1. Теперь за форумную активность начисляются биткоины и другие криптоденьги. Подробнее.
    Скрыть объявление
  2. Появилась архивная версия форума arhiv.xaker.name, где собраны темы с 2007 по 2012 год.
    Скрыть объявление

SpyEye formgrabber [Cracked]

Тема в разделе "Stealers|:|Formgrabbers|:|Keyloggers", создана пользователем onthar, 25 окт 2010.

  1. onthar
    onthar Команда форума Админ
    Симпатии:
    396
    И так. имею две чистые версии:
    SpyEye.1.1.39 без админки.
    И Spy-Eye_v1.0.7 с админкой. Правда в админке слепая скуль)

    Скриншоты:
    [​IMG]

    В архиве с 1.1.39 имеется патч и исходник к нему. Чтобы обойти лицензию, сначала запускаем билдер, затем патч, закрываем ошибку, билдер открывается.
    Видосик по взлому этой версии: http://www.youtube.com/watch?v=CLiJx2IQ9AA

    Hidden Content:
    **Hidden Content: To see this hidden content your post count must be 30 or greater.**
     
    Последнее редактирование: 14 ноя 2010
    25 окт 2010
    3 пользователям это понравилось.
  2. onthar
    onthar Команда форума Админ
    Симпатии:
    396
    Билдер версии 1.2.50.
    Техника кряка - Xylitol, патчер - Zer0Flag
    Исходники патчера в архиве.
    Видео, на котором описан процесс взлома билдера: http://www.youtube.com/watch?v=ExxUy6mLSxs

    Инструкция:
    1) Запускаем билдер
    2) Запускаем патчер
    3) Нажимаем окей на обоих окошках и пользуемся.

    [​IMG]

    Скачать:
    Hidden Content:
    **Hidden Content: To see this hidden content your post count must be 5 or greater.**
     
    Последнее редактирование: 27 янв 2011
    31 окт 2010
    1 человеку нравится это.
  3. greg11
    greg11 Новичок
    Симпатии:
    0
    Недавно автор рассказывал на формуах что в ломаных версиях есть бекдор, проверял ли кто?
     
    6 ноя 2010
  4. onthar
    onthar Команда форума Админ
    Симпатии:
    396
    Ну да, бэкдор появляется при взломе, само собой.

    Проверял я, проверял Xylitol, проверял Zer0Flag. Все чисто.
     
    7 ноя 2010
    1 человеку нравится это.
  5. onthar
    onthar Команда форума Админ
    Симпатии:
    396
    Полная версия панели для бота. Совместима с 1.2.50.
    Вес большой из-за большой geo-ip базы ~50mb
    [​IMG]
    Hidden Content:
    **Hidden Content: To see this hidden content your post count must be 5 or greater.**
     
    Последнее редактирование: 27 янв 2011
    8 ноя 2010
    1 человеку нравится это.
  6. onthar
    onthar Команда форума Админ
    Симпатии:
    396
    SpyEye.Builder.v1.1.39.read.nfo.Cracked-RED

    Билдер версии 1.1.39 без всяких патчей, полностью реверснутая, крякнутая.
    Защищена была VMProtect.
    Все благодарности - Xylitol
    Код:
                                          /\
                                         //\\
                                        //  \\
                                     //// /\ \\\\ 
                                 //////\/\\//\/\\\\\\
                              //////// /  \/  \ \\\\\\\\
                             _________/ /\  /\ \_________
                        /\  /___ ______/  \/  \______ ___\  /\
                       //\\//  //      /\    /\      \\  \\//\\
                      //  \/ _//       \ \  / /       \\_ \/  \\
                     //     __ \_____/\ \ \/ / /\_____/ __     \\
                    / \____/ /__    ___\ \  / /___    __\ \____/ \
                    \__________ \  /  / \ \/ / \  \  / __________/
                              / / / _ \ //\/\\ / _ \ \ \
                             / / /_//_///\  /\\\_\\_\ \ \
             /\             /  \ \\___// /\/\ \\___// /  \             /\
            / /            / __ \/ \ _/\/ /\ \/\_ / \/ __ \            \ \
           / / /\         / ///\ \__\\  \ \/ /  //__/ /\\\ \         /\ \ \
          / / /  \       / /// /\____ \ / /\ \ / ____/\ \\\ \       /  \ \ \
         / / /   /      /  \\\ \____ \ \\//\\// / ____/ ///  \      \   \ \ \
         \/ /    \      \   \\\__   \ \ \/  \/ / /   __///   /      /    \ \/
            \  __/      /    \\_ \__/\ \_    _/ /\__/ _//    \      \__  /
             \ \_____ _/      \ \____/  / /\ \  \____/ /      \_ _____/ /
              \                \    ___/ /  \ \___    /                /
               \_____ __ ______/   /   _/    \_   \   \______ __ _____/
                    // //    \__  /   \__ /\ __/   \  __/    \\ \\
                   // //      _/ /      //  \\      \ \_      \\ \\
                  // //      /  /______// /\ \\______\  \      \\ \\
      ___________//__\\_____/           \/  \/           \_____//__\\__________
      |    ____               \\                _//_     ________             |_
      |    |__/               //                \_ |     |       |              |
      |                      //                ___||     |_______|              |
      |                  ___//                /    |                            |
      |                  \__/                /_____|                           _|
      |_______/\_______________                        _______________________|
               __________  ___ \                      / ___  __________
               \  _____  \/  / /          /\          \ \  \/  _____  /
               /  \    \     \/          /  \          \/     /    /  \
               \  /     \    /   ______ / /\ \ ______   \    /     \  /
              /\\//\     \__ \  /     // //\\ \\     \  / __/     /\\//\
            /\\ \/  \       \ \/     // ///\\\ \\     \/ /       /  \/ //\
            \ \\  /\ \__     \__/\  / \ \\/\// / \  /\__/     __/ /\  // /
             \ \\/  \__ \______   \//\ \ \/\/ / /\\/   ______/ __/  \// /
              \/       \_ _//_ \ \ \\ \ \    / / // / / _\\_ _/       \/
                         \\ \_\ \__ \\ \ \/\/ / // __/ /_/ //
        __________________\\__\\_  \ \\ \ /\ / // /  _//__//_________________
       / _____________________   \  \ \\//  \\// /  /   ____________________ \
       \/                     \__ \  \ \/ /\ \/ /  / __/                    \/
       /                         \ \     /  \     / /                        \
       \_          ______________/  \___/    \___/  \_____________          _/
       / \________/                                               \________/ \
       \  ________                  RELEASE iNFOS                  ________  /
       /\/        \_______________________________________________/        \/\
      /                                                                       \
    
