(01-28-2015 04:23 PM)SilentMan Wrote: [ -> ]
Code:
Line 1776 (File "F:\dumped__.exe_dumped__.au3"):
Global $65[]
Global $65[^ ERROR
Error: Variable subscript badly formatted.
AutoIt version of DUmp__AllowExec.exe is:
3.3.13.19
With problems like this first of all get the SCRIPT.a3x from the script.
(use 7-zip or some other resouce extract tool to get DUmp_.exe\.rsrc\0\RCDATA\SCRIPT)
Well I tested the SCRIPT.a3x with the following autoit3.exe
3.3.12
3.3.13.20
3.3.14.2 and
3.3.15.0
only the
green | blue ones worked.
Target is
Garena Cracker 1.3
compiled by
farid on
19.12.2014 19:31:17 on AutoIT
3.3.13.19
What it does is basically running for example:
C:\Program Files (x86)\Garena Plus\bbtalk\BBTalk.exe -login cw2k17 403c0314f89857402b2863e97ed9e3d5 -md5 -ignoreupdate -multiinstance
for testing if certain combination of from usernames.txt & password.txt is correct.
- To find \bbtalk\BBTalk.exe correctly the script need to be copied and run from C:\Program Files (x86)\Garena Plus
- without -md5 password can be also passed in clear text
Well unfortunately BBTalk.exe 1.2.40 has some bug that makes it hang if you enter an invalid password or usename. (I just only once made it say
invalid Login)
furthermore there's some subtile change the au3 code:
PHP Code:
WinList("[CLASS:my_shadow_win_class]"
is WinGetClientSize() width=360 and height=277
used to trigger if login succeed need to be updated. to width=100 and height=50
- also the function that uses WinList("Garena Talk (Beta)") to look for the invalid Login windows needs to be changed to WinList("TalkTalk (Beta)") to successfully fulfill its task
However that kind of implement might work - but don't complain it's
wacky and
slow
And there's already a newer Version
Garena Cracker 2.5
compiled by
farid on
08.11.2015 08:00:43 on Autoit
3.3.15.0
beside 2.5 the only link one that is also still working on archive.org is GarenaCracker-2.3-Setup.exe
The cool thing about Version 2 is that it uses direct communication via curl with
auth.gtalk.garenanow.com (<- url is now different) which is more direct fast and stable.
(Well next step would be to make it multithreading so you can slam many checks in parallel - how I don't wanna complain)
It has some little strange and stupid check to see if it's compiled or a script.
- from Libraries\Libraries.dll!DllEntry via IDA 6.8 hexrays
PHP Code:
BOOL DllMain(HINSTANCE hinstDLL ,...
// is Garena Cracker running
if ( OpenMutexA(0x100000u, 0, "Garena Cracker: Running");)
return 0;
// get 128 bytes from GarenaCracker.exe (seek 0x2000 from the End Of File)...
GetModuleFileNameA(0, &Filename, 0x104u);
if ( fopen_s(&File, &Filename, "rb") )
return 0;
fseek(File, -0x2000u, FILE_END)
fread(Buffer, 1u, 0x80u, File)
// ... Compare Buffer with 0x80 Bytes from this Dll
if !<Compare succeed>
return 0;
return 1;
and this Libraries.dll has 2 important exports
- GetPackets(_DWORD *aOutBuff) these are important configuration data for sending and check the receive packets to check login
=> can be replace by just hardcoding them:
PHP Code:
$MessageType = 0x020A ;DllStructGetData($tBuffer, "p1")
$Unknown1 = 0x1220 ;DllStructGetData($tBuffer, "p2")
$Unknown2 = 0x180122013128E44F;DllStructGetData($tBuffer, "p3")
$Receiv_1 = 0x020A ;DllStructGetData($tBuffer, "p4")
$p5_Case1 = 0x200801 ;DllStructGetData($tBuffer, "p5")
$p5_Case2 = 0x200802 ;DllStructGetData($tBuffer, "p6")
- MD5(BYTE *pbData, BYTE *MD5) to create md5 hash from the password.
= > Well Autoit can also create MD5 beside the official Crypt.au3 _Crypt_HashData() way here's an other undocumented one:
PHP Code:
#include <WinAPIDiag.au3>
Func MD5($Base, $Data)
Return StringLower( __MD5($Data))
end Func
so by this that dll can be removed completely
What also is a little weird is the way it load it's picture resources. Normal you do this in autoit via Fileinstall however here it adds the pictures directly into the exe -
resources uses and uses _WinAPI_LoadResource(). For script it just performs _GDIPlus_ImageLoadFromFile() to \Resources\*.png
Interesting is the way on using and introducing some kind of OOP classes to Autoit that are heavily based on arrays.
The whole thing is called
AutoItObject in the end you can code things like this:
PHP Code:
$Main.Status("Ready")
$Msg.Information("Cracking successfully finished.", $Main)
the '.' is not really new in programming but for AutoIT that is mostly just 'functions base' its kind da uncommon.
Well enough writing soon I'll release here the more (or less) finished script