Direct Messages - The SIGmas

Direct Messages

The SIGmas

deadlord had come back to the dark side nerdPepe

nerdPepe

$$$

21:21

yo

21:24

time to cook

what are we crack first

no idea

21:34

@Thnks_CJ

nick

what are we crack first

well Ur pc is cooked so Mio I guess

21:34

untill you uncook it we can't do future

21:35

and the deobf the new thunder hack shit

I don't want to start with mio its fucking native hell... I haven't in the community for months we don't have something more simple?

cuz it's skidded to fuck anyway

The Faceless Lord

I don't want to start with mio its fucking native hell... I haven't in the community for months we don't have something more simple?

zkm

21:35

but zkm easy crack

yea

21:35

just Mio nothing else?

I'll see if I got any other accounts for clients

$$$

The Faceless Lord

I don't want to start with mio its fucking native hell... I haven't in the community for months we don't have something more simple?

the natives dont really matter

21:36

if we dump it then were automatically past the natives

ye kind of

mio is already halfway remapped for us to

but like if I remember correctly he have abyss like encryption shit

they didnt rename the fields in the mixins

21:37

so you can see module names and stuff

lol

i can try n fix my pc with the future acc on it

what is wrong with your pc?

but idk how to

The Faceless Lord

what is wrong with your pc?

harddrive fully corrupted

21:38

no bios or anything

PFFFFF

21:38

wtf

im gonna try and fix all wires on my kvm and boot from usb

@Thnks_CJ you can unban me from prestige dc?

ask prestige

nick

ask prestige

I can't

nick added Prestige to the group. 2024. 11. 28. 21:48

problem solved

21:49

Im fixing my 2nd pc rn

yo

@Prestige

Thnks_CJ changed the channel name: fuck ws & there members 2024. 11. 28. 21:51

$$$

https://www.mediafire.com/file/ddvz4btowcnws9s/client-1.20.3-1.20.1+(1).jar/file

21:51

future loader latest i believe

future craek

21:53

soon

i had a spoofer that was 70% working

21:53

i was like 1 thing away from having the loader full spoofed until the harddrive corrupted

hmmmm

21:54

I'm thinking about just dumping the entire shit

could just hook where the zip stream gets opened

21:54

and get the full jar

and if he have encrypted classes in it?

probably not

21:56

encrypted classes is a waste of effort

kinda

but future is not that bad to spoof i think

22:00

they just use a hardcoded cipher key (or from auth file not sure), then inflater with a random long val appended at the end

22:00

and then that long value will just make things obscure using the inflater and also be a checksum

yea

22:06

but first we need an account

yeah im working on fixing 2nd pc

22:07

this bootable usb creator tool is not working very good

what bootable usb creator?

rufus or smth

22:08

it wont launch for me

22:09

im trying to do it manually but microsoft loves doing alot of extra steps just to get the .iso

nick

rufus or smth

rufus is usually good

22:12

wait

22:13

did you change target system?

it just insta crashes when i launch it

wtf

im just manually making the bootable usb

22:14

so it should be fine i believe

22:15

manually deobfing futuer with notepad and ghidra was not fun

Image attachment

well its really not

225.37 KB

22:16

i got a ton of their functions

what future use? jnic or radionigger?

jnic

hmmm

22:18

maybe writing a plugin would be a better idea than manually trying to reverse it

idk

22:18

i think it is best to just skip the loader

22:18

either spoof socket or dump the client

yea

22:19

better to just skip loader

could also open src future

nick

either spoof socket or dump the client

depends on how much future itself is transpiled to machine code

im not sure if they used jnic on the actual client

22:20

but most likely not

The Faceless Lord

depends on how much future itself is transpiled to machine code

some of the methods dont even decompile in ghidra

if they don't then we just dump the entire shit and make it into a mod

just overflows my 32gb memory

nick

just overflows my 32gb memory

well I have 64GB memory to work with

cpu probably not strong enough to get through it

well gets through eventually

i had to leave it overnight and it was using 90% cpu and like 90% memory the entire time

