Others Abandoned Glamour [v0.57] [Dark Silver]

[Maid Lain]

@NachoCheese
Nice work! Is your job related to networking or IT by any chance?

After all resources have been loaded, client issues a POST request for /api/status with the following keys:

• id: a UUID. I'm assuming this is used to look up the user's information through the Patreon API.

The API responds with a JSON object with the following keys:

• patron: 0 (Assuming boolean: if this user is a Patron or not)
• pledge: 0 (Assuming pledge value)
• version: 5 (Assuming minor version of the client)

I think that the UUID is decided/created by the client. So I think it should be possible to set a custom ID but I'm not really sure if that's useful for anything, I doubt it is.

The JSON "patreon, pledge, version" response is done by the NetworkHelper class -> SendStatusRequest(string id) method. Once the values are received the values are set in the registry and not used for anything else. So I'm 99% sure these values aren't related to deciding what content the user has unlocked.

The API responds with a JSON object with the following keys:

• status: ok
• token: (a 164 byte string that appears to have several Base64 encoded segments separated by the '.' character)
  • Segment 1: a 36 byte Base64 encoded JSON object with the following keys:
    • alg: HS256
    • typ: JWT
    • Note:
      You must be registered to see the links
  • Segment 2: an 83 byte Base64 encoded JSON object with the following keys:
    • id: The previously seen UUID
    • iat: The number of seconds since the UNIX epoch.
  • Segment 3: a 43 byte string that appears to be random data. (this base64 decodes to 32 bytes, so this is quite likely)
• saves: an array (empty)
• patron: false (if the user is a patron or not)
• pledge: 0 (the pledge level of the patron)

The client issues a POST request for /api/start with the following keys:

• token: the previously seen token

When the user clicks on anything, the client issues a POST request for /api/update with the following keys:

• token: previously seen token

The API responds with a JSON object with the same keys as seen above (to start)

I'm not sure where in the code the logic is for the first response in the quote above. I think it's related to the LoginResponse class -> Parse() method but I don't remember. If it is then I changed the patron and pledge amount as soon as the client received the response so the patron and pledge part aren't important.

So what are tokens used for? In the scripts.dll there is code for handling and I think creating tokens too, but it wasn't very clear what they were being used for.


Also if the user id is tied to a patreon account, you probably could change the code in the client to save to your personal patreon account user id but use a patron's user id to access the api. Not sure if multiple people using the same user id to access the api would screw with each other's games or not though.

 

[NachoCheese]

Nice work! Is your job related to networking or IT by any chance?

Oh, a little of this. A little of that.

I think that the UUID is decided/created by the client. So I think it should be possible to set a custom ID but I'm not really sure if that's useful for anything, I doubt it is.

With that packet capture, the first time that a UUID passed across the network was from client to server, but I wanted to reset the VM I was testing with and check it's behavior from the start. (Maybe UUID is set upon initial connection and passed client to server as a way of identifying a unique client).

The JSON "patreon, pledge, version" response is done by the NetworkHelper class -> SendStatusRequest(string id) method. Once the values are received the values are set in the registry and not used for anything else. So I'm 99% sure these values aren't related to deciding what content the user has unlocked.

My guess was that the information is just displayed locally.

I'm not sure where in the code the logic is for the first response in the quote above. I think it's related to the LoginResponse class -> Parse() method but I don't remember. If it is then I changed the patron and pledge amount as soon as the client received the response so the patron and pledge part aren't important.

Most likely. I was surprised that the UUID was actually encoded into the token string. Digging into the patreon login process might shed more light on why this is handled this way. That's something I skipped deep diving into at the time as I was more interested in api/start and api/update calls when I captured these packets.

So what are tokens used for? In the scripts.dll there is code for handling and I think creating tokens too, but it wasn't very clear what they were being used for.

HTTP is inherently stateless, the tokens are definitely being used by the clients to uniquely identify themselves to the server. This would be a requirement if game state is maintained on the server, as the server would need to know *which* game instance performed a given action (which is further supported by the content of the messages being passed, the client is always just telling the server which action was performed, and all of the state data is coming down from the server each time an action is performed)

Also if the user id is tied to a patreon account, you probably could change the code in the client to save to your personal patreon account user id but use a patron's user id to access the api. Not sure if multiple people using the same user id to access the api would screw with each other's games or not though.

As far as I can tell, saving on the server is likely just marking a game state as more persistent than every other game state it keeps track of. While it could keep that data in memory within the node.js process, it's probably a much better idea if it's pushing that state all the way back to a persistent database and then just updating as it goes. That would also mean that DS can restart the server without screwing over everyone who's currently playing. As for how saves are specifically triggered server-side, I never dug into that.

