Over-cheat: free 3.3.5 web hack

[poke123]

do not delete this thread please, it's not a fake it's just more creative than usual (because it was deleted 2 week ago and "under investigation" (forgotten?) since this time)
reason 1: I am not an "Hacker trojan lol"
reason 2: Look my other thread, no Virus for 2 model changing tools
reason 3: there is a Virustotal for each "suspicious" file and the source when it's a false positive so I cannot do better in order to prove you it's not a virus
______________________________________________

PRIVATE ONLY, NO WARDENPROOF

Introduction
Some people say me "Impossible" So for these people:
1) Impossible is not a french word (in fact it is but we deny :-p)
2) I did not know so I did it
3) I do not have 3) is it a problem?

How it work ?
1) How memory Edit with a web page ?
===> by using an activeX plugin (downloadable on the site)
2) How ASM inject with a web page ?
===>by using an activeX plugin
3) How <put whatever you want here> ?
===>by using an activeX plugin

what does it contain?

• A teleporter
• A teleport list
• A (The?) teleport Map
• A "classic" Multi-Hack (Flymode, SpeedHack and other)
• A tracking tab (hunter tracking mode + Herbs, Veins, Chests and Fishes)
• A Morpher (Classic too)
• A Memory editor (like a cheat engine table)
• A Function Caller
• A BlackBasic Runner (no enUS doc at the moment, so forget it)

if you want more information the screenshot is here (or else I will try to answer in this thread)

How Configure My PC?
1) Download BlackBasic Installer (in red on the screen)
2) Run it (it will Download .NET, IE and other required things and next install BlackBasic)
3) Go on the site (link: Nemesis'Team, the Blog is in french so Forget it too)
4) Click on the IEtab icon for google chrome, right click on the tab an "change rendering engine" for Firefox and nothing for Internet Explorer :-)
5) Click on the "Over-cheat translator: english" button
6) Have fun :-p
or follow this Video Guide: http://www.youtube.com/watch?v=yq55Jkowa8w

Virus Scan
A web Hack is, unusual what should I scan ? maybe the Plugin ?
VirusTotal - Free Online Virus, Malware and URL Scanner
the BlackBasic editor (created with autoit so probably some false positive but the source code is in the folder) ?
VirusTotal - Free Online Virus, Malware and URL Scanner
source:
[spoiler]

Code:

#include <EditConstants.au3>
#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>
#Region ### START Koda GUI section ### Form=
global $f = ""

opt("guioneventmode", 1)
$Form1 = GUICreate("BBrunner", 491, 464, 209, 266)
$Fichier = GUICtrlCreateMenu("Fichier")
$MenuItem1 = GUICtrlCreateMenuItem("Ouvrir...", $Fichier)
$MenuItem2 = GUICtrlCreateMenuItem("Enregistrer sous ...", $Fichier)
$MenuItem3 = GUICtrlCreateMenuItem("Enregister", $Fichier)
$MenuItem6 = GUICtrlCreateMenu("insérer")
$MenuItem7 = GUICtrlCreateMenuItem("Variable", $MenuItem6)
$MenuItem8 = GUICtrlCreateMenuItem("Fonction", $MenuItem6)
$MenuItem4 = GUICtrlCreateMenu("Lancer")
$MenuItem5 = GUICtrlCreateMenuItem("Lancer", $MenuItem4)
$script = GUICtrlCreateEdit("", 0, 0, 489, 441)
GUISetState(@SW_SHOW)
#EndRegion ### END Koda GUI section ###

GUICtrlSetOnEvent($MenuItem1, "ouvrir")
GUICtrlSetOnEvent($MenuItem2, "sauvegardersous")
GUICtrlSetOnEvent($MenuItem3, "sauvegarder")
GUICtrlSetOnEvent($MenuItem5, "lancer")
GUICtrlSetOnEvent($MenuItem7, "variable")
GUICtrlSetOnEvent($MenuItem8, "fonction")
GUISetOnEvent($GUI_EVENT_CLOSE, "_exit", $Form1)

func _exit()
	Exit
EndFunc


func ouvrir()
	$f = FileOpenDialog("ouvrir...", "", "BlackBasic (*.bb)")
	if FileExists($f) Then
		GUICtrlSetData($script, FileRead($f))
	Else
		MsgBox(0, "erreur", "le fichier n'existe pas")
		$f = ""
	EndIf
EndFunc

func sauvegarder()
	if $f = "" Then
		sauvegardersous()
	Else
		FileDelete($f)
		FileWrite($f, GUICtrlRead($script))
	EndIf
EndFunc

func sauvegardersous()
	$f = FileSaveDialog("sauvegarder sous...", "", "BlackBasic (*.bb)")
	if stringright($f, 3) <> ".bb" then $f &= ".bb"



	if FileExists($f) Then
		if MsgBox(4, "avertissement", "le fichier existe déjà, remplacer ?") = 6 Then
			FileDelete($f)
			FileWrite($f, GUICtrlRead($script))
		EndIf
	Else
		FileWrite($f, GUICtrlRead($script))
	EndIf


