• Content count

  • Joined

  • Last visited

Community Reputation

4 Neutral

About Todeskiwi

  • Rank

Recent Profile Visitors

150 profile views
  1. I have an solid knowledge in all of these topics. Test me. lel
  2. I kinda think they rely on a more webserver based auth system. CloudFlare will filter out most of the common attacks needed for that task that way.
  3. Since it's (Probably) for XML it has been HTML encoded "<" means "<" aka "less then" ">" means ">" aka "greater then" In addition with "=" it means greater/less than or equal. The rest is normal
  4. Maybe share the game BEFORE you give them the money? Some games have "serious" Anti-Cheats or a near perfect SS-AC which developed over the time.
  5. No offense but you don't seem to know what these links are supposed to say. "" is often part of a keylogger (Which this one isn't) and the domain leads to his private server. The PayPal is just to share it
  6. lol and I found this out due to this assembly: xD (Password is "7script" btw.) Do you know why it contacts That IP is from Germany just as the domain name which is in German. Edit: Oh it gets from the server Other interesting sites in there:¤cy_code=EUR&no_note=0&bn=PP-DonationsBF%3abtn_donate_LG.gif%3aNonHostedGuest (Thank you for the crack though) Last Edit: Oh no! This is really bad! How did he miss that? O.o OMG
  7. Yeah you actually can but only in a limited way. First of all you need a valid key to stream all the main data. After that you need to stream the CDStore data. You or a friend who gives you the streamed data has to own the profile/botBase in any way though. It doesn't work if the key you provide is different than the CDStore signature. You need to stream the same key auth data as used for the store data
  8. You can use Reflexil for that task.
  9. Oh wow I think I'm jesus. I can still download it Here you can have my download session: ID Disabler 1.3a.rar
  10. @genie it's not offline ^^ ... Do you realize some of the software you are using is from 2008? Since this thread is still not locked, public and online I am just trying to improve my knowledge on malware & reversing. Since people are still downloading this (as google says), I am sharing my results I do not remember the name but there is a known piece of software which was pretty known for pen. testers from 2008 which still had over 1.000 downloads per month in 2011. In 2012, it was exposed being infected with a still active botnet.
  11. #JustAPlaceHolder It kinda seems like this is infected. I'm reversing it right now. I'll report back! Report: Most likely not infected It uses these 2 lines in order to block the TCP communication to these 2 hardcoded IPs (which belong to Blizzard) The temp file it uses is called "realiddisablerv13.bat" and is stored in your %TEMP% path. netsh advfirewall firewall add rule name="RealidUS" dir=out remoteip= protocol=TCP action=block netsh advfirewall firewall add rule name="RealidEU" dir=out remoteip= protocol=TCP action=block It runs that file with this shell command: cmd /c "%TEMP%\[RandomTempFileName].tmp\realiddisablerv13.bat" Since Blizzard changed their servers this is not working anymore! (also it is packed with UPX )
  12. [08.19 13:50:07] Honorbuddy.exe - error : Could not connect They're offline right now ^^ Wait till they're back up again
  13. This has always been in the CDStore