22:21

and it took hours

lmao

well that is not good

Image attachment

why windows always has to be so shit

u have a dumper we can use on future

22:23

(needs to be a low level dumper, or all the constants will be broken)

nick

u have a dumper we can use on future

no but I can make one

i can hook classfilestream

22:23

Image attachment

22:23

aslong as it gets around this it works

nick

i can hook classfilestream

ye that can work for that I have a dumper

22:24

somewhere

we might have to go through the loader at some point i believe

22:25

depends if they r linked togeether with keys or something

yeah

futureclient_classes.jar

3.81 MB

22:25

this is a partial dump with messed up constants

22:26

there is native methods to for some reason

ye native methods without basically any flag except native

22:27

probably fake class

the ones with $0 is just a weird thing

22:27

but there is some actual native methods

22:27

Image attachment

hmm

22:29

yea

i could transpile them back to java but there is just way to many

22:29

so its not worth the effort (edited)

ehhh it would be ok if we make a transpiler which transpile machine code back to java I think that's possible just really hard

totally

The Faceless Lord

ehhh it would be ok if we make a transpiler which transpile machine code back to java I think that's possible just really hard

that would fuck most of the client prot

if it were possible to do that yeah

22:32

compiler abstracts away to much info and optimizes so its just not

nick

if it were possible to do that yeah

technically its possible

yeah but simd optimizations, dup instructions, pop instructions, etc

well yeah we have to fuck with those a LOT

dup and pop are the toughest to recover

we will figure out something

can just do dynamic deobf

22:35

log all the param seeds and inline them

22:35

gets us all the info we need

nick

can just do dynamic deobf

I never fucked with invokedynamic but maybe

no like we run it and print all the params that zkm generated

yeah

thats the only issue that transpiled methods cause us

insomnia type shit

ye

might rewrite insomnia to be more like ssvm

22:37

but idk if it's worth it

same

22:39

I going to buy a vps from here https://mzunguhosting.ml/

tf is that

we can use jhook to hook the functions we need

Thnks_CJ

tf is that

check it

just modify the fabric loader a bit to load our code first

The Faceless Lord

check it

that shit crazy

Thnks_CJ

that shit crazy

Image attachment

nick

just modify the fabric loader a bit to load our code first

yh that will be ez

ye

yo whats up

yo

22:46

can you unban me from your server?

(edited)

yeah probably

22:46

whats this gc abt

The Faceless Lord

can you unban me from your server?

(edited)

if you dont go shit talk potential customers

I don't

ill get back to you in 20 minutes, gotta drive home

22:53

what is this gc abt

22:53

i saw future loader and mio idk

22:54

new crack team?

yes

nick added Qreaj to the group. 2024. 11. 28. 23:01

ye

23:06

yo

my 2nd pc should work in a bit

23:06

just waiting for this thing to set up

If you want i could always run it

23:07

I have one HDD with windows

23:07

On it

mine has the hwid set on it

Nvm then

ye just because hwid

hopefully the hwid will still work

23:09

since they use the wmic thing

Wtf they use wmic for hwid

23:09

??

yeah

23:09

runtime.exec

That can be spoofed easily

23:09

XD

23:09

Just replace wmic exe

yea

23:09

we will spoof it anyway

With one that you made by yourself (edited)

23:10

Such a stupid way to get hwid

better than system properties

so yall cracking mio?

after future probably

What about myau

23:15

Tho

ye

23:15

nobody cracked myau for a long time

23:15

even that shit is alive?

yeah its still the most popular in 1.8 i think

23:16

could easily open src it

So what are we doing first

23:16

Future or myau

future

Kk

awesome tool

Image attachment

Use windows partition manager

23:19

Or just use diskpart to assign letter and then try Rufus

nick

awesome tool

what the fuck

oh i think it is working now

Prestige changed the channel name: Prestige Crack Team LLC 2024. 11. 28. 23:20

I had same fucking thing

ye format this shit with win partition manager

With my external hdd

Image attachment

good name guys

23:20

?

The Faceless Lord

ye format this shit with win partition manager

pretty sure that is how i corrupted the harddrive last time

Prestige

good name guys

totally

ok ok

Prestige changed the channel name: The SIGmas 2024. 11. 28. 23:21

nick

pretty sure that is how i corrupted the harddrive last time

I don't know I don't use windows for many years now

ur unbanned btw

linux sucks

ty

nick

linux sucks

why?

you cant do anytrhing on it

23:22

and its all excessive

23:22

and waste of time

Both Linux and windows suck

I don't know its works for me well

i spent 3 days

23:22

trying to set up ubuntu

23:22

because it kept corrupting itself

Dont use ubuntu

wtf

Piece of shit

23:22

I hate that distro

i needed it for nsa challenge

23:22

to use some weird file system

Use rhel

23:23

In my opinion its way better than debian

i think my usb is not happy

Qreaj

Both Linux and windows suck

linux is somewhat better than windows but kinda depends on hardware. For me I don't really have too much problem with linux but windows doesn't work for me

it is very high temperature

linux sucks bro

Image attachment

custom operating system eac bypass

Fr

23:25

Fortnite on templeOs

23:25

Ez

lol

The Faceless Lord

linux is somewhat better than windows but kinda depends on hardware. For me I don't really have too much problem with linux but windows doesn't work for me

Yeah but if you would use winapi and stuff heavily in cpp its hard af to switch to Linux tho

23:27

There should be some nice cross compiler

23:27

Better than zig one

Qreaj

Yeah but if you would use winapi and stuff heavily in cpp its hard af to switch to Linux tho

That's why I usually have dual boot

Qreaj

Better than zig one

Who loves compiling a lot libraries not me for 100%

what libraries?

Idk cryptopp for example

23:31

That's just pain in the ass to compile all off them for every platform

well I only can compile it to linux

I dont like Linux for like gclib (edited)

23:32

Like something would work on debian

23:32

But it won work on other distro

23:33

Linux one has this issue

23:34

And windows runtime library has that issue that i need to mess with compiling 2 times library to have debug and release and then 2 others if i want to have dynamic library

for me compiling most of the shit is like 1-2 command

what does it mean to select the driver to install

23:35

its trying to install windows (i booted from usb)

im hwid resetting it

23:58

pretty sure the hard drive itself is fully broken

23:58

since even booting from usb it cannot recognize it

23:59

looks like future is updating soon

Image attachment

nick

pretty sure the hard drive itself is fully broken

you can't read it in any way?

think so

0:00

idk exactly what im supposed to do to even reset it

0:00

sicne it wants a bunch of drivers etc but the drive isnt even viewable

try to read the filesystem from installer

yeah when i browsed files

0:01

i didnt see the drive there at all

ye bro that's completely cooked then

i posted a hwid reset on the thread

0:01

so it should be done by tommorow morning

0:02

ill just set up future on my vm

0:02

and figure out how 2 dump it

@The Faceless Lord any suggestions on prestige mod security

future client so slow, 50 minutes and still not hwid reset

Prestige

@The Faceless Lord any suggestions on prestige mod security

I don't know what prestige currently have

@nick can i tell him?

yes

Okay so we have a loader

2:03

our server uses cloudflare

2:04

we have zkm, custom obf, themida and a custom java virtualizer

2:04

and maybe a custom transpiler perhaps

2:04

i have made a custom native for handeling all requests and security checks

2:04

modules and configs are both dependant on the server

2:04

i had made the eventbus dependant but it kinda decreased performance, not much but a noticable amount so i might just manually native that

2:05

any more additions?

anything missing @nick ?

idk

hmmm

2:53

lemme think

Prestige

and maybe a custom transpiler perhaps

(btw don't use transpiler on classes which not security related if you don't want like 5fps)

yes we are aware

good

Prestige

and maybe a custom transpiler perhaps

if its a really good transpiler then I don't think you need more

@nick is it really good

maybe with some asm crashers it would be good

we have

2:56

nick didnt u have like 5 different ones

and how the custom obf looks like?

nick is still working on sm

okey

2:57

I don't think you need more than that

2:57

atleast I don't have more idea rn

alr

2:58

anything in the client i can make depend on the server in a similar way to configs?

not really because that can make the client really unstable (good example is rise....)

yeah true

The Faceless Lord

maybe with some asm crashers it would be good

I have a crasher that breaks every bytecode tool

3:01

recaf, bytecode viewer, jadx, etc

3:01

jbytemod

good

3:02

that shit needed

3:03

to like filter out half of the community

3:03

(who crack shit)

i have a procyon memory exploit

3:03

90% cpu usage if you try to decompile

3:03

and heap eventually overflows

nick

90% cpu usage if you try to decompile

so you made it into old fernflower

probably

this is what old fernflower does exactly

3:06

just without exploit....

