Jump to content

Leaderboard


Popular Content

Showing most liked content on 06/19/17 in Posts

  1. 7 points
    This is a script used to generate passwords in Bcrypt for Kitsune - AS3 version. If you've been facing the incorrect password issue and you're extremely lazy to try Arthur's latest patch on the register. All you have to do in this script is edit the $username and $password variable on line 3 & 4 and then execute the script from your command line / terminal. It will generate the password for you, then all you have to do is copy and paste that into your password column in your database and update it. <?php $username = "Lynx"; $password = "81r5C8%3i8cm"; $hashedPassword = strtoupper(md5($password)); $staticKey = 'e4a2dbcca10a7246817a83cd'; $fancyPassword = getLoginHash($hashedPassword, $staticKey, $username); echo "\n\r\n\r" . $fancyPassword . "\n\r\n\r"; function encryptPassword($password, $md5 = true) { if($md5 !== false) { $password = md5($password); } $hash = substr($password, 16, 16) . substr($password, 0, 16); return $hash; } function getLoginHash($password, $staticKey, $username) { $hash = encryptPassword($password, false); $hash .= $staticKey; $hash .= "a1ebe00441f5aecb185d0ec178ca2305Y(02.>'H}t\":E1_root"; $hash = encryptPassword($hash); $hash = password_hash($hash, PASSWORD_DEFAULT, [ 'cost' => 12 ]); return $hash; } ?>
  2. 3 points
    Avatar is an api wrapper written in Perl using the Common Gateway Interface and GD module to put together avatars. This api requires that you have CGI setup with Perl on your web-server, by default Apache should serve the files so you don't have to go through any struggle, Nginx users however would need to have CGI with Perl setup which is a daunting task. This project requires that you have a Perl version of 5.10 and above and you would have to install the modules from this list using CPAN or MCPAN to get the api to work and also make sure to have an active Internet connection. The files should be stored in htdocs for Windows users and var/www/html for Linux users. Usage: http://127.0.0.1/avatar/index.pl?items=4-221-111&size=600 Project URL: https://github.com/fantasyhacking/Avatar Download: https://github.com/fantasyhacking/Avatar/archive/master.zip This project can be used for your CPPSes for things such as Managers, Profiles etc. Kindly also read the LICENSE before you use this project. Hope y'all find some use with this, good luck!
  3. 2 points
    Take a look at the AS code if(this.movieClip.placer[buttonName].active == false || this.movieClip.placer[buttonName].active == undefined && this.currentTurn < com.clubpenguin.games.treasure.GameEngine.NUM_TURNS) { if(com.clubpenguin.games.treasure.GameEngine.PLAYING_MULTIPLAYER_GAME) { if(this.netPlayerID == com.clubpenguin.games.treasure.GameEngine.PLAYER_1 && buttonDir == "right" || this.netPlayerID == com.clubpenguin.games.treasure.GameEngine.PLAYER_2 && buttonDir == "down") { this.netClient.sendDigMessage(buttonName,buttonDir,buttonNum); } } ... This is where the onpress event handler calls sendDigMessage which should write the dig message to the socket. I'm wondering whether maybe this condition isn't met? this.netPlayerID == com.clubpenguin.games.treasure.GameEngine.PLAYER_1 && buttonDir == "right" || this.netPlayerID == com.clubpenguin.games.treasure.GameEngine.PLAYER_2 && buttonDir == "down" Those constants are set as follows static var PLAYER_1 = 0; static var PLAYER_2 = 1; And netPlayerID is updated to the seat ID: //com.clubpenguin.games.treasure.net.TreasureHuntClient function handleJoinGameMessage(resObj) { this.debugTrace("handleJoinGameMessage"); this.debugTrace("smartRoomID: " + resObj[0]); this.debugTrace("seatID: " + resObj[1]); var _loc3_ = parseInt(resObj[1]); this.gameEngine.updatePlayerSeatID(_loc3_); } //com.clubpenguin.games.treasure.GameEngine function updatePlayerSeatID(seatID) { this.netPlayerID = seatID; } So, when the arrows in the game are pointing right, player one must be taking their turn on seat ID 0, could you confirm this is the case? I can't see the JoinGame message response in your screenshots, it seems that perhaps that message should be sent every time a player takes their turn.
  4. 2 points
    You forget that these people never use the search engine so we'll have to link this topic ourselves. Nice Lynx
  5. 1 point
    Official thread for Icer.ink - Club Penguin Media Archive Hello everyone, I have recently taken it upon myself to produce a clone of Club Penguin's client media. I built this by parsing JSON and XML configuration files, but also by making use of other techniques such as basic web scraping and by auditing a lot of the action script code inside the client files. The end result is around 4GB of game media (uncompressed). The root directories are named after their respective web domain. Browse the directories Download media (4.4GB)
  6. 1 point
    Hey everyone, I frequently see people struggling with disableing the domain locking, logging services, and client checks embedded into Club Penguin client files to prevent the files being used outside the http://clubpenguin.com domain. I have written a tool in Python to help aid the process of disabling these functions, whilst maintaining the crossdomain policies within the files which actually act as a security feature. import zlib import logging import argparse from os.path import isfile, isdir, splitext, join, exists, dirname from os import walk, makedirs from glob import glob if __name__ == "__main__": logger = logging.getLogger(__name__) logging.basicConfig(level=logging.INFO) parser = argparse.ArgumentParser(description="Club Penguin client tool") parser.add_argument("path", type=str, nargs="*", help="Path(s) to files or directories") parser.add_argument("-d", "--domain", type=str, help="The