SWF Revision Exploit Fix

SOUL

┼ ┼ ┼
Nov 10, 2015
224
45
Howdy,

The global variable "PlusEnvironment.SWFRevision" displays your hotel's current revision on the "about command" and users can send a new string to the server which replaces the SWF Revision string. It isn't the biggest exploit although didn't get much attention.
Tested it on Peace and a few others quite surprised they haven't patched it yet , will leave this here simply for proof not going to post more as it's nothing to gloat about..

3987674f0b0d415b93e0d23615ca66ad.png


Here's the fix
  • Locate the file 'GetClientVersionEvent.cs' -Communication > Packets > Incoming > Handshake
  • Replace the class content with the code below.
using Plus.HabboHotel.GameClients;using Plus.Communication.Packets.Incoming;


namespace Plus.Communication.Packets.Incoming.Handshake
{
public class GetClientVersionEvent : IPacketEvent
{
public void Parse(GameClient Session, ClientPacket Packet)
{
string Build = Packet.PopString();


if (!Build.ToLower().StartsWith("production"))
return;


Session.SWFRevision = Build;
}
}
}

  • Locate file "GameClient.cs" - HabboHotel > GameClients
  • Find "private readonly int _id;" (at top) and above it, add the code:
internal string SWFRevision { get; set; }

  • Save the file.
  • Locate the file "InfoCommand.cs" - HabboHotel > Rooms > Chat > Commands > User
  • Search for
PlusEnvironment.SWFRevision

  • Replace with
Session.SWFRevision

Or you could just remove it as showing your revision isn't necessary but that's down to you.
 
Last edited:

Joe

Well-Known Member
Jun 10, 2012
4,172
1,955
Saw this on a rival around 3 months ago, surprised it wasn't added to the latest revisions. Not entirely sure what it does but it's worth adding!
 

SOUL

┼ ┼ ┼
Nov 10, 2015
224
45
Saw this on a rival around 3 months ago, surprised it wasn't added to the latest revisions. Not entirely sure what it does but it's worth adding!
Think theres a new anti script system in new revisions

And this fix changes the global variable to a session so when a user sends a string to the server it will only be visible to him
 

SOUL

┼ ┼ ┼
Nov 10, 2015
224
45
How do you send the devbest proof thing? I wish to know :p

Get the header id then send a string (I'ts server side) simple as that (Requires a packet logger)
 
Last edited:

Core

Member
Nov 10, 2016
356
138
What's wrong with sending
production devbest proof devbest proof devbest proof devbest proof

still exploiting?

Why not just do what it's actual purpose is and have static build reversion and check against it. If it's wrong disconnect client.
 

SOUL

┼ ┼ ┼
Nov 10, 2015
224
45
What's wrong with sending
production devbest proof devbest proof devbest proof devbest proof

still exploiting?

Don't cry it only appeared for roughly 1 minute as when a user enters the client the string will be reverted.

Why not just do what it's actual purpose is and have static build reversion and check against it. If it's wrong disconnect client.

And could do that although it's funnier knowing skids idiotically think the new string is showing for the whole server when it's just showing for them :lol:
Also that is not it's purpose hence why users can exploit it , it's still the same in new revisions although they have a anti-script system so it doesn't matter. It's simply there so users can show of what revision they're on.
 
Last edited:

Users who are viewing this thread

Top