v28+ Shockwave - RC4 bypass patch [Lingo/CCT]

Results 1 to 1 of 1
  1. #1
    Club Slinky Helsinki Quackster is online now
    SubscriberRank
    Dec 2010 Join Date
    AustraliaLocation
    3,431Posts

    v28+ Shockwave - RC4 bypass patch [Lingo/CCT]

    Hello!

    This is a small release, but a rather useful one nonetheless.

    Ideally, working encryption in these versions would be more preferable but for the meantime there's now a way to bypass RC4 and being able to have the loading bar complete all the way.

    The way you bypass is when you recieve INIT_CRYPTO you send back the session parameters packet, like what Holograph and other servers from around that time do.

    What's the issue, exactly?

    There's no forced encryption, but bypassing it means the loading bar doesn't complete. The way the loading bar works in these versions is that there's certain "steps" to complete loading, such as the key exchange, initialising RC4 encryption and then logging in.

    This is what happens if you bypass without the patch, the loading bar (is also draggable, mind you) doesn't complete and sits on top of the chat every time you login.

    This release will fix the issue depicted below.



    How it works

    We simply attach this .cct into the load order and the client thinks its one of us, so once we receive login packet by server, we'll execute the events telling the client that the loading is done! No editing of official client files required.

    In theory, we could make this .cct hook into the other cast members and edit the script but there's anti-tamper checks all throughout the v28+ versions of the Habbo client so it's not possible.

    Code:
    on handleLoginOK me, tMsg 
      tConn = tMsg.connection
      
      if not tConn then
        return FALSE
      end if
      
      executeMessage(#loadingBarSetExtraTaskDone, #handshake2)
      executeMessage(#loadingBarSetExtraTaskDone, #login)
      return TRUE
    end
    
    on registerServerMessages me, tBool 
      tMsgs = [:]
      tMsgs.setaProp(3, #handleLoginOK)
      tCmds = [:]
      if tBool then
        registerListener(getVariable("connection.info.id", #info), me.getID(), tMsgs)
        registerCommands(getVariable("connection.info.id", #info), me.getID(), tCmds)
      else
        unregisterListener(getVariable("connection.info.id", #info), me.getID(), tMsgs)
        unregisterCommands(getVariable("connection.info.id", #info), me.getID(), tCmds)
      end if
      return TRUE
    end
    How to install

    Open your external variables (provided they are v28+ dcrs and dcrs only).

    Find the lines that say "cast.entry.x" for example:

    Code:
    cast.entry.38=hh_human_50_acc_eye
    If possible, find an available number that you can use for the cast.entry line, either that will be the next highest number out of the cast.entry lines or an unused number that's left a gap which is free for you to use.

    In my case, the next number I could use was 49.

    Add this line at the bottom, but replace the "x" with that number:

    Code:
    cast.entry.x=hh_encryption_bypass
    And move hh_encryption_bypass.cct into the same directory where fuse_client.cct sits and you're good!

    Download information

    The download includes the compiled .cct and the .cst with the Lingo script so you can fool around with it if you want.
    Attached Files Attached Files
    Last edited by Quackster; 15-01-22 at 07:02 AM.
    The Habbo archives: http://alex-dev.org/archive/




Advertisement