I have unpacked the mBot crack that was released by NoEx,
now no one can use the crack.
I found that the loader that NoEx made is a redirection detour well coded !!
Also the dll was packed with VMProtect which is a pain in the a** to unpack.
The dll was redirecting the connection from 82.165.134.202:80 to 88.191.118.159:80 <== this one was hosted by NoEx.
on load the bot asks to read the 88.191.118.159:80\download\Index.php.
This one should returns even {{LAST_VERSTION}} <== Which means no update is available.
or
{{PATCH_AVAILABLE}} <== means you have to download the new version.
then when you click Login the bot posts the encrypted login data [username & password] to 88.191.118.159:80\pa\auth.psro.mbot.1.php using [POST] code.
then the auth.psro.mbot.1.php returns encrypted data for the success login.
Idon't know If NoEx hacked the main server to get the auth.psro.mbot.1.php or he maybe emulated it after he unpacked the mBot [Themida Packed].
so now the real reason behind the mBot crack fail is that the NoEx server that hosts auth.psro.mbot.1.php is now down.
so thats it.
#######
#Fox564#
######
now no one can use the crack.
I found that the loader that NoEx made is a redirection detour well coded !!
Also the dll was packed with VMProtect which is a pain in the a** to unpack.
The dll was redirecting the connection from 82.165.134.202:80 to 88.191.118.159:80 <== this one was hosted by NoEx.
on load the bot asks to read the 88.191.118.159:80\download\Index.php.
This one should returns even {{LAST_VERSTION}} <== Which means no update is available.
or
{{PATCH_AVAILABLE}} <== means you have to download the new version.
then when you click Login the bot posts the encrypted login data [username & password] to 88.191.118.159:80\pa\auth.psro.mbot.1.php using [POST] code.
then the auth.psro.mbot.1.php returns encrypted data for the success login.
Idon't know If NoEx hacked the main server to get the auth.psro.mbot.1.php or he maybe emulated it after he unpacked the mBot [Themida Packed].
so now the real reason behind the mBot crack fail is that the NoEx server that hosts auth.psro.mbot.1.php is now down.
so thats it.
#######
#Fox564#
######