        ***218;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***191;
        ***179;       RED CREW PROUDLY PRESENTS ANOTHER FiNE RELEASE CALLED       ***179;
        ***192;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***217;
    
                              SpyEye Builder v1.1.39
    
    
        Cracked by...........: Xylitol
        Protection...........: VMProtect
        Operating System.....: WinXP
        Web site.............: n/a
        Release date.........: 06/11/2010
        Release type.........: Cracked.EXE
    
    
       \_          _______________________________________________          _/
       / \________/                                               \________/ \
       \  ________                   DESCRiPTiON                   ________  /
       /\/        \_______________________________________________/        \/\
      /                                                                       \
    
    	SpyEye Builder v1.1.39
    
        I think alot of guys know what's this program is used for...
      After a long time of reflection... we have decided to done the release
      This one is 'special' has you know.
      SpyEye was protected by VMProtect, that protects code by executing it
      on a virtual machine with non-standard architecture.
      Who makes it extremely difficult to analyze and crack.
      Now the code is unprotected and cracked, hope this unpacked version
      will learn you something, regarding how that work.
      This release was dedicated to all reverse engineers/AV company
      and all individuals who do their best against malwares.
     
      Your antivirus will surely make some noise about our cracked.exe
      This release is safe, mean not infected.
    
      NAME.: SpyEye.exe
      CRC32: C697595A
      MD5..: 0186CBE17E3851DD97B17E589A477061
      SiZE.: 4,45 Mb (4*670*801 bytes)
    
          Credits=SnD
          special thanks to a very talented man ( you know who you are )
    
       \_          _______________________________________________          _/
       / \________/                                               \________/ \
       \  ________                  iNSTALLATiONS                  ________  /
       /\/        \_______________________________________________/        \/\
      /                                                                       \
    
        [1] Extract .zip
        [2] ENJOY ANOTHER FiNE RELEASE FROM RED CREW :)
        
        [$] Send us your SpyEye versions if you want a crack
    
    
       \_          _______________________________________________          _/
       / \________/                                               \________/ \
       \  ________                    TEAM NEWS                    ________  /
       /\/        \_______________________________________________/        \/\
      /                                                                       \
    
          ***218;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***191;
          ***179;                                                              ***179;
          ***179;                                                              ***179;
          ***179;  RED CREW IS LOOKING FOR SKILLED:                            ***179;
          ***179;                                                              ***179;
          ***179;   - Crackers who are able to keygen and/or crack different   ***179;
          ***179;   applications (RSA, MD5, AES...)                            ***179;
          ***179;   - Unpackers who are able to unpack different               ***179;
          ***179;   protections (Armadillo, ASProtect, Themida, EXECryptor...) ***179;
          ***179;   - Coders who are able to code some usefull tools           ***179;
          ***179;   for the team (ASM, C/C++,Delphi)                           ***179;
          ***179;                                                              ***179;
          ***179;                                                              ***179;
          ***179;        IF YOU THINK THAT YOU HAVE ONE OF THESE SKILLS        ***179;
          ***179;                YOU ARE THE WELCOME IN DA TEAM                ***179;
          ***179;                                                              ***179;
          ***179;                                                              ***179;
          ***192;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***217;
    
       \_          _______________________________________________          _/
       / \________/                                               \________/ \
       \  ________                     CONTACTS                    ________  /
       /\/        \_______________________________________________/        \/\
      /                                                                       \
    
