44 replies to this topic

[RitzWin]

"Release early and often" is a pretty solid mantra. Getting the software out there means more people helping to find bugs or make suggestions. Out of curiosity, how much is done so far?

Pretty much all the ui/groundwork is done. Adding new dailies is pretty easy to do as well. I've got ~20 dailies working at the moment, but adding more daily (har har har). Like I said before, I'm considering stuff like potatoe counting as a daily and will be adding the daily question stuff too. Basically all the easy games I'll be adding at some point . Right now I have some support for multiple accounts (just saves information about them for now). Also saves the last time each one was played, and color-codes the dailies list so you know which ones are available. I maybe went a bit overboard with the bells and whistles lol. At the moment, no proxy support though. But I've looked at some tutorials on the subject and it doesn't look too difficult.
I'm pleased with it, since I overcame the flash games request stuff I'm feeling pretty good. Parsing the output is still slow-going (only testing on a few accounts right now). However when I release it and people don't see what they got, they can send me the html page (all 'result' pages except login are logged) and I'll do some regex on that shiz.

Yea I think I'll take your advice and release what I've got done later on this week, would like to add user-agent customization before I release it obviously.

However I'd REALLY like to figure out how to use the exact same cookie as firefox/chrome/whatever is using so that we don't even need to login.

Edited by RitzWin, 27 March 2012 - 08:50 AM.

[Inkheart]

Well, yeah, Potato Counting and Daily Puzzle are dailies, and really easy ones, at that, so I think it makes perfect sense for them to be included. Hm... that doesn't strike me as overkill, though. I mean, sure, most people are just going to run it once and have all of them done, but the color-coding is a good reminder, I guess. Do you mean you're sort of "green-lighting" the wheels so the user knows they can spin them? I reckon it'd be better to just automatically spin them, no? Proxy support is usually very easy to implement; I imagine it's just a slightly different constructor in Python's case.

Erm... Flash games? I'm guessing you mean things like Bagatelle and Coconut Shy, right? Those are really easy (as TNT is retarded, and they're both just GET requests), but if you've managed to figure out sending Flash scores, I'd be very interested in discussing it. : ) Everything seems time-sensitive, so I'm still baffled as to how sLAUGHTER figured it all out.

As for figuring out all the prizes, I think saving the HTML is a bit of a privacy invasion. Theoretically, we should never have access to the usernames of people who use our programs. You could include a "stripper" that removes all the identifying information before sending the HTML along, I guess. The User-Agent is just another header, so if you're doing cookies, it shouldn't be too much trouble to include that as well.

And while being able to use the browser's cookie is nice, you probably still need to implement logging in to correct for accidental cases of getting logged out for whatever reason. Still, modern browsers store user information in SQLite databases, so it's not too difficult to get the information out; the trouble is knowing all the different places to look for different combinations of browser and OS. The actual extraction, though, is very easy, particularly with Ruby.

require 'dm-core'
require 'dm-migrations'

DataMapper.setup(:default, "sqlite://#{Dir.pwd}/Cookies")

class Cookie
  include DataMapper::Resource
  property :host_key, String
  property :name, String
  property :value, String, key: true
end

DataMapper.auto_upgrade!

cookie = Cookie.all(:host_key.like => '%neopets%').map { |c| "#{c.name}=#{c.value}" } * '&'

[shrouded]

It's not too difficult with mechanize. Mechanize Doc Scroll down to cooperating with browser.

[RitzWin]

Well, yeah, Potato Counting and Daily Puzzle are dailies, and really easy ones, at that, so I think it makes perfect sense for them to be included. Hm... that doesn't strike me as overkill, though. I mean, sure, most people are just going to run it once and have all of them done, but the color-coding is a good reminder, I guess. Do you mean you're sort of "green-lighting" the wheels so the user knows they can spin them? I reckon it'd be better to just automatically spin them, no? Proxy support is usually very easy to implement; I imagine it's just a slightly different constructor in Python's case.

