What This Package Contains
- The latest CabalRider bot for SG (CabalRider_SG1.0.14 as of 1st June 2008)
The actual bypass..
- Unpacked + modified CabalRider.exe, Adapter.dll, Impetus.dll to point to 127.0.0.1 for Server 1
- CabalRiderRider_server.exe - A fake authentication server originally coded in Perl & ported to VB6
Additional files..
- MSWINSCK.OCX - for the Winsock component used in my VB6 auth server
Why am I releasing this?
This was originally intended to be a private bypass for my friends who could not afford / did not wish to pay the RM30 fee for CabalRider.. however it turns out I cannot trust most of my 'friends' as they would choose to sell and distribute my creations for their own profit.
This is against my principles as I do what I do because I can. Furthermore, if it's going to be leaked out against my will - the authors of the bot might as well know about it and patch the flaw in their authentication system.
How does it work?
CabalRider (after a little probing with Wireshark, Olly & WPE Pro) turns out to be vulnerable to a simple authentication replay attack. The server does just that, replays a successful authentication sequence twice. One for the initial loader and the second request made by the .dll files once they have been loaded into Cabal.
This is only for CabalSEA and will be my last attempt at cracking CabalRider.
---
Mirrors Provided by Heip
Credits to the CabalRider Team for the bot, exile (me) for the bypass. Enjoy
UPDATE : Received mix feedback from the people here at GZP. It may or may not work for you (this is, afterall a simple bypass and the actual login routine may exchange hashes that are unique to each machine). However, it does work on all my 3 PCs, my friends PCs and a vast majority of other systems out there.
I came up with this roughly less than 2 days after CabalRider went pay to use so yeah, consider this more of a PoC (Proof of Concept) rather than a fully and extensively tested release.
