• You MUST read the Babiato Rules before making your first post otherwise you may get permanent warning points or a permanent Ban.

    Our resources on Babiato Forum are CLEAN and SAFE. So you can use them for development and testing purposes. If your are on Windows and have an antivirus that alerts you about a possible infection: Know it's a false positive because all scripts are double checked by our experts. We advise you to add Babiato to trusted sites/sources or disable your antivirus momentarily while downloading a resource. "Enjoy your presence on Babiato"

Stake - Online Casino Gaming Platform | Laravel Single Page Application | PWA

Stake - Online Casino Gaming Platform | Laravel Single Page Application | PWA v1.21.0 Untouched

No permission to download
Overview Updates (2) Reviews (3) History Discussion
I have a valid license code with full latest addons but cannot download newest Stake version.
It took me half a day to find a way to null it (ver 1.15.6)
 
Ok so based on the codes you are sharing here
The class is requesting an API call, to set the response

This is a setup class so can be by passed this way


Code: 
public function register($code, $email, $hash = NULL)
{
    try {
        // Simulate the API response
        $response = (object) [
            'success' => true,
            'message' => '00000000000000000000000'
        ];
      
        return $response;
    } catch (\Throwable $e) {
        return (object) ['success' => FALSE, 'message' => $e->getMessage()];
    }
}
this will pass on to installation ... but apparently there is another domain check somewhere ?

Honestly, its unlikely for me to check the rest if the code is not shared by someone ...
If someone shares I can publicly try to help and post code edits here.
 
  • Like
Reactions: 2cher777

1.15.6 license bypass​

First, edit "packages/installer/src/Services/InstallerService.php.

/** * Display installation step form * * @param Request $request * @return \Illuminate\Contracts\View\Factory|\Illuminate\Http\RedirectResponse|\Illuminate\View\View */ public function view(Request $request, $step) { // don't allow direct access to routes via GET, only through redirect if ($step > 2 && !$request->session()->has('app_redirect')) { return redirect()->route('install.view', ['step' => 1]); } return view('installer::pages.step' . $step, [ 'step' => $step, 'title' => $this->steps[$step] ]); }

Find this code and replace 1 with 2

Then enter the following url for installation: yourdomain.com/install/2
 
Last edited:
it looks like doing same thing ive posted in a different approach, that also bypasses installation
I have their crypto competitions am trying to make work (i do have a license)
But their scripts also have a hostname protection I cannot find by any regex search, at this point am more interested in learning the method to be used and applied
My findings so far : when bypassing installation either way, it will write to env
PURCHASE_CODE=0
SECURITY_HASH=1
LICENSEE_EMAIL=0
Installation works, and the only route that works is : /login or /register
Frontend and backend do not, and return blank screen
If i access host from licensed hash hostname it works, if i change hostname it breaks
If i access host from licensed hostname, and change hash it also breaks

Somewhere it is checking and comparing hash generated by their
app/Services/LicenseService.php and DotEnvService.php to hostname
Logically, at some point in the code, it also generates a hash based on purchase code and licensee email, and compares it to security hash , if that hash is different it exits.

But cannot find that .. or it could be simpler and still cannot find what breaks non valid hostname check
 
bssamet41 said:

1.15.6 license bypass​

First, edit "packages/installer/src/Services/InstallerService.php.

/** * Display installation step form * * @param Request $request * @return \Illuminate\Contracts\View\Factory|\Illuminate\Http\RedirectResponse|\Illuminate\View\View */ public function view(Request $request, $step) { // don't allow direct access to routes via GET, only through redirect if ($step > 2 && !$request->session()->has('app_redirect')) { return redirect()->route('install.view', ['step' => 1]); } return view('installer::pages.step' . $step, [ 'step' => $step, 'title' => $this->steps[$step] ]); }

Find this code and replace 1 with 2

Then enter the following url for installation: yourdomain.com/install/2
Click to expand...
i didn't find this code
 
apparently they use same method on their scripts to verify URL versus hosted script
So if you pass installation, it will still do a hash check on url and will compare it to what the has is supposed to be on that hostname even if ur installation is continued and done.
I was able to fully bypass this for one of their scripts ( a stocks competitions ) and verify usage after installation.
So I am confident with the method, if anyone uploads a non null updated script of it here, casino/stake/competitions i will gladly remake it and reupload it within the day to work

preferrably any version working on php8+ not old scripts they have (php7).
 
for example for this uploaded one to bypass installation you only need to adapt app/Services/LicenseService.php
to


