Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update? #25

Open
Shytkid opened this issue Oct 21, 2019 · 19 comments
Open

Update? #25

Shytkid opened this issue Oct 21, 2019 · 19 comments

Comments

@Shytkid
Copy link

Shytkid commented Oct 21, 2019

Hey man, you prob. got lots of stuff to do, and i'm really not a good programmer, so if you could let us know how long it will take you to update it, would be really cool.

Thanks for your work!
:)
@rnbhal
Copy link

rnbhal commented Oct 30, 2019

@xplodwild
will you be updating the app once again ?

@xplodwild
Copy link
Owner

@xplodwild
will you be updating the app once again ?

I'm on it right now.

@rnbhal
Copy link

rnbhal commented Oct 30, 2019

@xplodwild
will you be updating the app once again ?

I'm on it right now.

thank you!!

@Judako
Copy link

Judako commented Nov 3, 2019

@xplodwild Wow thank you sooo much! You’ve made a ton of us super happy coming back to this!!!

@xplodwild
Copy link
Owner

xplodwild commented Nov 3, 2019
edited
Loading

It's taking longer than expected, I don't have a lot of time to give to this, but I'll get to it eventually. Here's some tech details, in case someone wants to help:

  • Protocol is now using the "v5" endpoint
  • The Hash header is gone, and likely now included in the message itself

Here's a bunch of sample queries and the layout of the messages:

## TIME QUERY 1
/time

0000000000 0b 60 96 04 df d4 5e 56 6b 9f 41 10 f6 af 67 4f   .`....^Vk.A...gO
0000000010 46 6d 4e 51 c4 b1 60 1e 63 d3 04 95 f7 90 d8 0e   FmNQ..`.c.......
0000000020 03 f6 7b 93 de 5d 44 75 27 b7 31 c1 38 b7         ..{..]Du'.1.8.


HEADER (nonce?)
0b 60 96 04 df d4 5e 56 6b 9f 41 10

ENCRYPTED DATA: {}
f6 af

HMAC/Hash? 16 bytes
67 4f 46 6d 4e 51 c4 b1 60 1e 63 d3 04 95 f7 90

CHECKSUM
d8 0e 03 f6 7b 93 de 5d 44 75 27 b7 31 c1 38 b7

___________________________________________________________________________________________

## TIME QUERY 2
/time

0000000000 f0 6d 8e fc c0 af 30 ba 86 3f 5d 2b 93 f9 bc 9a   .m....0..?]+....
0000000010 f9 e9 08 fd 16 74 8e d1 6e b8 b7 2a e7 f6 d8 0e   .....t..n..*....
0000000020 03 f6 7b 93 de 5d 44 75 27 b7 31 c1 38 b7         ..{..]Du'.1.8.


HEADER (nonce?)
f0 6d 8e fc c0 af 30 ba 86 3f 5d 2b

ENCRYPTED DATA: {}
93 f9

HMAC/Hash? 16 bytes
f9 e9 08 fd 16 74 8e d1 6e b8 b7 2a e7 f6

CHECKSUM
d8 0e 03 f6 7b 93 de 5d 44 75 27 b7 31 c1 38 b7

___________________________________________________________________________________________


## MESSAGES LIST QUERY 1
/messages/list

HEADER (nonce?)
6c e0 42 7e ce 5a c2 15 56 48 ce 6b

ENCRYPTED DATA: {"UserId":"3de9e099-3127-11e9-bb76-0a76f5ced4a0"}  (0x31 = 49 characters)
cc 66 a2 13 87 17 a7 15 5c 11 34 0b 6f 8a ec 0e
42 af 69 13 88 30 58 62 9c a4 0e 78 0c 16 2f cd
9a 84 83 66 d0 43 83 4d 13 49 99 19 c1 01 b9 2c
03

HMAC/Hash? 16 bytes
4e 9e c7 82 d2 43 bf 82 b2 1a 7c 6b c2 2c 72 2f

CHECKSUM
d8 0e 03 f6 7b 93 de 5d 44 75 27 b7 31 c1 38 b7

One interesting fact is that the last 16 bytes are the same for both the /message/list query, and the /time query, although the query data (and the endpoint) is completely different.

