0][0]h[0][0][0][0][0][0][0]i[0][0][0][0]
---------------
< Incoming(1560 - 6) < [0][0][0][6][6][0][0][3]µ
---------------
< Incoming(1719 - 3) < [0][0][0][3][6]·[0]
---------------
< Incoming(1474 - 6) < [0][0][0][6][5]Â[0][0][0][0]
---------------
< Incoming(2920 - 18) < [0][0][0][11]h[0][0][0][0][0][0][0]d[0][1]† [0][0][0][0]
---------------
< Incoming(2159 - 10) < [0][0][0][10][8]o[3]½ì[0][0][0][0]
---------------
< Incoming(3455 - 10) < [0][0][0][10][13][0][0][0][0][0][0][0]
---------------
> Outgoing(2269 - 48) > [0][0][0]0[8]Ý[0],2013-05-08 13:00,gamesmaker;2013-05-11 13:00
---------------
> Outgoing(1465 - 2) > [0][0][0][2][5]¹
---------------
< Incoming(986 - 50) < [0][0][0]2[3]Ú[0],2013-05-08 13:00,gamesmaker;2013-05-11 13:00[0][0]
---------------
> Outgoing(1465 - 2) > [0][0][0][2][5]¹
---------------
> Outgoing(3975 - 2) > [0][0][0][2]‡
---------------
> Outgoing(2269 - 36) > [0][0][0]$[8]Ý[0] 2015-06-01 00:00,jurassic15furni
---------------
> Outgoing(2269 - 36) > [0][0][0]$[8]Ý[0] 2015-05-11 09:00,jurassic15furni
---------------
> Outgoing(2269 - 30) > [0][0][0][8]Ý[0]2015-04-12 19:00,smallpool
---------------
> Outgoing(2269 - 4) > [0][0][0][4][8]Ý[0][0]
---------------
> Outgoing(2173 - 2) > [0][0][0][2][8]}
---------------
> Outgoing(3747 - 39) > [0][0][0]'£[0][5]Login[0][6]socket[0]client.auth_ok[0][0][0][0][0][0]
---------------
> Outgoing(1043 - 2) > [0][0][0][2][4]
---------------
> Outgoing(275 - 2) > [0][0][0][2][1]
---------------
> Outgoing(2537 - 2) > [0][0][0][2][9]é
---------------
> Outgoing(2072 - 2) > [0][0][0][2][8]
---------------
> Outgoing(1121 - 2) > [0][0][0][2][4]a
---------------
> Outgoing(2838 - 2) > [0][0][0][2][11]
---------------
> Outgoing(3785 - 14) > [0][0][0]É[0][10]habbo_club
---------------
> Outgoing(392 - 2) > [0][0][0][2][1]ˆ

As you can see there are a lot of incoming packets logged first, after then a lot of outgoing. I'm absolutely convinced that this is not exactly the dataflow in the client.

So you suggest something like this:
Read outgoing data.
Once the client has sent a packet, wait until a response is given to continue reading more request/outgoing data?

Yes exactly this.

The thing is, what if a response is never received, and even if I add a sort of timer to determine the max wait time, it will cause a delay in the flow of data itself, which is a no-no.

Don't worry about that, there is always a chance it is never received even with no packetlogger. Chances are slim so it is most likely not going to happen. Adding a delay of 300ms between each packet send to the client could log the dataflow in a better way.

I don't think the solution with locks will work as big data packets from the server may take longer to send to the client and therefor end up after another client packet.

 

[PeanutButterHam]

Well upon connecting I receive for example:

> Outgoing(4000 - 52) > [0][0][0]4 [0]!PRODUCTION-201506161211-776084490[0][5]FLASH[0][0][0][1][0][0][0][0]
---------------
> Outgoing(112 - 2) > [0][0][0][2][0]p
---------------
Processing Handshake...
---------------
< Incoming(2172 - 518) < [0][0][2][6][8]|[1][0]58f067b301041a5cc1a604513b1c769d8d0752a367dc92b343a4c0959461bae9c82292796601b87e6d23286acaf247582c132fc1b2e31eb68e616052f332af48813b4cc3775bdfbed7a3c94d30926f2d6afecde7e8d512f81c0c23763d3a65c7e967a95893bb0dc203c6996854d26d70ba79a595512241902db90ab2399f8355[1][0]102fc444ed067ea931285a3d74cf757f916c3674cf690d01d7af09f7f0f3c02d1c8d63e57043a1558d4fe22d628f966dd38150d2983ba6ce97e46872a6b0752b5d392a0061d39dd2c4873632757b33a9bf7e5fa2cbddb3c96a94412997fb965bdca268b8a582f11e0ec836421dc6a0f24bbc7f6b6a225c6a2f9cb29d7285788a
---------------
> Outgoing(3713 - 260) > [0][0][1][4][1][0]df278f61c1adeeadb446eea92daef9bf0f55a5bd009a5a69446a9d28e4b65b1c05d1f0791b117cd0d2e97f0d8e8b734cc56ad90f35a32157d3af2044c92a429c4da34d6cf99018fb4199f3284c4478760bbc1f5d78361c120f795ff2089d70a0a1260a293f3ca4b32302238f484fabf5b311757c8acc06a9994f953da8b21b29
---------------
< Incoming(690 - 261) < [0][0][1][5][2]²[1][0]61defc11c75d4a164e158f60381d5c4dc39d97421d0cdc88e3461c7d71717bbfd6e8004f03a1972956bf3f23132ed2cafe034cda97a2a7a79c2208fbf772f3d6a264c3b0fb129865333252ed223a8bc94b258bb32456de6bb1560956a50cc1c3021a29c126c042ba23b7acc27e441d7533bbb6d305fdc7770dae5230f64932ba[1]
---------------
Handshake Finished!
---------------
> Outgoing(881 - 171) > [0][0][0]«[3]q[0][0][1]‘[0]Ghttps://habboo-a.akamaihd.net/gordon/PRODUCTION-201506161211-776084490/[0]Zhttps://www.habbo.com/gamedata/external_variables/00667976af31cf436536685496ee0aaa9a3d77fc
---------------
> Outgoing(135 - 114) > [0][0][0]r[0]‡[0]////
---------------
> Outgoing(2649 - 53) > [0][0][0]5[10]Y[0]////[0][0]Ÿ
---------------
< Incoming(3151 - 2) < [0][0][0][2][12]O
---------------
< Incoming(689 - 6) < [0][0][0][6][2]±[0][0][0][0]
---------------
< Incoming(1773 - 18) < [0][0][0][6]í[0][0][0][1][0][0][0][4][0][0][0][1][0][0][0]Ø
---------------
< Incoming(3281 - 10) < [0][0][0][10][12]Ñ[0][0][0][0][0][0][0][0]
---------------
< Incoming(2895 - 6) < [0][0][0][6][11]O[0][0][0][0]
---------------
< Incoming(2895 - 6) < [0][0][0][6][11]O[0][0][0][0]
---------------
< Incoming(2895 - 6) < [0][0][0][6][11]O[0][0][0][0]
---------------
< Incoming(2895 - 6) < [0][0][0][6][11]O[0][0][0][0]
---------------
< Incoming(2895 - 6) < [0][0][0][6][11]O[0][0][0][0]
---------------
< Incoming(2895 - 6) < [0][0][0][6][11]O[0][0][0][0]
---------------
< Incoming(2895 - 6) < [0][0][0][6][11]O[0][0][0][0]
---------------
< Incoming(2895 - 6) < [0][0][0][6][11]O[0][0][0][0]
---------------
< Incoming(2895 - 6) < [0][0][0][6][11]O[0][0][0][0]
---------------
< Incoming(3978 - 6) < [0][0][0][6]Š[0][0][0][0]
---------------
< Incoming(925 - 11) < [0][0][0][11][3][0][0][0][0][0][0][0][0][0]
---------------
< Incoming(820 - 5) < [0][0][0][5][3]4[1][0][1]
---------------
< Incoming(1711 - 3) < [0][0][0][3][6]¯[1]
---------------
< Incoming(74 - 94) < [0][0][0]^[0]J[0][0][0][11][0][0][0][0][0][0][2]Š[0][0][0][1][0][0][0][0][0][0][0][2][0][0][0][0][0][0][0][3][0][0][0][0][0][0][0][4][0][0][0][0][0][0][0][5][0][0][0][0][0][0][0]e[0][0][0][0][0][0][0]f[0][0][0][0][0][0][0]g[0][0][0][0][0][0][0]h[0][0][0][0][0][0][0]i[0][0][0][0]
