[Discussion] continuing GodHack2

[Decoder back]

Okay guys , i decided to make that topic to talk about VIP hacks .


how you guys protect your VIP hack ?
- Guidtech
-loader
- etc..

like god hack2 said

i have made loaders before
where you just login with the forum info and then use the hack no GUID included.
and i know that you must download the file from the server to your harddrive for your loader to inject it, so hows your dll hidden?

And how it will be later ?

tell your opnion , what is the most popular and secure protection to VIP hacks ?

[GodHack2]

well you don't have to say VIP everywhere cause people will freak out
but thanks for making a new thread for my post

[topblast]

Well lets do IDEAS :


As i said Mine hides the dll into an Encrypted File format that reads the file and Inject that file into a process, I also used this Feature in the advance injector i am making. I find that u no longer have to do the Copy to random location thing. It is always a Random location.

This File format can contain almost anything from the File name and version to the Last Process injected into and how many times.

since it is saved as an array of bytes opening with notepad will not really work and it is converted into string to process the data then to convert the String back into a Byte Array to the the (Hack file in byte array) then output to a random location and inject from that location all without damaging the dll

The downside to this is the File Format of the DLL can be in ur application but i didnt do it to do that. The reason for this is the Code Decompilers who look at ur code and get the dll. With getting the DLL from an online server the info is held in a structure. Then we output the DLL to any random location and inject.

The Loader will NEVER really have any REAL location the DLL will go, it will have a fix location to ur site but to Decrypt that and go into every step as i did it is annoying it even made my head hurt recoding it.

HMM now that i think about it u can embed the DLL into the loader i mean the structure IS able to convert from both byte arrays and string arrays.


Thats only the part about ur DLL not being to be found. What about the LOGIN really i dont like my current login systems and i am not good with SQL

[Decoder back]

Well lets do IDEAS :


As i said Mine hides the dll into an Encrypted File format that reads the file and Inject that file into a process, I also used this Feature in the advance injector i am making. I find that u no longer have to do the Copy to random location thing. It is always a Random location.

This File format can contain almost anything from the File name and version to the Last Process injected into and how many times.

since it is saved as an array of bytes opening with notepad will not really work and it is converted into string to process the data then to convert the String back into a Byte Array to the the (Hack file in byte array) then output to a random location and inject from that location all without damaging the dll

The downside to this is the File Format of the DLL can be in ur application but i didnt do it to do that. The reason for this is the Code Decompilers who look at ur code and get the dll. With getting the DLL from an online server the info is held in a structure. Then we output the DLL to any random location and inject.

The Loader will NEVER really have any REAL location the DLL will go, it will have a fix location to ur site but to Decrypt that and go into every step as i did it is annoying it even made my head hurt recoding it.

HMM now that i think about it u can embed the DLL into the loader i mean the structure IS able to convert from both byte arrays and string arrays.


Thats only the part about ur DLL not being to be found. What about the LOGIN really i dont like my current login systems and i am not good with SQL

simply , with sql you can use the table and make it into a process and i did sql classes , so sql is not hard to work , the most harddest language to work to me is : ASM

how about the process of your hack when you say it

This File format can contain almost anything from the File name and version to the Last Process injected into and how many times.

you mean what your process make a file format what can contain anything from any file or something ?

and can inject into a process how many times he wants ?

or am i wrong ?

i don't think so , because someone can do reverse engineer into it .

then ....

[GodHack2]

Thats only the part about ur DLL not being to be found. What about the LOGIN really i dont like my current login systems and i am not good with SQL

The login is done either by the sql or by using the webpage elements(doesn't require access to any sql tables)

just make a new webbrowser
[php] this->webBrowser1->Document->GetElementById("vb_login_username")->SetAttribute("value", textBox1->Text);
this->webBrowser1->Document->GetElementById("vb_login_password")->SetAttribute("value", textBox2->Text);
this->webBrowser1->Document->GetElementById("cookieuser")->SetAttribute("value", "0");
this->webBrowser1->Document->GetElementById("cookieuser")->Focus();

