slack3r said:
Yes same story on linux except the lib is named libjaclib.so.
CPUID cannot be spoofed [Unless you have kernel mode rootkit] but im sure this can be bypassed because im pretty cpu's these days do not have a "unique serial" and im sure you can only access the model, architecture, version etc.
^ Would explain why my freind sometimes randomly accesses accounts with this enabled.
It's possible to spoof CPUID inside a virtual machine, at least it is in VMWware. Some of the changes are automatically overwritten though, such as L2 and L3 cache sizes, amongst a few others.
Intel processors no longer use the 'unique serial' you mention, but I've not checked whether or not AMD do. Either way it can be changed inside of a VM without problems.
It certainly explains why your friend can occasionally access JAG enabled accounts though. I'll do some more testing tomorrow and see if I can figure out exactly what parts of CPUID JAG uses to identify the device.
I'm pretty busy at the moment, having to divide my time amongst multiple projects, but I'll keep working on this to see if there's a way around it since it will benefit not only myself but the community as a whole.
For now the best approach is in modifying their random.dat file and keylogging their security questions. It'll have to be done at least twice to get all five answers, although it'll likely have to be done a few more times if the questions given are truly random. Either way they'll either keep typing in their answers or turn JAG off, so it's win-win.
Coughs said:
It seems you can only do the random.dat thing once per device? OP read your pm's and anyone else who has more information please let me know so I can code something to do it automatic. Thanks
I've replied to your PM.
Anyway, if you mean modifying it in order to cause a JAG prompt then it can be done as many times as you want for a given device. At least that's what I've gathered when I've tested it. Here's what you'd have to do on a victim's machine:
1. Close java.exe or jagexlauncher.exe (if they're using the client) - You can't modify the file while the game's running.
2. Open the file, you should find exactly 24 bytes of seemingly random characters. As an example let's say it's "3q‡"Kþ#`;X‹ÀãTòRy" (Note: this won't be 24 bytes simply because of the way characters are displayed here)
3. Modify it in any way you wish so long as it doesn't exceed 24 bytes. From the tests I've done all of these would work:
"q3‡"Kþ#`;X‹ÀãTòyR"
"abcdefghijklmnopqlmnopqr"
"111111111111111111111111"
Basically anything you want, just keep it 24 bytes long.
4. When they next go to log on they should get a prompt saying JAG does not recognize the device. At this point they'll have to log in to their email account and answer three of the five security questions.
5. After they have done this and logged in to the game, the random.dat file does not revert back to its original state, nor is a new one generated. Note that the previous file (before your modifications) is still valid.
6. Repeat the process until you have the answers to all five questions.
7. Log in to their account on your computer. At this stage you could replace your random.dat file with theirs, but I have no idea if this affects anything.
8. You should get a JAG prompt saying your device is not recognized. If you've done everything correctly then you will have access to their email account, and the answers to their security questions. The rest is obvious.
If this method doesn't work for you then let me know. I'm sure it's possible for Jagex to 'patch' it, but if they do then fortunately there is an alternative way to stop JAG recognizing a device, at least in theory. Either way this method should work for now.
Creating an application to simply modify the file is easy, although getting it to detect when the victim has answered their recovery questions and thus when to make the modifications again is a little trickier. It's all possible of course, but the absolute easiest way do it would be to check for instances of java.exe/jagexlauncher.exe every 30 minutes, if they exist then terminate the process and edit the file.
-Crin