idk about any of the old stuff i only have like 4-5ish months in java reverse stuff

I'm here since... 2021? or 2022

hmmm not bad

it uses a signature

3:07

so i just made it bypass recaf illegal signatures and problem solved

ye I use signature too

Image attachment

that is a bad signature

3:08

way to large

3:08

mine crashes with 2 chars

3:09

bypass version a bit more

you can say to this class too

Image attachment

Image attachment

3:09

jar still runs without noverify

nice

3:10

I stopped bothering with making shit without noverify

why

because I can do funnier shit with it

The Faceless Lord

you can say to this class too

breaks every decompiler and some asm shit

i just do it without noverify because i dont want to make some crazy obf that uses noverify and then the entire concept gets pasted everywhere and everything becomnes annoying to reverse

most of the retard won't be able to even skid it

cfr moment

24.33 KB

I know some clients which used exploits (like really really old clients) and nobody skidded it

3:12

because nobody had any idea how that shit works

3:12

or how to make it work normally

vineflower moment

187.06 KB

3:14

procyon moment

52.78 KB

ye you can do this easily with like any decompiler

number flow

Image attachment

3:15

per block

3:15

this is the only base version tho i plan to make it like 10x stronger

You can improve on this more but not bad

i have a switch flow transformer

3:16

it just breaks on stack map frames rn but im fixing it eventually

eh ye its rather annoying to work with that

my bytecode for it is perfectly valid

3:17

it just gets destroyed by invalid stack frame

3:17

since uninitialized types

3:17

since the types get merged by ow2 asm

ye

stuf like this is practically impossible to deobfuscate with normal tools

Image attachment

ye normal transformers won't reverse this back

what i plan with number flow is instead of having 1 key it would have like

3:19

5-10 keys

3:19

and it would shuffle 2 non collidiing arrays and just xor and push new states

3:19

then adjust to the next label

hmmm good idea

3:19

ngl I don't really work on obfuscators except some crashers

ya idk how most the obf stuff works

3:20

i just know how to make the bytecode

3:20

since its similar to assembly

kinda

i figured out like 90% of the bytecodes in a day i think not sure

atleast java has good bytecode

3:21

unlike shit like javascript...

python bytecode

both fucking awful

3:21

but javascript is like worse than all

3:22

you only know this if you fucking with google's v8 engine

The Faceless Lord

both fucking awful

python has the simplest bytecode

3:22

like way less isntructions

3:22

and just overall simple

3:23

for some reason all the python people have horrible obfuscators

3:23

even though they dont have a verifier stopping them

nick

for some reason all the python people have horrible obfuscators

all the retard who make python obfuscators are skidders and they have 0 shit about how python bytecode works (edited)

3:25

I'm so fucking tired...

sleep is a feature

A feature I don't really use

walmart solutions on top (this guy probably doesnt know what dup2 does)

Image attachment

XDDDDDDDDDD

3:28

what the fuck

3000iqplay is my favorite java reverse engineer

same

Image attachment

3:30

what r the odds i can get a sample oif u obf

LOLOLOLOL

i want to try n deobf it

nick

what r the odds i can get a sample oif u obf

what?

nick

Click to see attachment 🖼️

https://discord.com/channels/1092141811448946758/1098127207848755241/1306362661348573216 (this aged well)

The Faceless Lord

what?

can i get a sample of your obf stuff if u have 1

The entire obfuscator is shit I made like 1-2 year ago (sample is 1y old) it was rather a test shit

o lol

54.24 KB

3:33

but sure here

3:33

you won't find anything interesting in it

recaf might be on to something here

Image attachment

3:33

also why do u not use recaf 4x

I don't really like new recaf ngl

3:34

and has so many problem

its way better than 2x

3:35

jasm on top

Image attachment

hm

this is awesome

Image attachment

3:37

javafx is not having fun

lol

progress

Image attachment

3:43

managed to fix bad local type, now just have to compensate the exception handlers and then im d1

nice

pretty good flow

Image attachment

3:45

OpaqueConditionTest.class

3.86 KB

Image attachment

3:45

L

my crasher delivers a better message

nick

pretty good flow

ye

3:46

cfr quickly gives up

this is the exception that gets thrown if you toss it into asm

Image attachment

LOL

psychological warfare

fr

does your crasher break javap

idk

3:49

wait

3:53

Image attachment

ive never seen that error before

3:53

mine just does index out of bounds on a string

nick

ive never seen that error before

neither me

cant wait for walmartsolutions to spend a month deobfing prestige

same

pretty good

1.95 MB

5:52

username: jetlag115 password: 07Xi6YDvu9}5Qh;D future account info incase its reset before im awake

