Tree of Savior Forum

AFK necro/sorc/bokor is apparently back


#326

image


#327

Well if its not illegal and IMC is not banning it will continue to happen, soo… either we deal with it or we create our own haha.

And to the person to said to re read the threat I stopped half way its TL TR cmon


#328

Did you know that 3rd party captchas (like google’s one, reCaptcha) have a public API and the only thing they do is to return to the (API’s) client the result and you can just nop the part of the client that verifies it (or jmp if we want to be pedantic about speed), xor eax,eax and inc ah?

Now the API may be implemented in a server application (game’s server, for eg.) or in a client application (game’s client), if IMC implements the API in the client, you can bypass it with ease.

So now to implement a 3rd party API you need a networking course and not a programming one?

Thanks for the suggestion!

Amazing assumption tho, is it because you think that a girl is unable to understand CS?

Edit:
You may also look for ML based captcha solvers for server side API implementation bypass.


#329

In g-reCaptcha case Google’s server is the middle-man server.

Web client can be static pages like the ones on github.io . If reCaptcha is gating locally embedded encrypted resources in html, you can try to break the salted token encryption key to work around authentication and toggle the hidden information. Good luck solving P=NP.

In the case when the reCaptcha is gating authentication key to resource api, like end point key at some REST API, you can’t even start the authentication process without hand-shaking with Google’s server.

Go back to your first networking course in CS, if you have taken it at all. I am sure I can break whatever website you write if you don’t understand what I mean.

==============

Edit:

In nowhere I gave gender related assertion. Now if you have presumption about your own gender, I cannot stop you.


#330

But I’m not talking about a website and I don’t see how that’s related to what I wrote.
API’s can be implemented in any language, even C++, but I guess that a web designer can’t go beyond scripting languages.


#331

The whole goal of Captcha is to protect resources from bots by authenticating resource request process.

And you are saying by designing an API to mis-use Captcha, outsider can work around Captcha and get your resource freely, which defeats the point of Captcha and is not worthy of discussion.

Your discriminating presumption about web/frontend developers is disgusting. And I am a backend developer who works with frontend developers and writes the APIs.

What I said are basics. You don’t need to be actively practicing them to know them.


#332

But you lack software engineering competence.

I never talked about a “misuse” of the captcha, I said that if they implement the API, thus the verification process, on the client side it’s easily bypassed.

And even in the case of server side implementation, there are ML captcha solvers that have a very high speed and accuracy rate.


#333

What…I am done with you. You clearly don’t know what you are talking about.


#334

It’s more the fact that you don’t know what are you talking about.
Implementing the API on the game’s client is very feasible, with CURL for example, but easy to bypass and I even explained you how.

I’m not saying it’s the proper way, but it’s the way IMC developed this game (almost everything is client side).


#335

You sound like a freshman CS student who just get to know about Linux.

If all APIs are easily bypassible by client, all industries that depend on digital resources will fall apart.

Go back to CS 101.


#336

You sound like a wannabe, else you’d understand what nopping/jumping a call and xor eax, eax inc ah meant.


#337

script kiddie fiiiiight :rofl:


#338

You don’t even know what they mean and you are using them. You can be making millions bypassing Captchas systems as white hacking. It’s a problem that requires academic research.

And you just know some binary operation and assembly code in college. Talk about hacking.

Well that, assumes you are facing a professionally designed and implemented system.


#339

Sure, you had to look on google and you still can’t figure out what they mean.

You may want to look at ML captcha solvers, I’ve already told you about them several times now.

Nope, I’m talking about reverse engineering. Sorry that google didn’t help you figure it out.


#340

They aren’t cracking Captcha in system level. It’s not even bypassing anything. It’s getting the key properly by actually solving the problem.

I guess if you don’t reverse engineer in assembly code, you do that in bits. Did you have OS class?

I see that you just know terms…stop embarrassing yourself.


#341

They solve captchas, it’s all that’s needed.

No, you do that in opcodes.

Yeah, stop.


#342

What’s your noop/jump call/registry names all about then? Do they help in machine learning?

What opcodes mean: https://stackoverflow.com/questions/17638888/difference-between-opcode-byte-code-mnemonics-machine-code-and-assembly

You reverse engineer the op codes in assembly code from specific system compiler. Once you have them you are good. You don’t start with the op codes.

How many more mistakes you are presenting us out of your “remembered vocab”?


#343

watching nerds flex is funny af yo.


#344

I guess she did enough to embarrass herself. I am gonna clean my house now. Falling behind in schedule…

Wasted an hour teaching college student. I should have charged her.


#345

That’s specific to a client-side implementation (software, not website).
If you knew what it meant, you’d know what they do.

Google won’t help you.

I stated several times (are you blind?) that ML helps solving captchas with server side implemenation, like on a website, indeed.

That’s a very noob-friendly explanation of what an opcode is, but that’s beyond the scope.

Except you said you do it in bits. :rofl: :rofl::rofl::rofl:

Backpedaling after googling :rofl:

Me? :rofl:

Go do it in bits :rofl::rofl::rofl: