Detect malicious private server client

04/07/2022 15:07 Lariss_#1
Hi,
Are there any tutorials on finding if the private server client contains malicious code/malware/etc.? (file stealers, keyloggers, cryptocurrency mining, etc.)
If not, then what's the most efficient way to do that?
I've thought of client launcher decompilation, but I don't know
1. if that would help with detecting malicious code.
2. what files should I decompile.
I would be very grateful for any advice, tutorial, whatever.

inb4 antivirus scan
04/08/2022 22:29 Endless.#2
Quote:
Originally Posted by Lariss_ View Post
Hi,
Are there any tutorials on finding if the private server client contains malicious code/malware/etc.? (file stealers, keyloggers, cryptocurrency mining, etc.)
If not, then what's the most efficient way to do that?
I've thought of client launcher decompilation, but I don't know
1. if that would help with detecting malicious code.
2. what files should I decompile.
I would be very grateful for any advice, tutorial, whatever.

inb4 antivirus scan
In normal Case, the Clients doesnt have Backdoors because to much People where have Experience with Computers and IT will detect it. You can reverse the whole Binary with Ghidra. This Tool will show you, what happen in Background while this Process is running.


Sry my English is bad -_-


With kind Regarts, Endless :)
04/09/2022 00:29 No14#3
Quote:
Originally Posted by Lariss_ View Post
Hi,
Are there any tutorials on finding if the private server client contains malicious code/malware/etc.? (file stealers, keyloggers, cryptocurrency mining, etc.)
If not, then what's the most efficient way to do that?
I've thought of client launcher decompilation, but I don't know
1. if that would help with detecting malicious code.
2. what files should I decompile.
I would be very grateful for any advice, tutorial, whatever.

inb4 antivirus scan
Firstable, every time you will download any stuff from not sure sites.
Use virustotal: [Only registered and activated users can see links. Click Here To Register...]

the patch.exe searching for new packs or new datas. This progress without whitelist patch.exe could make many troubles. Because windows donīt say its safety, because they don t know about these datas.
So it s the job from any devs to make their client safety first.
Aeldra using a safety patch.exe. We used the same, it was a big change for small money.
Sometimes there are some negative points. But thats just normal in Metin.
The Admin should send a safety patch.exe to google. When they whitelisting the patch.exe you can play without any problems.

But theres sometimes any issues, why you can t play metin or your window will not open/ react. Thatīs not because of bad programs, its because of your engines, graphic driver or configs.

You can watch your process, when you open your Client window. And watch what happens in your task manager.


And the last tip, donīt use the same e-mail, passwords or IDīs in any case, when you play games.
Some Players donīt understand what is safety.
And download only about links from team Staff, trusted homepages and not about 3rd person.
04/10/2022 10:25 br4ve-trave1er.asf#4
Quote:
Originally Posted by No14 View Post
Firstable, every time you will download any stuff from not sure sites.
Use virustotal: [Only registered and activated users can see links. Click Here To Register...]

the patch.exe searching for new packs or new datas. This progress without whitelist patch.exe could make many troubles. Because windows donīt say its safety, because they don t know about these datas.
So it s the job from any devs to make their client safety first.
Aeldra using a safety patch.exe. We used the same, it was a big change for small money.
Sometimes there are some negative points. But thats just normal in Metin.
The Admin should send a safety patch.exe to google. When they whitelisting the patch.exe you can play without any problems.

But theres sometimes any issues, why you can t play metin or your window will not open/ react. Thatīs not because of bad programs, its because of your engines, graphic driver or configs.

You can watch your process, when you open your Client window. And watch what happens in your task manager.


And the last tip, donīt use the same e-mail, passwords or IDīs in any case, when you play games.
Some Players donīt understand what is safety.
And download only about links from team Staff, trusted homepages and not about 3rd person.

you understood nothing and still replied, bravo

Quote:
Originally Posted by Lariss_ View Post
Hi,
Are there any tutorials on finding if the private server client contains malicious code/malware/etc.? (file stealers, keyloggers, cryptocurrency mining, etc.)
If not, then what's the most efficient way to do that?
I've thought of client launcher decompilation, but I don't know
1. if that would help with detecting malicious code.
2. what files should I decompile.
I would be very grateful for any advice, tutorial, whatever.

inb4 antivirus scan
thats sadly not that easy, you would need some good reverse engineering knowledge to be able to detect actually hidden malware.

if you just want a general idea if a client is fine or not you could use something like "api monitor"(rohitab) or "process monitor"(micorosft/sysinternals) to monitor the process while its running on a VM, these tools can be a good indicator for malicious activity because they will display attempts of the process to access files outside of the client, reading/writing to unrelated registries and so on.

you could also dump the python files of the client and check these for weird shit but its not as common as it used to be to leave nasty shit there