5:52

if the icon has a lock symbol on it then it should be reset n u can dump

Image attachment

hwid is reset

nice

I have to make a new windows vm

did u dump / set hwid ?

not yet

16:46

I'm kinda busy

alr

do I have a win iso...

windows iso is very weird to get

ye

idk why they make you download a tool to create one instead of just providing the download

The Faceless Lord

do I have a win iso...

no I don't... great...

i have 1

17:47

but idk how to give u it since its 6 gb

17:47

https://www.youtube.com/watch?v=zJcOhtSqCP4

How to Download Windows 10 ISO File Without Media Creation Tool{QUI...

17:47

just do this thats what i did to get mine

ye I know this and that's what I want to do

17:50

btw you can just get it with https://www.microsoft.com/en-us/software-download/windows10ISO (edited)

for me that just redirects to the media creation tool

wtf

17:52

whatever

btw if u need custom jdk for dumping i can probably make one

I think I will just solve it with a dll

time to install this shit...

worked?

still booting...

k

18:45

also the way they do their classes is

18:45

they set up a urlclass loader with custom url handlers

18:45

smth with like url stream handlers

I forget how shit windows is...

windows is the best

Image attachment

18:49

is the gang fucking w new blog

fire

18:50

we should do a write up on cracking future

the title just looks out of place

nick

we should do a write up on cracking future

real

net.futureclient.loader.Injector my favorite

need loads of ss of things then

Thnks_CJ

the title just looks out of place

?

ye

how can i fix that

different font maybe

nick

net.futureclient.loader.Injector my favorite

$$$

i wonder what libraries are in the future loader

18:56

there is no way this all this stuff is actualyl the loader lol

19:01

yeah there is a json lib in there that is obfed

no internet on this shit

19:11

great...

what vm are you using

libvirt/kvm (edited)

oh idk how to use that 1 ive only usede virtualbox

19:13

wow ida pro

Image attachment

what with ida pro

im trying to get the cracked version to work

19:14

since i wanna see if its worth using

Don't tell me you haven't used ida pro before...

ive never used anything ida before

bruh

ghidra is the best

Both are good

19:18

Ida is more liteweight tho

lol i think this ida crack asctually works

19:20

just have to patch like 2 bytes

patch what exactly (edited)

https://gist.github.com/sagittarius-a/799048adae7c9ce07dba4970b48ef901

Guide: Patching IDA Pro 9.0 BETA

Guide: Patching IDA Pro 9.0 BETA. GitHub Gist: instantly share code, notes, and snippets.

fucking

19:25

boolean auth

The best one

19:25

Fr

@nick you can dump future? Because I have to fuck with networking because libvirt refuse to make its default interface work

19:27

so I will fuck who knows how many hours to debug why the fuck this doesn't work

The Faceless Lord

@nick you can dump future? Because I have to fuck with networking because libvirt refuse to make its default interface work

i can try yeah

19:28

send me the dumper you were gonna use

I still haven't found it

19:28

first I try to make this shit and then bother with dumping it

ill just use toolbox

19:29

if i can figure out how to make it woork

problem is we might have to force load every class

yueah just enable every module

that's usually....

