DreamBot costs a lot.
At least for me. If I can use my programming skills to get it for free, that's great. The client is free with paid VIP features, but they are just locked behind an account status, which can be spoofed. Even just on the client-side with some byte code patching.
Their script trial makes me able to get my hands on the script jar. That's not good security. After sniffing and downloading the jars, I can put them up on my own server implementation, and even set the trial duration to... owned.
A lot of the code that scripts use to verify whether you actually own their script can also be bypassed (as seen in the hooks to ScriptManager
).
One thing I find funny is that the packets MIGHT be stored as obfuscated on their server side, due to ALL OF THEM being valid java class names, whereas the rest get obfuscated to start with a digit.
Running the client requires you to set the environment variables defined in the client handler to your account's info.
Then make an account on their website and try some scripts.
Crucial. Hardware ID bans exist, thus it's important to set this properly.
Windows
wmic csproduct get UUID
Mac
system_profiler SPHardwareDataType
Anything else (Linux)
cat /etc/machine-id
cat /var/lib/dbus/machine-id // As a backup in case the first fails
When you run the client revision.txt
will be automatically downloaded into a new folder in the current directory called output
.
That contains everything necessary for the server setup.
Make sure to set the correct path in downloaded config files or copy them to the server working directory.
Make a file config.json
for the server config, yes the filename is important.
{
"revisionFile": "revision.txt",
"scriptConfigDir": "configs/",
"serverUrl": "http://localhost:6666/"
}
Replace serverUrl
in case you want to use your own webserver, obviously.
The config directory contains config files, also autogenerated by the client. They contain metadata about the script; you can probably guess how that works.
The options/_.txt
files are also generated, not sure what they're trying to protect by doing that.
Change the server options in the server main file, make sure the NETTY_PORT matches the one in the agent. And that the HTTP_PORT matches the domain above.
To run the server set the environment variable defined in the server main (default: CONFIG_DIR) to the directory with the config.json file.
java -jar /path/to/server.jar
To run the client, get the DreamBot client jar from their website. Then run
java -javaagent:/path/to/agent.jar -jar /path/to/dreambot.jar
If everything works, you should be connected and get the SPONSOR role. There are logs on the server, so take a look at that in case issues emerge.