Grabbing info from Java game

Howdy,

I've been trying to "hack" into a game called Darkfall for quite some time but I always hit a wall.
I'm not trying to do anything illegal within the game itself like speedhacking, wallhacking or anything like that. I just want to be able to retrieve information, not write anything and according to the Devs they don't really care about 3rd party tools as long as they aren't hacks.

I have tried doing it two ways using several methods.
First I tried getting a DirectX api hook because I figured most of the information I wanted was being drawn on screen at some point, therefore reading the parameters for the functions that DirectX uses could work but I couldn't really get this method to work and realised that there's a lot more information hidden so decided to move on to another way.

Second attempt was trying out to get inside the Java, I decompiled the class loader but couldn't really get anything useful out of it. I tried using VisualVM and checking the heap dump and found out most classes are obfuscated with names like Fbd Agv.
I have tried with JVMTI but without any success. I can't seem to get what I want.

So basically what I'm trying to ask is how should I go in order to just hook a dll into the game and grab some info? My objective would be to retrieve the string right after the program decrypts it and then I could do whatever I wanted with it.

Googling around I have found 0 tutorials or helpful links regarding to Java game hooking which is why I'm asking here.

Thanks.

You will need to decompile the all the classes and figure out how it works. There are a few problems with this, such as: the code has been obfuscated making it hard to work out what is happening and decompilers can struggle to generate re-compilable code especially when the code contains inner classes etc.

But all is not lost, a while ago I went through a similar exercise with decompiling a scrabble game and adding a new feature. Now I can't promise to be able to give the same level of support this time but I will help where I can.

Firstly you need to decompile the code and fix any decompilation errors so you can recompile a working version.

Then, because you are looking for data that is displayed on the screen the starting point is to find the components that display to the screen. If you can't easily work out what a component does change the code to display something obvious such as "HERE" and run the program to see where the known value appears.

As you find each component rename it to something sensible. Using an IDE such as Eclipse or Netbeans allows you auto rename all reference to it. It is vital that everything you discover you give a sensible name to, whether it appear to be of relevance to your problem or not. Over time the classes will become less and less obfuscated and you be able to understand some of the code - make sure you add lots of comments. Eventually you will be able identify the variables you need. Then it is case of adding code to allow you to hook into the class.

Be aware that this is not an easy thing to do and can be extremely frustrating a times but with a good debugger (Eclipse and Netbeans both come with debuggers) you should be able to work it out.

Problem with that is the game is written in Java and C++, only Java file I can find is a custom class loader. Which doesnt seem to have anything of interest in it.

Quote:

---

package com.aventurine.loader;

import java.util.HashMap;

public class NativeClassLoader extends ClassLoader
{
private static final boolean NativeLoadExternal = true;
private HashMap<String, Class> Classes = null;
private ClassLoader Parent = null;
public static ClassLoader Instance = NativeClassLoader.class.getClassLoader();
private static Class HashMapClass = null;

public NativeClassLoader(ClassLoader aParent) { super(aParent);
System.loadLibrary("SFMiddleWare");
Instance = this;
this.Parent = aParent; }

private static native byte[] loadClassBytes(String paramString);

public NativeClassLoader()
{
this(NativeClassLoader.class.getClassLoader());
}

private Class<?> loadClassNative(String Name) {
byte[] ClassData = loadClassBytes(Name);
Class C = null;
if (ClassData != null)
C = defineClass(Name, ClassData, 0, ClassData.length);
return C;
}

protected synchronized Class<?> loadClass(String name, boolean Resolve)
throws ClassNotFoundException
{
Class C = null;
if (this.Classes != null)
C = (Class)this.Classes.get(name);
if (C == null) {
C = loadClassNative(name);
if (this.Classes == null)
this.Classes = new HashMap();
this.Classes.put(name, C);
}
if (C == null) {
C = this.Parent.loadClass(name);
if (this.Classes == null)
this.Classes = new HashMap();
this.Classes.put(name, C);
}
if (C == null) {
throw new ClassNotFoundException();
}
if (Resolve) {
resolveClass(C);
}
return C;
}
}

---

Not exactly sure what that actually does.

Could you put links to the other forums you've asked this question in?

but this is quite a lot to start with, you know...
from here on, you can start collecting a list of all classes.
from them you can get their fields, their names, their types, their attributes

Take a look at java reflections, they might be of help to you her.e

I'm currently fairly interested in the symbiosis of this game and java, too, so i'll be checking it out in the near future.

But maybe we should stick having this discussion to GD...

-- th0br0

Given that I seem to be unable to edit my own posts:
They key here are Proxies if I'm not mistaken:
http://download.oracle.com/javase/1....ion/proxy.html

An edit button appears on the bottom of the post when you are logged in, but this mechanism only activates once your first post has been moderated. If you try to edit your post now, the 'Edit' button should be available.

Quote:

---

Originally Posted by Norm

Could you put links to the other forums you've asked this question in?

---

He's cross-posted on Game Deception forums.

Learning how to learn is life's most important skill...
T. Buzan