Enchancing the security of 3rd party tools

[Netzgeist]

Hi d00ds

I recently looked a bit into the functionalities of warden. As we all know, warden scanns mostly your active tasks lists and temporary files of windows, ram etc.
So even if we rename our pirox.exe to whatever.exe warden _will_ detect it, cause it will recognise an exact sheme of memorie usage that is unique on pirox(pirox ist just the example for now).

Now "a" solution:
First we'll do the basic stuff: We open our bot with a hex.editor. A good one is hiew(my choice). We now try to replace Stuff like windows labels etc by searching for the botname and replace it with shit.exe, windows-tuner.exe or whatever(using stuff like firefox.exe or ventrilo.exe is a shit idea! warden knows them and will recognise a usage difference)

Now the advanced stuff:
Many coders are using engines that protect their codes from disassemling. They also use packers to compress binaries while having them still work without unpacking. We will take a advantage of both for now:
1) UPX is a free and open source packer. Apply it on your bot, and so trick warden by changing the sizes and checksums
2) Executable_Undetector is a closed source free app, coded by trojan coders(yes, its safe lol). It was intended to make malware stuff not to be found by virus-scanners, but on this example, it perfectly fits our needs. Exectable_Undetector will obfuscate the whole code by reassembling functions and changing entry points randomly. Apply it on your bot, and you have your complete app-function's memory usage changes.
3) To add this info: There is also a commercial code-obfuscator named "Themida". Themida _is_ better than Executable_Undetector. But since its warez, i cannot post a dlink to it here. If you dont trust Executable_Undetector, buy themida or get it elsewhere.

Now what? Well, now you got anything undetected. For example you may now use _way_ old bots again that usually were quick detected.

Feel free to ask stuff, im just trying to help out peepz :wave:

[Svempy]

Not that I use bots anymore, got all my honor before warden came out :>

I havent tried this and I dont think I will need to couse I dont bot anymore but this looks like its functional.

Good idea +Rep

[franciz3]

but isn't BG botting is kinda "strict" now... and u will get banned if u've been "reported afk" this x amount of time... and not by using pirox or any BG bots?

...well at least this is what i learned from reading threads in this forum and other sites too.

i used to use pirox.. but ever since bunch of my friends who use pirox as well got a "warning" email from blizz.. i kinda got scared and stopped using it cuz i really only have one account with all my characters in it..

if som1 prove me that im wrong.. then ill definitely apply this to my pirox.


nice guide btw.

[Netzgeist]

Well, this is not to be reduced to Pirox, its an overall way to enhance your security. I not into wow for long time but i guess there are for example lotsa bots that are currently detected by warden (farmbots, grindbot etc.) using my instructions, you could even make this old stuff undetected again. the possibillities are just limited by your imagination

[Kaboose_1337]

ive been using a fishbot since about bc came out and it hasnt been detected yet its been great for overnight farming inside wc getting all those deviates its alot of money after a while but they only sell for around 8-15 g a stack but overnight getting over 50 stacks is great also was wondering if any1 had a auto loot thingie so it would only loot the deviates? when it caught them?

[franciz3]

ive been using a fishbot since about bc came out and it hasnt been detected yet its been great for overnight farming inside wc getting all those deviates its alot of money after a while but they only sell for around 8-15 g a stack but overnight getting over 50 stacks is great also was wondering if any1 had a auto loot thingie so it would only loot the deviates? when it caught them?

search curse.com for "lootfilter"

dunno wat this hav to do with this thread.. but.. i think that's d mod ur looking for.

[Netzgeist]

search curse.com for "lootfilter"

dunno wat this hav to do with this thread.. but.. i think that's d mod ur looking for.

I think he just messed up and was about to post in the thread right next to mine, bout the new fishbot ^^

[Malarkey]

Also if your coding a bot you could make the window title-less, and encrypt your strings.

[Netzgeist]

Also if your coding a bot you could make the window title-less, and encrypt your strings.

i totally agree with you, but in this topic its more about hooking into others (closed)codes.
btw: thanks for the rep dudes. by time, i will write down 2 more essays about undetecting. one will be easy like this, the other will be way more advanced ^^

[KingOfTheMorons]

my virus scan detected a Trojan (avast)

[Netzgeist]

Read my first posting and then think about why executable_undetector gets reportet by some anti-virus-engines. this tool was originally designed to make malware undetected ^^. well as i said, feel free to (buy and) use themida instead but i promise, executable_undetector is no malware itself

[tripleblade3]

Im a mac user so i don't have to worry about warden but if i ever go on my PC ill have to remember this! Thanks dude.

[tripleblade3]

Im a mac user so i don't have to worry about warden but if i ever go on my PC ill have to remember this! Thanks dude.