I recently accidently, posted in the ipoker HTML5 thread because I misread the title for this.
On partypoker, there is an in browser Java client, I was wondering if anyone had experimented/got this running on their PC.
The guys in the ipoker thread were talking about detection mechanisms, so thats why my response starts a little strangely:
Quote:
Is this the client that's primarily Java based? I recently took a look at this myself if so. (The one where it says play in browser on their site)
If so, yes, they can detect extremely easily. If they had any sense they would also detect mouse movements.
It's also extremely easy to detect whether or not it was opened in a browser or not. (Just crossmatch your IP or w/e loads of ways)
Both are still extremely easy for us to spoof if we are doing a Java based bot interface. Infact we can even move the mouse inside the Java client (not moving our actual mouse). Simulate the entire mouse movement (based on human-like splines and randomness). + Random timings/locations on the click.
I have really been wanting to try to get this running on my PC. I have had great trouble though because I don't understand alot about how these applets and the javascript etc. interact. If anyone AT ALL manages to get it running on your PC (by running I mean literally loading, I don't care about whether it will login or whether it will connect etc. it's quite likely it would need some small alterations inside the client).
I personally think it would be really nice to get it running from your own PC, get this fully deobfuscated, decompiled & recompileable. I took a look at this client a little already and it's pretty straightforward ZKM obfuscation. Just string encryption, BS variable renaming and some stuff done to the flow etc. I managed to actually get a pretty decent decompile, with pretty much most of the flow sorted. Ofc the decompile was ugly as fuck and barely understandable, but I'm pretty sure I coulda got it to recompile with some tweaking. If someone can get this client running, I could start work on a fully deobfuscated renamed client. I think it'd be super super interesting for a bot.
Ofc vs this method they will slam in detection mechanisms that will be either A) hard to spoof OR B) hard to find/realise they're doing. That's fine though I know many ways to get around dumb checks like checksums & method access levels.
Infact I would only use deobfuscation & renamed client for research. I'd most definitely use a completely hidden method where the client remains absolutely untouched and is actually loaded in the end from their site. - Let's not talk about this so publicly though.
This method would just be so insane though, having direct access to any input/output methods you want. No errors, no time wasted, no moving of your own mouse etc. Lot's and lot's of benefits. (+ benefits of knowing who you're playing at anon table etc.)
Actually I'd love to talk about this in depth but this is way too public. I think I posted plenty too much already. Any ideas how to get into the restricted areas?
I also wrote a ZKM string decrypter fwiw