NecroBot Fork Updated

[Hammas]

hmmmm

10char

More investigations:

Actually, almost all bot/tools pogo use a reverse engineering lib called generally "encrypt.dll". The source code can be found here, so anyone can compile and use:

http://pgoapi.com

This library or code is completely needed.

Original NecroBot always used this "genuine" encrypt.dll, but two days ago, Noxx changed this, using two new lib. The first one, called "NecroBot-Network-Logic.dll" can be found in the git root. The Second, "86araTM4z9VzLMZZ.dll" is downloaded by the first one after every Necrobot execution from "http://necrobot.net23.net/" split on 16 chunks and merged all together on this dll.

Yes, Noxx project is OpenSource and you can go to Git and download all, and you will have all the source code... except of course the source code of this two libs (dll).

So... some simple questions:


1. It would be infinitely faster, effective and convenient to attach the file downloaded from remote host to the project, the application also take much less time to boot, and are non-dependent in. Why NecroBot-Network-Logic.dll is added to the project directly, but 86araTM4z9VzLMZZ.dll not??

2. that sense is download the file in pieces rather than complete?? Maybe avoid warnings in Firewall / AV software because possible harmful file??

3, Last and more important. Even the great work we do reversing pgoapi, the code is open source. Everybody can check the code inside encrypt.dll. Original NecroBot used this too. Now, We have a fork with two obscure libs without source code, working perfectly the old one.


Everyone is entitled to do whatever you want, personally I made the changes necessary to use the encrypt.dll lib again and remove from my fork all obscure code. Working perfectly, bot open much faster and im sure about what apps im running.

Noxx may have its reasons and all this can be unfounded, and maybe he use these libraries without any "evil" purpose, but while I can not see the source code or a good explanation ... sorry, I can not trust when changes are as less "suspicious"

[sikkwidditt]

More investigations:

Actually, almost all bot/tools pogo use a reverse engineering lib called generally "encrypt.dll". The source code can be found here, so anyone can compile and use:

http://pgoapi.com

This library or code is completely needed.

Original NecroBot always used this "genuine" encrypt.dll, but two days ago, Noxx changed this, using two new lib. The first one, called "NecroBot-Network-Logic.dll" can be found in the git root. The Second, "86araTM4z9VzLMZZ.dll" is downloaded by the first one after every Necrobot execution from "http://necrobot.net23.net/" split on 16 chunks and merged all together on this dll.

Yes, Noxx project is OpenSource and you can go to Git and download all, and you will have all the source code... except of course the source code of this two libs (dll).

So... some simple questions:


1. It would be infinitely faster, effective and convenient to attach the file downloaded from remote host to the project, the application also take much less time to boot, and are non-dependent in. Why NecroBot-Network-Logic.dll is added to the project directly, but 86araTM4z9VzLMZZ.dll not??

2. that sense is download the file in pieces rather than complete?? Maybe avoid warnings in Firewall / AV software because possible harmful file??

3, Last and more important. Even the great work we do reversing pgoapi, the code is open source. Everybody can check the code inside encrypt.dll. Original NecroBot used this too. Now, We have a fork with two obscure libs without source code, working perfectly the old one.


Everyone is entitled to do whatever you want, personally I made the changes necessary to use the encrypt.dll lib again and remove from my fork all obscure code. Working perfectly, bot open much faster and im sure about what apps im running.

Noxx may have its reasons and all this can be unfounded, and maybe he use these libraries without any "evil" purpose, but while I can not see the source code or a good explanation ... sorry, I can not trust when changes are as less "suspicious"

what about the bot HAXTON, that bot got me to level 20 atleast an hour fastest bot to level up, but got me ip ban eventually, but it did its job

[keksbirne]

Everyone is entitled to do whatever you want, personally I made the changes necessary to use the encrypt.dll lib again and remove from my fork all obscure code. Working perfectly, bot open much faster and im sure about what apps im running.

Care to explain how this is done? Thank you.

[NoxxDev]

More investigations:

Actually, almost all bot/tools pogo use a reverse engineering lib called generally "encrypt.dll". The source code can be found here, so anyone can compile and use:

http://pgoapi.com

This library or code is completely needed.

