D_EU_SA

defect · 11/09/2009, 02:58

Dam I hate to be the dude whos the **** that has to say something along the lines of, I told you so...

Edit:

Luke can you upload the files to rapidshare or some other uploading base so i can take a look just in case...

Lukeff7 · 11/09/2009, 03:05

The first few are just .text files that include another link to another share cash download.
Then finally you get a folder with this in it and nothing else (as shown):

and that's that.

Oh and that last password download has a .txt file saying: P1nOk0lz8q

and the first one was just blank.

Good game, good game.

Zacko7 · 11/09/2009, 03:08

Quote:

Originally Posted by Lukeff7

Incase anyone has yet to realise, this is just sharecash links within themselves to generate himself money.
Hats of to the ******, but still the mod who participated in this should be ashamed of himself.

Quote:

Originally Posted by Lukeff7

Ironic.
Same file names.
My only query is how you got the mod in on this little charade.

He got the moderator into this little "charade" by giving the moderator a legitimate file, with a termination string in it after 25 minutes, or so, of use. Should I close this, or does anyone expect him to actually give the file?

I'll give him an infraction for bogus links right now, until the community says otherwise.

defect · 11/09/2009, 03:11

Quote:

Originally Posted by Zacko7

He got the moderator into this little "charade" by giving the moderator a legitimate file, with a termination string in it after 10 minutes of use. Should I close this, or does anyone expect him to actually give the file?

I dont have the EU client so all I can say is that its most likely just a regular edit through hex related data to make it look legit. (who knows) Then again it could be the reg. DSEE, so what im getting at is that, it couldve been the reg DSEE just being able to run for a short period?

Like i said I have no knowledge of the EU client, just a stab in the dark.

Too small of a file so I doubt its even laced with anything thats worth worrying about.

Zacko7 · 11/09/2009, 03:19

Quote:

Originally Posted by defect

I dont have the EU client so all I can say is that its most likely just a regular edit through hex related data to make it look legit. (who knows) Then again it could be the reg. DSEE, so what im getting at is that, it couldve been the reg DSEE just being able to run for a short period?

Like i said I have no knowledge of the EU client, just a stab in the dark.

Too small of a file so I doubt its even laced with anything thats worth worrying about.

True, the problem with this theory, is that theres no way DSEE could work without a bypass. Maybe he incorporated a bypass in it? Who knows.
I've heard of people using termination strings before too, which after a set amount of time, the file becomes corrupt and does not execute anymore. I've unpacked his file, and it's now empty, so I'm really confused.

MiseryK · 11/09/2009, 03:31

The links are fake, well the .exe, ******* gay... if they r true put the **** file into rapid or mega or media.

Zacko7 · 11/09/2009, 03:35

That's true, should I just close this thread?

defect · 11/09/2009, 03:37

Quote:

Originally Posted by Zacko7

That's true, should I just close this thread?

Its really up to you.

Just view it with Olly and see what you can find. I really do doubt it that theres a termination string involved.

Zacko7 · 11/09/2009, 03:50

Quote:

Originally Posted by defect

Its really up to you.

Just view it with Olly and see what you can find. I really do doubt it that theres a termination string involved.

I can't run it anymore, there's no coding. That's the only logical explanation IMO.

defect · 11/09/2009, 04:08

Quote:

Originally Posted by Zacko7

I can't run it anymore, there's no coding. That's the only logical explanation IMO.

Totally beats me then. Probably a simple self modify code. Doubt it though, especially to incorporate it with DSEE/Dragonica. Around a good 25+ lines i think.

Zacko7 · 11/09/2009, 04:24

Quote:

Originally Posted by defect

Totally beats me then. Probably a simple self modify code. Doubt it though, especially to incorporate it with DSEE/Dragonica. Around a good 25+ lines i think.

That's true. So much work for so little. Wouldn't it come up in a virus scan? It came up clean for me . . .

Maybe someone who knows more on this subject can come around and answer this problem. I'm completely confused.

defect · 11/09/2009, 04:30

Quote:

Originally Posted by Zacko7

That's true. So much work for so little. Wouldn't it come up in a virus scan? It came up clean for me . . .

Maybe someone who knows more on this subject can come around and answer this problem. I'm completely confused.

Simple self modifying code dont usually show up on virus scans unless it makes direct changes to the users computer.

Virus scanners usually detect strings, either that or he edited strings of potential viruses or what not but unless he made the virus or whatever it couldve caused it to not run correctly so... ( a 2cents example)

~~Die Schnittstelle~~ · 11/09/2009, 10:45

Can't open it in Ollydbg.

shay_3100 · 11/09/2009, 15:07

can someone give me megaupload link please? i cant download..

~~magnusf~~ · 11/09/2009, 17:21

notice that its a OLD picture means thats it is from DSEE when that worked and not his hack and.... means that he not got a hack only doing this for earning money by the site

**** him and ban him **** idiot....