Results 1 to 12 of 12
  1. #1
    xx404xx's Avatar
    Join Date
    Aug 2011
    Gender
    male
    Posts
    9
    Reputation
    10
    Thanks
    8

    (TimeAttack)Nexon's Cert with revoke list(Valid until 6/9/11)

    To be honest all of the key's to nexon's castle *should* have been found AGES ago,But i guess all the the injector/dll Hack's delayed the interest in something like this.

    Btw just to let you all know,there's also a nice little buffer overflow in the wild for more than 1 nexon game ATM.(Has to do with NXMESSENGER VULNERABILITIES APPARENTLY)

    So here i am announcing the start of a new project ill be working on,kicking it off with (The release of the file attached) ,not finished yet,And for any one wishing to have a pwn off,here is the only rule to this contest, you have to defeat the encryption itself(Not PWN it with an Overflow/Exploit/Bypass).

    You have all of 14 day's to obtain all of the proper Signing Key's/Info .If someone does this successfully They can sign there own REVOKE LIST, allowing the whitelisting/de-whitelisting of even Nexon's own key pair to stop them from running there arb. code at login,so we can be sure no ban's will result from this.If we find the trusted key's before they are revoked we can sign are own revoke list, the nexon TRUSTED CONTENT system will be BROKEN FOREVER when this happen's(AKA:NO EASY SOLUTION FOR NEXON THIS TIME)

    The valid cert is attached to this thread for those wishing to download it.

    In order to even have a chance at using this you'll need the Nexon Algorithm's,that is posted in my threadhttp://www.mpgh.net/forum/207-combat...blic-keys.html

    //Some Important key's regarding the CRYPTO/ALGO of content(Used in the cert system)

    KeyID=97 d0 6b a8 26 70 c8 a1 3f 94 1f 08 2d c4 35 9b a4 a1 1e f2

    Signature Algo=sha1RSA

    Signature Hash Algo=sha1

    This cert is only active for another 14 day's,but go ahead and have a look around anyway.Provide's the revoke list for C.A. So now you can check if it's revoked.The new cert will likely be issued on or after September 6th,the last day the cert i posted is valid.It will expire on September 6 4:00:02 AM.

    http://www.virustotal.com/file-scan/...c63-1314121093

    If anyone has any question's feel free to contact me Via Pm/This Thread.
    Last edited by Disturbed; 08-23-2011 at 12:42 PM.

  2. The Following 2 Users Say Thank You to xx404xx For This Useful Post:

    Xlilzoosk8rX (08-25-2011),_Fk127_ (08-23-2011)

  3. #2
    Disturbed's Avatar
    Join Date
    Feb 2009
    Gender
    male
    Posts
    10,405
    Reputation
    1063
    Thanks
    2,559
    File is clean.


  4. #3
    Obama's Avatar
    Join Date
    Dec 2008
    Gender
    male
    Location
    The Black house
    Posts
    22,197
    Reputation
    870
    Thanks
    6,071
    My Mood
    Cool
    Quote Originally Posted by Disturbed View Post
    File is clean.
    Can you be trusted?

  5. #4
    xx404xx's Avatar
    Join Date
    Aug 2011
    Gender
    male
    Posts
    9
    Reputation
    10
    Thanks
    8
    I can also confirm that this is clean.....It's a cert file,you still need the stuff from the key's/algo's thread,and it's certainly not complete.The real problem here is we go back to square one on reversing as soon as this key pair Usage Period expire's,But if you find the key before it's revoked,we can write are own white list to tell NEXON to disable it's own protection.This is the "Fail",and there's actually not even that much work needed to be done to get this "Fail" Running ATM. Basically all you need to do is change your Key to a value you know,and then customize them sig's to your custom one's,then accordingly revoke NEXON'S most recent/older Signing key .Using an undisclosed white list exploit ANYONE with proper knowledge/Revering of VERISIGN can sign a 100% "VALID" cert,Current problem is that we do not have the "Master" key so we cant sign the thing's that would have to replace the shit we revoke.Any idea's?

    PS:Hint:You would have to build your Own Nexon client by reversing C.A's functionality,building,then resign your client with there key's-your patched key's.

  6. #5
    .::SCHiM::.'s Avatar
    Join Date
    Sep 2010
    Gender
    male
    Posts
    733
    Reputation
    180
    Thanks
    833
    My Mood
    Twisted
    there's also a nice little buffer overflow in the wild for more than 1 nexon game ATM.(Has to do with NXMESSENGER VULNERABILITIES APPARENTLY)
    outb4:msf> (/pentest/windows/games/NXMESSENGER)

    Unless it's only local ;)

    I'm SCHiM

    Morals derive from the instinct to survive. Moral behavior is survival behavior above the individual level.

    Polymorphic engine
    Interprocess callback class
    SIN
    Infinite-precision arithmetic
    Hooking dynamic linkage
    (sloppy)Kernel mode Disassembler!!!

