Sol Protector v0.4 ~ Now with encryption

Images

Images:

What was removed:
I removed restricting access to the macromedia folder
I also removed restricting access to smtp.gmail.com

Why? Well because, you can work around both of those
And because, it doesnt matter. The .sol files are wiped and the account.js files are saved with a random name/extension.
So why restrict access to a folder and an ip?
It only brings problems such as, if they close the program, the macromedia folder could stay restricted. And we dont want that.

Features:
Searches entire Macromedia directory (where .sol files are saved) for .sol files. (Also protects most pserver .sols)
Wipes all data inside them (doesn't delete them, instead replaces the text with "Protected by PKTINOS", this way you can be sure that the sol thief will be dissapointed when he sees protected sols c:<)
Searches entire Desktop and sub directories for accounts.js files.
Wipes the content of the accounts.js files -> stores it in desktop in a file with a random 30 letter name and random 3 letter extension. (so you dont lose the accounts.js data)
If it doesnt find accounts.js in the desktop, allows you to input the directory that your muledump is in (if you have muledump) so it can secure it.

Still paranoid?
Disable your internet -> run .sol stealer
If it doesnt handle errors that well, it will display an error message saying that it couldnt send the .sol to the smtp server, so this way you can know its a sol stealer.

Important Note!!

Having protection against sol stealers doesnt mean you have protection against trojans/other malware. It only protects your RotMG identity, if you download a keylogger, your data can still be stolen.

Changelog

Code:

Optional protection: Block access to default e-mail port (587) temporarily (until the user presses enter)
This makes the sol stealers crash or not work correctly

IMAGENOTE: This sol stealer has "error handling" because it was made by me, that's why you see that message box. So if you open a sol stealer that doesnt pop a messagebox, it will still not send the email correctly. If you block the 587 port, it will not send email, simply because it cannot.

NOTE2: If a sol stealer doesn't send e-mails, but instead sends the data to a server, this will not be blocked. However, the .sol's are already wiped, and the account.js is wiped as well (it has its info saved in the desktop as a random file with a random extension), so there is no risk of them sol stealing you.

NOTE3: Do not get cocky and start opening every program that people send you. While this does prevent .sol / accounts.js stealers, it does not prevent Trojans or other malware, so be warned.
https://virusscan.jotti.org/en-US/fi...job/00mth3g5z9
https://virusscan.jotti.org/en-US/fi...job/00mth3g5z9

Sol Protector v0.4_mpgh.net_mpgh.net.zip

This is actually pretty rad, weird file extensions but protects it pretty well.
/approved.

I wonder what language this was coded in

Originally Posted by ruusey

I wonder what language this was coded in

The best language in the world of course!!!1!

Python

/s

This is a good protection against most sol stealers, thanks for releasing it, altough I liked the idea of capturing smtp.gmail.com to get the account credentials.

Originally Posted by wecopaul

This is a good protection against most sol stealers, thanks for releasing it, altough I liked the idea of capturing smtp.gmail.com to get the account credentials.

this is made impossible and rightly so by SSL/TLS
and installing a root cert to decrypt traffic just to intercept credentials would be getting into some pretty shady areas regarding security

Quick Questions:

What does it mean if there isn't a .sol file in my computer?

Edit: Nevermind i found how to revert the changes.

Originally Posted by enmity4

this is made impossible and rightly so by SSL/TLS
and installing a root cert to decrypt traffic just to intercept credentials would be getting into some pretty shady areas regarding security

@PKTINOS can make an option to toggle a host redirect of google's smtp servers to localhost.
Also I think the SOL locking can be evaded by copying the sol to a new location then opening, which wouldnt require admin right.
Also you can still fetch accounts .js by recognizing the file structure of the muledump folder itself and sending the data of non-empty files with no extensions.
OP can fix these issues tho with a bit of work.

Originally Posted by krazyshank

lol you can't use DNS spoofing to bypass SSL/TLS
there is no way to steal outgoing account data unless you access the hardcoded values (people who make stealers are normally shit at reverse engineering so would be easy)

Originally Posted by enmity4

Not for bypassing... to stop the connection

Originally Posted by krazyshank

Also I think the SOL locking can be evaded by copying the sol to a new location then opening, which wouldnt require admin right.
Also you can still fetch accounts .js by recognizing the file structure of the muledump folder itself and sending the data of non-empty files with no extensions.
OP can fix these issues tho with a bit of work.

There is no SOL locking, because as you said in the group chat, there is always a way to bypass it.

For example, if I lock the macromedia folder, or say the sol, the sol stealer can unlock it using the same code that I used to lock it.
So now it just wipes the data of the .sol

Also you can still fetch accounts .js by recognizing the file structure of the muledump folder itself and sending the data of non-empty files with no extensions.

Not really. The file isn't saved in the same location as accounts.js, instead it is saved in the desktop. And it's saved with a random extension as well. This way, the program could never find the actual accounts.js data, because they are now saved with a random name and a random extension in the desktop. The user probably will have other files as well, so how can the .sol stealer tell between a normal file and the accounts.js file?

New Update~~~~ v0.3 ~~~~ @Joe @Luis
@krazyshank what do you think about this way of blocking the connection - adding a rule to the firewall the blocks the 587 port, this way, not only smtp.google.com but pretty much every / most email services are blocked from sending email.

Changelog

Code:

Optional protection: Block access to default e-mail port (587) temporarily (until the user presses enter)
This makes the sol stealers crash or not work correctly

IMAGENOTE: This sol stealer has "error handling" because it was made by me, that's why you see that message box. So if you open a sol stealer that doesnt pop a messagebox, it will still not send the email correctly. If you block the 587 port, it will not send email, simply because it cannot.

NOTE2: If a sol stealer doesn't send e-mails, but instead sends the data to a server, this will not be blocked. However, the .sol's are already wiped, and the account.js is wiped as well (it has its info saved in the desktop as a random file with a random extension), so there is no risk of them sol stealing you.

NOTE3: Do not get cocky and start opening every program that people send you. While this does prevent .sol / accounts.js stealers, it does not prevent Trojans or other malware, so be warned.

@Joe @Luis
please replace the virus scans with the new ones, as well as the attachement and replace the picture with the last one in the OP. Oh and please rename to
"Sol Protector v0.3 ~ Now with Anti-Email protection"

-----------

Virus scans:
VirusTotal
VirusJotti

Sol Protector v0.3_mpgh.net.zip

Originally Posted by PKTINOS

New Update~~~~ v0.3 ~~~~

I don't see an attachment, what happened

Originally Posted by Joe

I don't see an attachment, what happened

._. I added everything apart from the program itself xd.

Added.

apologies, Sadly I use microsoft XP and the .NET framework doesn't seem to work. Got any Solutions?, Ive been hacked around 5 times in a few days D:

Sol Protector v0.4 ~ Now with encryption

Post a Reply

Similar Threads

Tags for this Thread