RFRudokop

[nopp]

Quote:

Originally Posted by kolorijoman

300 euro ? for a bunch of **** ?

75 USD for 1-55 afk leveling, farm and tonns of cheats

Quote:

Originally Posted by vhortex

it cant be fooled bacause it is using IP.. the old version uses hostname or domain name. It does not mean that the system can't be a victim of DNS poison..

seems you dont know how it really works
Program could be easily tricked by hooking the connect() winsock API and you actually dont care if it use dns or not. But anyway what you will do next? You need to generate users database. Since you dont know it's format and encryption protocol it is almost impossible.

[jaidee]

Ahh kaya pala d ko mapagana. Anyways. thanks.

[vhortex]

Quote:

Originally Posted by nopp

75 USD for 1-55 afk leveling, farm and tonns of cheats


seems you dont know how it really works
Program could be easily tricked by hooking the connect() winsock API and you actually dont care if it use dns or not. But anyway what you will do next? You need to generate users database. Since you dont know it's format and encryption protocol it is almost impossible.

just to let you know. all programs once loaded in the memory and running are un-ecnrypted. you only need to dubug on where this main rudukop launcher jumps execution. this is the base of polymorphism stuff.

from there you can read those memory zones and debug, you dont need to check the user database. that beats the purpose.. you need to hook the code checking and inject "NOP" command.

NOP = no operation in human terms. in DOS mode or kernel mode, the most primitive area of MS System. this is equivalent to 90hex and 1 byte long, there is a machine code equivalent to the extended memory area or the memory area above 1MB base memory on the multi threading system.

-------------

You got the idea of winsock, you are 25% of the way but you are wrong if you think you will need a user database.

Remember that it only needs to check the server for an access then sends back data for success or failure. If success it will open the software and encrypt

It don't recommend hooking winsocks, it can interfere with other running programs. I use "Virtual PC" with a different IP address on stuff like this. The one running on this Virtual machine controls the DNS poisoning Unix system which poison only my local network.

***************

winsock hooking will trigger your antivirus.

[98mtl6]

Quote:

Originally Posted by vhortex

You got the idea of winsock, you are 25% of the way but you are wrong if you think you will need a user database.

it'll need a user database for the second login screen.two checks are done by rudukop. the first is to check if your computer is registered into the rudukop users. the second one is a login screen for rfrudukop users, which can let you chat with others as well. in which should need a user db.

Quote:

Originally Posted by vhortex

just to let you know. all programs once loaded in the memory and running are un-ecnrypted. you only need to dubug on where this main rudukop launcher jumps execution. this is the base of polymorphism stuff.

for this one, take a look at this:

Quote:

Most of the available protection schemes use a so called 'mounted scheme' (the protection program adds code to your program that makes it encrypted, compressed and debugger protected). When your program is started this code unpacks, decrypts and adjusts your application back to its original state.
In such a case a cracker's actions are obvious: he suppresses the anti-debugging tricks and dgumps the unpacked and decrypted application code. Then after having disassembled and analyzed the code, he simply needs a little patching and he gets a fully functional unprotected copy.

What are the weak points of such protection?
• Protection code added to an applications is usually more or less standard and soon or later it becomes the subject of detailed analysis. Once the security code is analyzed, reverse engineering of the protected application becomes a snap. In addition there are many automatic deprotectors that crackers can use for most popular protection solutions.
• Protected code of your application is encrypted. But before it can be executed the protector has to decrypt it and pass the control to it. This moment can be intercepted by an intruder so he can get the access to the original code for analyzing/modification.

EXECryptor uses a conceptually new approach to protect software applications. The core of the protection technology is a brand new concept of the code transformation called "Code Morphing". This technology protects the code on the CPU-command level. It is known the x86 processors command system is redundant and allows the execution of the same 'code' using various different system commands. EXECryptor breaks up the protected code into several processor commands or small command snippets and replace them by others, while maintaining the same end result. Thus EXECryptor obfuscates the code not on the source level but on the level of the CPU commands.
The Code Morphing is multilevel technology containing hundreds of unique code transformation patterns. In addition this technology includes the special layer that transforms some commands into Virtual Machine commands (like P-Code). EXECryptor's Code Morphing turns binary code into an undecipherable mess that is not similar to normal compiled code, and completely hides execution logic of the protected code.
Unlike other code protectors, there is no concept of code decryption with EXECryptor. Protected code blocks are always in the executable state, and they are executed as a transformed code. The original code is completely lost and code restoration is an NP-hard problem.
In addition you do not have to worry about the size or speed of your program because you don't need to transform its entire code. You have to protect only critical parts of your code, responsible for serial number verification, trial expiration date, and other evaluation restrictions. The rest of application code remains intact and software execution speed remains the same.

source:

don't challenge dark & his team, you'll just lose. LOL

[nopp]

Quote:

Originally Posted by vhortex

just to let you know. all programs once loaded in the memory and running are un-ecnrypted.

Have you ever heard about virtual mashine technique? EC and themida uses it.

Quote:

Originally Posted by vhortex

from there you can read those memory zones and debug, you dont need to check the user database. that beats the purpose.. you need to hook the code checking and inject "NOP" command.

Yes, but it is hardly reproduced because of code virtualization. The one variable checking can take about 20 ASM instructions. So it's not that easy as you think.
Besides crc checks, anti debug and so on..

Anyway I've lost the point we descuss about. Could RFRudokop be cracked? Sure it can be but no one will do it since no one have 1 month of free time. Besides cracked version will be fixed on all RFO server at one moment. Plus look at the rfrudokop binary in hex and you will see such messages: "ban me bcuz Im user of cracked rfrudokop" - I dont remember exactly message, whatever it looks like. So it seems like release of crack is somehow provided by rfrudokop internal protection to inform GMs or who knows.

IMHO it's much favourably to buy it or code your own bot.