Erm... Flash games? I'm guessing you mean things like Bagatelle and Coconut Shy, right? Those are really easy (as TNT is retarded, and they're both just GET requests), but if you've managed to figure out sending Flash scores, I'd be very interested in discussing it. : ) Everything seems time-sensitive, so I'm still baffled as to how sLAUGHTER figured it all out.

As for figuring out all the prizes, I think saving the HTML is a bit of a privacy invasion. Theoretically, we should never have access to the usernames of people who use our programs. You could include a "stripper" that removes all the identifying information before sending the HTML along, I guess. The User-Agent is just another header, so if you're doing cookies, it shouldn't be too much trouble to include that as well.

And while being able to use the browser's cookie is nice, you probably still need to implement logging in to correct for accidental cases of getting logged out for whatever reason. Still, modern browsers store user information in SQLite databases, so it's not too difficult to get the information out; the trouble is knowing all the different places to look for different combinations of browser and OS. The actual extraction, though, is very easy, particularly with Ruby.

require 'dm-core'
require 'dm-migrations'

DataMapper.setup(:default, "sqlite://#{Dir.pwd}/Cookies")

class Cookie
  include DataMapper::Resource
  property :host_key, String
  property :name, String
  property :value, String, key: true
end

DataMapper.auto_upgrade!

cookie = Cookie.all(:host_key.like => '%neopets%').map { |c| "#{c.name}=#{c.value}" } * '&'

Yes by flash stuff I mean wheel/bagatelle/etc. There's a random number included in the request... it's between like 10000 and 100000. Doesn't seem to be linked to anything (I think in the wheel's case the random number is directly in the html, so I just used that). However for bagatelle I'm not sure how that random number is generated... so it might be more risky to use.
Yeah, user-agent isn't a problem, for my testing I've just manually set it to my own browser, but it should be customizable.
You're right, I'll have to strip username/np data from the log files... never really bothered since it's just been me using it so far .
Yes, the different colours for the dailies correlate with whether they have already done that and since when:

grey= daily that happens once per day that has already been done
green = you can do it,
yellow = you've done it too recently to play it again- for stuff you can do multiple times like the wheel or springs
I've also included the actual time they last time it was played at was.

I'll be putting some sort of scheduling system in the future... but it's not a HUGE priority right now as it only takes like 3 clicks to do all the dailies (including login lol).

It's not too difficult with mechanize. Mechanize Doc Scroll down to cooperating with browser.

Awwesome I'll be doin' that fo sho. Logging in should definitely be automated.

I guess I'll be starting an official thread on this shortly, wewt

Edited by RitzWin, 27 March 2012 - 11:24 AM.

[Inkheart]

Yes by flash stuff I mean wheel/bagatelle/etc. There's a random number included in the request... it's between like 10000 and 100000. Doesn't seem to be linked to anything (I think in the wheel's case the random number is directly in the html, so I just used that). However for bagatelle I'm not sure how that random number is generated... so it might be more risky to use.

The 'r' query parameter for the wheels is just the current UTC time. It's insignificant other than for cache-busting, to ensure the user is spinning the wheel with the most recent ActionScript attached. You can generate the number from within Python rather than wasting an HTTP request, but it's no big deal either way. The random number for Bagatelle and Coconut Shy is just that, completely random. However, it is used to determine the prize, likely as a function of the current time. In my testing, sending the same number didn't always get the same prize, so that's likely the case. It's probably current_time % random_number, and then the last two or three digits are parsed and weighted to determine the prize. No way to know without getting into the server, of course, but I think just sending any old number should suffice. It'd be awesome to be able to ensure good prizes with every single attempt, though...

The color codes seem to make perfect sense. Out of curiosity, are they icons or just like a check list?