        EMAiL ...............: Check it on our site !
        SiTE ................: http://redcrew.astalavista.ms/
        FORUM ...............: http://redcrew.astalavista.ms/board/
        DiSTRO ..............: http://prs-distro.co.cc/index.php?dir=RED/
        IRC .................: N/A 
    
       \_          _______________________________________________          _/
       / \________/                                               \________/ \
       \  ________                    GREETINGS                    ________  /
       /\/        \_______________________________________________/        \/\
      /                                                                       \
    
          Greetz goes to: ARTEAM, AT4RE, SND, CiM, FFF, RAiD, iCWT, REVENGE
          iNFECTiON, TSRH, RESSURECTION, And all who keep the scene alive.
     __                                                                       __
    /_/\                                                                     /\_\
    \_\/                                                                     \/_/
      \_________                                                     _________/
               _\ REVERSE ENGINEER'S DREAM-MAERD S'REENIGNE ESREVER /_
               \______________                        _______________/
              __________  ___ \                      / ___  __________
              \  _____  \/  / /          /\          \ \  \/  _____  /
              /  \    \     \/          /  \          \/     /    /  \
              \  /     \    /   ______ / /\ \ ______   \    /     \  /
             /\\//\     \__ \  /     // //\\ \\     \  / __/     /\\//\
           /\\ \/  \       \ \/     // ///\\\ \\     \/ /       /  \/ //\
           \ \\  /\ \__     \__/\  / \ \\/\// / \  /\__/     __/ /\  // /
            \ \\/  \__ \______   \//\ \ \/\/ / /\\/   ______/ __/  \// /
             \/       \_ _//_ \ \ \\ \ \    / / // / / _\\_ _/       \/
                        \\ \_\ \__ \\ \ \/\/ / // __/ /_/ //  Xsp!d3r
                        _\\__\\_  \ \\ \ /\ / // /  _//__//_ 
                        \____   \  \ \\//  \\// /  /   ____/
                             \__ \  \ \/ /\ \/ /  / __/
                                \ \  \  //\\  /  / /
                                 \ \_ \//  \\/ _/ /
                                 //\ \_/ /\ \_/ /\\
                                _\\ \ \_//\\_/ / //_
                               / _\\/ /_/\/\_\ \//_ \
                               \ \ \  /_\  /_\  / / /
                                \ \ \ \_//\\_/ / / /
                                 \_\ \/ \\// \/ /_/
                                  \__/\ /\/\ /\__/
                                     \_\\  //_/
                                        \\//
                                         \/
    
    Hidden Content:
    **Hidden Content: To see this hidden content your post count must be 5 or greater.**
     
    Последнее редактирование: 27 янв 2011
    8 ноя 2010
  7. onthar
    onthar Команда форума Админ
    Симпатии:
    396
    SpyEye.1.1.39.UNPACKED.FF.Injects

    SpyEye.1.1.39.UNPACKED.FF.Injects
    Zer0Flag распаковал билдер и смог включить инжекты на лису.
    [​IMG]

    Код дизассемблера:
    Код:
    CPU Disasm
    Address   Hex dump          Command                                  Comments
    0040183B   90               NOP
    0040183C   90               NOP
    0040183D   80BD 6DFEFFFF 00 CMP BYTE PTR SS:[EBP-193],0
    00401844   90               NOP
    00401845   90               NOP
    00401846   C605 8E564C00 01 MOV BYTE PTR DS:[Kopie_von_SpyEye_1_1_39
    0040184D   68 F0AE4400      PUSH Kopie_von_SpyEye_1_1_39_UNPACKE.004 ; ASCII "FF Injects is ON"
    00401852  EB 0C            JMP SHORT Kopie_von_SpyEye_1_1_39_UNPACK
    00401854   C605 8E564C00 00 MOV BYTE PTR DS:[Kopie_von_SpyEye_1_1_39
    0040185B   68 DCAE4400      PUSH Kopie_von_SpyEye_1_1_39_UNPACKE.004 ; ASCII "FF Injects is OFF"
    Hidden Content:
    **Hidden Content: To see this hidden content your post count must be 5 or greater.**
     
    Последнее редактирование: 27 янв 2011
    9 ноя 2010
  8. onthar
    onthar Команда форума Админ
    Симпатии:
    396
    Необходимый компонент SpyEye Collector
    Не проверял, ноговорят, чистый

    Hidden Content:
    **Hidden Content: To see this hidden content your post count must be 5 or greater.**
     
    Последнее редактирование: 27 янв 2011
    9 ноя 2010
    1 человеку нравится это.
  9. onthar
    onthar Команда форума Админ
    Симпатии:
    396
    SpyEye.Builder.v1.2.60

    SpyEye.Builder.v1.2.60


    [+] Скрин
    [​IMG]
    [свернуть]


