Todeskiwi
Member-
Content count
28 -
Joined
-
Last visited
Everything posted by Todeskiwi
-
I have an solid knowledge in all of these topics. Test me. lel
-
I kinda think they rely on a more webserver based auth system. CloudFlare will filter out most of the common attacks needed for that task that way.
-
Since it's (Probably) for XML it has been HTML encoded "<" means "<" aka "less then" ">" means ">" aka "greater then" In addition with "=" it means greater/less than or equal. The rest is normal
-
Maybe share the game BEFORE you give them the money? Some games have "serious" Anti-Cheats or a near perfect SS-AC which developed over the time.
-
No offense but you don't seem to know what these links are supposed to say. "smtp.web.de" is often part of a keylogger (Which this one isn't) and the domain leads to his private server. The PayPal is just to share it
-
lol and I found this out due to this assembly: http://th17323-web361.server6.vorschauseite.eu/ xD (Password is "7script" btw.) Do you know why it contacts 87.253.162.6:80? That IP is from Germany just as the domain name which is in German. Edit: Oh it gets th17323-web361.server6.vorschauseite.eu//Announcement.txt from the server Other interesting sites in there: smtp.web.de https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=robin.leidal%40hotmail.de&lc=US&item_name=Sevenscript&amount=10.00¤cy_code=EUR&no_note=0&bn=PP-DonationsBF%3abtn_donate_LG.gif%3aNonHostedGuest (Thank you for the crack though) Last Edit: Oh no! This is really bad! http://th17323-web361.server6.vorschauseite.eu/server-status How did he miss that? O.o OMG
-
Yeah you actually can but only in a limited way. First of all you need a valid key to stream all the main data. After that you need to stream the CDStore data. You or a friend who gives you the streamed data has to own the profile/botBase in any way though. It doesn't work if the key you provide is different than the CDStore signature. You need to stream the same key auth data as used for the store data
-
You can use Reflexil for that task.
-
Oh wow I think I'm jesus. I can still download it Here you can have my download session: http://stor4530.uppcdn.com/dl/lrodsh5sygui563m6qgi3k5iusenvjg7xcyj3fh6pzgoqdzvkrggwkdn/Real ID Disabler 1.3a.rar
-
@genie it's not offline ^^ ... Do you realize some of the software you are using is from 2008? Since this thread is still not locked, public and online I am just trying to improve my knowledge on malware & reversing. Since people are still downloading this (as google says), I am sharing my results I do not remember the name but there is a known piece of software which was pretty known for pen. testers from 2008 which still had over 1.000 downloads per month in 2011. In 2012, it was exposed being infected with a still active botnet.
-
#JustAPlaceHolder It kinda seems like this is infected. I'm reversing it right now. I'll report back! Report: Most likely not infected It uses these 2 lines in order to block the TCP communication to these 2 hardcoded IPs (which belong to Blizzard) The temp file it uses is called "realiddisablerv13.bat" and is stored in your %TEMP% path. netsh advfirewall firewall add rule name="RealidUS" dir=out remoteip=12.129.206.130 protocol=TCP action=block netsh advfirewall firewall add rule name="RealidEU" dir=out remoteip=213.248.127.130 protocol=TCP action=block It runs that file with this shell command: cmd /c "%TEMP%\[RandomTempFileName].tmp\realiddisablerv13.bat" Since Blizzard changed their servers this is not working anymore! (also it is packed with UPX )
-
Joke?
-
[08.19 13:50:07] Honorbuddy.exe - pub.codedeception.com:5031 error : Could not connect They're offline right now ^^ Wait till they're back up again
-
This has always been in the CDStore
-
Yes.
-
0. Force to run as admin 1. Reinstall 2. Disable AV 3. Reinstall again 4. Disable all firewalls (Just for testing) 5. Check the logs which IP Honorbuddy connects to
-
Means your CDPatcher is not working if this is not an hardcoded message
-
[06.06 18:50:58] Honorbuddy.exe - pub.codedeception.com:5031 close, 800 bytes sent, 21395 bytes (20.8 KB) received, lifetime <1 sec
-
OMG guys stop! It's back! [06.06 18:50:58] Honorbuddy.exe - pub.codedeception.com:5031 close, 800 bytes sent, 21395 bytes (20.8 KB) received, lifetime <1 sec YEAH WOOOWHOOOOOO
-
WTF?!?!? OMG IT'S BACK!!!
-
Kenne die Teammitglieder jetzt schon seeeehr lange ^^ Wenn er etwas wie "The auth servers will be re-opened during the first days of this upcoming week." sagt, ist das schon ziemlich vielversprechend bei ihm. Außerdem war ich mir ziemlich sicher, dass es mal "first day of this upcoming week" war Kann ich mich natürlich auch vertan haben. Dann entschuldige ich mich. Jetzt behalte den Post jedoch mal im Auge
-
SORRY FOR THE GERMAN AHEAD! Die Leitung des CodeDeception Teams hat gesagt, dass sie die Ports der Server heute im Verlaufe des Tages wieder freischalten werden. Normalerweise sind die Leiter des Teams sehr verantwortungsbewusst und verlässlich. Wenn sie die Ports also heute nicht freischalten kannst du dir ziemlich sicher sein, dass sie mit dem Geld abgehauen sind. (Und die Server natürlich schon längst weg, formatiert und verkauft sind) Das wird dann möglicherweise so eine FairPlay Bot Geschichte.
-
Oh my God ... What's your first / native language?
-
Just wait till tomorrow The Heads of CodeDeception are actually very responsible and reliable. If they don't open their ports by tomorrow (Yes, the servers are still up) you can be sure that they are long gone with the money. However, this is highly unlikely.
-
No. The day is still not over though There's still a chance that he didn't pussy out with the money he got ^^ (No offense. I'm a fan of your work)