1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tutorial How to load up other local scripts

Discussion in 'Tutorials & Resources' started by Exia, Feb 2, 2015.

  1. Exia

    Joined:
    Nov 3, 2013
    Messages:
    609
    Likes Received:
    259
    I've got a fun little hack here that I have been working on. I plan to use this for my player owned port script bot if I ever get around to writing it. The hack an exploit in Java's Class system that allows access to a the script bot Classloader and from there with a bit of Reflection the other classes that have been loaded by that loader. As it stands, this is a sort of Beta to the hack and I plan to actually make it work with a gui and implement some sample logic for future use. The main idea here is not steal data or other scripts bots, but to allow for scripts bots that have some sort of long wait time in between actions to better use their idle time. A good example of this is farming trees where it might take several hours for a single tree to grow, and those hours could be spent crafting nature runes. So here it is.

    Here is the first class you will need (or any local script bot, this one is just easy and simple):
    Code (Text):
    1.  
    2. import com.runemate.game.api.script.framework.LoopingScript;
    3.  
    4. public class TestScript extends LoopingScript   {
    5.  
    6.     @Override
    7.     public void onLoop() {
    8.         System.out.println("Hello World!");
    9.     }
    10. }
    11.  
    This is just to test the system out, here is the real meat of the hack:
    Code (Text):
    1.  
    2. import java.lang.reflect.Field;
    3. import java.util.Scanner;
    4. import java.util.Vector;
    5.  
    6. import com.runemate.game.api.script.framework.AbstractScript;
    7. import com.runemate.game.api.script.framework.LoopingScript;
    8.  
    9. public class BatHacker extends LoopingScript{
    10.    
    11.     private AbstractScript scriptInstance;
    12.    
    13.     @Override
    14.     public void onStart(String... args){
    15.         try {
    16.             //First grab the ClassLoader for the script
    17.             ClassLoader loader = this.getClass().getClassLoader();
    18.            
    19.             //Now grab the loader's class
    20.             Class<?> loaderClass = loader.getClass().getSuperclass();
    21.            
    22.             //Grab the Field object from that class via reflection
    23.             Field classesField = loaderClass.getDeclaredField("classes");
    24.            
    25.             //Change the Field from private to public (roughly)
    26.             classesField.setAccessible(true);
    27.            
    28.             //Grab that "classes" field from out specific ClassLoader object
    29.             //At this point we should have all of the script that the client sees
    30.             Vector<?> scripts = (Vector<?>) classesField.get(loader);
    31.            
    32.             //This part prompts the user to choose a script from the list
    33.             //Note that this uses the class names, not the script names
    34.             //TODO: implement as a GUI
    35.             System.out.println("Select the script you wish to start by choosing the number: ");
    36.             for (int i = 0; i < scripts.size(); i++) {
    37.                 System.out.println(i + ". " + ((Class<?>)scripts.get(i)).getSimpleName());
    38.             }
    39.            
    40.             //Grab the number that the user chose
    41.             @SuppressWarnings("resource")
    42.             Scanner in = new Scanner(System.in);
    43.             int scriptIndex = in.nextInt();
    44.             //in.close(); DO NOT CLOSE THIS SCANNER SINCE IT WILL CLOSE System.in AS WELL
    45.            
    46.             //Make sure that class is actually a script
    47.             Object scriptOb = scripts.get(scriptIndex);
    48.             if(scriptOb instanceof Class){
    49.                
    50.                 //Create a new instance of the script
    51.                 Class<?> script = (Class<?>)scriptOb;
    52.                 scriptInstance = (AbstractScript)script.newInstance();
    53.             }
    54.            
    55.             if(scriptInstance == null){
    56.                 System.out.println("Failed to load scriprt!");
    57.             }else{
    58.                 //TODO: maybe prompt for arguments
    59.                 scriptInstance.onStart("");
    60.             }
    61.  
    62.         } catch (Exception e) {
    63.             e.printStackTrace();
    64.         }
    65.     }
    66.    
    67.     @Override
    68.     public void onLoop() {
    69.         //This is how you would access the loop of the script
    70.         //If the script is a TaskScript, simply cast to that instead
    71.         if(scriptInstance != null){
    72.             LoopingScript loopInstance = (LoopingScript)scriptInstance;
    73.             loopInstance.onLoop();
    74.         }
    75.     }
    76. }
    77.  
    Read the comments in the code, but feel free to post any questions.

    Theoretically this should work with store scripts bots if run from the store since store scripts bots aren't loaded in sdk mode. I'll have to wait for a comment from @Cloud since this would obviously be a security risk if put on the store, but I would be curious enough just to try it.

