Announcement

**GetJump** · 01-25-2013, 07:30 AM

Re: lззв ini auth

php auth bypass is too hard xd
btw, they are start using new domain :
it was key.urinina.us
now it aut.urinina.us
base64 -> own crypt for dlls

**Guest** · 01-25-2013, 09:44 AM

Re: lззв ini auth

Originally posted by GetJump View Post

base64 -> own crypt for dlls

Exactly.

**GetJump** · 01-25-2013, 10:19 AM

Re: lззв ini auth

Originally posted by anontyan1 View Post

Exactly.

Lol. In vid you just spoofed net stuff, how you will known they dll protection, if i don't say?
Anyway, it's easy to get their one's, like a other 99,9% of hags.

UPD :
If you know, you can't get dll, if your account doesn't have sub, they maked that almost perfect.
You only can move all outputs from their host to local, and spoof. That shouldn't call BYPASS.

**Guest** · 01-25-2013, 10:37 AM

Re: lззв ini auth

Originally posted by GetJump View Post

You only can move all outputs from their host to local, and spoof. That shouldn't call BYPASS.

You're right, so, how i had to call it?

**GetJump** · 01-25-2013, 10:44 AM

Re: lззв ini auth

Originally posted by anontyan1 View Post

You're right, so, how i had to call it?

It's basic spoofing, nothing special.
So welcome, to pr1v473 h4g5 dumping business xd
Oh, thought that now is a bit harder, to do that sort of thing, because they are using ssl.
So for replace remote to local with hosts, you need to configure your webserver with their certificate, you can easily obtain it, but only client-side one, when server requires two files of certificate(server-side).

**Guest** · 01-25-2013, 11:01 AM

Re: lззв ini auth

Originally posted by GetJump View Post

Oh, thought that now is a bit harder, to do that sort of thing, because they are using ssl.
So for replace remote to local with hosts, you need to configure your webserver with their certificate, you can easily obtain it, but only client-side one, when server requires two files of certificate(server-side).

Yea, I thought about it when they started to use ssl.
I wanted to dump & emulate server respones to client, making able to login and download hack without having an account.

**GetJump** · 01-25-2013, 11:25 AM

Re: lззв ini auth

Originally posted by anontyan1 View Post

Yea, I thought about it when they started to use ssl.
I wanted to dump & emulate server respones to client, making able to login and download hack without having an account.

No way, you can only stream dll that you got by yourself.
They crypt bases on HWID. I don't known how it work now, but in leaked sources, all decrypts with hwid.

**Guest** · 01-25-2013, 11:31 AM

Re: lззв ini auth

Originally posted by GetJump View Post

They crypt bases on HWID. I don't known how it work now, but in leaked sources, all decrypts with hwid.

That's very interesting.
Anyway, I haven't any possibility & motivation to make my noob researches on ini's auth, cuz i'm not giving a cent fot that faggots no more.

Btw, I saw you at EC, would you research their protection? Or you're already doin' it?

**GetJump** · 01-25-2013, 11:41 AM

Re: lззв ini auth

Originally posted by anontyan1 View Post

That's very interesting.
Anyway, I haven't any possibility & motivation to make my noob researches on ini's auth, cuz i'm not giving a cent fot that faggots no more.

Btw, I saw you at EC, would you research their protection? Or you're already doin' it?

They banned me, for hwid reset request xD

EC, is simple, since their writing code to other process.
Auth, is php script :D

**Guest** · 01-25-2013, 12:14 PM

Re: lззв ini auth

Originally posted by GetJump View Post

Auth, is php script

I tried to spoof packets, like i did with ini & cillit-cheats, but i didn't archieved anything.
I guess, it has some hidden check, i dunno.

**GetJump** · 01-25-2013, 12:37 PM

Re: lззв ini auth

Originally posted by anontyan1 View Post

I tried to spoof packets, like i did with ini & cillit-cheats, but i didn't archieved anything.
I guess, it has some hidden check, i dunno.

I doesn't dive too deep, may be they have domain/ip check or something like that idk

**Guest** · 01-25-2013, 04:19 PM

Re: lззв ini auth

Originally posted by GetJump View Post

I doesn't dive too deep, may be they have domain/ip check or something like that idk

If you found something interesting - please contact me :)

**wav** · 01-25-2013, 05:50 PM

Re: lззв ini auth

Originally posted by GetJump View Post

base64 -> own crypt for dlls

Advanced Encryption Standard - Wikipedia

http://en.wikipedia.org/wiki/Advanced_Encryption_Standard

one would think to use SHA 256 + AES 256 as basis...

i guess not

**Ember** · 01-25-2013, 06:23 PM

Re: lззв ini auth

If you want the module, unpack, check for VM (I assume they are still using Themida), and devirtualize and see what they are doing to get an address to breakpoint to dump the module from, or rather just use my pretty much generic 1-breakpoint search&dump method.

**GetJump** · 01-26-2013, 12:19 AM

Re: lззв ini auth

Originally posted by Ember View Post

If you want the module, unpack, check for VM (I assume they are still using Themida), and devirtualize and see what they are doing to get an address to breakpoint to dump the module from, or rather just use my pretty much generic 1-breakpoint search&dump method.

I already know how they crypt/decrypt dll's, but anyway thank you.

**GetJump** · 01-26-2013, 12:20 AM

Re: lззв ini auth

Originally posted by wav View Post

http://en.wikipedia.org/wiki/Advance...ption_Standard

one would think to use SHA 256 + AES 256 as basis...

i guess not

That's takedown.
People like him think, that their own shitty protect is perfect.

**wav** · 01-26-2013, 05:43 AM

Re: lззв ini auth

Originally posted by GetJump View Post

That's takedown.
People like him think, that their own shitty protect is perfect.

luckily for us he doesn't know to use these and copy paste them right

otherwise we'd have trouble

Announcement

lззв ini auth

lззв ini auth

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment