OwO What's This?


Site won’t let me send a PM to you directly, so here goes.

The following Google search brought me here:


TL;DR here is that I’m a professional hacker (i.e., I perform penetration tests for my living) who used to play Graal a lot when I was younger. I decided to reverse it, and if these forums have a relevant reversing section I’d like access. In exchange, I’ll share any new developments I come up with based on info I find in there.

Let me know.


I believe that would be up to hosler more than anyone else.


Can you get in touch with him on my behalf? Feel free to send me a PM and chat with me about it or whatever. Non-admins can’t send admins PMs directly.


Codr you have the power


There’s a trainer for the actual Graal. Let’s you play from your computer and do all kinds of injection stuff.
You know about it?


Any word on this, Codr?

@2ndwolf: I assume you mean Relay? Not sure where to download it. I heard nail or whoever actually did reverse the protocol, but I’d rather talk to him about his process than reverse his client to figure out how he did it, since that doesn’t seem much faster than just reversing the graal client normally.


No, it was called something like 7174 and another was called another number. They are meant for the actual online Graal people play on their cellphones.
I know Relay is legendary but it’s not what I was talking about. You can only get what I was talking about through discord and I deleted the rooms from my list… was going to invite you :\

Can’t help, dang.


There are several iGraal trainers. The only one worth anything, goes by GraalXYZ.
But the one you mentioned goes by the name 774, not 7174.
There are other trainers made by the developer of 774, 881, and 646.

But all of those 3-digit number inspired named ones are crap and are only capable of doing a few cheat engine functions. Memory editing, and a few auto-gani hacks.


Good to know, but to be clear I’m not interested in any trainers. I’m reversing the Graal protocol to create a custom client and see if there are any vulnerabilities in the server’s protocol handler. Whether it’s iGraal or PC Graal is irrelevant since they’re almost definitely both using the same server software, and thus the same protocol.

I did decompile the Graal flash, which is a nuisance since it downloads a secondary binary file disguised as a png and loadBytes’s it to dynamically load more code into the game. I decompiled the secondary binary file as well and went to recompile it with hooks in the send/recv functions, but CORS or something is giving me issues with connecting to the Graal iServer with my custom flash client, and admittedly my web design/flash reversing exp is far below my C++/x86 reversing experience, so I eventually canned that idea and decided to reverse the Graal client (or RC) instead.

If anybody knows anybody else who is currently reversing the client (or already has), or that section of the forums actually has useful information on reversing the client, I’d appreciate any additional information and I’d be happy to give back anything I find out later to people who can help me get any useful info now.


Very Cool.


All relay does is intercept and inject packets. It was meant to be a debug tool. Nalin told Graal management how to block it and they didn’t listen to him. Don’t use it. It’s detectable.


I’m already very familiar with how they detect Relay. It’s actually quite simple. They call GS2’s “resolvehost()” command, which makes a DNS query against the specified host, against the serverlist. The way Relay works is by invisible proxying (i.e. host file) listserver.graalonline.com to localhost in order to initate a mitm for packet injecting. All the main servers I know of detect and block Relay using this exact functionality; i.e., if (resolvehost(“listserver.graalonline.com”) == “”) {, which Relay itself could patch but most Relay users are too ignorant to know anything of GS2 to begin with.

But you misunderstand. I have no interest in using Relay. I already have a copy of it that I use for comparing its packet notes against my own. I’m attempting to create my own Graal custom client, which is more like a Relay++. It wouldn’t need to function as a mitm proxy because it’d take place of the Graal client instead of just intercepting it.