[Java] Neopets Score Encoder and Decoder.

unlimitedorb · 05-24-2008, 09:12 AM

I'm kind of in a lazy mood, so I'll post back documentation later, but this is a program that will generate fake scores for Neopets.com flash games. I did one previously in PHP, but it was mostly a hack than anything else and on top of that I lost it. Just compile Crypt.java and read the comments. All you need is a session hash and session key which can be found by viewing the source of the page, then instantiate the constructor with the information it asks for. Most everything is commented, so you shouldn't have any real trouble. Enjoy!

Also, include keys.txt in the directory that the program is in. I left out the bot portion of the program, but it's relatively simple to create a bot with this that can do quite a bit of damage to the Neopian economy ;)

Code:

import java.text.DecimalFormat;
import java.util.ArrayList;
import java.util.regex.Pattern;
import java.util.regex.Matcher;
import java.io.BufferedReader;
import java.io.FileReader;
import java.io.File;
//import java.io.BufferedWriter;
//import java.io.FileWriter;

/**
 * A class to encode and decode Neopets.com flash game scores.
 * @author unlimitedorb
 * @since 4/20/2008
 */
public class Crypt {
    private static final String scoreBase = "http://www.neopets.com/high_scores/process_flash_score.phtml";
    private String username;
    private String sessionHash;
    private String sessionKey;
    private int gameID;
    private int wait;
    private int modifiedGameID;
    private String bin;
    private int score;
    private int dailyChallenge; //Setting it isn't implemented yet. (Don't do Daily Challenges!)
    private int averageFrameRate = 24; //Isn't currently implemented.
    private int multiple; //Confirm later! Probably determines whether it was multiplayer or not.
    
    public Crypt(String username, String sh, String sk, int gameID, int wait, int score) {
        this.username = username;
        this.sessionHash = sh;
        this.sessionKey  = sk;
        this.gameID = gameID;
        this.wait   = wait;
        this.score  = score;
        this.dailyChallenge = -1;
        this.bin = sh + sk;
        modifiedGameID = 300 * gameID;
    }
    
    /*
     * The class isn't meant to be used as a standalone, but this is provided just in case/for testing
     * purposes. It's true purpose is as a utility to be used in a bot.
     */
    public static void main(String[] args) {
        //Crypt crypt = new Crypt("username", "4c82431c320b55797868", "fcb375decc3f7e1e83c7", 500, 500, 500);
        String request = crypt.encode();
        System.out.println(request);
    }
    
    /**
     * Method to decode a Neopets.com flash game score. Useful for development.
     * Hungarian notation in the original swf variables is stripped out.
     * @param encryptedScore The score to be decoded.
     */
    public static String decode(String encryptedScore, String hash, String key) {
        String res = reverseEscapeString(encryptedScore);
        String result = reverseStringToHex(res, hash, key);
        return result;
    }
    
    /**
     * A method to encode sensitive data.
     * @return An encoded String.
     */
    public String encode() {
        //There might be extra parameters added, but that's game specific.
        StringBuilder data = new StringBuilder(scoreBase + "?cn=" + modifiedGameID + "&gd=" + wait);
        //Format the parameter r in the style of ActionScript's Math.random()
        DecimalFormat rFormat = new DecimalFormat("0.000000000000000000");
        data.append("&r=" + rFormat.format(Math.random()));
        String toEncrypt = "ssnhsh=" + sessionHash + "&ssnky=" + sessionKey + "&gmd=" + gameID + "&scr=" + this.score + "&frmrt=" + averageFrameRate + "&chllng=" + (dailyChallenge == -1? "": dailyChallenge) + "&gmdrtn=" + wait;
        String eScore = addSlashes(toEncrypt);
        data.append("&gmd_g=" + this.gameID + "&mltpl_g=" + multiple + "&gmdt_g=" + eScore + "&sh_g=" + sessionHash + "&sk_g=" + sessionKey + "&usrnm_g=" + username + "&dc_g=" + (dailyChallenge == -1? 0: dailyChallenge));
        String result = data.toString();
        return result;
    }
    
