RuneAgent 1.1 Released

RuneAgent 1.1 focused on some cosmetic changes that have been requested.

  • Added easy ability to rename quickadd methods
  • added border around script panel for identification
  • changed output of outstream log for easy copy and paste support
  • added update check on load to check for any major updates I push to RuneAgent
0a6uiTJ RuneAgent 1.1 Released

or get the source on github
Posted in Runescape Private Servers

Hades5 RSPS WEBS Exploit!

Just a recap of the webs event that happened to day on Hades5 RSPS. This server seems pretty popular its a shame they have absolutely 0 object verification. Not only can you use any object anywhere but you can also disrupt the entire community with WEBS!

aYi6qOy1 1024x348 Hades5 RSPS WEBS Exploit!
mOvQWyY1 Hades5 RSPS WEBS Exploit!
4MpgflF1 Hades5 RSPS WEBS Exploit!
ZbaxV301 Hades5 RSPS WEBS Exploit!

Posted in Uncategorized

RSPS Judgement day is here

After weeks of going around various servers showing server administrators the holes in the code I’ve seen little to no improvement. So its time to weed out the strong from the weak! I am releasing a more user friendly tool that i use for server exploit exploration! The Rune Agent download page will contain presetup configs for various servers and the forums will contains scripts and tutorials!

Goodluck to the server owners feel free to message me if you need help fixing the various gamelogic holes!

Currently Runeageent only supports the Runetek4 clients (317) I will be updating it to allow usage on other various revision at a later date.

Posted in Runescape Private Servers

Hades5 why do you make donator specific advantages but not secure it?

Today lets take a look at Hades 5, A pretty popular Runescape private server I found recently, They have many of the same exploits I’ve posted before but in this particular server performing some of them is a little more damaging. For example in the server according to the wiki Runite ore rocks can only be mined near a bank on the donor island players who do not donate have to go out into the wild to mine the rocks. As a business strategy this seems pretty legitimate if I was indeed someone playing the game for fun I may be inclined to purchase it just to have that edge over others. Even if it does make for terrible game play. However I am not one to play these servers legitimately so here is how I created my OWN donor advantage. Firstly I will explain that this exploits the servers handling of object clicking generally a server should check if the object is in the location of the click and that the player is standing next to it, but hades5 only checks if you are standing next to an object. So I picked a legitimate mining spot and told the server that instead of addy I was mining Runite and problem solved. I know some are going to ask why not just do this in the bank as I have on other servers and the reason being is that if I did it in the bank I would just get banned by some admin or mod as players are generally pretty good at reporting rulebreakers

hades5 Hades5 why do you make donator specific advantages but not secure it?

Posted in Runescape Private Servers

CodeMagic Exploits

After receiving some emails about wanting to see more rsps exploits I’ve decided I will make some posts here, As a reminder I will not be giving out my tool for these exploits but I will say its a java agent that uses bytecode to give me direct access to the outstream object. (basically a packet injector). I use this method over something like wireshark due to the fact that the frames are encrypted with the isaac cipher. This particular post is going to be for CodeMagic found at: http://www.code-magic.org/ but many can be used on other servers as well.

Mine Anywhere, Spawn mining rock
This is a pretty simple one, basically I am telling the server that I wish to mine some iron ore in a particular location, It does not have any checking if the rock really exists in that location so it allows me to do it, as an added bonus the rock stays available in the region and starts functioning for everyone in the region as soon as I mine it.

mining 1024x452 CodeMagic Exploits

Smelt anywhere
Sometimes you just don’t feel like walking to an anvil, that’s ok just tell the server you clicked on the smelt iron interface button found when using a furnace and the server just allows you to do it, Regardless of the location. To do this we will abuse Frame 185 as show in the screenshot below

mining1 1024x487 CodeMagic Exploits

and yes it works for other fun things like crafting:

mining2 1024x471 CodeMagic Exploits

Posted in Runescape Private Servers

Lets dig for common exploits in osprime

So lately I’ve been on a kick of digging for exploits in servers And have decided it would be a good way to put some activity here on my blog. First let me make it clear that I will not be releasing any of the tools I have used to do these exploits so please do not email me about them. I will say that its a simply javaagent that hooks into the ByteStream class of the client via bytecode. If you desire to do the same thing you can find plenty of resources in the various cheating communities.

1 Lets dig for common exploits in osprime

To begin I picked the username Packet208 because this is one of the easiest packet I have found on various servers to exploit.

Sadly in this particular server I could not actually perform the negative value 208 packet exploit However that didn’t stop me from finding others.

11 Lets dig for common exploits in osprime

The above screenshot shows me mining in the bank, some would say that was done via reflection but in fact I just sent the packet data over.

