To: Codr


#1

Site won’t let me send a PM to you directly, so here goes.

The following Google search brought me here:

https://www.google.com/search?q=tlrwuvpz&oq=tlr&aqs=chrome.0.69i59j69i57j0l4.1955j0j4&sourceid=chrome&ie=UTF-8

TL;DR here is that I’m a professional hacker (i.e., I perform penetration tests for my living) who used to play Graal a lot when I was younger. I decided to reverse it, and if these forums have a relevant reversing section I’d like access. In exchange, I’ll share any new developments I come up with based on info I find in there.

Let me know.


#2

I believe that would be up to hosler more than anyone else.


#3

Can you get in touch with him on my behalf? Feel free to send me a PM and chat with me about it or whatever. Non-admins can’t send admins PMs directly.


#4

Codr you have the power


#5

There’s a trainer for the actual Graal. Let’s you play from your computer and do all kinds of injection stuff.
You know about it?


#6

Any word on this, Codr?

@2ndwolf: I assume you mean Relay? Not sure where to download it. I heard nail or whoever actually did reverse the protocol, but I’d rather talk to him about his process than reverse his client to figure out how he did it, since that doesn’t seem much faster than just reversing the graal client normally.


#7

No, it was called something like 7174 and another was called another number. They are meant for the actual online Graal people play on their cellphones.
I know Relay is legendary but it’s not what I was talking about. You can only get what I was talking about through discord and I deleted the rooms from my list… was going to invite you :\

Can’t help, dang.


#8

There are several iGraal trainers. The only one worth anything, goes by GraalXYZ.
But the one you mentioned goes by the name 774, not 7174.
There are other trainers made by the developer of 774, 881, and 646.

But all of those 3-digit number inspired named ones are crap and are only capable of doing a few cheat engine functions. Memory editing, and a few auto-gani hacks.


#9

Good to know, but to be clear I’m not interested in any trainers. I’m reversing the Graal protocol to create a custom client and see if there are any vulnerabilities in the server’s protocol handler. Whether it’s iGraal or PC Graal is irrelevant since they’re almost definitely both using the same server software, and thus the same protocol.

I did decompile the Graal flash, which is a nuisance since it downloads a secondary binary file disguised as a png and loadBytes’s it to dynamically load more code into the game. I decompiled the secondary binary file as well and went to recompile it with hooks in the send/recv functions, but CORS or something is giving me issues with connecting to the Graal iServer with my custom flash client, and admittedly my web design/flash reversing exp is far below my C++/x86 reversing experience, so I eventually canned that idea and decided to reverse the Graal client (or RC) instead.

If anybody knows anybody else who is currently reversing the client (or already has), or that section of the forums actually has useful information on reversing the client, I’d appreciate any additional information and I’d be happy to give back anything I find out later to people who can help me get any useful info now.


#10

Very Cool.