    DISCLAIMER: Use this at your own risk.
     
  2. Dellgenius

    Joined:
    Dec 27, 2014
    Messages:
    287
    Likes Received:
    39
    So, would this work with epicbot?
     
  3. Exia

    Joined:
    Nov 3, 2013
    Messages:
    609
    Likes Received:
    259
    Everything in java needs to be loaded by a ClassLoader (not including some special cases) so theoretically, yes it should. I've never personally worked with EB, so I'm not sure how locked down the client is, they might have completely barred Reflection via a security manager. It might be worth a try though, reflection is a trial and error art, you won't know until you dive in an can actually figure out their class structures.
     
  4. Dellgenius

    Joined:
    Dec 27, 2014
    Messages:
    287
    Likes Received:
    39
    okay, thanks
     
  5. Derk

    Derk 12 year old normie

    Joined:
    Jan 8, 2015
    Messages:
    2,766
    Likes Received:
    1,339
    That's pretty funny. You should demonstrate it in a video or something. :p
     
  6. Exia

    Joined:
    Nov 3, 2013
    Messages:
    609
    Likes Received:
    259
    Best I can do is some screen caps:
    This is a simple example, the main script bot just outputs the login status, and the test script bot simply logs out.
    Here is the test script bot loop
    Code (Text):
    1.  
    2.     public void onLoop() {
    3.         System.out.println("This is the test script, Hi there");
    4.         while(!RuneScape.isLoggedIn());
    5.         RuneScape.logout();
    6.     }
    7.  
    Here is main script bot's loop
    Code (Text):
    1.  
    2.     public void onLoop() {
    3.         while(!RuneScape.isLoggedIn());
    4.         System.out.println("Logged in:" + RuneScape.isLoggedIn());
    5.         Execution.delay(1000);
    6.         System.out.println("Hello from the script loader!");
    7.         //This is how you would access the loop of the script
    8.         //If the script is a TaskScript, simply cast to that instead
    9.         if(scriptInstance != null){
    10.             LoopingScript loopInstance = (LoopingScript)scriptInstance;
    11.             loopInstance.onLoop();
    12.         }
    13.         while(Mouse.isMoving())Execution.delay(2000);
    14.  
    15.         System.out.println("Logged in:" + RuneScape.isLoggedIn());
    16.         stop();
    17.     }
    18.  
    Here is the output
    [​IMG]
    You can see that the main script bot does not log the user out, yet the user is still logged out by the other script bot.
     
    #6 Exia, Feb 5, 2015
    Last edited: Feb 5, 2015
    Derk likes this.
  7. Aidden

    Aidden Author of MaxiBots

    Joined:
    Dec 3, 2013
    Messages:
    6,482
    Likes Received:
    990
    Very interesting, i was actually trying to do this the other week but couldn't work out the reflection stuff as i haven't really touched reflection. I might use this to see if i can schedule multiple scripts bots in my script bot scheduler :) Thanks bat
     
  8. Cloud

    Cloud Engineer

    Joined:
    Jul 28, 2013
    Messages:
    2,777
    Likes Received:
    1,124
    It shouldn't work on store scripts bots because we don't load them until they're needed, and even then they all have a unique class loader.
     
  9. Exia

    Joined:
    Nov 3, 2013
    Messages:
    609
    Likes Received:
    259
    Theoretically, if I were to keep working my way up the classloader's classloaders, I should be able to find a common parent and work my way back down the "classloader tree" via other paths. I was working on another hack that would have been much cooler (I would not have released that one if I did get it working lol), but I got banned on RS and have kind of lost my motivation for things RS. If I get my account back, we'll see what happens though.
     
  10. Cloud

    Cloud Engineer

    Joined:
    Jul 28, 2013
    Messages:
    2,777
    Likes Received:
    1,124
    I don't remember class loaders having references to their child loaders.
     
  11. Exia

    Joined:
    Nov 3, 2013
    Messages:
    609
    Likes Received:
    259
    They should have a reference to any class they loaded, classloaders included. Even still, there's probably some stupid reflection crap that I could use to get to it. That's a lot of work though, and not really worth my time lol.
     
  12. Cloud

    Cloud Engineer

    Joined:
    Jul 28, 2013
    Messages:
    2,777
    Likes Received:
    1,124
    They may have the class object for the loader, however I don't believe they store the object instances for them. And I'm also rather sure that if a child loader loads a class, it doesn't get stored in the parent class loaders. It only goes up the hierarchy if the current loader is unable to load a class.
     

Share This Page

Loading...