MMORPG Bot Reverse Engineering and Tracking

392958 views
 

A friend told me that a GW2 trading bot implemented a dumb API. We are going to find and use it to track the bot.

Play Guild Wars 2:

https://account.arena.net/register

Fiddler: https://www.telerik.com/fiddler

.NET Reflector: https://www.red-gate.com/products/dotnet-development/reflector/

HxD: https://mh-nexus.de/en/hxd/

IDA Free: https://www.hex-rays.com/products/ida/support/download_freeware.shtml

Windows VM: https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/

-=[ 🔴 Stuff I use ]=-

→ Microphone:* https://amzn.to/2LW6ldx

→ Graphics tablet:* https://amzn.to/2C8djYj

→ Camera#1 for streaming:* https://amzn.to/2SJ66VM

→ Lens for streaming:* https://amzn.to/2CdG31I

→ Connect Camera#1 to PC:* https://amzn.to/2VDRhWj

→ Camera#2 for electronics:* https://amzn.to/2LWxehv

→ Lens for macro shots:* https://amzn.to/2C5tXrw

→ Keyboard:* https://amzn.to/2LZgCFD

→ Headphones:* https://amzn.to/2M2KhxW

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow

→ per Month...

Channel:  LiveOverflow
LiveOverflow 

Bonus video with the analysis of the collected data will come within the next 24h.

TL;DR summary: If you are a Guild Wars 2 player, don't worry about bots like that. It's child's play. Don't request ArenaNet to waste any resources on it.


Adam S 

hi, are you bald? thanks


Movie Games 

Why don't you crack the app and remove trial making it free


Movie Games 

I've been using wall clip, wall hack and more for so many years. The main things that function on gw2 are exe


xamael1989 

why are the not using https instead they are u

sing normal http


Yannick Karges 

7:14 press Windows a to mark every thing in the wimdow your in. (Only text and numbers)


mlg 

??? So what did you find? Amount of gold of other players? Thats nothing isnt it ? Who cares about that


Iron Block HD 

Are you german? xD


John Doe 

Working with a decpier to unscrept raw data $$$


Leo Maihöfer 

Der dude ist doch deutsch mann


AnTeaVirus 

leak pls


Destroy Idiots 

I'm not sure what people expected given that most people who buy bots are uneducated script kiddies that have no fucking clue how to use their brains let alone use tools to find out about the vulnerability.


Peter Pann 

instead of/ or as well as use Redgate have a look at De4Dot, it's on GIT and works quite well if the code is obfuscated


Eminosrrr 

Hard German accent.


G1K777 

I SMELL GERMANS.....


Marienkarpfen 

i learned the word obfiscation.

but what


Ghostt Ronde 

Anet should make a tp app


Lachlan Stokes 

I have no idea whats going on and yet i am going to watch part 2


Ayushman Srivastava 

you are my favorite channel ☺


Dimitriy Georgiev 

Just awesomely crazy... Good job.


ross 

3 years BSc computer science, 1 year MSc computer systems, 5 years working as a .NET and android developer, self-teaching cyber security...

watching things like this i'm like "yeah, that makes sense, i understand this completely, oh yeah i see, cool, ahhh that's how you do that"

but i couldn't even begin to DO this of my own accord.


Davey's Gaming 

Very interesting.

Good job


therealnightwriter 

Programming is cool, but those games are a waste of life.


Exildur 

This boy's wicked smaht


KJGomezR 

gw2 is for casual mmo players, ass game for the vets


TheOnlyEpsilonAlpha 

Lol what a fail in developement of the Bot, why not create a random API login for the Trail users? Why not limit that User to not giving out data?

AND MOST IMORTANT: WHY that developer collected all that Data ?!


Renato Nake 

You have to do the same for metin2bob! the game mmorpg metin2

with a lot of player base and official servers those guys are selling a lot of subcriptions for at lest 7 years now i think.

i would love to see what you can actually pull off.

waiting for more videos keep it up +subed.


AZZAMNO1 

how do i edit and replay a XHR ??

i need it for uhhh.... something


Stock Footage 

Can you do a tutorial on AOE 3 multiplayer hacking


Zechariah Ong 

can you do something for runescape?


Innoberger 

This bot is not using SSL to check your login. I would not suggest to use your passwords...


Secret Elite Retouching 

Ida free actual version don't work at least for me because my operative system has based in 32 bits. My question is the next: Can i use Immunity Debugger like the 32 bit alternative to the actual Ida Version? I am able to use python in this debugger. Thank you in advance and have a nice week


NADER 

i feel like an idiot ! im a beginner and i feel like this is some sort of NEXT LEVEL


Daniel Krause 

Elitepvpers 😂❤️


K W 

Nice advertisement of third party apps.


richard g. 

why did i watch this


Radu 

You can do something similar with savewizard, a ps4 save editor?


CoonZ 

Man this is crazy shit! Nice video


D-s Productions 

"The safest TP bot" :kappa:


Shaujun •_• 

I didn‘t get shit and loved it


E3 GAMING 

Can yu make a turitorial about SS7 attack


Andrej Popovski 

Ah, i guess this is the reason gw2 economy is broken


OrpheuZ Development 

why tf would they have that call in there, where would it be used for in the first place and why would it not be something only administrators should be authenticated to visit.

Seems like a stupid mistake to me.


OrpheuZ Development 

I actually understood what is happening. May god I learned some stuff last few years :D


Delta 

Wait what!!! All that effort do hide the code. And it returns something like that..... thats one shitty coder!!!


AnteConfig 

I love your videos.


Jan Liebrecht 

Bei solchen Analysen ist auch der x64 debugger ziemlich hilfreich =) Ist eine neue Version von OllyDbg, wirst du sicher kennen. =)


Roger L. Ortiz 

You are wrong. SmartScreen will block ALL unsigned applications. Try it yourself.


Rescinded 

No, GW2 sucks.


krzysiu.net 

For string searching I like ProcessHacker 2 - double click on the process>Memory>[Strings...]>Set the settings>Optionally filter output.