    /**
     * Scrambles information.
     * @param data The information to be scrambled.
     * @return Scrambled information.
     */
    public String addSlashes(String data) {
        return this.escapeString(this.stringToHex(data));
    }
    
    public String stringToHex(String data){
        ArrayList<String> keys = getKeys(new File("keys.txt"));
        String result = "";
        int randomKey = (int) (Math.random() * keys.size());
        int index = 0;
        int count = 0;
        String key = keys.get(randomKey);
        while(index < data.length()) {
            if (count >= this.bin.length()) {
                count = 0;
            }
            int current = key.indexOf(data.charAt(index));
            if (current >= 0) {
                current = (current + key.indexOf(this.bin.charAt(count))) % key.length();
                result += key.charAt(current);
            } else {
                result += data.charAt(index);
            }
            ++count;
            ++index;
        }
        if (randomKey >= 10) {
            result += String.valueOf(randomKey);
            return result;
        }
        result += String.valueOf(0) + String.valueOf(randomKey);
        return result;
    }
    
    public static String reverseStringToHex(String data, String sHash, String sKey) {
        int k = Integer.parseInt(data.substring(data.length() - 2));
        ArrayList<String> keys = getKeys(new File("keys.txt"));
        String key = keys.get(k);
        data = data.substring(0, data.length() - 2);
        String bin = sHash + sKey;
        String result = "";
        int count = 0;
        int current = 0;
        for(int i = 0; i < data.length(); i++) {
            if(count >= bin.length()) {
                count = 0;
            }
            current = bin.charAt(count);
            current = key.indexOf(data.charAt(i)) - key.indexOf(current);
            if(current < 0) {
                result += key.charAt(key.length() + current);
            } else {
                result += key.charAt(current);
            }
            count++;
        }
        return result;
    }
    
    /**
     * Generates a String of ASCII code points with leading 0's for decoding purposes.
     * @param data The String to escape.
     * @return An escaped String.
     */
    public String escapeString(String data) {
        String result = "";
        String current = "";
        int index = 0;
        int count = 0;
        while(index < data.length()) {
            current = String.valueOf((int) data.charAt(index));
            //None of the key lengths are <= 1
            count = 3 - current.length();
            while(count > 0) {
                current = "0" + current;
                --count;
            }
            result += current;
            ++index;
        }
        return result;
    }
    
    /**
     * Reverses the escapeString process.
     * @param data The string to reverse.
     * @return An unescaped String.
     */
    public static String reverseEscapeString(String data) {
        String result = "";
        for(int i = 0; i < data.length(); i += 3) {
            String current = data.substring(i, i + 3);
            if(current.startsWith("0")) {
                current = current.substring(1, current.length());
                result += (char) Integer.parseInt(current);
            } else {
                result += (char) Integer.parseInt(current);
            }
        }
        return result;
    }
    
    /**
     * Retrieves keys from the text file "keys.txt"
     * @param file The File to read the keys from.
     * @return An ArrayList of Neopets.com flash game encryption keys.
     */
    public static ArrayList<String> getKeys(File file) {
        ArrayList<String> keys = new ArrayList<String>();
        keys.ensureCapacity(20);
        try {
            BufferedReader stream = new BufferedReader(new FileReader(file));
            String line;
            //BufferedWriter out = new BufferedWriter(new FileWriter(new File("reversedkeys.txt")));
            while((line = stream.readLine()) != null) {
                String expression = "\\d+";
                Pattern pattern = Pattern.compile(expression);
                Matcher matcher = pattern.matcher(line);
                String eLine = new String("");
                while(matcher.find()) {
                    eLine += (char) Integer.parseInt(line.substring(matcher.start(), matcher.end()));
                }
                keys.add(eLine);
                //out.write(eLine + "\n");
                //out.flush();
            }
            stream.close();
            //out.close();
        } catch(Exception e) {
            e.printStackTrace();
        }
        return keys;
    }
    
    /**
     * @return the score
     */
    public int getScore() {
        return this.score;
    }
    
    public void setScore(int score) {
        this.score = score;
    }
}

keys.txt:

Code:

42, 75, 83, 53, 102, 74, 40, 43, 44, 61, 70, 79, 36, 86, 94, 101, 108, 67, 106, 112, 76, 98, 69, 95, 64, 81, 59, 126, 45, 57, 71, 125, 56, 122, 105, 66, 85, 103, 49, 99, 41, 109, 72, 107, 121, 80, 87, 100, 48, 65, 120, 110, 88, 55, 50, 73, 77, 113, 89, 52, 111, 119, 78, 63, 118, 33, 116, 46, 54, 117, 68, 123, 115, 104, 37, 97, 38, 84, 82, 58, 90, 114, 51
78, 59, 122, 113, 101, 69, 50, 80, 115, 55, 48, 108, 86, 56, 106, 68, 45, 33, 53, 90, 103, 120, 66, 54, 75, 102, 118, 64, 87, 99, 61, 121, 41, 88, 100, 81, 98, 76, 77, 42, 67, 73, 119, 107, 111, 63, 116, 38, 82, 114, 46, 37, 95, 84, 74, 70, 79, 94, 105, 52, 123, 85, 65, 110, 43, 97, 126, 49, 44, 83, 104, 71, 72, 36, 125, 51, 40, 117, 57, 58, 112, 89, 109
50, 73, 77, 72, 113, 98, 68, 61, 71, 88, 43, 105, 38, 53, 42, 81, 52, 111, 86, 121, 46, 74, 89, 115, 59, 112, 84, 58, 102, 41, 117, 120, 76, 123, 103, 107, 85, 57, 118, 67, 110, 109, 99, 114, 55, 66, 90, 64, 70, 87, 78, 100, 95, 125, 119, 75, 44, 51, 83, 104, 65, 101, 69, 79, 122, 97, 80, 33, 37, 54, 108, 56, 48, 106, 45, 82, 40, 126, 63, 49, 116, 94, 36
109, 97, 54, 51, 118, 43, 81, 104, 57, 113, 74, 53, 100, 83, 42, 102, 103, 116, 48, 82, 117, 72, 36, 115, 71, 119, 41, 59, 87, 95, 122, 52, 108, 45, 98, 73, 86, 66, 111, 78, 126, 80, 69, 123, 40, 70, 120, 38, 121, 64, 58, 56, 37, 112, 110, 84, 107, 50, 90, 101, 125, 33, 89, 49, 55, 99, 67, 75, 114, 85, 105, 106, 79, 61, 94, 65, 77, 63, 44, 46, 88, 68, 76
67, 119, 66, 37, 95, 80, 105, 64, 44, 63, 40, 49, 109, 107, 103, 120, 55, 110, 113, 97, 42, 99, 112, 85, 68, 106, 115, 50, 59, 71, 108, 76, 90, 75, 101, 94, 122, 43, 52, 61, 73, 116, 100, 118, 125, 88, 72, 54, 98, 78, 83, 86, 114, 48, 81, 53, 87, 77, 36, 58, 104, 111, 123, 70, 79, 102, 74, 89, 117, 41, 69, 84, 82, 126, 121, 57, 51, 56, 33, 46, 45, 65, 38
119, 103, 48, 97, 37, 90, 80, 83, 74, 59, 85, 95, 36, 101, 49, 45, 109, 118, 112, 58, 113, 99, 120, 82, 108, 110, 126, 75, 84, 88, 69, 52, 40, 63, 117, 115, 79, 72, 64, 107, 61, 123, 106, 87, 42, 53, 89, 66, 111, 51, 78, 50, 54, 67, 81, 116, 38, 57, 55, 73, 71, 98, 68, 46, 65, 102, 122, 77, 121, 100, 114, 94, 44, 86, 104, 76, 41, 70, 105, 43, 56, 33, 125
37, 106, 79, 117, 78, 99, 107, 44, 101, 109, 40, 81, 86, 122, 72, 45, 110, 68, 114, 56, 33, 98, 71, 63, 111, 102, 104, 75, 89, 100, 125, 65, 115, 50, 53, 66, 82, 36, 74, 38, 119, 84, 112, 126, 105, 70, 48, 85, 42, 57, 94, 59, 76, 118, 43, 46, 80, 87, 58, 95, 73, 108, 88, 103, 123, 90, 97, 41, 113, 64, 67, 69, 54, 83, 61, 116, 52, 49, 51, 55, 77, 120, 121
53, 103, 114, 73, 59, 118, 58, 90, 48, 64, 74, 110, 102, 111, 46, 63, 108, 123, 126, 122, 72, 83, 36, 100, 37, 112, 89, 113, 70, 50, 41, 38, 85, 101, 55, 115, 33, 40, 106, 84, 125, 76, 117, 42, 49, 77, 81, 43, 65, 44, 86, 56, 67, 121, 109, 68, 80, 94, 57, 97, 95, 119, 120, 104, 105, 71, 87, 75, 82, 88, 99, 79, 116, 69, 52, 54, 66, 107, 61, 98, 78, 51, 45
69, 33, 72, 64, 46, 119, 76, 112, 59, 88, 78, 87, 97, 79, 89, 40, 126, 122, 61, 54, 95, 66, 94, 80, 125, 106, 117, 48, 36, 74, 123, 51, 71, 103, 56, 121, 107, 44, 38, 110, 65, 111, 86, 84, 73, 53, 99, 43, 85, 77, 68, 100, 120, 41, 83, 81, 58, 50, 42, 67, 82, 101, 52, 116, 75, 49, 114, 37, 63, 115, 55, 104, 98, 57, 102, 90, 113, 105, 45, 108, 109, 70, 118
68, 103, 43, 113, 80, 84, 76, 44, 63, 45, 71, 72, 59, 123, 106, 75, 56, 86, 105, 41, 126, 120, 37, 111, 54, 97, 102, 50, 58, 94, 117, 67, 73, 66, 74, 78, 119, 115, 99, 65, 85, 90, 40, 89, 107, 114, 101, 77, 64, 57, 118, 69, 82, 49, 110, 88, 36, 122, 98, 95, 121, 79, 109, 81, 51, 38, 52, 108, 87, 70, 100, 83, 53, 48, 33, 61, 104, 42, 112, 46, 55, 116, 125