<?php namespace App\Services; use Exception; use GuzzleHttp\Client; use function GuzzleHttp\json_decode as jsonDecode; class LicenseService { // public function register($code, $email, $hash = NULL) // { // try { // $client = new Client(['base_uri' => config('app.api.products.base_url')]); // $response = $client->request('POST', 'licenses/register', [ // 'form_params' => [ // 'code' => $code, // 'email' => $email, // 'domain' => request()->getHost(), // 'hash' => $hash ?: config('app.hash') // ] // ]); // return json_decode($response->getBody()->getContents()); // } catch (\Throwable $e) { // return (object) ['success' => FALSE, 'message' => $e->getMessage()]; // } // } public function register($purchaseCode, $email) { $response = '{ "success": true, "message": "" }'; return json_decode($response); } // public function download($code, $email, $hash, $version) // { // try { // $client = new Client(['base_uri' => config('app.api.products.base_url')]); // $response = $client->request('POST', 'products/download', [ // 'form_params' => [ // 'code' => $code, // 'email' => $email, // 'domain' => request()->getHost(), // 'hash' => $hash, // 'version' => $version // ], // ]); // return $response->getHeaderLine('Content-Type') == 'application/zip' // ? (object) ['success' => TRUE, 'message' => $response->getHeaderLine('Security-Hash'), 'content' => $response->getBody()->getContents()] // : json_decode($response->getBody()->getContents()); // } catch (\Throwable $e) { // return (object) ['success' => FALSE, 'message' => $e->getMessage()]; // } // } public function download($code, $email, $hash, $version) { $response = '{ "success": true, "message": "" }'; return json_decode($response); } }

ok here is an update, this version is worthless, i installed it despite knowing its old, but the files has zero games besides a single bacarrat game.
 
Last edited:
  • Like
Reactions: christianjoyn00
garage456 said:
Ok so based on the codes you are sharing here
The class is requesting an API call, to set the response

This is a setup class so can be by passed this way


Code: 
public function register($code, $email, $hash = NULL)
{
    try {
        // Simulate the API response
        $response = (object) [
            'success' => true,
            'message' => '00000000000000000000000'
        ];
     
        return $response;
    } catch (\Throwable $e) {
        return (object) ['success' => FALSE, 'message' => $e->getMessage()];
    }
}
this will pass on to installation ... but apparently there is another domain check somewhere ?

Honestly, its unlikely for me to check the rest if the code is not shared by someone ...
If someone shares I can publicly try to help and post code edits here.
Click to expand...
That method work fine for install. But onlu Baccarat card game inside that caisno. And mainpage is empty/
 
if anyone provides the untouched, its easy to null now, i got the encryption hash override for both installation and blank screen output after installation.
Tested on this provided one and competitions script, works great .. just old scripts, but i imagine they use same or similar works on new ones too ( supposing someone provides the untouched)
 
update please, v1.21.0

CHANGES HISTORY
---------------
v1.21.0 - 18 August 2023
- Option to disable email authentication (in favor of web3 or OAuth).
- Game cards responsiveness improvements.
- Minor bug fixes.
 
Stake
-----

CHANGES HISTORY
---------------
v1.21.0 - 18 August 2023
- Option to disable email authentication (in favor of web3 or OAuth).
- Game cards responsiveness improvements.
- Minor bug fixes.
 
You must log in or register to reply here.

Similar threads

sudaiskhan
Crash Add-on for Stake Casino Gaming Platform
Replies
1
Views
829
PHP Scripts
KingVII
KingVII
halobandungkuh
Lucky Wheel Add-on for Stake Casino Gaming Platform
Replies
3
Views
1K
PHP Scripts
hanun
hanun
halobandungkuh
Dice Add-on for Stake Casino Gaming Platform
Replies
2
Views
790
PHP Scripts
madosgergy
M
halobandungkuh
Horse Racing Add-on for Stake Casino Gaming Platform
Replies
1
Views
877
PHP Scripts
Babak
Babak
halobandungkuh
Multi Raffle (Lottery) Add-on for Stake Casino Gaming Platform
Replies
4
Views
1K
PHP Scripts
reminiscence666
reminiscence666

Latest posts

Forum statistics

Threads
79,455
Messages
1,142,812
Members
248,425
Latest member
ro.xxx079

Share this page

Share this page
Top Bottom
Back
AdBlock Detected

We get it, advertisements are annoying!

However in order to keep our huge array of resources free of charge we need to generate income from ads so to use the site you will need to turn off your adblocker.

If you'd like to have an ad free experience you can become a Babiato Lover by donating as little as $5 per month. Click on the Donate menu tab for more info.

I've Disabled AdBlock