    Semi debugger




  7. #6
    Reimy's Avatar
    Join Date
    Aug 2010
    Gender
    male
    Posts
    178
    Reputation
    28
    Thanks
    704
    My Mood
    Sleepy
    -.-' that's clean??


    ---------------------------------------------
    ---------------------------------------------

    Quote Originally Posted by ihackyoufack View Post
    reimys hack looks epic and has epic features
    NOBODY SHALL DEFEAT REIMY!!!
    exept chocolate but chocoleate hacks in real life :O


  8. #7
    _Fk127_'s Avatar
    Join Date
    Nov 2010
    Gender
    male
    Posts
    724
    Reputation
    16
    Thanks
    208
    My Mood
    Bitchy
    Quote Originally Posted by Reimy View Post
    -.-' that's clean??
    Yeah, it is clean, I downloaded it.
    @Reimy



    Put this image in your signature if you support HTML5 development!

  9. #8
    Xlilzoosk8rX's Avatar
    Join Date
    Dec 2008
    Gender
    male
    Location
    the-ville, PA
    Posts
    358
    Reputation
    24
    Thanks
    53
    hmm,
    this is really fucking hard XP
    i got like 2 lines in an hour
    i dont think that just one person alone can do this in 14 days,
    there should be a team for this, ill gladly join it and help
    Last edited by Xlilzoosk8rX; 08-25-2011 at 03:31 PM. Reason: typo

  10. #9
    JustinFatalx's Avatar
    Join Date
    Nov 2009
    Gender
    male
    Location
    Death Valley
    Posts
    635
    Reputation
    11
    Thanks
    77
    My Mood
    Twisted
    Seems this died...



  11. #10
    silentkoga's Avatar
    Join Date
    Sep 2010
    Gender
    male
    Location
    Thats Classified by Order of the Secret Service
    Posts
    46
    Reputation
    10
    Thanks
    4
    My Mood
    Bored
    I don't really understand what the point of this thread is... What exactly is this for? can someone please explain that to me?
    To do List
    Achieved[]

    Still to do[]
    25 posts[]
    50 posts[]
    150 posts[]
    300 posts[]
    500 posts[]
    1000 posts[]
    Kill a GM in a GM event[]
    Make my own injector[]
    Make a hotkey hack[]
    Make a menu hack[]
    Get an unbelievable legit[]
    Get an unbelievable+ legit[]
    Get banned for hacking[]
    Get banned for playing legit[]
    Get kicked for hacking[]
    Get kicked for playing legit[]
    Get you to read this list[]
    Quote Originally Posted by markoj View Post
    I bought a book on sex but I still don't get any


  12. #11
    -Bl00d-'s Avatar
    Join Date
    Sep 2011
    Gender
    female
    Location
    Imma girl what about it?
    Posts
    481
    Reputation
    10
    Thanks
    53
    My Mood
    Twisted
    Quote Originally Posted by silentkoga View Post
    I don't really understand what the point of this thread is... What exactly is this for? can someone please explain that to me?
    to build private servers to play on mostly

  13. #12
    silentkoga's Avatar
    Join Date
    Sep 2010
    Gender
    male
    Location
    Thats Classified by Order of the Secret Service
    Posts
    46
    Reputation
    10
    Thanks
    4
    My Mood
    Bored
    Quote Originally Posted by -Bl00d- View Post
    to build private servers to play on mostly
    how would you go about doing this? and what exactly can you do thats different?
    To do List
    Achieved[]

    Still to do[]
    25 posts[]
    50 posts[]
    150 posts[]
    300 posts[]
    500 posts[]
    1000 posts[]
    Kill a GM in a GM event[]
    Make my own injector[]
    Make a hotkey hack[]
    Make a menu hack[]
    Get an unbelievable legit[]
    Get an unbelievable+ legit[]
    Get banned for hacking[]
    Get banned for playing legit[]
    Get kicked for hacking[]
    Get kicked for playing legit[]
    Get you to read this list[]
    Quote Originally Posted by markoj View Post
    I bought a book on sex but I still don't get any


Similar Threads

  1. My, NexoN Account Creator with Full Source Code!!
    By CodeHPro in forum Visual Basic Programming
    Replies: 22
    Last Post: 11-08-2009, 11:31 PM
  2. Nexon Website Change with new features...
    By Mr. Jingles in forum General
    Replies: 14
    Last Post: 09-30-2009, 03:52 AM
  3. Selling Nexon Europe Account with 37,000 Nexon Cash
    By sllyr1 in forum Trade Accounts/Keys/Items
    Replies: 1
    Last Post: 07-29-2009, 11:11 PM
  4. Long List of Accs with Security
    By Cadelaf in forum WarRock - International Hacks
    Replies: 23
    Last Post: 12-10-2007, 04:26 PM
  5. please can someone help me with 'Nexon Game Manager'
    By angrytater in forum WarRock Korea Hacks
    Replies: 2
    Last Post: 09-29-2007, 03:44 PM