EndFunc

func Lancer()
	$bb = ObjCreate("BlackBasic")
	with $bb
		.Init(InputBox("information", "veuillez saisir le nom du processus cible"), 0)
		.Read(GUICtrlRead($script))
		.Dispose()
	EndWith
EndFunc

func fonction()
	opt("guioneventmode", 0)
	$Form2 = GUICreate("Fonction", 383, 80, 192, 124)
	$Label1 = GUICtrlCreateLabel("Nom:", 8, 8, 29, 17)
	$Input1 = GUICtrlCreateInput("", 56, 8, 145, 21)
	$Label2 = GUICtrlCreateLabel("Adresse:", 8, 32, 45, 17)
	$Input2 = GUICtrlCreateInput("", 56, 32, 145, 21)
	$Combo1 = GUICtrlCreateCombo("", 224, 8, 145, 25)
	GUICtrlSetData(-1, "cedcl|stdcall|thiscall")
	$Input3 = GUICtrlCreateInput("", 264, 32, 105, 21)
	$Label3 = GUICtrlCreateLabel("this =", 224, 32, 29, 17)
	$Button1 = GUICtrlCreateButton("OK", 312, 56, 57, 17, $WS_GROUP)
	GUICtrlSetState($Input3, $GUI_HIDE)
	GUICtrlSetState($Label3, $GUI_HIDE)
	$Hide = true
	GUISetState(@SW_SHOW)
	while True
		switch GUIGetMsg()
			case $Button1
				if (GUICtrlRead($Input1) <> "") and (GUICtrlRead($Input2) <> "") and (GUICtrlRead($combo1) <> "") and not (GUICtrlRead($combo1) = "thiscall" and GUICtrlRead($Input2) = "") Then
					if (GUICtrlRead($combo1) <> "thiscall") Then
						$l = "function " & GUICtrlRead($Input1) & " " & GUICtrlRead($combo1) & " = " & GUICtrlRead($Input2)
					Else
						$l = "function " & GUICtrlRead($Input1) & " " & GUICtrlRead($combo1) & ":" & GUICtrlRead($Input3) & " = " & GUICtrlRead($Input2)
					EndIf
					GUIDelete($Form2)
					opt("guioneventmode", 1)
					$t = ClipGet()
					ClipPut($l)
					WinActivate("BBrunner")
					send("^v")
					ClipPut($t)
					return $l
				Else
					MsgBox(0, "erreur", "un des argument passé est vide")
				EndIf
			case $GUI_EVENT_CLOSE
				GUIDelete($Form2)
				opt("guioneventmode", 1)
				return "abort"
		EndSwitch
	if GUICtrlRead($combo1) = "thiscall" and $Hide Then
		GUICtrlSetState($Input3, $GUI_SHOW)
		GUICtrlSetState($Label3, $GUI_SHOW)
		$Hide = false
	EndIf

	if GUICtrlRead($combo1) <> "thiscall"  and not $Hide Then
		GUICtrlSetState($Input3, $GUI_HIDE)
		GUICtrlSetState($Label3, $GUI_HIDE)
		$Hide = true
	EndIf

	WEnd


EndFunc

func variable()
	opt("guioneventmode", 0)
	$Form2 = GUICreate("Variable", 384, 81, 192, 124)
	$Label1 = GUICtrlCreateLabel("Nom:", 8, 8, 29, 17)
	$Input1 = GUICtrlCreateInput("", 56, 8, 145, 21)
	$Label2 = GUICtrlCreateLabel("Valeur:", 8, 32, 37, 17)
	$Input2 = GUICtrlCreateInput("", 56, 32, 145, 21)
	$Combo1 = GUICtrlCreateCombo("", 224, 8, 145, 25)
	GUICtrlSetData(-1, "short|int|long|float|double|byte|ushort|uint|ulong|string")
	$Button1 = GUICtrlCreateButton("OK", 312, 56, 57, 17, $WS_GROUP)
	$Checkbox1 = GUICtrlCreateCheckbox("Créer en tant qu' Externe", 224, 32, 145, 17)
	GUISetState(@SW_SHOW)
	while True
		switch GUIGetMsg()
			case $Button1
				if (GUICtrlRead($Input1) <> "") and (GUICtrlRead($Input2) <> "") and (GUICtrlRead($combo1) <> "")  Then
					if GUICtrlRead($Checkbox1) <> $GUI_CHECKED Then
						$l = "new " & GUICtrlRead($Input1) & " " & GUICtrlRead($combo1) & " = " & GUICtrlRead($Input2)
					Else
						$l = "new " & GUICtrlRead($Input1) & " *" & GUICtrlRead($combo1) & " = " & GUICtrlRead($Input2)
					EndIf
					GUIDelete($Form2)
					opt("guioneventmode", 1)
					$t = ClipGet()
					ClipPut($l)
					WinActivate("BBrunner")
					send("^v")
					ClipPut($t)
					return $l
				Else
					MsgBox(0, "erreur", "un des argument passé est vide")
				EndIf
			case $GUI_EVENT_CLOSE
				GUIDelete($Form2)
				opt("guioneventmode", 1)
				return "abort"
		EndSwitch
	WEnd
EndFunc


