Jump to content


  • Content count

  • Joined

  • Last visited

  1. I found this from an other forum. Its not writen by my. As you might have noticed, Ikov started banning users way faster. With a new method. Now that Galkon has come in (yes it's you Galkon, David ain't this smart...), they created a class file within the cache. So this file would never be visible when opening the client itself. Putting something in the cache is already strange, but when we found out what's in it, we got scared.. So remember the days where we were sure Ikov uploaded images to Imgur? Well they do it again, but this time with the class within the cache. They simply upload a picture to their imgur so they can see your desktop and whatever you were doing. If that's not enough yet, they also upload all kind of information about your computer, like your OS version and so on... Tell me Galkon/David, why the fuck are you so desperate and why do you want to hack people? Tell us! There is quite a bit of rather sketchy stuff going on in the client, so we may be a little longer then we first thought. A few examples (Method names were refracted from garbage to aMethodXXX() and fields have also been treated similarly) [none of these really show anything so far, just it's all rather odd that it's in the client in the first place] public static int aMethod26() { return (int)Toolkit.getDefaultToolkit().getScreenSize().getWidth(); } public static int aMethod27() { return (int)Toolkit.getDefaultToolkit().getScreenSize().getHeight(); } So those are grabbing screen width and height... not really needed, but also not really that bad right. They could be used for full scr-wait a minute... if (aField39 != null) { this.aField525.aMethod7(103); //writeByteIssac(103) [103 = playerCommandPacket] this.aField525.aMethod6(aField39.length() + "screenie".length() + 2); this.aField525.aMethod15("screenie " + aField39); aField39 = null; } IS THIS SCREEN GRABBING AGAIN? REALLY GUYS. Well at least that's what the command implies. Manually typing it into the game just tells us "That command does not exist". So a few classes later I stuble upon: private static void aMethod7() throws Exception { InetAddress localInetAddress = InetAddress.getLocalHost(); NetworkInterface localNetworkInterface = NetworkInterface.getByInetAddress(localInetAddress); if (localNetworkInterface == null) { localNetworkInterface = aMethod4() ? NetworkInterface.getByName("eth0") : null; } byte[] arrayOfByte = localNetworkInterface.getHardwareAddress(); StringBuilder localStringBuilder = new StringBuilder(); for (int i = 0; i < arrayOfByte.length; i++) { localStringBuilder.append(String.format("%02X%s", new Object[] { Byte.valueOf(arrayOfByte[i]), i < arrayOfByte.length - 1 ? "-" : "" })); } aField6 = localStringBuilder.toString(); } Seems to cache your mac address! This isn't anything new (they've been doing mac bans for ages), but they've recently updated it to add (very poorly mind you) Linux support. Now even further on in our quest to bot when people don't want is to, we discover this: public void aMethod1() { if (!this.aField1) { Class19.aMethod1().requestFocus(); Class19.aMethod1().aMethod5().setText("Capturing..."); Class19.aMethod1().aMethod5().setEnabled(false); Class8.aField1 = true; try { Thread.sleep(500L); } catch (InterruptedException localInterruptedException) { localInterruptedException.printStackTrace(); } } byte[] arrayOfByte = Class1.aMethod9("sc.dat"); Class191 localClass191 = new Class191(arrayOfByte); try { Class localClass = localClass191.loadClass("sc.util"); Object localObject = localClass.newInstance(); localClass.getDeclaredMethod("ex", new Class[] { Boolean.TYPE, Long.TYPE, Integer.TYPE, Integer.TYPE, Integer.TYPE, Long.TYPE }).invoke(localObject, new Object[] { Boolean.valueOf(this.aField1), Long.valueOf(Class174.aMethod3(Class1.aMethod205())), Integer.valueOf(Class1.aMethod206()), Integer.valueOf(Class1.aMethod207()), Integer.valueOf(Class185.aField11), Long.valueOf(Class1.aField5) }); if (!this.aField1) { Class93.aMethod2(new Class106(this)); } } catch (Exception localException) { localException.printStackTrace(); } } So it looks like it's just some sorta screenshot utility and i was going to pass it up, but then I noticed that it's loading a file ("sc.dat") from the cache. I get interested and dump and, anddddddd: [url]http://puu.sh/jSbaA/b035f664b0.png[/url] So it's 1 class (and a sub class). So what? Fire up our trusted decompiler and see: [url]http://pastebin.com/J7fzirzE[/url] Sweet baby jesus that's a mess. I think we should clean up those string a bit first. They appear to be base 64 encoded, yet just throwing them into a decoder spits out garbage. We could always try following all the code contained within the "ph" class for decryption... Or we can have a look at the bytecode, deem it safe, and then use use the ph class directly to decrypt the strings. It would look something like: [url]http://pastebin.com/ezy7J0PB[/url] Now I'd normally just push this of as taking a screenshot of the game and uploading it, some shitty feature or somesuch... But that "screenie" command makes me think otherwise, along with the lines 180-208. If it were the case of just uploading screenshot to share why would they have stuff along the lines of "time logged in", "player name", your OS information (os name, type arch, even the available processors). And they were using something similar not too long ago.
  2. Client download link is down. And I cant register on website
  3. Good luck Edit: Error connecting to server
  4. Looks interesting. Hope for the best.
  5. Nice server. Unfortunately too meny disconnection and downtime.
  6. Error loading... Please report! Cant play.
  7. Error connecting to server?????
  8. I use Insanityx V6.1 base. I made two characters. The only difference is character rights. character rights = 2 is admin and can ::yell character rights = 3 is owner and can not ::yell All the rest is same. Only character rights are different and name+password. Can anybody help?