Todeskiwi

Member
  • Content count

    28
  • Joined

  • Last visited

Community Reputation

4 Neutral

About Todeskiwi

  • Rank
    Member

Recent Profile Visitors

308 profile views
  1. Since it's (Probably) for XML it has been HTML encoded "&lt;" means "<" aka "less then" "&gt;" means ">" aka "greater then" In addition with "=" it means greater/less than or equal. The rest is normal
  2. Yeah you actually can but only in a limited way. First of all you need a valid key to stream all the main data. After that you need to stream the CDStore data. You or a friend who gives you the streamed data has to own the profile/botBase in any way though. It doesn't work if the key you provide is different than the CDStore signature. You need to stream the same key auth data as used for the store data
  3. You can use Reflexil for that task.
  4. Oh wow I think I'm jesus. I can still download it Here you can have my download session: http://stor4530.uppcdn.com/dl/lrodsh5sygui563m6qgi3k5iusenvjg7xcyj3fh6pzgoqdzvkrggwkdn/Real ID Disabler 1.3a.rar
  5. @genie it's not offline ^^ ... Do you realize some of the software you are using is from 2008? Since this thread is still not locked, public and online I am just trying to improve my knowledge on malware & reversing. Since people are still downloading this (as google says), I am sharing my results I do not remember the name but there is a known piece of software which was pretty known for pen. testers from 2008 which still had over 1.000 downloads per month in 2011. In 2012, it was exposed being infected with a still active botnet.
  6. #JustAPlaceHolder It kinda seems like this is infected. I'm reversing it right now. I'll report back! Report: Most likely not infected It uses these 2 lines in order to block the TCP communication to these 2 hardcoded IPs (which belong to Blizzard) The temp file it uses is called "realiddisablerv13.bat" and is stored in your %TEMP% path. netsh advfirewall firewall add rule name="RealidUS" dir=out remoteip=12.129.206.130 protocol=TCP action=block netsh advfirewall firewall add rule name="RealidEU" dir=out remoteip=213.248.127.130 protocol=TCP action=block It runs that file with this shell command: cmd /c "%TEMP%\[RandomTempFileName].tmp\realiddisablerv13.bat" Since Blizzard changed their servers this is not working anymore! (also it is packed with UPX )
  7. [08.19 13:50:07] Honorbuddy.exe - pub.codedeception.com:5031 error : Could not connect They're offline right now ^^ Wait till they're back up again
  8. This has always been in the CDStore
  9. 0. Force to run as admin 1. Reinstall 2. Disable AV 3. Reinstall again 4. Disable all firewalls (Just for testing) 5. Check the logs which IP Honorbuddy connects to
  10. Means your CDPatcher is not working if this is not an hardcoded message
  11. [06.06 18:50:58] Honorbuddy.exe - pub.codedeception.com:5031 close, 800 bytes sent, 21395 bytes (20.8 KB) received, lifetime <1 sec
  12. OMG guys stop! It's back! [06.06 18:50:58] Honorbuddy.exe - pub.codedeception.com:5031 close, 800 bytes sent, 21395 bytes (20.8 KB) received, lifetime <1 sec YEAH WOOOWHOOOOOO
  13. WTF?!?!? OMG IT'S BACK!!!