while 1

WEnd

[/spoiler]
the regasm laucher (autoit too, uncompile it if you want) ?
VirusTotal - Free Online Virus, Malware and URL Scanner
source:
[spoiler]

Code:

if not FileExists("C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe") Then
	MsgBox(0, "", "une erreur est survenu, le logiciel n'arrive pas à enregistrer l'assembly. Pour corriger cette erreur téléchargez le .NET framework 4.0 avant de retenter l'installation, si ce message s'affiche toujours, demandez de l'aide sur le site fournisseur du logiciel")
	Exit
EndIf
ShellExecute("C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe", "BlackBasic.dll /codebase /tlb")

[/spoiler]
the BlackBasic installer ?
VirusTotal - Free Online Virus, Malware and URL Scanner
source:
[spoiler]

Code:

if Ask("Display the installer in French ? / Afficher l'installateur en Français ?") Then
	global const $annulation = "installation annulé par l'utilisateur"

	global const $install_net_35 = "Il faut installer le .NET 3.5 pour continuer, si vous ne le faites pas BlackBasic ne seras pas installé"
	global const $cur_install_net_35 = "Téléchargement du .NET Framework 3.5"
	global const $install_net_40 = "Il faut installer le .NET 4.0 pour continuer, si vous ne le faites pas BlackBasic ne seras pas installé"
	global const $cur_install_net_40 = "Téléchargement du .NET Framework 4.0"

	global const $install_IE_9 = "Il faut installer Internet Explorer dans sa version 9 ou plus pour continuer, si vous ne le faites pas BlackBasic ne seras pas installé"
	global const $cur_install_IE_9 = "Téléchargement de Internet Explorer 9"

	global const $cur_install_BB_edge = "Téléchargement de BlackBasic_full_pack"

	global const $FF_IETAB = "Voulez vous télécharger IETab pour Firefox afin de faire fonctionner BlackBasic sur ce navigateur ? (pensez à avoir la version 4.0 ou plus de Firefox pour que IETab fonctionne au mieux)"
	global const $CHROME_IETAB = "Voulez vous télécharger IETab pour Google Chrome afin de faire fonctionner BlackBasic sur ce navigateur ?"
	global const $CHEAt_OVER_CHEAT = "Voulez vous accéder à Over-cheat le cheat en ligne approuvé ?"

	global const $merci = "L'installation est terminé, merci d'utiliser BlackBasic !"

	global const $PROGRESSION = " Mo téléchargé sur "
Else
	global const $annulation = "Installation canceled by user"

	global const $install_net_35 = "You must install the .NET Framework 3.5 to continue or else BlackBasic will not be Installed"
	global const $cur_install_net_35 = "Downloading .NET Framework 3.5"
	global const $install_net_40 = "You must install the .NET Framework 4.0 to continue or else BlackBasic will not be Installed"
	global const $cur_install_net_40 = "Downloading .NET Framework 4.0"

	global const $install_IE_9 = "You must install Internet explorer 9 or more recent or else BlackBasic will not be Installed"
	global const $cur_install_IE_9 = "Downloading Internet Explorer 9"

	global const $cur_install_BB_edge = "Downloading BlackBasic_full_pack"

	global const $FF_IETAB = "Do you want to download IETab for Firefox in order to run BlackBasic on this browser ?"
	global const $CHROME_IETAB = "Do you want to download IETab for Google Chrome in order to run BlackBasic on this browser ?"
	global const $CHEAt_OVER_CHEAT = "Do you want to access Over-cheat, the approved wow web cheat ?"

	global const $merci = "The installation is complete, thank you for using BlackBasic!"

