Jump to content
Sign in to follow this  
sk-

This is why you shouldn't hack (A look into key stealers)

Recommended Posts

First off, I never run cheats and I was just curious as to how they worked - my job is a software engineer.

I've been playing since very early, love this game & community. I've never been banned, switched a CD key or used a hack. ever.

Now lets get to the interesting stuff.

I found someone off *** that was selling a bypasser + scripts for $10.

5a2ih1.jpg

I reached out to him on Skype and we setup the transaction. 11 euro for the bypasser + scripts.

I sent the money and received the files.

Screen%20Shot%202012-12-30%20at%202.27.17%20PM.png

Originally I was sent an out-dated bypasser which I ran in a VM. I googled the bypasser and found out it's been out for a while and is detected. This bypasser didn't make any network calls or mysterious registry reads - however, if I'd have used it in game, I would have been global banned.

Screen%20Shot%202012-12-30%20at%202.50.17%20PM.png

Next I contacted "Thesgtluca" telling him it was shit and he tried to scam me. He said he knows it's being detected and he has an update.

I got the update and ran in the same VM, it is a single .exe called "Bypass updater.exe".

Screen%20Shot%202012-12-30%20at%202.50.58%20PM.png

In the screenshot you can see the bypasser looking for my Arma key (this VM didn't have anything installed beyond default win7).

Screen%20Shot%202012-12-30%20at%202.45.27%20PM.png

Then, you can see the script made a request to a2dayz.netne.net with a GET request that appends your key as URI parameters to a keys.php file.

Screen%20Shot%202012-12-30%20at%202.45.38%20PM.png

I confronted him and he promptly signed-off:

Screen%20Shot%202012-12-30%20at%202.27.33%20PM.png

Finally, you can see the interface they use to log in and access the stolen keys:

Screen%20Shot%202012-12-30%20at%202.59.18%20PM.png

So, as a word to you all, be careful and don't hack!

He did get my $10, but it's worth the fun I had investigating.

Additional server info ... look, he's got mysql open ...

------------------

Starting Nmap 6.01 ( http://nmap.org ) at 2012-12-30 14:57 EST

Nmap scan report for a2dayz.netne.net (31.170.160.169)

Host is up (0.029s latency).

rDNS record for 31.170.160.169: 31-170-160-169.main-hosting.com

Not shown: 994 filtered ports

PORT STATE SERVICE

20/tcp closed ftp-data

21/tcp open ftp

80/tcp open http

554/tcp open rtsp

3306/tcp open mysql

7070/tcp open realserver

------------------

Registered through: GoDaddy.com, LLC (http://www.godaddy.com)

Domain Name: NETNE.NET

Created on: 19-Mar-09

Expires on: 19-Mar-13

Last Updated on: 20-Mar-12

Registrant:

Hostinger International Ltd.

61 Lordou Vyronos

Larnaca, 6023

Cyprus

Administrative Contact:

Kyriako, Kyriakos hostmaster@hostinger.com

Hostinger International Ltd.

61 Lordou Vyronos

Larnaca, 6023

Cyprus

+357.24030130

Technical Contact:

Kyriakos, Kyriako abuse@main-hosting.com

Hostinger International Ltd.

61 Lordou Vyronos

Larnaca, 6023

Cyprus

+357.24030130

Domain servers in listed order:

NS1.000WEBHOST.COM

NS2.000WEBHOST.COM

Edited by sk-
Removed URL from an image
  • Like 6

Share this post


Link to post
Share on other sites

The real hackers are guys who find their own exploits, those rarely ever get caught.

I enjoy rick rolling kiddies looking for youtube videos for scripting, it's a hell lotta fun.

  • Like 1

Share this post


Link to post
Share on other sites

The real hackers are guys who find their own exploits, those rarely ever get caught.

I enjoy rick rolling kiddies looking for youtube videos for scripting, it's a hell lotta fun.

For sure - for a second I don't think any of this is "hacking", in the real sense. I've done exploit development and it is VERY difficult to develop your own, working exploits. Be it reversing a CVE or actually developing a 0day. Anyways, yeah I've seen those youtube videos where they tell you to download an .exe ... haha. I feel bad though it people fall for it.

Share this post


Link to post
Share on other sites

I'm not a tech wiz so I'm curious how these exploits are actually made, I mean you'd have to send instructions to the server that you cannot usually send for hacks, can't the server just notice that and ban you instantly?

Share this post


Link to post
Share on other sites

So did he steal your key or not?

No - I was running inside a virtual machine w/out Arma installed. So the registry read to find the key failed. However, his .exe still makes a request to the web server to post the key even w/out the key.

That's a pretty poorly written bit of code. It shouldn't make the request if it can't find the CD key ...

Share this post


Link to post
Share on other sites

I'm not a tech wiz so I'm curious how these exploits are actually made, I mean you'd have to send instructions to the server that you cannot usually send for hacks, can't the server just notice that and ban you instantly?

I guess - however, the bypass allows you to 'bypass' the server side script checking (someone correct me if I'm wrong), thus allowing you to execute code.

Arma and the engine by nature are very open and so this is going to be an uphill battle to remove the hackers. Hopefully the standalone fixes these issues.

Share this post


Link to post
Share on other sites

Topic unlocked, some posts removed. A reminder, we won't tolerate the promotion or discussion of illegal activities or the influence of others to commit illegal acts on these forums, doing so will result in warnings being handed out.

Edited by smasht_AU

Share this post


Link to post
Share on other sites

Topic unlocked, some posts removed. A reminder, we won't tolerate the promotion or discussion of illegal activities or the influence of others to commit illegal acts on these forums, doing so will result in warnings being handed out.

Got it, will keep this thread legit. Thanks admins for allowing it to continue.

very interesting thread. cheers for posting

Thanks, it was fun to track it down.

  • Like 1

Share this post


Link to post
Share on other sites

I find it ridiculous how far some people are willing to go to get CD keys and hack the game.

The main word being GAME.

All that effort so you can grief people and hack just for a few times of entertainment before you get a global ban and must change CD keys is kinda pathetic really.

Its a game, and yet some people are writing code to cheat and then find new ways around it when battleye updates is just stupid.

These kind of people must have no real life and WAY too much time on their hands

Good on you for investigating, we need more people like you looking into these kind of things

. It does make me wonder how some of these kiddies do get through and get hacks when 99% of them seem like they are CD key stealers as most of the hackers ive met have been 12 year olds ( the ones that spoke)

Edited by Regulator Lone Warrior

Share this post


Link to post
Share on other sites

I find it ridiculous how far some people are willing to go to get CD keys and hack the game.

The main word being GAME.

All that effort so you can grief people and hack just for a few times of entertainment before you get a global ban and must change CD keys is kinda pathetic really.

Its a game, and yet some people are writing code to cheat and then find new ways around it when battleye updates is just stupid.

These kind of people must have no real life and WAY too much time on their hands

Good on you for investigating, we need more people like you looking into these kind of things

. It does make me wonder how some of these kiddies do get through and get hacks when 99% of them seem like they are CD key stealers as most of the hackers ive met have been 12 year olds ( the ones that spoke)

I agree - I think the active 'hackers' are probably a small community .. it only takes ONE guy to ruin a server, leave and hit another one. 15 guys, jumping servers every 15m ... well in a few hours they can ruin a lot of games. I'm going to contact that server/host owner and let them know one of their clients is hosting a key stealing site. That's probably a ToS violation.

Share this post


Link to post
Share on other sites

I found Judz.

Judz_zps08f019f6.jpg

Wow - nice find. Guy below him in the thread has keys for sale, =[ Edited by sk-

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×