SWF Revision Exploit Fix

[SOUL]

Howdy,

The global variable "PlusEnvironment.SWFRevision" displays your hotel's current revision on the "about command" and users can send a new string to the server which replaces the SWF Revision string. It isn't the biggest exploit although didn't get much attention.
Tested it on Peace and a few others quite surprised they haven't patched it yet , will leave this here simply for proof not going to post more as it's nothing to gloat about..

Here's the fix

• Locate the file 'GetClientVersionEvent.cs' -Communication > Packets > Incoming > Handshake
• Replace the class content with the code below.

Spoiler: Code

using Plus.HabboHotel.GameClients;using Plus.Communication.Packets.Incoming;


namespace Plus.Communication.Packets.Incoming.Handshake
{
public class GetClientVersionEvent : IPacketEvent
{
public void Parse(GameClient Session, ClientPacket Packet)
{
string Build = Packet.PopString();


if (!Build.ToLower().StartsWith("production"))
return;


Session.SWFRevision = Build;
}
}
}

• Locate file "GameClient.cs" - HabboHotel > GameClients
• Find "private readonly int _id;" (at top) and above it, add the code:

Spoiler: Code

internal string SWFRevision { get; set; }

• Save the file.
• Locate the file "InfoCommand.cs" - HabboHotel > Rooms > Chat > Commands > User
• Search for

Spoiler: Code

PlusEnvironment.SWFRevision

• Replace with

Spoiler: Code

Session.SWFRevision

Or you could just remove it as showing your revision isn't necessary but that's down to you.

 

[Joe]

Saw this on a rival around 3 months ago, surprised it wasn't added to the latest revisions. Not entirely sure what it does but it's worth adding!

 

[SOUL]

Saw this on a rival around 3 months ago, surprised it wasn't added to the latest revisions. Not entirely sure what it does but it's worth adding!

Think theres a new anti script system in new revisions

And this fix changes the global variable to a session so when a user sends a string to the server it will only be visible to him

 

[Berk]

How do you send the devbest proof thing? I wish to know

 

[SOUL]

How do you send the devbest proof thing? I wish to know

Get the header id then send a string (I'ts server side) simple as that (Requires a packet logger)

 

[Core]

What's wrong with sending
production devbest proof devbest proof devbest proof devbest proof

still exploiting?

Why not just do what it's actual purpose is and have static build reversion and check against it. If it's wrong disconnect client.

 

[SOUL]

What's wrong with sending
production devbest proof devbest proof devbest proof devbest proof

still exploiting?

Don't cry it only appeared for roughly 1 minute as when a user enters the client the string will be reverted.

Why not just do what it's actual purpose is and have static build reversion and check against it. If it's wrong disconnect client.

And could do that although it's funnier knowing skids idiotically think the new string is showing for the whole server when it's just showing for them
Also that is not it's purpose hence why users can exploit it , it's still the same in new revisions although they have a anti-script system so it doesn't matter. It's simply there so users can show of what revision they're on.