Crin said:A system is generally only as secure as an individual's willpower to circumvent the security. On that note, I'll see if I can figure out how exactly JAG operates and how to work around it. If I do figure it out I'll post a guide here.
@slack3r
I was vaguely under the impression Java couldn't get HWID's, at least not through an applet. That might have changed though. Reverse engineering isn't really my background, but I'll see if I can figure out exactly what it's using to authenticate.
If anyone's figured it out I'm likely willing to pay for it.
Crin said:Makes sense with a signed applet I suppose. I'll look into it too and update this if I find anything. I'm surprised there's been little said about it, since it's a pretty big problem for people like us.
@Adam
It probably uses IP to some extent, I've read that when it came out there were issues for people with dynamic IP's. It's not a huge problem if it is IP, I think most RAT's these days have the option to use the slave as a proxy.
Kevin said:If you could get a keylogger that grabs their IP and find a stealer for the random.dat info, I wonder if that would work.
random.dat is uploaded every time you enter your account, unless there dumb they would check the contents of random.dat to see whether it compares to your os.Crin said:Kevin said:If you could get a keylogger that grabs their IP and find a stealer for the random.dat info, I wonder if that would work.
Yeah, that would work. You'd still need to grab whatever hardware specific information JAG uses, but a keylogger should have no issues with that.
Then it's just a case of injecting it into the return value of a method call in the client. There's a few programs that can do this, so I'll look into it.
Hipstery said:I see you guys in such an hassle because of JAG which can be easily shut off with power of persuasion. I am an experienced account stealer, not hacker because I do not use any programs at all, although I do have some knowledge and could do it. to steal runescae accounts. I can say I have made over 50k real life with rs stealing and the way I get over JAG is by simpling saying to people to turn it off. Ofc there is something behind but as I said in the somewhat rare accounts I find JAG I just tell the person to shut off JAG and in 90% of the cases they do it.
From the point of view of shutting down/getting over it in s more mechanic way my only advice is having a good keylogger and a link between the victim´s email and yours if you know how to do it, that way you do not need to acess directly their email with logg in information and they do not even realise you have acess to their email as the actions you take on your side of the client do not reflect on the victim´s side. For example: if you open one unseen message on your side, on the victim´s side the messange will still appear as unseen Thunderbird is also a good choice if you do not have the knowledge to go further, and you only need the logg in details once.
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?