Patch bots [Plus Emulator]

[EvilCoder]

Hi all,

RELEASE63-201405071257-197450526

A very easy and small fix to patch these "bots" everybody is releasing now these days.

I don't know if Habbo uses the same packet ID for these things. But as the most of you know there is packet with number 340. This will send the variables.txt location which you are currently using.

Bots do not have external_variables, bots are being send on another way. There for you can use this packet in order to check your variables link.

How do I install it?
Browse to "Events.cs" and Add the following packet in the list:

Code:

internal static int ClientVars = 340;

Now browse to StaticClientMessageHandler.cs and Search for:

Code:

handlers.Add(Incoming.LoadProfile, new StaticRequestHandler(SharedPacketLib.LoadProfile));

Paste the following rule after this line:

Code:

handlers.Add(Incoming.ClientVars, new StaticRequestHandler(SharedPacketLib.CheckClientVars));

Now go to "Requests->Users.cs" and find "GetBalance()". Paste this new internal void there.

Code:

internal void CheckClientVars()
        {
            string unnecessaryJunk = Request.PopFixedString();
            string RequestedVariables = Request.PopFixedString();

            if (RequestedVariables == "" || !RequestedVariables.Contains("external_variables.txt"))
            {
                Silverwave.Core.Logging.WriteLine("[ClientMgr] User tried to authenticate without the real external variables from this hotel - request has been blocked.");
                Session.Disconnect();

                return;
            }
        }

Also add this to your sharedlib:

Code:

internal static void ClientVars(GameClientMessageHandler handler)
        {
            handler.ClientVars();
        }

Make sure your variables "contains" ..../external_variables.txt" or change the "Contains" part in the "void CheckClientVars()".

Credits to:
@Mextur -> Teaching me .NET in the first place.
@EvilCoder {me} (I like to mess around with unused packets. I found this one during my unhandled packetlog)
@Bjork (Finding the necassery structure (not 1 string, but 2) thx).

Don't forget the thx button ++ This is not a permanent fix. But the released bots for now are patched!

Kind regards,
Mikey

[MentaL]

[Rush Retros]

This is preatty good thank u vm :)

[Bjork]

Good idea but it's making a packeterror when connecting

[Receiver]

Thanks for this as its very helpful to the members that use Plus Emulator.

[EvilCoder]

Good idea but it's making a packeterror when connecting

What does the packeterror say? If you post me the error I will try to make a scenario and fix this.

[Bjork]

It need two strings, the second contains the external_variables link.

And "Session.GetHabbo().Username" makes the packeterror

Like this, it seems to be working:

Code:

internal void CheckClientVars()
        {
            string Junk = Request.PopFixedString();
            string RequestedVariables = Request.PopFixedString();

            if (!RequestedVariables.Contains("external_variables.txt"))
            {
                Session.Disconnect();
                return;
            }            
        }

[EvilCoder]

What you also could do is make it:

Code:

if (RequestedVariables != "" && !RequestedVariables.Contains("external_variables.txt"))

- - - Updated - - -

It need two strings, the second contains the external_variables link.

And "Session.GetHabbo().Username" makes the packeterror

Like this, it seems to be working:

Code:

internal void CheckClientVars()
        {
            string Junk = Request.PopFixedString();
            string RequestedVariables = Request.PopFixedString();

            if (!RequestedVariables.Contains("external_variables.txt"))
            {
                Session.Disconnect();
                return;
            }            
        }

I see.. Then remove that part and make it say:

Code:

Silverwave.Core.Logging.LogException("User tried to authenticate without the real external variables from this hotel - this has been blocked.");

- - - Updated - - -

It need two strings, the second contains the external_variables link.

And "Session.GetHabbo().Username" makes the packeterror

Like this, it seems to be working:

Code:

internal void CheckClientVars()
        {
            string Junk = Request.PopFixedString();
            string RequestedVariables = Request.PopFixedString();

            if (!RequestedVariables.Contains("external_variables.txt"))
            {
                Session.Disconnect();
                return;
            }            
        }

Also updated the function in main thread. Thanks!

- - - Updated - - -

Gosh I hate bots like hell... People who invented this should not share this. All the noobs are now downloading this program and spamming hotels. So annoying.

[SuklaaVene]

Is this possible on r63a? Example Phoenix.

[EvilCoder]

Is this possible on r63a? Example Phoenix.

It should be, log your packets during login. And look if you see an unhandled packet saying the link of your external variables. If so, you need to use the "number" in front of that message. That would be the correct packetnumber.

You could even check the "base" location. Which is the buzzhotel.info/game/ link in the screenshot, and the "unnecessaryJunk" string var.

[SuklaaVene]

It should be, log your packets during login. And look if you see an unhandled packet saying the link of your external variables. If so, you need to use the "number" in front of that message. That would be the correct packetnumber.

You could even check the "base" location. Which is the buzzhotel.info/game/ link in the screenshot, and the "unnecessaryJunk" string var.

Tested it out. God dam there isin't that packet! ;(

EDIT: Only 482 isin't handled and its EventLogMessageEvent

EDIT2: Too 3110 and its GetMOTDMessageEvent sooo... not important.