 

[Hlextor]

@Nach0Cheese @Maim Lain
Really, i don’t know what you’re talking about. But it sounds good. Does DS have built a Fort Knox?

 

[NachoCheese]

@Nach0Cheese @Maim Lain
Really, i don’t know what you’re talking about. But it sounds good. Does DS have built a Fort Knox?

Yes and no. Based on my observations, there's nothing you can do to the client to obtain access to the current version of the game. The server is another matter entirely though, I just don't have the time or patience to attempt to emulate it, and I draw the line at attempting to hack into it.

 

[Hlextor]

The server is another matter entirely though, I just don't have the time or patience to attempt to emulate it, and I draw the line at attempting to hack into it.

What a pity. Thanks for your trial

 

[miscemayl]

The last few posts about investigating how the game works are seriously more entertaining than the actual game itself...

 

[Lenor]

The last few posts about investigating how the game works are seriously more entertaining than the actual game itself...

Ouch.

 

[-DeaDHeaD-]

You must be registered to see the links

 

[elvergallarga]

There is a bit of a grind, but it's not like BB. In BB, you had all those scenes where you had a low chance of success until you built up a lot of persuasion skills, etc. Remember how you had to play for days before getting "lucky" just for Alice to let you rub her feet? There isn't anything like that.

It's repetitive at first in that you get up every day and go to class and talk with the students, then come home and talk with Julia, but each day there are new dialogues. And remember how in BB when you opened the door when Lisa was changing she would say the same thing each time? In this game when you spy on Julia in the shower or when she catches you watching porn, the dialogues change and develop for awhile before they repeat. Eventually your day will be going to class, then going to work as a maid, then going to the cafe to learn more about Lisa, then going home, but again, each day is a bit different until the main storyline with the principal is finished in this version.

It does look like there will be lots of stuff to buy in the future, plus homework to do and probably Kate will need to get fit in the gym, so eventually it could be more of a grind in that you'll have to repeat a lot of tasks over and over without any new scenes for days and days to unlock scenes, but so far that isn't the case.

Wow thanks!
I'll give it a try then

 

[NachoCheese]

The last few posts about investigating how the game works are seriously more entertaining than the actual game itself...

lol. That probably has less to do with how entertaining we're being and more to do with the game itself.

 

[Pillowgirl]

The last few posts about investigating how the game works are seriously more entertaining than the actual game itself...

I came here from the milfycity thread when someone mentioned DS, and honestly i'm facepalming at seeing a unity game with online copyprotection, it reminds me of Diablo III and the people working to build an emulator on irc and i personally supplying them with a beta key to capture packets and reverse engineer a server.

Those were good times with lots of shenanigans and jokes about calling it EMUlator based on the bird.

 

[goobdoob]

Looks awesome, any chance for a Mac build?

Just go to his patreon.

You must be registered to see the links

 

[NachoCheese]

honestly i'm facepalming at seeing a unity game with online copyprotection, it reminds me of Diablo III and the people working to build an emulator on irc and i personally supplying them with a beta key to capture packets and reverse engineer a server.

If I had the free time and if the game were actually worth emulating, that's how I'd go about solving this problem. Unfortunately, so far this game is only worth its renders and those are given away in the second API call.

 

[Hlextor]

If I had the free time and if the game were actually worth emulating, that's how I'd go about solving this problem. Unfortunately, so far this game is only worth its renders and those are given away in the second API call.

So maybe we‘ll see the first pussy (though with DS unlikely ) ... but if we‘ll see some day more sex stuff and the story is getting better, maybe you can think about to hack the game?!

 

[erer]

Hi dudes!

Does 1$ patron get 0.5 content? I have hotel scenes, but not cafe yet and I have played like 2 or 3 months in game time.

Edit: And didin't get massage parlor in map, even Lien said about that.

 

[patriot_rf2]

I wrote some kind of guide for young hackers. Enjoy.

 

[Maid Lain]

I wrote some kind of guide for young hackers. Enjoy.

I wouldn't completely disable the file checking in the assembly dll and would instead point the game to use a copy of the scripts.dll so the game can still update other files. I explained it a bit in a post on the previous page in this thread. But it probably doesn't matter too much though.

 

[paloompa]

nice game but a bit grindy like the abandoned BB ... even characters from BB apper in it but nicely done

 

[anibal]

I'm having a big issue, just downloaded and started my game, I get to the 5th day (Wed 3rd) where the walk through says that your sister will send you off for massage training but it will not happen, I followed her around the entire day and nothing, tried uninstalling and reinstalling a few times but still same issue, is there something I'm missing?

 

[fauxplayer]

is there something I'm missing?

If you're not a paying Patron, then yes, you're missing pretty much all the content, which can only be accessed by paying Patrons (which is why the last 5+ pages of this thread are dedicated almost exclusively to how to crack the game).