Menu
Forums
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Trending
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Upgrades
Log in
Register
What's new
Search
Search
Search titles only
By:
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Menu
Log in
Register
Navigation
Install the app
Install
More options
Contact us
Close Menu
Forums
Server Development
Habbo Retros
Habbo Releases
SWF Revision Exploit Fix
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="SOUL" data-source="post: 406381" data-attributes="member: 64122"><p>Howdy,</p><p></p><p>The global variable "PlusEnvironment.SWFRevision" displays your hotel's current revision on the "about command" and users can send a new string to the server which replaces the SWF Revision string. It isn't the biggest exploit although didn't get much attention.</p><p>Tested it on Peace and a few others quite surprised they haven't patched it yet , will leave this here simply for proof not going to post more as it's nothing to gloat about..</p><p></p><p><img src="http://image.prntscr.com/image/3987674f0b0d415b93e0d23615ca66ad.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></p><p></p><p>Here's the fix</p><ul> <li data-xf-list-type="ul">Locate the file 'GetClientVersionEvent.cs' -<strong>Communication > Packets > Incoming > Handshake</strong></li> <li data-xf-list-type="ul">Replace the class content with the code below.</li> </ul><p>[SPOILER="Code"]</p><p>using Plus.HabboHotel.GameClients;using Plus.Communication.Packets.Incoming;</p><p></p><p></p><p>namespace Plus.Communication.Packets.Incoming.Handshake</p><p>{</p><p> public class GetClientVersionEvent : IPacketEvent</p><p> {</p><p> public void Parse(GameClient Session, ClientPacket Packet)</p><p> {</p><p> string Build = Packet.PopString();</p><p></p><p></p><p> if (!Build.ToLower().StartsWith("production"))</p><p> return;</p><p></p><p></p><p> Session.SWFRevision = Build;</p><p> }</p><p> }</p><p>}</p><p>[/SPOILER]</p><p></p><ul> <li data-xf-list-type="ul">Locate file "GameClient.cs" - <strong>HabboHotel > GameClients</strong></li> <li data-xf-list-type="ul">Find "private readonly int _id;" (at top) and above it, add the code:</li> </ul><p>[SPOILER="Code"]</p><p>internal string SWFRevision { get; set; }</p><p>[/SPOILER]</p><p></p><ul> <li data-xf-list-type="ul">Save the file.</li> <li data-xf-list-type="ul">Locate the file "InfoCommand.cs" - <strong>HabboHotel > Rooms > Chat > Commands > User</strong></li> <li data-xf-list-type="ul">Search for</li> </ul><p>[SPOILER="Code"]</p><p>PlusEnvironment.SWFRevision</p><p>[/SPOILER]</p><p></p><ul> <li data-xf-list-type="ul">Replace with</li> </ul><p>[SPOILER="Code"]</p><p>Session.SWFRevision</p><p>[/SPOILER]</p><p></p><p>Or you could just remove it as showing your revision isn't necessary but that's down to you.</p></blockquote><p></p>
[QUOTE="SOUL, post: 406381, member: 64122"] Howdy, The global variable "PlusEnvironment.SWFRevision" displays your hotel's current revision on the "about command" and users can send a new string to the server which replaces the SWF Revision string. It isn't the biggest exploit although didn't get much attention. Tested it on Peace and a few others quite surprised they haven't patched it yet , will leave this here simply for proof not going to post more as it's nothing to gloat about.. [IMG]http://image.prntscr.com/image/3987674f0b0d415b93e0d23615ca66ad.png[/IMG] Here's the fix [LIST] [*]Locate the file 'GetClientVersionEvent.cs' -[B]Communication > Packets > Incoming > Handshake[/B] [*]Replace the class content with the code below. [/LIST] [SPOILER="Code"] using Plus.HabboHotel.GameClients;using Plus.Communication.Packets.Incoming; namespace Plus.Communication.Packets.Incoming.Handshake { public class GetClientVersionEvent : IPacketEvent { public void Parse(GameClient Session, ClientPacket Packet) { string Build = Packet.PopString(); if (!Build.ToLower().StartsWith("production")) return; Session.SWFRevision = Build; } } } [/SPOILER] [LIST] [*]Locate file "GameClient.cs" - [B]HabboHotel > GameClients[/B] [*]Find "private readonly int _id;" (at top) and above it, add the code: [/LIST] [SPOILER="Code"] internal string SWFRevision { get; set; } [/SPOILER] [LIST] [*]Save the file. [*]Locate the file "InfoCommand.cs" - [B]HabboHotel > Rooms > Chat > Commands > User[/B] [*]Search for [/LIST] [SPOILER="Code"] PlusEnvironment.SWFRevision [/SPOILER] [LIST] [*]Replace with [/LIST] [SPOILER="Code"] Session.SWFRevision [/SPOILER] Or you could just remove it as showing your revision isn't necessary but that's down to you. [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Server Development
Habbo Retros
Habbo Releases
SWF Revision Exploit Fix
Top