---------------
< Incoming(1560 - 6) < [0][0][0][6][6][0][0][3]µ
---------------
< Incoming(1719 - 3) < [0][0][0][3][6]·[0]
---------------
< Incoming(1474 - 6) < [0][0][0][6][5]Â[0][0][0][0]
---------------
< Incoming(2920 - 18) < [0][0][0][11]h[0][0][0][0][0][0][0]d[0][1]† [0][0][0][0]
---------------
< Incoming(2159 - 10) < [0][0][0][10][8]o[3]½ì[0][0][0][0]
---------------
< Incoming(3455 - 10) < [0][0][0][10][13][0][0][0][0][0][0][0]
---------------
> Outgoing(2269 - 48) > [0][0][0]0[8]Ý[0],2013-05-08 13:00,gamesmaker;2013-05-11 13:00
---------------
> Outgoing(1465 - 2) > [0][0][0][2][5]¹
---------------
< Incoming(986 - 50) < [0][0][0]2[3]Ú[0],2013-05-08 13:00,gamesmaker;2013-05-11 13:00[0][0]
---------------
> Outgoing(1465 - 2) > [0][0][0][2][5]¹
---------------
> Outgoing(3975 - 2) > [0][0][0][2]‡
---------------
> Outgoing(2269 - 36) > [0][0][0]$[8]Ý[0] 2015-06-01 00:00,jurassic15furni
---------------
> Outgoing(2269 - 36) > [0][0][0]$[8]Ý[0] 2015-05-11 09:00,jurassic15furni
---------------
> Outgoing(2269 - 30) > [0][0][0][8]Ý[0]2015-04-12 19:00,smallpool
---------------
> Outgoing(2269 - 4) > [0][0][0][4][8]Ý[0][0]
---------------
> Outgoing(2173 - 2) > [0][0][0][2][8]}
---------------
> Outgoing(3747 - 39) > [0][0][0]'£[0][5]Login[0][6]socket[0]client.auth_ok[0][0][0][0][0][0]
---------------
> Outgoing(1043 - 2) > [0][0][0][2][4]
---------------
> Outgoing(275 - 2) > [0][0][0][2][1]
---------------
> Outgoing(2537 - 2) > [0][0][0][2][9]é
---------------
> Outgoing(2072 - 2) > [0][0][0][2][8]
---------------
> Outgoing(1121 - 2) > [0][0][0][2][4]a
---------------
> Outgoing(2838 - 2) > [0][0][0][2][11]
---------------
> Outgoing(3785 - 14) > [0][0][0]É[0][10]habbo_club
---------------
> Outgoing(392 - 2) > [0][0][0][2][1]ˆ

As you can see there are a lot of incoming packets logged first, after then a lot of outgoing. I'm absolutely convinced that this is not exactly the dataflow in the client.

I was curious to see what the client received upon initially connecting, without the client itself requesting a response:

Spoiler

The console on the left was a direct connection to the game(no MITM stuff), the one on the right is the output log of 'The Client'. It seems to spit out responses even though a packet was never sent to the server.

---

I don't think the solution with locks will work as big data packets from the server may take longer to send to the client and therefor end up after another client packet.

The connection handler is built in a way that allows data to be modified/ignored, by default it will not continue reading data until it has been returned from the subscriber(event handler). Although, inside of the 'Data(Incoming/Outgoing)' event handler, you can call this method to continue reading data from the socket if you're gonna be doing a lot of work: e.ContinueRead()
Calling this method will still allow you to replace the data, and or block it.

This is how I have it setup internally to handle the data:

Spoiler

(Actually you might be right about sending big data causing another race condition, I should probably .Wait() the SendToClientAsync()​)

---

For those curious as to what is in Remote.ReceiveAsync():

Spoiler

This helps cut the data, and receives a standard habbo/wire block.

 

[Sharkoon]

Works fine for me. Thank you!