The Real Reason Behind mBot Crack Fail

sarkoplata · 09/09/2012, 21:27

I bet all is about a simple thing. NoEx probably don't even know about this, because he would have fixed it until now. It's probably a simple thing as I said like windows automatically restarted it for updates or w/e (I'm sure he don't use windows anyways)

@fox, portal

If you can tell me how do I redirect the bot to localhost, I can try my best

If doad used domains instead of ip i would use hosts file

(**** me im so smart xDD) (I do not know anything about unpacking, but at least I know a bit about PHP

)

PortalDark · 09/09/2012, 21:32

Quote:

Originally Posted by Dr.Rangahaitimanamgueyam

pro master, if it was possible then why didn't NoEx do it? PLEASE1
Why would he make it redirect to a server and not localhost? PLEASE2

well, by redirecting to localhost, you will have forever bot without the "risk" of having your data stolen

fox564 · 09/09/2012, 21:37

@sarkoplata
the same way you do for silkroad.
make a native dll [c++] and use microsoft detours to redirect connection.
if you are lost use the drew_benton tutorial about silkroad loader you will find the redirection function.

sarkoplata · 09/09/2012, 21:49

Quote:

Originally Posted by fox564

@sarkoplata
the same way you do for silkroad.
make a native dll [c++] and use microsoft detours to redirect connection.
if you are lost use the drew_benton tutorial about silkroad loader you will find the redirection function.

screw that **** not hooking the wsa.connect method again

will check what I can do with loopback adapter

Dr.Rangahaitim · 09/09/2012, 23:11

Quote:

Originally Posted by PortalDark

well, by redirecting to localhost, you will have forever bot without the "risk" of having your data stolen

wdf, so he did that on purpose? omq if that's true then "I think" that NoEx did that so he can wait Doad to offer him money to stop the bot from working whenever he wants, but if so, why didn't he do that earlier, and remember these are all thoughts, maybe the server accidently went down... Lets just wait for NoEx to give us a response.

~~intercsaki~~ · 09/09/2012, 23:49

This stuff makes Noex more and more respectable in my eyes.

Doesn't matter if the did that on purpose or not, he kinda has a weapon in his hand.

And I also think that he doesn't even know about this problem.

PortalDark · 09/10/2012, 00:04

Quote:

Originally Posted by Dr.Rangahaitimanamgueyam

wdf, so he did that on purpose? omq if that's true then "I think" that NoEx did that so he can wait Doad to offer him money to stop the bot from working whenever he wants, but if so, why didn't he do that earlier, and remember these are all thoughts, maybe the server accidently went down... Lets just wait for NoEx to give us a response.

i didnt mean to say he is stealing stuff
but by making it local you can be sure(for conspirators) your info is safe

r7slayer · 09/10/2012, 00:43

Quote:

Originally Posted by PortalDark

i didnt mean to say he is stealing stuff
but by making it local you can be sure(for conspirators) your info is safe

got more chance of having a keylogger on your pc than noex trying to hack everyone with this crack.

djtrilogic · 09/10/2012, 02:15

Actually ideas are clear, I have also investigated in that since the crack is down (i just read this thread now, if only i did it before

),

So here are my observations:

-> Crack Forces mBot to bind IP to noEx Server, which is hosted @Dedibox...
-> mBot sends to noEx Server a HTTP Form which contain encrypted(?) informations concerning current version
-> The server sends {{LAST_VERSION}}...
-> Same thing for ID&PW (http form)
-> The Server normally should send a reply that is different then @1.100@ which means that ID&PW are wrong...

And here are my doubts:

-> I don't know if noEx Server sends a reply that said that ID & PW are correct or noEx have used jumping technique (JMP to a specific @ddress)

Finally what I ask from you:

->How Hell Can we force mbot (or any application) to bind to a specific ip ... i've tried ForceBindIP but it has never find WinSock.dll to do its stuff ...

Can you help me please, and can we create a small team to work together for resolving that issue

actually we can create a socket application that receive a 1st packet (whatever its content is) and replies with [HTTP stuff concatenated to "{{LAST_VERSION}}"] and receive 2nd packet and replies with [HTTP stuff concatenated to the reply that mbot server send when id & pw are correct]...

that will avoid making PHP page and force everybody to install apache server or so ...

fox564 · 09/10/2012, 04:51

if you could not create a dll to redirect the connection as i explained before ... you can also install a loop back adaptor and set the ip to the server's ip.
this will make you avoid the apache thing.

have fun.

djtrilogic · 09/10/2012, 09:22

Can you clarify this for me a little bit more ?

fadyi · 09/10/2012, 10:15

I have no idea what I'm reading. but if you will get it to work then that would be good.

WannaSun · 09/10/2012, 13:21

So actually noone here got NoEx msn,skype,icq,qq,facebook,twitter,mail or whatever to ask him if its a mistake or by purpose?

M4n1ak · 09/10/2012, 15:07

Yes, yes, but what's the encryption?
It can be done with asm jump only, without any php?

~~aurisdesirio~~ · 09/10/2012, 15:20

Maybe you can do a new crack with the noex data and publish, if you can, thanks