Original NecroBot always used this "genuine" encrypt.dll, but two days ago, Noxx changed this, using two new lib. The first one, called "NecroBot-Network-Logic.dll" can be found in the git root. The Second, "86araTM4z9VzLMZZ.dll" is downloaded by the first one after every Necrobot execution from "http://necrobot.net23.net/" split on 16 chunks and merged all together on this dll.

Yes, Noxx project is OpenSource and you can go to Git and download all, and you will have all the source code... except of course the source code of this two libs (dll).

So... some simple questions:


1. It would be infinitely faster, effective and convenient to attach the file downloaded from remote host to the project, the application also take much less time to boot, and are non-dependent in. Why NecroBot-Network-Logic.dll is added to the project directly, but 86araTM4z9VzLMZZ.dll not??

2. that sense is download the file in pieces rather than complete?? Maybe avoid warnings in Firewall / AV software because possible harmful file??

3, Last and more important. Even the great work we do reversing pgoapi, the code is open source. Everybody can check the code inside encrypt.dll. Original NecroBot used this too. Now, We have a fork with two obscure libs without source code, working perfectly the old one.


Everyone is entitled to do whatever you want, personally I made the changes necessary to use the encrypt.dll lib again and remove from my fork all obscure code. Working perfectly, bot open much faster and im sure about what apps im running.

Noxx may have its reasons and all this can be unfounded, and maybe he use these libraries without any "evil" purpose, but while I can not see the source code or a good explanation ... sorry, I can not trust when changes are as less "suspicious"

This dll of ancient repository, and will be replaced by the default

[Hammas]

This dll of ancient repository, and will be replaced by the default

You made the change two days ago, so no ancient repository here, sorry. Two days ago your repo used default encryption lib, you changed this to use a "new" dll encrypt (two in really, both without source code and one of them very very suspicious and obscure). Original NecroBot never used a custom encrypt dlls ore something similar, neither your repo... until two days ago .

If you want revert your own changes and use the defaults dll, good for all, but with all my respect what you say does not explain in any way you currently do your two lib used (including in version 0.8.9) and why were added two days ago (without being necessary, no pogo api changes), I would not investigate further and discover that some data are sent to a thirparty server or anything else

Of course the ultimate responsibility lies with those who use software created by someone else, but at least as to your necrobot fork is concerned, it is quite suspicious



@sikkwidditt

I dont know, i never used NEXA... maybe is secure, maybe not

[wisdomluna1]

You made the change two days ago, so no ancient repository here, sorry. Two days ago your repo used default encryption lib, you changed this to use a "new" dll encrypt (two in really, both without source code and one of them very very suspicious and obscure). Original NecroBot never used a custom encrypt dlls ore something similar, neither your repo... until two days ago .

If you want revert your own changes and use the defaults dll, good for all, but with all my respect what you say does not explain in any way you currently do your two lib used (including in version 0.8.9) and why were added two days ago (without being necessary, no pogo api changes), I would not investigate further and discover that some data are sent to a thirparty server or anything else

Of course the ultimate responsibility lies with those who use software created by someone else, but at least as to your necrobot fork is concerned, it is quite suspicious



@sikkwidditt

I dont know, i never used NEXA... maybe is secure, maybe not

Thank you for your investigation, how can I remove everything from that bot and be sure about it? Your help is much appreciated

Sent from my ASUS_Z00ED using Tapatalk

[cheater007]

Are you saying that it's possible that Noxx is sending info to Niantic about Necrobot users by using these suspicious lib's in this 'new version' ?

[NoxxDev]

You made the change two days ago, so no ancient repository here, sorry. Two days ago your repo used default encryption lib, you changed this to use a "new" dll encrypt (two in really, both without source code and one of them very very suspicious and obscure). Original NecroBot never used a custom encrypt dlls ore something similar, neither your repo... until two days ago .

If you want revert your own changes and use the defaults dll, good for all, but with all my respect what you say does not explain in any way you currently do your two lib used (including in version 0.8.9) and why were added two days ago (without being necessary, no pogo api changes), I would not investigate further and discover that some data are sent to a thirparty server or anything else

Of course the ultimate responsibility lies with those who use software created by someone else, but at least as to your necrobot fork is concerned, it is quite suspicious



@sikkwidditt

I dont know, i never used NEXA... maybe is secure, maybe not

Is dll had been implemented in the original NecroBot fork, shortly after the closing of the original, I did a hard reset and put the default dll again.
After a while reimplementei the dll again.