    Инфа:
    Код:
                                         /\
                                         //\\
                                        //  \\ 
                                     //// /\ \\\\ 
                                 //////\/\\//\/\\\\\\
                              //////// /  \/  \ \\\\\\\\
                             _________/ /\  /\ \_________
                        /\  /___ ______/  \/  \______ ___\  /\
                       //\\//  //      /\    /\      \\  \\//\\
                      //  \/ _//       \ \  / /       \\_ \/  \\
                     //     __ \_____/\ \ \/ / /\_____/ __     \\
                    / \____/ /__    ___\ \  / /___    __\ \____/ \
                    \__________ \  /  / \ \/ / \  \  / __________/
                              / / / _ \ //\/\\ / _ \ \ \
                             / / /_//_///\  /\\\_\\_\ \ \
             /\             /  \ \\___// /\/\ \\___// /  \             /\
            / /            / __ \/ \ _/\/ /\ \/\_ / \/ __ \            \ \
           / / /\         / ///\ \__\\  \ \/ /  //__/ /\\\ \         /\ \ \
          / / /  \       / /// /\____ \ / /\ \ / ____/\ \\\ \       /  \ \ \
         / / /   /      /  \\\ \____ \ \\//\\// / ____/ ///  \      \   \ \ \
         \/ /    \      \   \\\__   \ \ \/  \/ / /   __///   /      /    \ \/
            \  __/      /    \\_ \__/\ \_    _/ /\__/ _//    \      \__  /
             \ \_____ _/      \ \____/  / /\ \  \____/ /      \_ _____/ /
              \                \    ___/ /  \ \___    /                /
               \_____ __ ______/   /   _/    \_   \   \______ __ _____/
                    // //    \__  /   \__ /\ __/   \  __/    \\ \\
                   // //      _/ /      //  \\      \ \_      \\ \\
                  // //      /  /______// /\ \\______\  \      \\ \\
      ___________//__\\_____/           \/  \/           \_____//__\\__________
      |    ____               \\                _//_     ________             |_
      |    |__/               //                \_ |     |       |              |
      |                      //                ___||     |_______|              |
      |                  ___//                /    |                            |
      |                  \__/                /_____|                           _|
      |_______/\_______________                        _______________________|
               __________  ___ \                      / ___  __________
               \  _____  \/  / /          /\          \ \  \/  _____  /
               /  \    \     \/          /  \          \/     /    /  \
               \  /     \    /   ______ / /\ \ ______   \    /     \  /
              /\\//\     \__ \  /     // //\\ \\     \  / __/     /\\//\
            /\\ \/  \       \ \/     // ///\\\ \\     \/ /       /  \/ //\
            \ \\  /\ \__     \__/\  / \ \\/\// / \  /\__/     __/ /\  // /
             \ \\/  \__ \______   \//\ \ \/\/ / /\\/   ______/ __/  \// /
              \/       \_ _//_ \ \ \\ \ \    / / // / / _\\_ _/       \/
                         \\ \_\ \__ \\ \ \/\/ / // __/ /_/ //
        __________________\\__\\_  \ \\ \ /\ / // /  _//__//_________________
       / _____________________   \  \ \\//  \\// /  /   ____________________ \
       \/                     \__ \  \ \/ /\ \/ /  / __/                    \/
       /                         \ \     /  \     / /                        \
       \_          ______________/  \___/    \___/  \_____________          _/
       / \________/                                               \________/ \
       \  ________                  RELEASE iNFOS                  ________  /
       /\/        \_______________________________________________/        \/\
      /                                                                       \
    
        ***218;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***191;
        ***179;       RED CREW PROUDLY PRESENTS ANOTHER FiNE RELEASE CALLED       ***179;
        ***192;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***217;
    
                              SpyEye Builder v1.2.60
    
    
        Cracked by...........: Xylitol
        Protection...........: VMProtect (bypass)
        Operating System.....: WinAll
        Web site.............: n/a
        Release date.........: 08/11/2010
        Release type.........: Patch
    
    
       \_          _______________________________________________          _/
       / \________/                                               \________/ \
       \  ________                   DESCRiPTiON                   ________  /
       /\/        \_______________________________________________/        \/\
      /                                                                       \
    
    	SpyEye Builder v1.2.60
    
        n/a
       Destroying this shit, one byte at a time
       Gribodemon: goodluck with sales now.
     
      Your antivirus will surely make some noise about spyeye.exe
      This release is safe, mean not infected.
      Please make sure about those thing:
    
      NAME.: SpyEye.exe
      CRC32: 4C1EB86C
      MD5..: FD146EAE16E81A551640EBE481F61487
      SiZE.: 1,78 Mb (1*875*968 bytes)
    
      If SpyEye.exe dont have those characteristics, take care.
      Zer0Flag, thanks for your code man !
    