domain to use (ex. clubpenguin.com)") parser.add_argument("-r", "--recursive", action='store_true', help="Enables recursive mode") parser.add_argument("-o", "--output", type=str, help="Output directory") parser.add_argument("-D", "--dump", action='store_true', help="Dump decompressed FWS data") arguments = parser.parse_args() logger.info("This program can overwrite files on the disk, make sure to make backups before" + " running this script or make sure the output flag is enabled!") for path in arguments.path: if isfile(path): logger.info("Found \"%s\"", path) paths = [path] elif isdir(path): if not arguments.recursive: logger.warning("\"%s\" is a directory but recursion is disabled! skipping...", path) continue else: paths = [y for x in walk(path) for y in glob(join(x[0], '*.swf'))] for file in paths: logger.info("Found \"%s\"", file) filename, file_extension = splitext(file) if file_extension != ".swf": logger.warning("\"%s\" is not an SWF file! skipping...", path) continue logger.info("Opening \"%s\"", file) raw = open(file, "rb") signature = raw.read(3) logger.info("Reading file signature for \"%s\"", file) if signature != b"CWS": logger.warning("File has invalid signature, file sig should be 0x43 0x57 0x43(\"CWS\")") continue header = raw.read(5) data = raw.read() logger.info("Read %d bytes from \"%s\"", data.__sizeof__(), file) logger.info("Decompressing") decompressed_data = zlib.decompress(data) original_data = decompressed_data if b'\x00clubpenguin\x00boot\x00BootLoader' in decompressed_data: logger.info("Found a BootLoader, cracking client checks...") s = b'\x00logEvents\x00boot\x00BootL0ader' decompressed_data = decompressed_data.replace(b'\x00logEvents\x00boot\x00BootLoader', s) s = b'clubpenguin.c0m' decompressed_data = decompressed_data.replace(b'clubpenguin.com', s) if b'clubpenguin.com' in decompressed_data: logger.info("Found clubpenguin.com") s = bytes(arguments.domain.encode()) decompressed_data = decompressed_data.replace(b'clubpenguin.com', s) if b'disney.com' in decompressed_data: logger.info("Found disney.com") s = bytes(arguments.domain.encode()) decompressed_data = decompressed_data.replace(b'disney.com', s) if decompressed_data == original_data: logger.warning("No changes were made to the data!") continue logger.info("Re-compressing data and appending file signature and header") compressed = signature + header + zlib.compress(decompressed_data) if arguments.output: file = join(arguments.output, file) if not exists(dirname(file)): makedirs(dirname(file), exist_ok=True) if arguments.dump: dump = open(file + ".fws", "w") dump.write(str(decompressed_data)) dump.close() logger.info("Copied dump to \"%s\"", file + ".fws") logger.info("Writing data to \"%s\"", file) output = open(file, "wb") output.write(compressed) output.close() raw.close() logger.info("Finished. Goodbye!") If you know Python a little then you will probably be able to understand how the script works rather quickly, as it is rather simple. It decompresses the SWF files to expose some of the actionscript constants within the file (no, this script does not make use of SWF disassemblers like RABCasm which makes my script very lightweight and very fast) The script has a few flags, some of which are just useful, and some of which you'll probably want to use every single time you run it. $ py iceburg.py -h usage: iceburg.py [-h] [-d DOMAIN] [-r] [-o OUTPUT] [-D] [path [path ...]] Club Penguin client tool positional arguments: path Path(s) to files or directories optional arguments: -h, --help show this help message and exit -d DOMAIN, --domain DOMAIN The domain to use (ex. clubpenguin.com) -r, --recursive Enables recursive mode -o OUTPUT, --output OUTPUT Output directory -D, --dump Dump decompressed FWS data Domain (required) tells the script which internet domain to replace security locks and logging services with. Recursive mode will make the script search through every directory below the path you specify for SWF files to check. Output changes the output directory, assuming the output directory is empty no files will be overwritten. Dump will make extra files containing the decompressed version of the data, useful for debugging purposes (for example if the script is making changes which break the SWF). Example usage on real Club Penguin media! /play/v2/client /play/v2/games/ Script download attached :~) Prerequisites Python 3 :) client-tool.zip
  7. 1 point
    Not sure if this is the default one.
  8. 1 point
    Nice, hopefully we wont get too many "password incorrect" support requests now
  9. 1 point
    I spent around two weeks writing numerous scripts to carry out tedious tasks. Minor files which weren't really documented anywhere I downloaded manually and that took the best part of four hours.
  10. 1 point
    CPBlog is a simple lightweight WordPress theme which will help you get a free working Club Penguin blog up and running. Version: 1.0 Download Link: Click Here This is a little project of mine which I want to continue working on and improving. Updates will come when I'm able to work on them and when I wish to work on them. I'll be working on a newer Club Penguin blog theme soon also. Requirements WordPress (download here) How to install: - Install WordPress - Go to admin Dashboard - On the left hand side hover over "Appearance" and click on "Themes" - Click on "Add New" - Click on "Upload Theme" - Download the latest version of CPBlog below, and install it as it. - Activate and Done! There is no dedicated support for this theme but you can leave issues and suggestions below. Please do not re-upload this theme elsewhere, use the same download link as when I push updates the link will be the same and I don't want people using outdated versions in the near future.
×