46, 101, 72, 108, 54, 58, 109, 107, 112, 120, 61, 81, 75, 86, 43, 126, 85, 77, 51, 67, 41, 90, 111, 69, 89, 105, 38, 53, 70, 125, 94, 59, 73, 95, 49, 76, 82, 110, 65, 103, 74, 63, 48, 104, 56, 113, 123, 68, 57, 44, 36, 87, 80, 122, 106, 79, 37, 102, 66, 88, 117, 40, 99, 118, 33, 97, 71, 55, 119, 100, 98, 64, 121, 116, 52, 50, 83, 45, 114, 78, 84, 42, 115
57, 123, 110, 37, 65, 38, 42, 51, 97, 69, 76, 98, 44, 99, 113, 82, 66, 119, 90, 83, 49, 112, 85, 74, 40, 126, 111, 106, 122, 73, 72, 36, 84, 46, 100, 61, 48, 56, 52, 75, 95, 89, 68, 103, 94, 105, 116, 58, 78, 117, 33, 115, 120, 109, 81, 104, 114, 45, 67, 87, 108, 54, 125, 43, 79, 107, 77, 102, 121, 59, 86, 71, 55, 50, 101, 63, 53, 118, 41, 80, 64, 88, 70
40, 43, 123, 125, 97, 109, 126, 56, 48, 113, 107, 121, 73, 102, 118, 94, 33, 106, 89, 50, 46, 88, 67, 63, 112, 75, 64, 51, 114, 95, 104, 68, 58, 100, 74, 72, 70, 111, 117, 87, 37, 78, 55, 71, 105, 54, 81, 59, 86, 41, 44, 57, 49, 69, 116, 80, 98, 110, 119, 82, 76, 101, 122, 42, 85, 79, 45, 77, 103, 61, 83, 108, 65, 120, 90, 115, 53, 66, 52, 84, 36, 38, 99
67, 70, 72, 64, 75, 73, 89, 95, 48, 77, 37, 115, 87, 53, 74, 120, 110, 83, 84, 121, 101, 33, 116, 80, 104, 98, 45, 90, 119, 59, 125, 42, 38, 58, 126, 68, 94, 107, 86, 123, 108, 118, 46, 88, 51, 36, 117, 109, 97, 65, 112, 54, 85, 82, 43, 102, 105, 79, 81, 99, 50, 113, 61, 40, 100, 76, 57, 63, 56, 66, 55, 52, 69, 71, 44, 111, 122, 49, 41, 106, 78, 114, 103
51, 40, 83, 87, 105, 94, 79, 69, 46, 114, 101, 63, 121, 103, 37, 65, 107, 115, 76, 88, 53, 119, 109, 57, 52, 71, 84, 125, 41, 113, 54, 50, 61, 98, 59, 55, 118, 45, 56, 42, 123, 85, 106, 38, 100, 78, 36, 116, 44, 82, 66, 97, 75, 86, 122, 126, 33, 48, 67, 99, 90, 49, 72, 64, 108, 77, 102, 80, 112, 95, 117, 120, 74, 89, 81, 58, 70, 110, 104, 73, 43, 68, 111
99, 87, 114, 64, 77, 78, 115, 83, 111, 48, 72, 75, 73, 121, 112, 56, 105, 94, 76, 36, 42, 65, 85, 45, 116, 74, 61, 54, 103, 84, 89, 67, 57, 43, 80, 86, 113, 117, 120, 119, 95, 81, 55, 69, 125, 33, 107, 109, 41, 58, 70, 90, 106, 52, 118, 97, 102, 51, 79, 37, 101, 53, 104, 40, 82, 122, 126, 88, 110, 71, 66, 98, 108, 100, 49, 63, 44, 46, 68, 50, 59, 123, 38
119, 103, 79, 101, 114, 81, 52, 53, 50, 55, 51, 106, 37, 111, 68, 117, 48, 73, 42, 58, 77, 65, 84, 86, 71, 88, 104, 83, 105, 94, 115, 74, 49, 112, 67, 76, 118, 95, 36, 38, 66, 46, 56, 100, 126, 33, 40, 109, 82, 123, 69, 85, 122, 44, 59, 99, 61, 45, 63, 107, 80, 41, 102, 89, 116, 113, 110, 57, 87, 98, 121, 70, 97, 54, 108, 64, 120, 43, 72, 78, 125, 75, 90
118, 81, 69, 71, 103, 65, 90, 43, 64, 94, 111, 52, 61, 66, 116, 83, 54, 59, 102, 46, 100, 40, 36, 68, 114, 48, 79, 109, 84, 80, 78, 85, 122, 86, 101, 89, 95, 41, 112, 106, 126, 74, 77, 99, 72, 37, 50, 33, 38, 107, 73, 108, 51, 44, 110, 56, 87, 57, 58, 55, 42, 88, 49, 115, 125, 75, 97, 104, 123, 53, 45, 70, 113, 117, 63, 98, 76, 120, 82, 67, 119, 105, 121
44, 87, 37, 57, 52, 120, 82, 36, 125, 115, 70, 105, 59, 86, 94, 111, 46, 117, 99, 42, 84, 68, 38, 102, 109, 121, 48, 55, 122, 78, 41, 112, 107, 101, 45, 58, 66, 74, 77, 116, 51, 119, 73, 126, 56, 64, 69, 81, 76, 106, 61, 110, 85, 33, 53, 118, 95, 114, 123, 90, 65, 40, 54, 113, 108, 97, 50, 104, 72, 98, 103, 88, 79, 43, 67, 63, 89, 100, 49, 75, 83, 80, 71
49, 106, 73, 56, 70, 59, 119, 45, 115, 38, 64, 81, 86, 97, 114, 66, 102, 121, 98, 67, 78, 74, 104, 54, 80, 110, 52, 82, 37, 94, 68, 117, 84, 120, 63, 57, 105, 72, 61, 50, 85, 51, 71, 55, 46, 89, 79, 41, 101, 44, 36, 69, 87, 76, 90, 123, 125, 116, 112, 40, 108, 83, 99, 107, 53, 48, 65, 58, 118, 43, 111, 122, 126, 103, 33, 95, 100, 88, 77, 113, 75, 42, 109

