Recent content by Crin

Their source is obfuscated using Allatori (http://www.allatori.com/) so I can't see the decryption/encryption method. All I can tell you is it's hardware based. It could use one or more of many hardware based identifiers as there's no standardised HWID algorithm. It could also use the PC name...

If you still need help with this then send me a PM. I'll need either the .java/.class/.jar file though so I can see what's wrong with it.

Since the software will need to be able to get the password back from that, it's not a hash of any kind. The sites listed above won't help. A good resource I use for determining hash types is this: http://www.insidepro.com/hashes.php I did a bit of searching and I can't find any solid...

I've tested this and it seems to have no effect.

Ahh, the things people do when they think nobody is watching. :)

RE: f*ck my LIFE Do you have him on a RAT or do you simply have his username and password?

@slack3r I'll send you a PM with my contact details now. :)

It seems the random.dat method no longer works. Editing the file for the first time on a device will cause the device not to be recognized, but additional edits seem to have no effect. There's another way to achieve the same results though, but that's still a work in progress. I'll see what I...

It's possible to spoof CPUID inside a virtual machine, at least it is in VMWware. Some of the changes are automatically overwritten though, such as L2 and L3 cache sizes, amongst a few others. Intel processors no longer use the 'unique serial' you mention, but I've not checked whether or not...

Last time I looked into this it was encrypted using something hardware based as the key. A few people seem to know, but not many seem to want to say.

Ah what the hell. I'll post it all here, I doubt it'll affect anything if I do. I'll edit this with a write up in a bit. Edit: --- Don't take this as gospel, some of this is still speculation. JAG uses two, possibly three forms of authentication. The first is a token file, random.dat...

I've now figured out the exact method JAG uses to identify devices. It's pretty low level identification unfortunately, but I may still be able to work around it. There's a few possibilities left. If anyone's curious as to the actual workings of JAG then PM me.

I've verified random.dat is exactly as it says, random. The information contained within isn't an encrypted UUID or in any way specific to the hardware or the OS. As for simply telling them to turn it off, I can hardly see this working in any context unless they're incredibly stupid. I'm sure...

Simple test: Took a random string "testpassword123" and transliterated it to Cyrillic characters, "тестпассворд123". Tried to change the password of an account to that, and it tells me the password is an invalid length. Some more testing gave me "The password you entered contained an...

Yeah, that would work. You'd still need to grab whatever hardware specific information JAG uses, but a keylogger should have no issues with that. Then it's just a case of injecting it into the return value of a method call in the client. There's a few programs that can do this, so I'll look...