       \_          _______________________________________________          _/
       / \________/                                               \________/ \
       \  ________                  iNSTALLATiONS                  ________  /
       /\/        \_______________________________________________/        \/\
      /                                                                       \
    
        [1] Extract .zip
        [2] Launch SpyEye.exe
        [3] Launch our patch
        [4] ENJOY ANOTHER FiNE RELEASE FROM RED CREW :)
        
        [$] Send us your SpyEye versions if you want a crack
    
    
       \_          _______________________________________________          _/
       / \________/                                               \________/ \
       \  ________                    TEAM NEWS                    ________  /
       /\/        \_______________________________________________/        \/\
      /                                                                       \
    
          ***218;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***191;
          ***179;                                                              ***179;
          ***179;                                                              ***179;
          ***179;  RED CREW IS LOOKING FOR SKILLED:                            ***179;
          ***179;                                                              ***179;
          ***179;   - Crackers who are able to keygen and/or crack different   ***179;
          ***179;   applications (RSA, MD5, AES...)                            ***179;
          ***179;   - Unpackers who are able to unpack different               ***179;
          ***179;   protections (Armadillo, ASProtect, Themida, EXECryptor...) ***179;
          ***179;   - Coders who are able to code some usefull tools           ***179;
          ***179;   for the team (ASM, C/C++,Delphi)                           ***179;
          ***179;                                                              ***179;
          ***179;                                                              ***179;
          ***179;        IF YOU THINK THAT YOU HAVE ONE OF THESE SKILLS        ***179;
          ***179;                YOU ARE THE WELCOME IN DA TEAM                ***179;
          ***179;                                                              ***179;
          ***179;                                                              ***179;
          ***192;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***217;
    
       \_          _______________________________________________          _/
       / \________/                                               \________/ \
       \  ________                     CONTACTS                    ________  /
       /\/        \_______________________________________________/        \/\
      /                                                                       \
    
        EMAiL ...............: Check it on our site !
        SiTE ................: http://redcrew.astalavista.ms/
        FORUM ...............: http://redcrew.astalavista.ms/board/
        DiSTRO ..............: http://prs-distro.co.cc/index.php?dir=RED/
        IRC .................: N/A 
    
       \_          _______________________________________________          _/
       / \________/                                               \________/ \
       \  ________                    GREETINGS                    ________  /
       /\/        \_______________________________________________/        \/\
      /                                                                       \
    
          Greetz goes to: ARTEAM, AT4RE, SND, CiM, FFF, RAiD, iCWT, REVENGE
          iNFECTiON, TSRH, RESSURECTION, And all who keep the scene alive.
     __                                                                       __
    /_/\                                                                     /\_\
    \_\/                                                                     \/_/
      \_________                                                     _________/
               _\ REVERSE ENGINEER'S DREAM-MAERD S'REENIGNE ESREVER /_
               \______________                        _______________/
              __________  ___ \                      / ___  __________
              \  _____  \/  / /          /\          \ \  \/  _____  /
              /  \    \     \/          /  \          \/     /    /  \
              \  /     \    /   ______ / /\ \ ______   \    /     \  /
             /\\//\     \__ \  /     // //\\ \\     \  / __/     /\\//\
           /\\ \/  \       \ \/     // ///\\\ \\     \/ /       /  \/ //\
           \ \\  /\ \__     \__/\  / \ \\/\// / \  /\__/     __/ /\  // /
            \ \\/  \__ \______   \//\ \ \/\/ / /\\/   ______/ __/  \// /
             \/       \_ _//_ \ \ \\ \ \    / / // / / _\\_ _/       \/
                        \\ \_\ \__ \\ \ \/\/ / // __/ /_/ //  Xsp!d3r
                        _\\__\\_  \ \\ \ /\ / // /  _//__//_ 
                        \____   \  \ \\//  \\// /  /   ____/
                             \__ \  \ \/ /\ \/ /  / __/
                                \ \  \  //\\  /  / /
                                 \ \_ \//  \\/ _/ /
                                 //\ \_/ /\ \_/ /\\
                                _\\ \ \_//\\_/ / //_
                               / _\\/ /_/\/\_\ \//_ \
                               \ \ \  /_\  /_\  / / /
                                \ \ \ \_//\\_/ / / /
                                 \_\ \/ \\// \/ /_/
                                  \__/\ /\/\ /\__/
                                     \_\\  //_/
                                        \\//
                                         \/

    Сорец патча:
    Код:
    #include <Windows.h>
    #include <tlhelp32.h>
    
    typedef LONG ( NTAPI *_NtSuspendProcess )( IN HANDLE ProcessHandle );
    typedef LONG ( NTAPI *_NtResumeProcess )( IN HANDLE ProcessHandle );
    
    int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) {
    
    	TOKEN_PRIVILEGES priv;
    	HANDLE hThis, hToken;
    	LUID luid;
    	hThis = GetCurrentProcess();
    	OpenProcessToken(hThis, TOKEN_ADJUST_PRIVILEGES, &hToken);
    	LookupPrivilegeValue(0, "seDebugPrivilege", &luid);
    	priv.PrivilegeCount = 1;
    	priv.Privileges[0].Luid = luid;
    	priv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
    	AdjustTokenPrivileges(hToken, false, &priv, 0, 0, 0);
    	CloseHandle(hToken);
    	CloseHandle(hThis);
    
