DreamBot costs a lot.
At least for me. If I can use my programming skills to get it for free, that's great. The client is free with paid VIP features, but they are just locked behind an account status, which can be spoofed. Even just on the client-side with some byte code patching.
Their script trial makes me able to get my hands on the script jar. That's not good security. After sniffing and downloading the jars, I can put them up on my own server implementation, and even set the trial duration to... owned.
One thing I find funny is that the packets MIGHT be stored as obfuscated on their server side, due to ALL OF THEM being valid java class names, whereas the rest get obfuscated to start with a digit.
Don't use your main account, get an alt.
I try to get the dumper indistinguishable, but just due to how it works (just starting and never running).
It looks suspicious and often results in bans.
The tooling derives the hardware ID. The account details are
stored in .user_cache to prevent fingerprinting by DreamBot owners.
As long as that file is kept, the same username will have the same, random, HWID.
The client also downloads the official client, and runs some of its code to extract data, like the version. This is as secure as running the official client. You have to trust DreamBot at some point anyway.
Make an account on their website and try some scripts. This allows them to be downloaded.
Running the client requires you
to set the environment variables USERNAME, PASSWORD.
Currently, DreamBot is moving to logging in with emails.
Setting USERNAME to the email works.
Keep in mind the autogenerated HWID will be different for the same account if using both the username and email.
The client will download the scripts and output them into the current working directory,
the folder structure it creates is perfect for running the server.
You can add config.json there (see below).
When you run the client revision.txt will be automatically downloaded into a new folder in the current directory called output.
That contains everything necessary for the server setup - other than purchased-scripts.txt (see below).
java -jar /path/to/pillow/client.jarThe file paths are relative to the CONFIG_DIR environment variable, unless specified as absolute.
Since DreamBot 3.30.33, non-VIP accounts no longer get necessary info for VIP only hooks.
That means you need a VIP revision to use VIP features, like menu manipulation, no click walk, or the render injections.
Spoofing the member roles to SPONSOR while on a non-VIP revision will break the client.
The latest VIP revision, as everything bleeding edge, is on the discord.
If you don't want to join, or don't care about VIP features, you need to change the login response to respond with 3 (MEMBER) instead of 10 (SPONSOR).
NOTE: Numbers as of 3.30.36, might or might not work.
As a bit of a security measure, the script IDs are whitelisted, that means you need to know the store id of your scripts and their dependencies.
The file by default (specified in the config) is purchased-scripts.txt and the format is
storeId;scriptId;name
For example:
123;1234;Some Script
The discord has the bleeding edge configs, so to get the file instead of dealing with it yourself, head there.
Make a file config.json for the server config. Yes, the filename is important.
{
"revisionFile": "revision.txt",
"purchasedScriptsFile": "purchased-scripts.txt",
"scriptConfigDir": "configs/",
"serverUrl": "http://localhost:6666/",
"userId": 1234
}CHANGE THE USER ID For context the real IDs are between 1 and 300k+, pick something random.
Replace serverUrl in case you want to use your own webserver, obviously.
The config directory contains script config files, which are autogenerated by the client. They contain metadata about the script.
The options/_.txt files are also generated, not sure what they're trying to protect by doing that.
Set the environment variables defined in the server main file,
make sure the NETTY_PORT matches the one in the agent.
And that the HTTP_PORT matches the domain above.
The recommended server structure looks like this:
├── config.json
├── configs
│ └── Script_Name.json
├── jars
│ └── Script_Name.jar
├── options
│ └── Script_Name.txt
├── purchased-scripts.txt
└── revision.txt
To run the server set the environment variable CONFIG_DIR to the directory with the config.json file.
java -jar /path/to/pillow/server.jarTo run the client, you can either download and run the loader once,
which will place the client.jar file in <user home>/DreamBot/BotData/client.jar,
or you can download the JAR file directly from https://downloads.dreambot.org/dreambot-latest.jar.
Then you can connect to your own server with:
java -javaagent:/path/to/pillow/agent.jar -jar /path/to/original/client.jarIf everything works, you should be connected and get the SPONSOR role. There are logs on the server, so take a look at that in case issues emerge.