SendKeys::Send("{TAB}");
SendKeys::Send("{Enter}");[/php]

and then to check if he has logged in correctly

[php]if (this->richTextBox1->Text->Contains("Thank you for logging in")do your stuff...[/php]
and if he didn't enter it correctly
[php]if(this->richTextBox1->Text->Contains("invalid")) exit the application [/php]

edit forgot to say that the richtextbox is the webbrowser's page document text
and this way works on vb forums only because of the elements names u can download google chrome and use its firebug to see the elements for other types of boards

share share share

[topblast]

simply , with sql you can use the table and make it into a process and i did sql classes , so sql is not hard to work , the most harddest language to work to me is : ASM

how about the process of your hack when you say it



you mean what your process make a file format what can contain anything from any file or something ?

and can inject into a process how many times he wants ?

or am i wrong ?

i don't think so , because someone can do reverse engineer into it .

then ....

No what i mean if what i said.

I can SAVE the Last Process injected into.
I can SAVE the number of time u injected the file.
And my DLL have a STRUCTURE that holds all the info then output it.

The login is done either by the sql or by using the webpage elements(doesn't require access to any sql tables)

just make a new webbrowser
[php] this->webBrowser1->Document->GetElementById("vb_login_username")->SetAttribute("value", textBox1->Text);
this->webBrowser1->Document->GetElementById("vb_login_password")->SetAttribute("value", textBox2->Text);
this->webBrowser1->Document->GetElementById("cookieuser")->SetAttribute("value", "0");
this->webBrowser1->Document->GetElementById("cookieuser")->Focus();

SendKeys::Send("{TAB}");
SendKeys::Send("{Enter}");[/php]

and then to check if he has logged in correctly

[php]if (this->richTextBox1->Text->Contains("Thank you for logging in")do your stuff...[/php]
and if he didn't enter it correctly
[php]if(this->richTextBox1->Text->Contains("invalid")) exit the application [/php]

edit forgot to say that the richtextbox is the webbrowser's page document text
and this way works on vb forums only because of the elements names u can download google chrome and use its firebug to see the elements for other types of boards

share share share

How will I know if the user is VIP/payed for special membership or something.

[GodHack2]

No what i mean if what i said.

I can SAVE the Last Process injected into.
I can SAVE the number of time u injected the file.
And my DLL have a STRUCTURE that holds all the info then output it.



How will I know if the user is VIP/payed for special membership or something.

that would totally depend on your site
if you have a plugin that shall make the member page url yoursite.com/ members(or we)/username
so then you can just direct a webbrowser to that page with the usernametextbox as the "username"in the url and read the string that is between [php]</h1> <h2>[/php] and [php]</h2> </td> </tr>[/php](this depend on your user page ) in your richtextbox (web page's source).
like for example here at mpgh if you go to my userpage and read the string that is between </h1> <h2> and </h2> </td> </tr> the output will be "Expert Member" which is not allowed to use the hack

but hey there are lots of easier ways to do it through sql tables so u might wana look through that

[flameswor10]

I can make a simple loader for you

[Gordon`]

Then we output the DLL to any random location and inject.

why is there an encryption anyway when its useless? i mean the dll has to be decrypted for injecting. not really safe

[dean-wingess]

1. Protection:


Crypted GUID list on my server.
GUID: USERNAME:
23523 Halalala
33345id Olalala

for example.
It's cryted, my Guidtech.cpp contains a simple function to uncrypt it.
After Uncrypting it loops through the list and checks the GUID's, if yours isn't there it won't create the threads in Dll main and Exit the process.

2. Protection:

A loader coded in VisualBasic, 3 embedded dlls (Warrock Private, Bad Company 2 Private, Combat Arms Private)
You can load 1 of them and inject it.
How it updates?
It checking the md5 of the dlls and then it compares it to md5 of the dlls on the server.
If they aren't the same its downloading and replacing them.

Isn't that easy?