    	HANDLE ProcessHandle = 0;
    	_NtSuspendProcess NtSuspendProcess = 0;
    	_NtResumeProcess NtResumeProcess = 0;
    	PROCESSENTRY32 processInfo;
    	processInfo.dwSize = sizeof(processInfo);
    	HANDLE processesSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
    	CHAR processName[] = "SpyEye.exe";
    	DWORD PID = 0 ;
    
    
    	DWORD Patch1 = 0x4010CE;
    	DWORD Patch2 = 0x4010D3;
    	DWORD Patch3 = 0x4010D5;
    	DWORD Patch4 = 0x4010D6;
    
    	UCHAR PatchVal1[] = "\xB8\x12\x11\x40\x00";
    	UCHAR PatchVal2[] = "\xFF\xD0";
    	UCHAR PatchVal3[] = "\x90";
    	UCHAR PatchVal4[] = "\x90";
    
    
    	NtSuspendProcess = (_NtSuspendProcess)GetProcAddress( GetModuleHandle( "ntdll" ), "NtSuspendProcess" );
    	NtResumeProcess = (_NtResumeProcess)GetProcAddress( GetModuleHandle( "ntdll" ), "NtResumeProcess" );
    
    
    	if ( processesSnapshot == INVALID_HANDLE_VALUE ){
    		return 0;
    	}
    	Process32First(processesSnapshot, &processInfo);
    
    	while ( Process32Next(processesSnapshot, &processInfo)){
    		if ( !strcmp(processName,processInfo.szExeFile)){
    			CloseHandle(processesSnapshot);
    			PID = processInfo.th32ProcessID;
    			break;
    		}
    	}
    	if(PID != NULL){
    		//MessageBoxA(NULL,(LPCSTR)PID,"SpyEye.exe - PID",0);	
    		ProcessHandle = OpenProcess( PROCESS_ALL_ACCESS, FALSE, PID);
    	}
    	if ( ProcessHandle != NULL ){
    		NtSuspendProcess( ProcessHandle );
    		
    		WriteProcessMemory(ProcessHandle, (LPVOID)Patch1, &PatchVal1, sizeof(PatchVal1)-1, NULL);
    		WriteProcessMemory(ProcessHandle, (LPVOID)Patch2, &PatchVal2, sizeof(PatchVal2)-1, NULL);
    		WriteProcessMemory(ProcessHandle, (LPVOID)Patch3, &PatchVal3, sizeof(PatchVal3)-1, NULL);
    		WriteProcessMemory(ProcessHandle, (LPVOID)Patch4, &PatchVal4, sizeof(PatchVal4)-1, NULL);
    		/*
    004010CE   B8 12114000      MOV EAX,SpyEye_1.00401112
    004010D3   FFD0             CALL EAX
    004010D5   90               NOP
    004010D6   90               NOP
    		*/
    		MessageBoxA(NULL,"SpyEye should have been patched now.\nJust press OK and enjoy","SpyEye-Patch by Zer0Flag",0);
    
    		NtResumeProcess( ProcessHandle );
    		CloseHandle(ProcessHandle);
    	}
    	return 0;
    }

    [+] Скачать
    Hidden Content:
    **Hidden Content: To see this hidden content your post count must be 5 or greater.**

    [свернуть]
     
    Последнее редактирование: 27 янв 2011
    12 ноя 2010
  10. xmystikx
    xmystikx Новичок
    Симпатии:
    0
    кто нить может обьяснить как в 1.2.60 билд делать?Где там Хост с админкой прописывать надо?
     
    14 ноя 2010
  11. ImPacker
    ImPacker Новичок
    Симпатии:
    0

     
    16 ноя 2010
  12. onthar
    onthar Команда форума Админ
    Симпатии:
    396
    SpyEye.Builder.v1.2.99.Loader-RED

    [​IMG]