2 1024x521 Lets dig for common exploits in osprime

This last image is the best exploit i’ve seen to date. The server reacted to me mining coal and created the empty rocks in the area that I mined, I was able to remove 3 squares of the bank before I was banned icon smile Lets dig for common exploits in osprime

Posted in Runescape Private Servers, Uncategorized

Newegg Iron Egg Guarantee

I haven’t made a post in awhile but recently I purchased a few items off newegg.com and ran into the Newegg Iron egg guarantee. For those of you that know nothing about it, its basically newegg’s version of Walmart price match guarantee. The official rundown is that they have the lowest prices available and if they don’t they will credit you the difference. I’ve never bothered with price matches previously partly because I’ve always considered them as advertising ploys but I gave it a shot this time.

One of the items I purchased was a Seagate HDD Neweggs price on it seemed pretty fair however after checking http://pcpartpicker.com/ I found the same part at bestbuy for 57.99 plus free shipping and handling. So after filling out the Newegg iron egg form to claim the reimbursement I received a response several hours later. Newegg did honor the sales price, but they do not offer the shipping difference (I think this is kind of lame considering they ask what the shipping difference is in the form). Another downside is that they do not offer the refund directly to the order they just give you an e-giftcard which has to be used within 90 days. Overall I was satisfied with the results and will remember to take advantage of it again in the future.

Posted in Uncategorized

Silabsoft’s Dogefuacet moved to Cryptospout.com

I have been plauged for a few weeks now with server instability and decided to use a new hosting company for the website. Since I was buying a new host I figured I would also snag a more generic domain that would allow me to add other faucets if I desired. Which brings me to this post. If you have Faucets you would like to see please suggest the coin in the comments. Please advise I already know about bitcoin, litecoin,peercoin ect but they are simply not the easiest to mine so at this time I will not be offering faucets for these coins.

Posted in Uncategorized

Faucet down

Just wanted to give a small shout out that I know the faucet is down. The daemon keeps crashing and I am currently unsure of the cause I do apologize for the outage and hope to have it returned in its working state as soon as possible.

Posted in Uncategorized

Silabsoft’s PHP Dogecoin Faucet source code

Here is the source code to my Dogecoin faucet, I make use of Recaptcha, Meekrodb, and Slim so you will need these libraries installed for it to function. Also you will need the jsonRPCClient which is what communicates with your dogecoin Daemon. I have included the source to the jsonPRCClient below. If you have any questions or see problems in the code please feel free to comment and I will try to reply as soon as possible.

Project dependencies:

  • http://www.slimframework.com/
  • http://www.meekro.com/
  • http://www.google.com/recaptcha

Dogecoinapi.php:

<?php
/*
Copyright 2013 Silabsoft http://silabsoft.org 
You are free to do whatever you wish with this code I only ask that you keep this copyright header intact and if you have found it useful please send some doge to my faucet D6Bfdc7Jw8vgiRJob24rkVYA37E5jAJj5r
*/
require('Slim.php');
require_once('jsonRPCClient.php');
require_once('meekrodb.2.2.class.php');
require_once('recaptchalib.php');
\Slim\Slim::registerAutoloader();
 
DB::$user = ''; 
DB::$password = '';
DB::$dbName = '';
 
const RECAPTCH_PRIVATE_KEY = "";
 
 
const RPC_USER = "";
const RPC_PASSWORD = "";
const RPC_ADDRESS = "";
const BALANCE_THRESHOLD = 20;
 
 
const WALLET_PASSWORD = "";
const WALLET_PASSWORD_TIMEOUT = 2;
 
 
$app = new \Slim\Slim();
$app->get('/stats', function () {
	DB::query("SELECT * FROM users");
	$counter = DB::count();
	echo "<p><strong>Faucet balance</strong>: ".createDogeRPCClient()->getbalance()."  Ɖ</p>";
	echo "<p><strong>Total Payouts</strong>: $counter </p>";
});
$app->post('/getcoins', function () {
	 $ip = $_SERVER['REMOTE_ADDR'];
	 $request = \Slim\Slim::getInstance()->request();
	 $address = $request->post('address');
	 $challenge = $request->post('recaptcha_challenge_field');
	 $response = $request->post('recaptcha_response_field');
	 $doge = createDogeRPCClient();
	 $balance = $doge->getbalance();
	 if($balance < BALANCE_THRESHOLD){
		echo "Sorry Balance is below threshold please consider donating to faucet or come back when it has some coins!";
		return;
	}
	 $valid = $doge->validateaddress($address);
	 if($valid["isvalid"] != 1){
		echo "Doge Address '$address' appears invalid please try again!";
		return;
	 }
	 $resp = recaptcha_check_answer (RECAPTCH_PRIVATE_KEY,$ip,$challenge,$response);
	 if (!$resp->is_valid) {	 
		echo "The reCAPTCHA wasn't entered correctly. Go back and try it again." . "(reCAPTCHA said: " . $resp->error . ")";
		return;
	 }
 
