Hello.
I had an idea that I decided to test out, and here is the result. This program automatically injects code into the game client .swf file before your browser receives it. It uses Fiddler and RABCDAsm.
I've tested this on AQW and multiple private servers, it worked for all of them.
Do note however, there is currently no error checking whatsoever in the program so it may be unstable. I might work on that if people use this.
Here's a more precise description of what it does:
First, it waits for the specified game client to be requested. Once the response is received from the server (which contains the swf) it exports the byte code of it, disassembles it, modifies it, assembles the modified code, and replaces the code in the swf. The swf in the response is then replaced with the modified swf.
Five different methods are injected:
Usage example
This example will show you how to load a quest in AQW. The process is the same for private servers.
First we need to find the url of the game client. So let's go to https://www.aq.com/game/
Right click the page, inspect element and then select the network tab. Refresh the page. Copy the url of the game client and save it.
Now, for everything to work you need to clear your cache, and restart your browser. I will assume that you know how to do that.
Start SwiffCodeInjector.exe. Righ click the window border, select Edit -> Paste and then press enter.
Now, open your browser again and back to https://www.aq.com/game/
Once the page loads, you should see new messages in the console window. If everything is successful, the game in your browser has loaded and this is the console output:
You can now close the injector.
Now we need to find the id of the flash player on the page. Right click the page and click View source. Somewhere in here, there is a script that embeds the game swf. Look for something like this:
Here we see that the id is "AQWGame". Remember it.
Now it's time to load a quest. Login to the game and do what you did before to get the client url, except select the Console tab instead.
This is the method in the game client that is used to load quests:
It accepts two parameters, the first one being the quest id or ids, the second is the type of quest to load or something like that. It should be set to "q".
So in the browser console, we first need to call our injected AddCallback method, to add a callback to the showQuests method. AddCallback accepts two parameters, the first one being the name of the new callback (which can be almost anything), the second one being the path to the method we want to add a callback to. showQuests is inside the World class, and an instance of that class is stored in the Game class with the name "world".
So this is what we type into the console:
No errors, so it was successful. Now, to call that method we do this:
And the quests are loaded.
Now let's try the GetProperty method that was injected. It accepts one parameter, which is the path to a property. This is how you would get your amount of gold:
Now let's try the SetProperty method that was injected. It accepts two parameters, the first one is the path to a property, the second one is the value you want to set the property to. This is how you would change the username text of your avatar:
Last but not least, let's look at how to use the packet logger. In order for it to work, you need to define a method called "packet" first, and then call TogglePacketLogger(true); to start it. To stop it, call TogglePacketLogger(false);
So, that's it. What's good about this method is that it completely bypasses the usual anti-botting measures that some servers have, since the game is loaded in the browser.
The detections are probably caused by the Fiddler library. But fear not - the source code of Swiff Code Injector is included.
https://www.virustotal.com/#/file/b5...eb1f/detection
https://virusscan.jotti.org/en-US/fi...job/dpkwod5skt
https://www.virustotal.com/#/file/c7...9ac8/detection
https://virusscan.jotti.org/en-US/fi...job/0c8duih28p