Hi everybody!
Some days ago I decided to make a crack for ibot,but I stuck,so now I release infos about the bot.
First of all,everybody knows that ibot communicates with a server on TCP
at mail.majar.com (82.98.86.167) on 8084 port.
I had an idea,that I block this,and forward the mail.majar.com to localhost,and I simulate that is the server.
I did some tests and I realized how many packet's and bits arrives when somebody login with ibot:
So the bot get these packet's with unkown content:
1. packet 4 bits
2. packet 441 bits
3. packet 4 bits
4. packet 77 bits
These means,that the first packet consists of a number,the second is 63 letters,the third is a number too,and the forth includes 11 characters.
I could block the server with firewall,but I had no idea about forward it to localhost.
But with this mechanic I could bot 3 days with ibot trial,cause I didn't die,or jumped a gate,and I blocked the server,so it didn't get any info.
The only backwards is that,I can't login back without trial.
If somebody can make a programme,which forwards 82.98.86.167 to localhost on port 8084 and she/he send it to me I will make the crack's other part and I will release it.
(I used tcpview to see these datas,and firewall to block. If I could do this,we would use this crack forever,cause if the bot doesn't get the info that there is an update,then we can login with it.)
I hope this information will be useful for hackers.:)
Some days ago I decided to make a crack for ibot,but I stuck,so now I release infos about the bot.
First of all,everybody knows that ibot communicates with a server on TCP
at mail.majar.com (82.98.86.167) on 8084 port.
I had an idea,that I block this,and forward the mail.majar.com to localhost,and I simulate that is the server.
I did some tests and I realized how many packet's and bits arrives when somebody login with ibot:
So the bot get these packet's with unkown content:
1. packet 4 bits
2. packet 441 bits
3. packet 4 bits
4. packet 77 bits
These means,that the first packet consists of a number,the second is 63 letters,the third is a number too,and the forth includes 11 characters.
I could block the server with firewall,but I had no idea about forward it to localhost.
But with this mechanic I could bot 3 days with ibot trial,cause I didn't die,or jumped a gate,and I blocked the server,so it didn't get any info.
The only backwards is that,I can't login back without trial.
If somebody can make a programme,which forwards 82.98.86.167 to localhost on port 8084 and she/he send it to me I will make the crack's other part and I will release it.
(I used tcpview to see these datas,and firewall to block. If I could do this,we would use this crack forever,cause if the bot doesn't get the info that there is an update,then we can login with it.)
I hope this information will be useful for hackers.:)
