I mailed heero from openkore.com and he told me that Battle of Immortals has a serious flaw, It stores your username and password in memory in raw format and not encrypted. Since I was playing BoI PH I told him to show me so he gave me these memory addresses and asked me to use Cheat Engine.
Philippine BoI Client Address:
---------------------------
For Username
Address: game.exe+A3DDA8
Type: Text
No. of Characters: 30
Unicode: unchecked
For Password
Address: game.exe+A3DE28
Type: Text
No. of Characters: 30
Unicode: unchecked
These are the locations he told me you can try checking them yourself.
So before using any bots always ask yourself if you can trust the makers of that bot or not. Just a warning for others thats all, I dont want anyone to flame me but I just had to put this out in the open.
Edit added International Addresses (thanks Inathero)::
Internation BoI Client Address
---------------------------
For Username
Address: Game.exe+AD4CD8
Type: Text
No. of Characters: 30
Unicode: unchecked
For Password
Address: Game.exe+AD4D58
Type: Text
No. of Characters: 30
Unicode: unchecked
The same issue exists in BoI INT. Yeah, sadly you have to trust the bot coder - but haven't you really always had to?
True but at least some bot coders release their source code (btw I admire your work since you also release your source unlike others).
Other bot makers here hardly release their code out of fear it might get stolen now that this flaw is know perhaps they will also release their code for verification. Either way its all up to the end user if he trusts guys that dont release source code.
Lemme understand abit please and sorry if im wrong.
Bot makers can find out our account/password from BOI ?
Yes, the problem here is that the BoI Client stores your username password in raw format on your computers memory. like this "myusername mypassword" and anyone can just READ that memory address and send those values out.
Since most bots here are precompiled EXE's I figured I should post this to warn users of such flaws. Don't get me wrong I am not saying that the bot programmers here do this since I have close to zero knowledge when it comes to decompiled programs but it still leaves the question "Can my account be hacked?"
Which is why I respect guys like 0xDEC0DE and HackBoy who give their full source code for us to see and compile on our own.
So as the others have said already, Use bots at your own risk. But as a friend of mine would say, Its better to be safe than sorry.
BTW a reminder to users please dont blame bot programmers on this topic because you got hacked, this thread was made to warn users and not a place for you to complain about you being hacked. Like I said the topic is a warning thats all.
The mods should sticky this post, pretty important imo. Didn't cross my mind that user and pass are stored unencrypted in the exe.
I would never steal someone's account info, but unfortuantely a few people won't believe me and I can't prove it since i don't want to release source code =\
Guess best prevention would be to block the bot from accessing the internet, so incase it does steal info, it can't email it or ftp it to the bot maker.
also i'll be releasing my source, but only when i get bored of game and move on lol.
The mods should sticky this post, pretty important imo. Didn't cross my mind that user and pass are stored unencrypted in the exe.
I would never steal someone's account info, but unfortuantely a few people won't believe me and I can't prove it since i don't want to release source code =\
Guess best prevention would be to block the bot from accessing the internet, so incase it does steal info, it can't email it or ftp it to the bot maker.
also i'll be releasing my source, but only when i get bored of game and move on lol.
Thanks Inathero I respect your decision in not releasing your code yet which is why I told users here not to blame a bot programmer if their account gets hacked. But there is a flaw in blocking the bot program from using the internet, the programmer can also use the BoI client to send the username and password via Private Message also know as /P ingame so in the end its still not enough. Still thanks for the positive feedback on my topic Inathero.
Thanks Inathero I respect your decision in not releasing your code yet which is why I told users here not to blame a bot programmer if their account gets hacked. But there is a flaw in blocking the bot program from using the internet, the programmer can also use the BoI client to send the username and password via Private Message also know as /P ingame so in the end its still not enough. Still thanks for the positive feedback on my topic Inathero.
/p is very very noticable
ontop of that bot creator has to be online
and while playing, and upon seeing it, user will probably log off, report in thread, and change account info messing up the creator's evil plans lol.
Also only one person has my bot's source and that's dumpersta ^^ since he's a respected person, he can clear me XD
And no problem, will definately support this topic :P Will keep bumping it up as a form of pseudo-sticky haha
-----------------
Edit: Just tested those addys and they don't work. The correct addys are:
Thanks Inathero, btw with regards to /P I was referring to using the call function for it not using the chat command ingame like how HackBoy does it in his source code. You can just parameter pass the strings and then call the function for send Whisper and it will hardly be noticeable. Well anyway I just hope that the developers of the game fix this flaw of theirs and we can all rest easy.
Thanks Inathero, btw with regards to /P I was referring to using the call function for it not using the chat command ingame like how HackBoy does it in his source code. You can just parameter pass the strings and then call the function for send Whisper and it will hardly be noticeable. Well anyway I just hope that the developers of the game fix this flaw of theirs and we can all rest easy.
hackboy had a /p call in it? totally didn't know that.
In anycase, I placed a link to this thread from my thread in big letters so that everyone can see :P The more people know about this, the better.
hackboy had a /p call in it? totally didn't know that.
In anycase, I placed a link to this thread from my thread in big letters so that everyone can see :P The more people know about this, the better.
No no I did'nt mean HackBoy had such a thing I mean someone with enough skills can do the same thing by using Private Message function call. Thanks for linking the topic the more this gets out the better.
BEWARE THESE DAYS ( EVERYONE MUST READ ) 01/05/2011 - Silkroad Online Trading - 30 Replies Dear Elite pvper users,
These days i see many Threads of scammers and imposters REMEMBER
Always use a middleman to trade and use the new trade system,
Read This link : http://www.elitepvpers.com/forum/silkroad-online-tr ading/353460-beware-impostors.html
Add The Real emails so you should never get Another one!
And beware of scammers these days people!
WARNING: beware of 2 users 11/21/2006 - Conquer Online 2 - 5 Replies hey all i wanna warn you guys for those 2 pvpers: ~Luzifer~ and I.C.E
those guys got keyloggers, virusses and trojans in their sig.
scan them if you want
DO NOT DOWNLOAD THIS!!!!
text2schild.php?smilienummer=1&text=BANN PLEASE AND THANKS FOR READING THIS' border='0' alt='BANN PLEASE AND THANKS FOR READING THIS' />
Idiots Beware - EVERYONE READ 12/23/2005 - Conquer Online 2 - 25 Replies Thanks to the increase of noobs coming into the forum like plxplxplxplx giv meh haxx!!!11
Im not placing this rule down that I hope other moderators and members will back up.
All the noob topics (like "someone please help me i cant fin the XXXXXX hacks plx someone get for me....i searched but didnt find anything" )
I will be closing instantly, and for all members please just remind them that this is a rule now.
Do not help them....
and sorry if im wrong.