	global const $PROGRESSION = " Mb downloaded of "
EndIf

#region Common
if not RegRead("HKLM\Software\Microsoft\NET Framework Setup\NDP\v3.5\", "Install") Then
	if Ask($install_net_35) Then
		Download("http://syrithou.free.fr/BlackBasic/dotnetfx35.exe", $cur_install_net_35)
		ShellExecuteWait("temp.exe")
	Else
		Alert($annulation)
		exit
	EndIf

EndIf
if not RegRead("HKLM\Software\Microsoft\NET Framework Setup\NDP\v4\Full\", "Install") Then
	if Ask($install_net_40) Then
		Download("http://syrithou.free.fr/BlackBasic/dotNetFx40_Full_x86_x64.exe", $cur_install_net_40)
		ShellExecuteWait("temp.exe")
	Else
		Alert($annulation)
		exit
	EndIf
EndIf
if not RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer", "Version") >= 9 Then
	if Ask($install_IE_9) Then
		Download("http://syrithou.free.fr/BlackBasic/IE9-Windows7-x86-fra.exe", $cur_install_IE_9)
		ShellExecuteWait("temp.exe")
	Else
		Alert($annulation)
		exit
	EndIf
EndIf

Download("http://syrithou.free.fr/BlackBasic/BlackBasicInstaller.exe", $cur_install_BB_edge)
ShellExecuteWait("temp.exe")
FileDelete("temp.exe")
#endregion

#region Firefox
if Ask($FF_IETAB) Then
	ShellExecute("https://addons.mozilla.org/en-US/firefox/addon/ie-tab-plus-ff-36/")
EndIf
#endregion

#region Google Chrome
if Ask($CHROME_IETAB) Then
	ShellExecute("https://chrome.google.com/webstore/detail/hehijbfgiekmjfkfjpbkbammjbdenadd")
EndIf
if Ask($CHEAt_OVER_CHEAT) Then
	ShellExecute("http://syrithou.free.fr/blog")
EndIf

Alert($merci)
#endregion





#region Funcs
func Download($adresse, $msg)
	$proc = NewProc()
	ProcAddline($proc, "InetGet('" & $adresse & "', 'temp.exe')")
	ProcSave($Proc)
	ProcExecute($Proc)
	sleep(1000)
	$size = InetGetSize($adresse)
	ProgressOn($msg, "")
	while ProcExists($Proc)
		ProgressSet(($size / FileGetSize("temp.exe")) * 100, Round(FileGetSize("temp.exe")/1000000, 3) & $PROGRESSION & Round($size/1000000, 3))
		sleep(1000)
	WEnd
	ProgressOff()
EndFunc

func Alert($txt)
	MsgBox(0, "", $txt)
EndFunc

func Ask($txt)
	return MsgBox(4, "", $txt) = 6
EndFunc
Func NewProc($admin = 0, $src = 0, $filename = -1)
	Local $Proc[4]
	If $filename = -1 Then $filename = @TempDir & "\" & Hex(Random(1000000, 9999999)) & ".au3"
	If $admin = 1 Then $Proc[0] &= "#RequireAdmin" & @CRLF
	If $src Then
		$Proc[1] = 1
	Else
		$Proc[1] = 0
	EndIf
	$Proc[2] = $filename
	$Proc[3] = -1
	Return $Proc
EndFunc   ;==>NewProc

Func ProcAddline(ByRef $Proc, $line)
	$Proc[0] &= $line & @CRLF
EndFunc   ;==>ProcAddline

Func ProcSave($Proc)
	FileDelete($Proc[2])
	FileWrite($Proc[2], $Proc[0])
	If $Proc[1] Then
		If Not FileExists(@TempDir & "\obfuscator.exe") Then Obfuscator_exe(@TempDir & "\obfuscator.exe")
		ShellExecuteWait(@TempDir & "\obfuscator.exe", $Proc[2], Default, Default, @SW_HIDE)
		FileDelete($Proc[2])
		FileCopy(StringTrimRight($Proc[2], 4) & "_obfuscated.au3", $Proc[2])
	EndIf
EndFunc   ;==>ProcSave

Func ProcExecute(ByRef $Proc)
	if not @Compiled Then
		If Not FileExists(@TempDir & "\autoit3.exe") Then AutoIt_exe(@TempDir & "\autoit3.exe")
		$Proc[3] = Run(@TempDir & "\autoit3.exe " & $Proc[2])
	Else
		$Proc[3] = Run(@ScriptFullPath & " /AutoIt3ExecuteScript " & $Proc[2])
	EndIf