Here's a dump of the Key and IV used for the encryption/decryption:

            var IV = new byte[]
            {
                0x29, 0x62, 0x3D, 0x74, 0x13, 0xE0, 0x88, 0x69, 0x67, 0x32, 0xCE, 0xF3, 0xAA, 0x6F, 0x9C, 0xE6
            };

            var Key = new byte[]
            {
                0x8C, 0x79, 0xF3, 0x01, 0x0C, 0x78, 0xC7, 0x8A, 0x68, 0x4E, 0x81, 0x84, 0x0D, 0xDC, 0x0E, 0x72,
                0xFC, 0xD2, 0xB7, 0x51, 0x1C, 0x42, 0x66, 0xB3, 0x0E, 0xB6, 0x06, 0x56, 0xF1, 0x98, 0x52, 0x18
            };

They are now using a custom class that encapsulate CryptoStream, that adds the various headers/checksums. It's a little bit more painful to trace streams, but not impossible, I just need to take time to label and trace calls to each methods and callbacks. I'm still not sure if they added XOR or if it's using some kind of HMAC authentication (or maybe this) though digging those calls will reveal that.

Will continue when I have some time again.

This was referenced Nov 3, 2019
Closed
Closed
Closed
Closed
Closed
Closed
@naameh2002
Copy link

Thanks for the effort. Any news on when we will get the updated tool?

@zengcheng0820
Copy link

I got "Failed to load game data: Post http://td-users2.babeltimeus.com/v4/loadsave: dial tcp: lookup td-users2.babeltimeus.com: no such host" while trying to add gems. Any idea why this happened?

@boika
Copy link

boika commented Jan 12, 2020

@xplodwild, are there any updates on cracking 'v5' protocol? If you succeed again, it will be very interesting to read article with tech details about new security changes.

Thanks for your time and great effort.

@CodeAcademyPRACTICE
Copy link

@xplodwild, do you still plan to update this?

@bosscarlos
Copy link

@xplodwild please update it. awake heroes will take years :( i want to compete in tournaments but is impossible to compete against max heroes with my trash one in high leagues,

@Jax442
Copy link

Jax442 commented Dec 2, 2020

@bosscarlos Look at https://github.com/Jax442/realm-defense-gem-cheat/blob/master/README.md for an alternative solution 😃

@xplodwild
Copy link
Owner

@Jax442 That's not a viable solution, especially since it requires a new account. Also, that many gems will likely get the account immediately flagged for cheat.

@bosscarlos
Copy link

@xplodwild is Safe, I had already done in my current account (i did before start playing xD), and i dont need the gems but the awaken tokens

@Jax442
Copy link

Jax442 commented Dec 2, 2020
edited
Loading

I have done this and its been fine for 1 year+, I'm just trying to offer people other solutions (I was really looking for one as well for a long time). Unfortunately your work is still outdated and has been for over 1.5 years 😢 . Just trying to help people that want it, not trying to brigade your awesome work.

@xplodwild is Safe, I had already done in my current account (i did before start playing xD), and i dont need the gems but the awaken tokens

@bosscarlos An easy way to get awaken tokens is during an event, buy the chests that come with it - you have unlimited gems pretty much. I bought like 1000 chests from the event using gems and they drop random awaken tokens and you can easily get all the heros to level 6/7 by spending like 1 mill gems on chests 😄

@andreuma
Copy link

I have done this and its been fine for 1 year+, I'm just trying to offer people other solutions (I was really looking for one as well for a long time). Unfortunately your work is still outdated and has been for over 1.5 years 😢 . Just trying to help people that want it, not trying to brigade your awesome work.

@xplodwild is Safe, I had already done in my current account (i did before start playing xD), and i dont need the gems but the awaken tokens

@bosscarlos An easy way to get awaken tokens is during an event, buy the chests that come with it - you have unlimited gems pretty much. I bought like 1000 chests from the event using gems and they drop random awaken tokens and you can easily get all the heros to level 6/7 by spending like 1 mill gems on chests 😄

Can u help me?i cant do it.
how can i contact you? pls

@tmt24030
Copy link

any news for the latest update?

@andreuma
Copy link

andreuma commented Aug 25, 2021 via email

@andreuma
Copy link

andreuma commented Aug 25, 2021 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
13 participants
@xplodwild @rnbhal @boika @bosscarlos @zengcheng0820 @Jax442 @Shytkid @Judako @naameh2002 @CodeAcademyPRACTICE @andreuma @tmt24030 and others