If you are curious about how I accomplished this, I'll be happy to answer as many questions as I can. Hopefully Neopets will soon change their encryption method, so I'll be one of the first to crack it completely again hehe.

R · 05-24-2008, 09:18 AM

So you decided to release it, eh?
Well I hope they change it soon too, so we can make the next one together ;)

~~*Wilfukguys*~~ · 05-24-2008, 09:25 AM

Well seeing as im a complete fucktard and idiot...make a guide on how to do the whole thing and I'll plus rep xD

R · 05-25-2008, 01:30 AM

...Compile it in Java?

~~*lil*~~ · 05-25-2008, 01:59 AM

What Matt said.. I don't know what to do with it..

Unregenerate Passion · 05-25-2008, 03:16 AM

I think you need java, then you use java to compile everything (form it into the actual program) then from there the program asks for the hash and session key (which as he said is found in the source code of the page, which is easy to find, right click, view source) you get that put it into the appropriate entry spots and it basically does the rest for you, I could be entirely wrong because I've never done java or much programming but thats what it sounds like it is to me, I'd test it but I don't have java so I can't compile it lol.

unlimitedorb · 05-25-2008, 10:30 AM

*Sigh*, I've compiled a simple version of what this can do. Just download the attached Crypt.zip and extract the .class file, the keys.txt file, and from the command line run: java Crypt

Once you've entered in all the information it asks, it will generate a score link for you. I believe you'll still have to spoof referers to make it look like it's coming from the actual game, but I may be wrong since I haven't tested. Co1212upt was basically correct, just view the source of the page to find the session hash and session key for the game you are playing along with the game's ID. Remember that the time to wait is in milliseconds i.e. divide by 1000 if you want seconds (10000 milliseconds is 10 seconds)

Remember to include keys.txt in the same directory as the program as well!

Kayolix. · 05-25-2008, 12:43 PM

Good job (;

unlimitedorb · 05-25-2008, 01:16 PM

Thanks

On a side note, I've tested and it seems it doesn't really matter what page you submit the score link on. But to be on the safe side, I would spoof the referer.

~~*Wilfukguys*~~ · 05-25-2008, 03:18 PM

I still dont understand x.x
All this hash and shit has me confused D=

EDIT: I downloaded both of those files you uploaded, tried reading what you said above like 80 times and still am lost from the beginning xD