Edit: How to crack it?
Break in the Loader, check for the ftp links, download the dlls..
Muhaha and now?
There's still GUID, UPX, Winlicense.
First of all try to unpack it then remove the drive 32 from Winlicense and then search through 7300 lines of ASM and addresses.
Before you start doing this it would be easier coding your own hack.

[freedompeace]

This is one funny thread

These are good ideas, but there are problems which need to be addressed (below).

If you want an entirely secure system, you're going to have to implement all these ideas into one, plus checks on hooks that may endanger your hack's security, as well as having as little usage of the file system as possible.

Well lets do IDEAS :


As i said Mine hides the dll into an Encrypted File format that reads the file and Inject that file into a process, I also used this Feature in the advance injector i am making. I find that u no longer have to do the Copy to random location thing. It is always a Random location.

This File format can contain almost anything from the File name and version to the Last Process injected into and how many times.

since it is saved as an array of bytes opening with notepad will not really work and it is converted into string to process the data then to convert the String back into a Byte Array to the the (Hack file in byte array) then output to a random location and inject from that location all without damaging the dll

The downside to this is the File Format of the DLL can be in ur application but i didnt do it to do that. The reason for this is the Code Decompilers who look at ur code and get the dll. With getting the DLL from an online server the info is held in a structure. Then we output the DLL to any random location and inject.

The Loader will NEVER really have any REAL location the DLL will go, it will have a fix location to ur site but to Decrypt that and go into every step as i did it is annoying it even made my head hurt recoding it.

HMM now that i think about it u can embed the DLL into the loader i mean the structure IS able to convert from both byte arrays and string arrays.


Thats only the part about ur DLL not being to be found. What about the LOGIN really i dont like my current login systems and i am not good with SQL

What's the use of encryption if your client has the key-pair that your server has? It can be easily extracted ):

Furthermore, you're dealing with the filesystem. Plenty of hooks to monitor the fs

The login is done either by the sql or by using the webpage elements(doesn't require access to any sql tables)

just make a new webbrowser
[php] this->webBrowser1->Document->GetElementById("vb_login_username")->SetAttribute("value", textBox1->Text);
this->webBrowser1->Document->GetElementById("vb_login_password")->SetAttribute("value", textBox2->Text);
this->webBrowser1->Document->GetElementById("cookieuser")->SetAttribute("value", "0");
this->webBrowser1->Document->GetElementById("cookieuser")->Focus();

SendKeys::Send("{TAB}");
SendKeys::Send("{Enter}");[/php]

and then to check if he has logged in correctly

[php]if (this->richTextBox1->Text->Contains("Thank you for logging in")do your stuff...[/php]
and if he didn't enter it correctly
[php]if(this->richTextBox1->Text->Contains("invalid")) exit the application [/php]

edit forgot to say that the richtextbox is the webbrowser's page document text
and this way works on vb forums only because of the elements names u can download google chrome and use its firebug to see the elements for other types of boards

share share share

network sniffing... yay. internet explorer, bigger yay.

[supercarz1991]

Id like to know how GA's loader works...I tried to crack it once...scanned my whole c drive as soon as it downloaded and was ready fir injection....there were no new files on my computer before injection or after

[freedompeace]

Id like to know how GA's loader works...I tried to crack it once...scanned my whole c drive as soon as it downloaded and was ready fir injection....there were no new files on my computer before injection or after

GA?

(fill)

[kotentopf]

at the point protection:
create a thread with a while loop

if getmodulehandle("OLLYDBG.exe")
TerminateProcess(GetCurrentProcess(),1337);

u can add more files. U can also use some findwindow's

[topblast]

Wel the encryption is different. I encrypt for the safety of the DLL and i been using it in CA, never been detected. Also as it was said before Finding the site that holds the File can be traced. This format need you to convert the file then upload it. And i was bored and was working with encryption the time i made it. But the Decryption is Done before u inject

Login(if true)->Download/GET->Decrypt->Store in structure->Start timer->If TRUE and ready to inject->Get Original file(Decompress)->Byte to file to Random location->Inject from that location.

Close loader.