Last commit: NecroBot
Commits * NECROBOTIO/NecroBot * GitHub

Commit where the dll was implements in orginal: NecroBot
rewrote Encryption * NECROBOTIO/NecroBot@9a4a41f * GitHub

[Hammas]

Is dll had been implemented in the original NecroBot fork, shortly after the closing of the original, I did a hard reset and put the default dll again.
After a while reimplementei the dll again.

Last commit: NecroBot
Commits * NECROBOTIO/NecroBot * GitHub

Commit where the dll was implements in orginal: NecroBot
rewrote Encryption * NECROBOTIO/NecroBot@9a4a41f * GitHub

@Noxx

Wow, you are right, sorry them and my apology.

My own Necro fork was made the same day of shutdown, but not contained the last commit with the "estrange" change made by Necronomicon (Necro Author). This is very relevant, because is very probable Necronomicon wanted all pple with a "modded" encrypt for some purpose

Anyway, you are right and my apology again, was Necronomicon and noy your who make the change, sorry.

Please, revert the change them as quickly possible, nobody know who added in the last hours

@cheater007

clear now . Maybe Necronomicon?? I Dont know...


@wisdomluna1

Is easy, but no worry, Noxx had said he will reverted the change. In the main time you can wait some hours/days. I have no time in this moment to upload my own clean version, so use at your own risk (0.8.9 is affected too)

[usrmd]

ENGLISH PLEASE

great success with noxx devv 0.8.7.. updated to 0.8.8 yesterday, ran a few.. am regretting now..

won't go to 0.8.9 with this discussion

can someone elaborate on the conversation here

[Ev0luti0n]

Thanks Noxx for the update and implementing the changes in walk speed

...I have seen another project where they add the amount of pokemon and pokestops visited in the title, is this possible to add to your next release?

@Hammas
...thanks for looking this over and catching that and updating Noxx on the issue.

[wisdomluna1]

@Noxx

Wow, you are right, sorry them and my apology.

My own Necro fork was made the same day of shutdown, but not contained the last commit with the "estrange" change made by Necronomicon (Necro Author). This is very relevant, because is very probable Necronomicon wanted all pple with a "modded" encrypt for some purpose

Anyway, you are right and my apology again, was Necronomicon and noy your who make the change, sorry.

Please, revert the change them as quickly possible, nobody know who added in the last hours

@cheater007

clear now . Maybe Necronomicon?? I Dont know...


@wisdomluna1

Is easy, but no worry, Noxx had said he will reverted the change. In the main time you can wait some hours/days. I have no time in this moment to upload my own clean version, so use at your own risk (0.8.9 is affected too)

Thanks, I don't think I will continue with this bot anyway.

Deleting all files should be enough or you think i should do something more ?

[Hammas]

Simple:

The old dev owner of NecroBot, changed some files on necrobot code just before of shutdown the project. Noxx copy (and maybe others) use the same copy. The last changes made by the original necrobot dev add some very obscure code to the bot. Maybe to steal account, maybe to make a backdoor... who know.

The last release from Original NecroBot are unaffected, only the repo/git code was affected
Releases from Noxx are affected because use the original code, included the last changes add by Necro.

So, if you use Noxx compilations you are affected by some obscure code added by the original dev (not Noxx). The last one 0.8.9 is affected too, Noxx need revert the changes and restore the original files, then make a new compilation and publish.


@ wisdomluna1

I dont see any evidence of persistent malware, but who know, my time is limited

[usrmd]

Simple:
The last release from Original NecroBot are unaffected, only the repo/git code was affected
Releases from Noxx are affected because use the original code, included the last changes add by Necro.

so, it was release 0.8.5 i believe when the original shut down, and then gringo made "final release" 0.8.6 right before the original necro github was emptied

so 0.8.5 is the unaffected ?

[ShanksDeam]

Just a short question: what should I do with this source.zip after downloading and unpacking it? o.O
v 0.8.9