[RitzWin]

The 'r' query parameter for the wheels is just the current UTC time. It's insignificant other than for cache-busting, to ensure the user is spinning the wheel with the most recent ActionScript attached. You can generate the number from within Python rather than wasting an HTTP request, but it's no big deal either way. The random number for Bagatelle and Coconut Shy is just that, completely random. However, it is used to determine the prize, likely as a function of the current time. In my testing, sending the same number didn't always get the same prize, so that's likely the case. It's probably current_time % random_number, and then the last two or three digits are parsed and weighted to determine the prize. No way to know without getting into the server, of course, but I think just sending any old number should suffice. It'd be awesome to be able to ensure good prizes with every single attempt, though...

The color codes seem to make perfect sense. Out of curiosity, are they icons or just like a check list?

The way I've got things implemented, and the way python's mechanize works I get to see the http request anyways, so I'm not really wasting anything. Just diggin' through some html like I do for the prizes.

I can send a screenshot tonight. I'd rather not explain, and hope that it makes sense when people first see it (I'm probly a bad UI designer lol). I've not tried it on any other platforms than linux though, so I'll be havin to test that out too .

Fun stuff!

There's another Idea I had to make everything even more safe... I noticed that for one or two of the flash requests, that the referer was the swf instance. Got me thinking that if neopets actually uses itself as a referer, I should see about making the referer something like a daily neopets web-page. Like www.thedailyneopets.com/dailies/ ...

Edited by RitzWin, 27 March 2012 - 12:49 PM.

[shrouded]

Yes by flash stuff I mean wheel/bagatelle/etc. There's a random number included in the request... it's between like 10000 and 100000. Doesn't seem to be linked to anything (I think in the wheel's case the random number is directly in the html, so I just used that). However for bagatelle I'm not sure how that random number is generated... so it might be more risky to use.
Yeah, user-agent isn't a problem, for my testing I've just manually set it to my own browser, but it should be customizable.
You're right, I'll have to strip username/np data from the log files... never really bothered since it's just been me using it so far .
Yes, the different colours for the dailies correlate with whether they have already done that and since when:

grey= daily that happens once per day that has already been done
green = you can do it,
yellow = you've done it too recently to play it again- for stuff you can do multiple times like the wheel or springs
I've also included the actual time they last time it was played at was.

I'll be putting some sort of scheduling system in the future... but it's not a HUGE priority right now as it only takes like 3 clicks to do all the dailies (including login lol).



Awwesome I'll be doin' that fo sho. Logging in should definitely be automated.

I guess I'll be starting an official thread on this shortly, wewt

Yeah I would still recommend taking UN/PW input in case of an unusual disturbance. I don't have much experience with importing cookies. The program(s) I've made for personal use just use my User-Agent and are never meant to be used by others.

The 'r' query parameter for the wheels is just the current UTC time. It's insignificant other than for cache-busting, to ensure the user is spinning the wheel with the most recent ActionScript attached. You can generate the number from within Python rather than wasting an HTTP request, but it's no big deal either way. The random number for Bagatelle and Coconut Shy is just that, completely random. However, it is used to determine the prize, likely as a function of the current time. In my testing, sending the same number didn't always get the same prize, so that's likely the case. It's probably current_time % random_number, and then the last two or three digits are parsed and weighted to determine the prize. No way to know without getting into the server, of course, but I think just sending any old number should suffice. It'd be awesome to be able to ensure good prizes with every single attempt, though...

The color codes seem to make perfect sense. Out of curiosity, are they icons or just like a check list?

If only we had the ability to gain the algorithm. Those are the type of hacks that should be kept for personal gain. If RareDareDevil hadn't shared the method for score sending with eggy and slaughter hadn't popularized it who knows how much NP he could have gained without raising the suspicion of TNT.

[RitzWin]

If only we had the ability to gain the algorithm. Those are the type of hacks that should be kept for personal gain. If RareDareDevil hadn't shared the method for score sending with eggy and slaughter hadn't popularized it who knows how much NP he could have gained without raising the suspicion of TNT.

