I got the ProRat-v1.9 from proRAT crew , seems to be a good RAT, but their last version will not run if you modify the server.exe
Let me explain it. their files ares detected by most Av, so first idea coming to my mind is packing, then morphine, then hex , but the client of proRAT detects that the server is modified and does not connect to it : / this is the free/public version . I guess some changes need to be done to the client.exe , but i dont know what, nor where
Anyone know about this issue ? I browsed the forum, found nothing similar to this topic yet
appreciate your help
saetji
Sep 24 2004, 10:05 PM
Its strange but morphin-ing the files/packing might be corrupting the server ... just an idea thoguh. How do u hex tthem? mind explaining (even in private) coz that might be the reason its happening
Daume
Sep 25 2004, 12:34 AM
well as far as the morphin goes, its kinda of random process every time, so it might wirk eventually (it did on some other .exe i used)
upx and morphin together dont help ( mcafee detects it ), unless i cant use them properly =) this can be the case ^^
Eyeless
Sep 25 2004, 01:44 AM
Yall need to take a look in the Trojan/Viri section. There are tuts that will explain all your questions..
gjohal
Sep 25 2004, 03:15 AM
Yes, There is a crack It Is here
CODE
program ProPatch;
{$APPTYPE CONSOLE}
uses Windows;
var Buffer : Pointer; Handle, Taille : Cardinal;
begin WriteLn('Crack pour serveurs de ProRat1.9 R1 par chti hack'); Handle := _lopen(PChar(ParamStr(1)), OF_READWRITE); if Handle <> INVALID_HANDLE_VALUE then begin Taille := GetFileSize(Handle, nil); Buffer := Pointer(LocalAlloc(0, Taille)); _lread(Handle, Buffer, Taille); _llseek(Handle, 0, FILE_BEGIN);
i do and still do , always good material and information going through that section. the server which was created was made undetectable, but the pro rat client of the free version detects that its not the original .exe
@gjohal
thanks for the progz and the code extract, hope it helps me out
jam
Sep 30 2004, 09:28 AM
I have expirenced this with a couple RATs. Most notably the Beast rat (2.06) which will not run if the exe has been edited. Probably some sort or checksum checking to prevent modification.
stake5k
Oct 7 2004, 01:10 PM
QUOTE(gjohal @ Sep 25 2004, 06:15 AM)
Yes, There is a crack It Is here
CODE
program ProPatch;
{$APPTYPE CONSOLE}
uses Windows;
var Buffer : Pointer; Handle, Taille : Cardinal;
begin WriteLn('Crack pour serveurs de ProRat1.9 R1 par chti hack'); Handle := _lopen(PChar(ParamStr(1)), OF_READWRITE); if Handle <> INVALID_HANDLE_VALUE then begin Taille := GetFileSize(Handle, nil); Buffer := Pointer(LocalAlloc(0, Taille)); _lread(Handle, Buffer, Taille); _llseek(Handle, 0, FILE_BEGIN);
