- The latest CabalRider bot for SG (CabalRider_SG1.0.14 as of 1st June 2008)
The actual bypass..
- Unpacked + modified CabalRider.exe, Adapter.dll, Impetus.dll to point to 127.0.0.1 for Server 1
- CabalRiderRider_server.exe - A fake authentication server originally coded in Perl & ported to VB6
Additional files..
- MSWINSCK.OCX - for the Winsock component used in my VB6 auth server
Why am I releasing this?
This was originally intended to be a private bypass for my friends who could not afford / did not wish to pay the RM30 fee for CabalRider.. however it turns out I cannot trust most of my 'friends' as they would choose to sell and distribute my creations for their own profit.
This is against my principles as I do what I do because I can. Furthermore, if it's going to be leaked out against my will - the authors of the bot might as well know about it and patch the flaw in their authentication system.
How does it work?
CabalRider (after a little probing with Wireshark, Olly & WPE Pro) turns out to be vulnerable to a simple authentication replay attack. The server does just that, replays a successful authentication sequence twice. One for the initial loader and the second request made by the .dll files once they have been loaded into Cabal.
download here.