Don't worry, I'm on it . Storing the timestamp with the random number maaay be able to decipher it if neopets is dumb enough to use my timestamp

Edited by RitzWin, 27 March 2012 - 01:05 PM.

[shrouded]

Don't worry, I'm on it . Storing the timestamp with the random number maaay be able to decipher it if neopets is dumb enough to use my timestamp

I suspect that is unlikely. If they use their timestamp it might be possible but you'd have to accurately predict your latency to get to their servers. Assuming everything matches NST given on the website. You can get "good" stuff from coltzan by using NST.

[RitzWin]

Decided not to actually run it and show output because I'm on linux (obviously) and I fail at scribbling out usernames n stuff without my trusty paint.

[Inkheart]

Decided not to actually run it and show output because I'm on linux (obviously) and I fail at scribbling out usernames n stuff without my trusty paint.

Looks awesome! What's your plan for maximum coverage release? Also, pixlr.com is handy. : )

[RitzWin]

Looks awesome! What's your plan for maximum coverage release? Also, pixlr.com is handy. : )

Thank you, not sure what you mean by maximum coverage release.

[Inkheart]

Thank you, not sure what you mean by maximum coverage release.

Are you... trying to make it cross-platform?

[RitzWin]

Are you... trying to make it cross-platform?

Ah, yes... at the very least windows compatible. Python's pretty good about cross-platform shiz. I've not looked into it too much though... maybe releasing it this week is too ambitious

[syaopup]

I've been researching a little on how to automate score sending too but haven't gone deep because I'm learning up on HttpWebRequests, here's a couple of resources on score sending I found on the net. Hope they'll be of help.

http://www.gogetpape...ets_3_Lectures/
Skip to page 13 and it talks a bit about neopets and encryption.

http://userscripts.o...s/review/127882
Source code of the Greasemonkey script that I use to send my game scores. They have an option to 'Try cached encryption', so I guess that's what you meant by it being time sensitive.

I'm not sure if this will help, as I don't know if there's any difference between how greasemonkey sends scores and how python (or any other non browser based programs) sends scores.

[shrouded]

I've been researching a little on how to automate score sending too but haven't gone deep because I'm learning up on HttpWebRequests, here's a couple of resources on score sending I found on the net. Hope they'll be of help.

http://www.gogetpape...ets_3_Lectures/
Skip to page 13 and it talks a bit about neopets and encryption.

http://userscripts.o...s/review/127882
Source code of the Greasemonkey script that I use to send my game scores. They have an option to 'Try cached encryption', so I guess that's what you meant by it being time sensitive.

I'm not sure if this will help, as I don't know if there's any difference between how greasemonkey sends scores and how python (or any other non browser based programs) sends scores.

A little hint is to search for eggy/RDD's tutorial on score sending. That will give you the base on what it requires.

[RitzWin]

A little hint is to search for eggy/RDD's tutorial on score sending. That will give you the base on what it requires.

I'm too scared to SS. All the horror stories out there cast too large a shadow for all the success stories. Maybe I'm just a bigot.

I'm nao sad that I don't get the advanced membership thing on the AB May have an impact on when I release this... depression lingering

[shrouded]

I'm too scared to SS. All the horror stories out there cast too large a shadow for all the success stories. Maybe I'm just a bigot.

I'm nao sad that I don't get the advanced membership thing on the AB May have an impact on when I release this... depression lingering

I'd gift it but I don't have any money in paypal. Score sending is another one of those things I think could have been taken advantage of in a huge way by the creator if it hadn't been leaked.

[RitzWin]

Can anyone think of anything I should add that's not in the pic above?
I've just added potatoe counter in addition to the picture...
I was also thinking of adding a wishing well daily (you can specify how many neopoints to donate and what item to go for)...
I guess I should add snowager too... I feel like I'm missing lots of dailies that people wouldn't normally do, but that would add up (like the slorg one that I've already got)

[RitzWin]

Tested on windows- works well.
Added the kings... will probably make an exe in a day or two and release a beta version