[ThuGie]

Wait, Couldn't they just add this packet to the bot ?

[Troll Hotel]

You also need to add

Code:

internal static void ClientVars(GameClientMessageHandler handler)
        {
            handler.ClientVars();
        }

to your sharedpacketlib.cs

[GrateZ4]

Or just fix a captcha for your register :)

[Arachis]

Not sure if the original hotel was also using this as a security measure, but you could get around it, by just doing the exact same thing the client would do:


Of course, you'd need to adjust it to the hotel's 'ext_vars' link. There really isn't a way to patch these types of bots, but you could make it harder/troublesome for the user by hiding this type of information from the user.

[Emily]

Isn't there something called external variables override? :)

[The General]

Seriously? You think this is going to prevent any bots from popping up in your hotel?

They just have to modify their program so it sends the external_variables.

Why aren't you guys smarter. Why not put a time limit on how long the SSO can stays valid. The SSO gets updated in the users table once the client loads and then it connects to the emulator.
About 20 seconds tops.

There are other ways to verify if the client is a bot or not. MUS / RCON for example.

Think out of the box and not any hardcoded stuff.

[AKllX]

Asking an user a simple question using the Habbo Poll system on every login is enough to avoid 100% of the current bots mechanisms. It's easy to patch, but still.

[Rush Retros]

Asking an user a simple question using the Habbo Poll system on every login is enough to avoid 100% of the current bots mechanisms. It's easy to patch, but still.

Sry to going off topic lol but do u still develop or did u completly stop ?

[AKllX]

Sry to going off topic lol but do u still develop or did u completly stop ?

I work/study 12 hours a day. Althrough I enjoy reversing Habbo, I'm 20 yo already, the game itself is for teens. I only played it for the girls. I didn't stop but my free time is very limited. I'm planning something cool for my next vacation. On my last one I revised Plus Emulator. I don't really do release a lot of useful material but the ones I make proved to be well accepted. Looking foward for the next one

[EvilCoder]

Seriously? You think this is going to prevent any bots from popping up in your hotel?

They just have to modify their program so it sends the external_variables.

Why aren't you guys smarter. Why not put a time limit on how long the SSO can stays valid. The SSO gets updated in the users table once the client loads and then it connects to the emulator.
About 20 seconds tops.

There are other ways to verify if the client is a bot or not. MUS / RCON for example.

Think out of the box and not any hardcoded stuff.

I said it was a small fix. I did not said it was a permanent fix. This is just temporarily. I also posted that the noobs are entering your hotel with these bots. They don't know how to fix this. Unless somebody posts another bot which has this prevented. In that case I will find something else. I don't really care. I can have other fixes posted for example only 2 session per ip. Or re-create the ipban. Which then will kill all the clients with the ip also, instead of just banning them. It really does not matter, like I said it was a temp fix.

- - - Updated - - -

You also need to add

Code:

internal static void ClientVars(GameClientMessageHandler handler)
        {
            handler.ClientVars();
        }

to your sharedpacketlib.cs

Thanks I forgot this.

- - - Updated - - -

Not sure if the original hotel was also using this as a security measure, but you could get around it, by just doing the exact same thing the client would do:


Of course, you'd need to adjust it to the hotel's 'ext_vars' link. There really isn't a way to patch these types of bots, but you could make it harder/troublesome for the user by hiding this type of information from the user.

There is another packet which checks your user_agent. Don't seem to remember which one that was. Could you also fake that one? You probably can right? Because the client is sending the user_agent to the emulator. What the client can do the bot program also can do.

[Emily]

There is another packet which checks your user_agent. Don't seem to remember which one that was. Could you also fake that one? You probably can right? Because the client is sending the user_agent to the emulator. What the client can do the bot program also can do.

Just saying, you can't protect it by any packet, since a good packetlogger/scripter can send packets to the server. That way, it can easily be bypassed :) You can always fake packets. It's for the emulator developers to find a way to protect false data from being used.

[Arachis]

There is another packet which checks your user_agent. Don't seem to remember which one that was. Could you also fake that one? You probably can right? Because the client is sending the user_agent to the emulator. What the client can do the bot program also can do.

Habbo uses a ping/pong system to check whether the client is alive, you can have the server send a packet to the client and wait for a certain callback. If the client doesn't respond with 'x', then disconnect the client. This can also be simulated by a 3rd party, but the only thing you can really do is make it more annoying to the attacker.(Or you can allow 1 active session per IP like you've stated.)

[The General]

How about you encrypt the SSO and send the encryption key via MUS so you can decrypt it.

His cheap bot tool cannot connect to MUS so it can never spoof it or log it.

[MrPudding]

How about you encrypt the SSO and send the encryption key via MUS so you can decrypt it.

His cheap bot tool cannot connect to MUS so it can never spoof it or log it.

Or 1 gameclient per IP.., that could also be a small fix

[Kristophers]

Oor would this be possible as soon as you sign in the cms it triggers the enum (0,1) 0 mean off the cms and 1 meaning on and run the check every 3 mins and if you are signed out it will disconnect you. Or add code into the emulator to run the check upon entering client? Or say fuck retrolist and add a captcha on the client file to enter the client?