	 DB::query("SELECT * FROM users WHERE address=%s_address AND time > DATE_SUB( NOW( ) , INTERVAL 4 HOUR ) OR ip=%s_ip and time > DATE_SUB( NOW( ) , INTERVAL 4 HOUR )", 
		array(
		'address' => $address,
		'ip' => $ip,
		)
	);
	$count = DB::count();	 
	if($count > 0){
		echo "Sorry you are trying too soon to get more Dogecoins!";
		return;
	}
	$amount = rand(1,10);
	DB::insert('users', array('address' => $address,
		'time' => DB::sqleval("NOW()"),
		'ip' => $ip,
		'amount' => $amount
	));
	$doge->walletpassphrase(WALLET_PASSWORD,WALLET_PASSWORD_TIMEOUT);
    $doge->sendtoaddress($address,$amount);
	$doge->walletlock();
    echo "You've got <strong> $amount </strong> DOGE!";	
});
 
function createDogeRPCClient(){
	return new jsonRPCClient("http://".RPC_USER.":".RPC_PASSWORD."@".RPC_ADDRESS);
}
 
 
$app->run();
 
 
?>

jsonRPCClient:

<?php
/*
					COPYRIGHT
 
Copyright 2007 Sergio Vaccaro <sergio@inservibile.org>
 
This file is part of JSON-RPC PHP.
 
JSON-RPC PHP is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
 
JSON-RPC PHP is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.
 
You should have received a copy of the GNU General Public License
along with JSON-RPC PHP; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
*/
 
/**
 * The object of this class are generic jsonRPC 1.0 clients
 * http://json-rpc.org/wiki/specification
 *
 * @author sergio <jsonrpcphp@inservibile.org>
 */
class jsonRPCClient {
 
	/**
	 * Debug state
	 *
	 * @var boolean
	 */
	private $debug;
 
	/**
	 * The server URL
	 *
	 * @var string
	 */
	private $url;
	/**
	 * The request id
	 *
	 * @var integer
	 */
	private $id;
	/**
	 * If true, notifications are performed instead of requests
	 *
	 * @var boolean
	 */
	private $notification = false;
 
	/**
	 * Takes the connection parameters
	 *
	 * @param string $url
	 * @param boolean $debug
	 */
	public function __construct($url,$debug = false) {
		// server URL
		$this->url = $url;
		// proxy
		empty($proxy) ? $this->proxy = '' : $this->proxy = $proxy;
		// debug state
		empty($debug) ? $this->debug = false : $this->debug = true;
		// message id
		$this->id = 1;
	}
 
	/**
	 * Sets the notification state of the object. In this state, notifications are performed, instead of requests.
	 *
	 * @param boolean $notification
	 */
	public function setRPCNotification($notification) {
		empty($notification) ?
							$this->notification = false
							:
							$this->notification = true;
	}
 
	/**
	 * Performs a jsonRCP request and gets the results as an array
	 *
	 * @param string $method
	 * @param array $params
	 * @return array
	 */
	public function __call($method,$params) {
 
		// check
		if (!is_scalar($method)) {
			throw new Exception('Method name has no scalar value');
		}
 
		// check
		if (is_array($params)) {
			// no keys
			$params = array_values($params);
		} else {
			throw new Exception('Params must be given as array');
		}
 
		// sets notification or request task
		if ($this->notification) {
			$currentId = NULL;
		} else {
			$currentId = $this->id;
		}
 
		// prepares the request
		$request = array(
						'method' => $method,
						'params' => $params,
						'id' => $currentId
						);
		$request = json_encode($request);
		$this->debug && $this->debug.='***** Request *****'."\n".$request."\n".'***** End Of request *****'."\n\n";
 
		// performs the HTTP POST
		$opts = array ('http' => array (
							'method'  => 'POST',
							'header'  => 'Content-type: application/json',
							'content' => $request
							));
		$context  = stream_context_create($opts);
		if ($fp = @fopen($this->url, 'r', false, $context) or die("PANIC RANDOMISED BLOCK!")) {
			$response = '';
			while($row = fgets($fp)) {
				$response.= trim($row)."\n";
			}
			$this->debug && $this->debug.='***** Server response *****'."\n".$response.'***** End of server response *****'."\n";
			$response = json_decode($response,true);
		} else {
			throw new Exception('Unable to connect to '.$this->url);
		}
 
		// debug output
		if ($this->debug) {
			echo nl2br($debug);
		}
 
		// final checks and return
		if (!$this->notification) {
			// check
			if ($response['id'] != $currentId) {
				throw new Exception('Incorrect response id (request id: '.$currentId.', response id: '.$response['id'].')');
			}
			if (!is_null($response['error'])) {
				throw new Exception('Request error: '.$response['error']);
			}
 
			return $response['result'];
 
		} else {
			return true;
		}
	}
}
?>
Posted in PHP, Programming, Web Design