    SpyEye.Builder.v1.2.99.Loader-RED​


    Код:
      ______________________________ 
     ;|  ____     \\     _//_ __    |_
     ;|  |__/     //     \_ | | |    |;
     ;|       ___//     ___|| |_|    |;
     ;|       \__/      /___|       _|;
     ;|__/\________________________|;;;
    SpyEye.Builder.v1.2.99.Loader-RED.zip
     | Disk: 1/1                   +;;|
     | Date: 12/03/2011            +;;|
     +--------------------------------+
     | [R]EVERSE [E]NGINEER'S [D]REAM |
     +--------------------------------+
    Код:
                                          /\
                                         //\\
                                        //  \\ 
                                     //// /\ \\\\ 
                                 //////\/\\//\/\\\\\\
                              //////// /  \/  \ \\\\\\\\
                             _________/ /\  /\ \_________
                        /\  /___ ______/  \/  \______ ___\  /\
                       //\\//  //      /\    /\      \\  \\//\\
                      //  \/ _//       \ \  / /       \\_ \/  \\
                     //     __ \_____/\ \ \/ / /\_____/ __     \\
                    / \____/ /__    ___\ \  / /___    __\ \____/ \
                    \__________ \  /  / \ \/ / \  \  / __________/
                              / / / _ \ //\/\\ / _ \ \ \
                             / / /_//_///\  /\\\_\\_\ \ \
             /\             /  \ \\___// /\/\ \\___// /  \             /\
            / /            / __ \/ \ _/\/ /\ \/\_ / \/ __ \            \ \
           / / /\         / ///\ \__\\  \ \/ /  //__/ /\\\ \         /\ \ \
          / / /  \       / /// /\____ \ / /\ \ / ____/\ \\\ \       /  \ \ \
         / / /   /      /  \\\ \____ \ \\//\\// / ____/ ///  \      \   \ \ \
         \/ /    \      \   \\\__   \ \ \/  \/ / /   __///   /      /    \ \/
            \  __/      /    \\_ \__/\ \_    _/ /\__/ _//    \      \__  /
             \ \_____ _/      \ \____/  / /\ \  \____/ /      \_ _____/ /
              \                \    ___/ /  \ \___    /                /
               \_____ __ ______/   /   _/    \_   \   \______ __ _____/
                    // //    \__  /   \__ /\ __/   \  __/    \\ \\
                   // //      _/ /      //  \\      \ \_      \\ \\
                  // //      /  /______// /\ \\______\  \      \\ \\
      ___________//__\\_____/           \/  \/           \_____//__\\__________
      |    ____               \\                _//_     ________             |_
      |    |__/               //                \_ |     |       |              |
      |                      //                ___||     |_______|              |
      |                  ___//                /    |                            |
      |                  \__/                /_____|                           _|
      |_______/\_______________                        _______________________|
               __________  ___ \                      / ___  __________
               \  _____  \/  / /          /\          \ \  \/  _____  /
               /  \    \     \/          /  \          \/     /    /  \
               \  /     \    /   ______ / /\ \ ______   \    /     \  /
              /\\//\     \__ \  /     // //\\ \\     \  / __/     /\\//\
            /\\ \/  \       \ \/     // ///\\\ \\     \/ /       /  \/ //\
            \ \\  /\ \__     \__/\  / \ \\/\// / \  /\__/     __/ /\  // /
             \ \\/  \__ \______   \//\ \ \/\/ / /\\/   ______/ __/  \// /
              \/       \_ _//_ \ \ \\ \ \    / / // / / _\\_ _/       \/
                         \\ \_\ \__ \\ \ \/\/ / // __/ /_/ //
        __________________\\__\\_  \ \\ \ /\ / // /  _//__//_________________
       / _____________________   \  \ \\//  \\// /  /   ____________________ \
       \/                     \__ \  \ \/ /\ \/ /  / __/                    \/
       /                         \ \     /  \     / /                        \
       \_          ______________/  \___/    \___/  \_____________          _/
       / \________/                                               \________/ \
       \  ________                  RELEASE iNFOS                  ________  /
       /\/        \_______________________________________________/        \/\
      /                                                                       \
    
        ***218;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***191;
        ***179;       RED CREW PROUDLY PRESENTS ANOTHER FiNE RELEASE CALLED       ***179;
        ***192;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***217;
    
                              SpyEye Builder v1.2.99
    
    
        Cracked by...........: Xylitol
        Protection...........: VMProtect (bypass)
        Operating System.....: WinAll
        Web site.............: n/a
        Release date.........: 12/03/2011
        Release type.........: Loader
    
    
       \_          _______________________________________________          _/
       / \________/                                               \________/ \
       \  ________                   DESCRiPTiON                   ________  /
       /\/        \_______________________________________________/        \/\
      /                                                                       \
    
    	SpyEye Builder v1.2.99
    
        n/a
       We got this version long time ago but not released.
       All skids who try to sell it: goodluck now.
     
      Your antivirus will surely make some noise about SpyEye.exe
      This release is safe, mean not infected.
      Please make sure about those thing:
    
      NAME.: SpyEye.exe
      CRC32: 82E2FCD0
      MD5..: B227721E7DE72E1B34FD4C9C7459C6FB
      SiZE.: 1,80 Mb (1*888*256 bytes)
    
      If SpyEye.exe dont have those characteristics, take care.
      In theory if you get an infected version of the builder
      Our released loader will not patch it and notify you
      by 'CRC check error'
    
       \_          _______________________________________________          _/
       / \________/                                               \________/ \
       \  ________                  iNSTALLATiONS                  ________  /
       /\/        \_______________________________________________/        \/\
      /                                                                       \
    
        [1] Extract .zip
        [2] Rename the builder to "SpyEye.exe"
        [3] Use the loader for launch SpyEye
        [4] ENJOY ANOTHER FiNE RELEASE FROM RED CREW :)
        
        [$] Send us your SpyEye versions if you want a crack
    
    
       \_          _______________________________________________          _/
       / \________/                                               \________/ \
       \  ________                    TEAM NEWS                    ________  /
       /\/        \_______________________________________________/        \/\
      /                                                                       \
    