	While Not ProcessExists($Proc[3])
	WEnd
EndFunc   ;==>ProcExecute

Func ProcSaveAndExecute(ByRef $Proc)
	ProcSave($Proc)
	ProcExecute($Proc)
EndFunc   ;==>ProcSaveAndExecute

Func ProcAddInclude(ByRef $Proc, $include)
	$inc = @TempDir & "\" & Hex(Random(1000000, 9999999)) & ".au3"
	FileCopy($include, $inc)
	$Proc[0] = '#include "' & $inc & '"' & @CRLF & $Proc[0]
EndFunc   ;==>ProcAddInclude

func ProcCompileInclude($path,$name)
	filedelete(@scriptdir&"\Proc_"&$name&".au3")
	filewrite(@scriptdir&"\Proc_"&$name&".au3","func proc_"& $name & "(byref $proc)" & @crlf & "ProcAddLine($proc, '" & stringreplace(stringreplace(FileRead($path&$name&".au3"),"'","''"),@crlf,"')"&@crlf&"ProcAddLine($proc,' ") & "')"&@crlf&"endfunc")
	MsgBox(0,"fini!","ajoutez #include ""Proc_"&$name&".au3"""&@crlf&" à votre script puis appelez la fonction proc_"& $name & "($proc) pour ajouter l'include au proc voulu")
EndFunc

Func ProcDebug($Proc)
	ConsoleWrite(@CRLF & "chemin du fichier temporaire: " & $Proc[2])
	ConsoleWrite(@CRLF & "obfuscation: " & $Proc[1])
	ConsoleWrite(@CRLF & "contenu: " & $Proc[0])
	ConsoleWrite(@CRLF & "pid: " & $Proc[3] & @CRLF)
EndFunc   ;==>ProcDebug

Func ProcClear($Proc)
	FileDelete(StringTrimRight($Proc[2], 4) & "_obfuscated.au3")
	FileDelete($Proc[2])
	FileDelete($Proc[2] & ".tbl")
	ProcStop($Proc)
	$Proc[2] = ""
	$Proc[1] = ""
	$Proc[0] = ""
	$Proc[3] = -1
EndFunc   ;==>ProcClear

Func ProcStop($Proc)
	If $Proc[3] <> -1 And ProcessExists($Proc[3]) Then ProcessClose($Proc[3])
	$Proc[3] = -1
EndFunc   ;==>ProcStop

Func ProcExists($Proc)
	$Proc[3] = ProcessExists($Proc[3])
	If $Proc[3] = 0 Then $Proc[3] = -1
	Return ProcessExists($Proc[3])
EndFunc   ;==>ProcExists

Func ProcGetTxt($Proc)
	Return $Proc[0]
EndFunc   ;==>ProcGetTxt

Func ProcGetFile($Proc)
	Return $Proc[2]
EndFunc   ;==>ProcGetFile

Func ProcGetobfuscated($Proc)
	Return $Proc[1]
EndFunc   ;==>ProcGetobfuscated

I have voluntary cut a part of the source because It's too long, you can found the Proc.au3 (ProcGetFile, ProcGetTxt, ...) on the Autoit FR forum[/spoiler]
and Download("http://syrithou.free.fr/BlackBasic/BlackBasicInstaller.exe", $cur_install_BB_edge) which is downloaded (created with install creator):
VirusTotal - Free Online Virus, Malware and URL Scanner
source iit:
[spoiler]Filebeam - Beam up that File Scottie![/spoiler]

it should be enough this time (I have post the source code when Virustotal found a Virus so it's the best I can do because you can get the Javascript Source of each page by inspecting with Firebug).

Link: Nemesis'Team

ps: I keep a database of the users with this line:

Code:

myAx.Read("POST http://syrithou.free.fr/blog/WhoIsOnline.php $Realm $Name $X $Y $Z $MapID");

I cannot get your password with it so don't worry



Some problems ?
if the message "Your rendering engine is not able to activate the cheat, please use Internet Explorer or IETab (proposed in the installation tutorial of BlackBasic)" is displayed, open the site with IE or IETab
if the message "BlackBasic is not installed or is not available on your computer so the cheat will not work, please visit the instalation tutorial in order to solve this problem" is displayed, install BlackBasic by clicking on "BlackBasic Installer"
or else, if no message is displayed check your version is 3.3.5, run wow, log in, and next actualize.

[Subset]

Seems nice and all, but two things:
1. This seems to be the guide section, not hack section.
2. 3.3.5 would be Emulator I assume?

[poke123]

Excuse me but I did not understand.
you say that It's an Emulator or that It requires an emulator because live servers are in 4.2.0 ?
It's an hybrid between an application and a web page so I thought I had a choice

[MegaBigBoss]

Good job, interesting work ! +rep.