Detect malicious private server client

Lariss_ · 04/07/2022, 15:07

Hi,
Are there any tutorials on finding if the private server client contains malicious code/malware/etc.? (file stealers, keyloggers, cryptocurrency mining, etc.)
If not, then what's the most efficient way to do that?
I've thought of client launcher decompilation, but I don't know
1. if that would help with detecting malicious code.
2. what files should I decompile.
I would be very grateful for any advice, tutorial, whatever.

inb4 antivirus scan

Endless. · 04/08/2022, 22:29

Quote:

Originally Posted by Lariss_

Hi,
Are there any tutorials on finding if the private server client contains malicious code/malware/etc.? (file stealers, keyloggers, cryptocurrency mining, etc.)
If not, then what's the most efficient way to do that?
I've thought of client launcher decompilation, but I don't know
1. if that would help with detecting malicious code.
2. what files should I decompile.
I would be very grateful for any advice, tutorial, whatever.

inb4 antivirus scan

In normal Case, the Clients doesnt have Backdoors because to much People where have Experience with Computers and IT will detect it. You can reverse the whole Binary with Ghidra. This Tool will show you, what happen in Background while this Process is running.

Sry my English is bad -_-

With kind Regarts, Endless

No14 · 04/09/2022, 00:29

Quote:

Originally Posted by Lariss_

Hi,
Are there any tutorials on finding if the private server client contains malicious code/malware/etc.? (file stealers, keyloggers, cryptocurrency mining, etc.)
If not, then what's the most efficient way to do that?
I've thought of client launcher decompilation, but I don't know
1. if that would help with detecting malicious code.
2. what files should I decompile.
I would be very grateful for any advice, tutorial, whatever.

inb4 antivirus scan

Firstable, every time you will download any stuff from not sure sites.
Use virustotal:

the patch.exe searching for new packs or new datas. This progress without whitelist patch.exe could make many troubles. Because windows don´t say its safety, because they don t know about these datas.
So it s the job from any devs to make their client safety first.
Aeldra using a safety patch.exe. We used the same, it was a big change for small money.
Sometimes there are some negative points. But thats just normal in Metin.
The Admin should send a safety patch.exe to google. When they whitelisting the patch.exe you can play without any problems.

But theres sometimes any issues, why you can t play metin or your window will not open/ react. That´s not because of bad programs, its because of your engines, graphic driver or configs.

You can watch your process, when you open your Client window. And watch what happens in your task manager.

And the last tip, don´t use the same e-mail, passwords or ID´s in any case, when you play games.
Some Players don´t understand what is safety.
And download only about links from team Staff, trusted homepages and not about 3rd person.

~~br4ve-trave1er.asf~~ · 04/10/2022, 10:25

Quote:

Originally Posted by No14

Firstable, every time you will download any stuff from not sure sites.
Use virustotal:

the patch.exe searching for new packs or new datas. This progress without whitelist patch.exe could make many troubles. Because windows don´t say its safety, because they don t know about these datas.
So it s the job from any devs to make their client safety first.
Aeldra using a safety patch.exe. We used the same, it was a big change for small money.
Sometimes there are some negative points. But thats just normal in Metin.
The Admin should send a safety patch.exe to google. When they whitelisting the patch.exe you can play without any problems.

But theres sometimes any issues, why you can t play metin or your window will not open/ react. That´s not because of bad programs, its because of your engines, graphic driver or configs.

You can watch your process, when you open your Client window. And watch what happens in your task manager.

And the last tip, don´t use the same e-mail, passwords or ID´s in any case, when you play games.
Some Players don´t understand what is safety.
And download only about links from team Staff, trusted homepages and not about 3rd person.

you understood nothing and still replied, bravo

Quote:

Originally Posted by Lariss_

Hi,
Are there any tutorials on finding if the private server client contains malicious code/malware/etc.? (file stealers, keyloggers, cryptocurrency mining, etc.)
If not, then what's the most efficient way to do that?
I've thought of client launcher decompilation, but I don't know
1. if that would help with detecting malicious code.
2. what files should I decompile.
I would be very grateful for any advice, tutorial, whatever.

inb4 antivirus scan

thats sadly not that easy, you would need some good reverse engineering knowledge to be able to detect actually hidden malware.

if you just want a general idea if a client is fine or not you could use something like "api monitor"(rohitab) or "process monitor"(micorosft/sysinternals) to monitor the process while its running on a VM, these tools can be a good indicator for malicious activity because they will display attempts of the process to access files outside of the client, reading/writing to unrelated registries and so on.

you could also dump the python files of the client and check these for weird shit but its not as common as it used to be to leave nasty shit there