          ***218;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***191;
          ***179;                                                              ***179;
          ***179;                                                              ***179;
          ***179;  RED CREW IS LOOKING FOR SKILLED:                            ***179;
          ***179;                                                              ***179;
          ***179;   - Crackers who are able to keygen and/or crack different   ***179;
          ***179;   applications (RSA, MD5, AES...)                            ***179;
          ***179;   - Unpackers who are able to unpack different               ***179;
          ***179;   protections (Armadillo, ASProtect, Themida, EXECryptor...) ***179;
          ***179;   - Coders who are able to code some usefull tools           ***179;
          ***179;   for the team (ASM, C/C++,Delphi)                           ***179;
          ***179;                                                              ***179;
          ***179;                                                              ***179;
          ***179;        IF YOU THINK THAT YOU HAVE ONE OF THESE SKILLS        ***179;
          ***179;                YOU ARE THE WELCOME IN DA TEAM                ***179;
          ***179;                                                              ***179;
          ***179;                                                              ***179;
          ***192;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***196;***217;
    
       \_          _______________________________________________          _/
       / \________/                                               \________/ \
       \  ________                     CONTACTS                    ________  /
       /\/        \_______________________________________________/        \/\
      /                                                                       \
    
        EMAiL ...............: Check it on our site !
        SiTE ................: http://redcrew.astalavista.ms/
        FORUM ...............: http://redcrew.astalavista.ms/board/
        DiSTRO ..............: http://prs-distro.co.cc/index.php?dir=RED/
        IRC .................: N/A 
    
       \_          _______________________________________________          _/
       / \________/                                               \________/ \
       \  ________                    GREETINGS                    ________  /
       /\/        \_______________________________________________/        \/\
      /                                                                       \
    
          Greetz goes to: ARTEAM, AT4RE, SND, CiM, FFF, RAiD, iCWT, REVENGE
          iNFECTiON, TSRH, RESSURECTION, And all who keep the scene alive.
     __                                                                       __
    /_/\                                                                     /\_\
    \_\/                                                                     \/_/
      \_________                                                     _________/
               _\ REVERSE ENGINEER'S DREAM-MAERD S'REENIGNE ESREVER /_
               \______________                        _______________/
              __________  ___ \                      / ___  __________
              \  _____  \/  / /          /\          \ \  \/  _____  /
              /  \    \     \/          /  \          \/     /    /  \
              \  /     \    /   ______ / /\ \ ______   \    /     \  /
             /\\//\     \__ \  /     // //\\ \\     \  / __/     /\\//\
           /\\ \/  \       \ \/     // ///\\\ \\     \/ /       /  \/ //\
           \ \\  /\ \__     \__/\  / \ \\/\// / \  /\__/     __/ /\  // /
            \ \\/  \__ \______   \//\ \ \/\/ / /\\/   ______/ __/  \// /
             \/       \_ _//_ \ \ \\ \ \    / / // / / _\\_ _/       \/
                        \\ \_\ \__ \\ \ \/\/ / // __/ /_/ //  Xsp!d3r
                        _\\__\\_  \ \\ \ /\ / // /  _//__//_ 
                        \____   \  \ \\//  \\// /  /   ____/
                             \__ \  \ \/ /\ \/ /  / __/
                                \ \  \  //\\  /  / /
                                 \ \_ \//  \\/ _/ /
                                 //\ \_/ /\ \_/ /\\
                                _\\ \ \_//\\_/ / //_
                               / _\\/ /_/\/\_\ \//_ \
                               \ \ \  /_\  /_\  / / /
                                \ \ \ \_//\\_/ / / /
                                 \_\ \/ \\// \/ /_/
                                  \__/\ /\/\ /\__/
                                     \_\\  //_/
                                        \\//
                                         \/
    [+] Скачать
    Hidden Content:
    **Hidden Content: To see this hidden content your post count must be 5 or greater.**

    [свернуть]
     
    21 мар 2011
  13. NightWolf
    NightWolf Guest
    onthar,

    А ты его проверял?на склейку
     
    23 мар 2011
  14. deevsan
    deevsan Новичок
    Симпатии:
    0
    есть ли полный FAQ по установке и настройке?
     
    17 май 2011
  15. logdogaway
    logdogaway Новичок
    Симпатии:
    1
    27 май 2011
    1 человеку нравится это.
  16. kegex
    kegex Новичок
    Симпатии:
    1
    Если юзать это не очень палевно, тоесть до 1к ботов, то стоит ли предпринимать меры анонимности?
     
    27 май 2011
  17. onthar
    onthar Команда форума Админ
    Симпатии:
    396
    kegex, заражение одного пользователя - уже статья.
     
    27 май 2011
  18. pull
    pull Новичок
    Симпатии:
    0
    интересно а бк от предыдущего подойдет?
     
    27 май 2011
  19. lolito
    lolito Новичок
    Симпатии:
    0
    антивирусы уже видят?
     
    29 май 2011
  20. onthar
    onthar Команда форума Админ
    Симпатии:
    396
    уже давно видят, причем все.
     
    29 май 2011

Поделиться этой страницей

Загрузка...