19:30

Doesn't work well

im going to make a custom jdk and hook the Methodhandles.findstatic and other stuff

19:31

and see if i can find their zip parsing function

nick

https://gist.github.com/sagittarius-a/799048adae7c9ce07dba4970b48ef901

btw where did you got latest ida?

idk if its latest but i just found it by searching a bunch of stuff with ida pro

19:34

https://www.mediafire.com/file/m6mjj5nst36ukgy/idapro_90_x64win.exe/file

ye that won't work for me

there is linux ones somewhere

19:39

703.43 KB

19:39

this is a old one i have

19:42

Image attachment

19:44

this invokes the Injector.inject

Image attachment

hmm

Image attachment

19:44

now this is interesting

19:46

https://www.mediafire.com/file/ro65mxiap09kquz/wtf1234.txt/file

19:46

any way we can identity the compression format

19:48

tyheres tons of strings in ti

ok I just fucking destroyed my eth interface

19:54

great... (edited)

nick

https://www.mediafire.com/file/ro65mxiap09kquz/wtf1234.txt/file

i think this m ight be the jar

19:55

in a compressed form

19:55

theres tons of future class names visible

ye but in this form its unusable

Image attachment

ok I won't be able to run win vm

20:02

Image attachment

20:03

no matter what

20:03

this piece of shit doesn't work

xd

nick

Click to see attachment 🖼️

im trying to find the jar function

20:09

but they use alot of like zip streams and stuff

ok I give up

smoked by future security ggez

20:33

internet disabler

internet disabler exploit

nick

Click to see attachment 🖼️

did u look through this yet

20:34

since so far im only going to hook

20:34

bytearrayinputstream gzip, zip, jar, filter, data

nick

did u look through this yet

no

that is the loader method dump

20:35

of their invokedynamics

20:37

oh just realized

20:37

i dont think my vm is capable of running minecraft

20:37

since it doesnt have certain drivers

20:38

@Thnks_CJ can u dump future on 2nd pc

20:38

using jvm toolbox

okey this is amazing

20:44

so

20:44

I can't fix nat network

20:44

and I can't make bridge too

20:44

great

20:44

this is a fucking joke

just use a different vm at that point lol

20:44

im tryna test minecraft on mine but if it doesnt work then im not able to dump

nick

just use a different vm at that point lol

I have enough from virtualbox

20:45

and vmware literally destroys linux

Image attachment

20:47

any idea on how to fix taht

this is the first time this shit refuse to fucking connect

nick

Click to see attachment 🖼️

you have virtualbox guest installed? (edited)

dont think so

20:47

idk hjow to get it

then no idea

time to use a youtube tutorial i guess

I going to fucking kill myself

20:56

Image attachment

20:57

and nothing else...

i think my minecraft works

20:57

its taking like 5 years to launch

fucking trash

Image attachment

sudo is my least favorite command

21:04

ok ok

21:04

my vm works

21:04

ez

21:04

im going to run future installer and see what happens

ah ye good luck dumping it because probably for me the entire vm networking is cooked (not sure even virtualbox would work)

ye

21:12

do wse need resources ?

21:12

or only classes

well if you want to crack it maybe we need resourced too

alr ill just try to get the full jar

future is prolly easier to crack than deobf

ye idk

21:48

it has a lot of native shit so ye

Thnks_CJ

future is prolly easier to crack than deobf

not really possible to deobf future

22:26

without weeks of work minimum

22:28

jdk moment

Image attachment

lol

is there any other way to read a zip file aside from: JarFile ZipFile ZipInputStream JarInputStream GZIPInputStream

not really which is not lib I think

alr

22:36

they also use a objectinputstream somewhere

22:36

which is really weird

hmmm

Image attachment

22:40

i dont know why it would say HashMap

22:40

but im guessing that is class loader related since they use multiple hashmaps to load their classes, bytes, and other stuff

22:41

net.futureclient.loader.Q = class loader

wtf that jdk took almost an hour to build

23:09

it used to take only 10 mins

nick

wtf that jdk took almost an hour to build

lol

23:17

probably fucking rebuilded it

we are officially cooked

Image attachment

LMFAOOO

23:58

bro i have such a funny screenshot of this kid

23:59

Embedded image

nick

we are officially cooked

oh noooo (edited)

23:59

we are so cooked

xd

Image attachment

0:00

i dont think he knows how to reverse native

lol

0:01

wha are they trying to reverse

idk probably something random no1 has ever heard of

fr

fr

"we are the most known cracking group"

Image attachment

only known client on there is prestige

0:02

and rise but they didnt even crack that

nick

"we are the most known cracking group"

"akschually we are the most known cracking group"

(edited)

i love visual studio code

0:37

cant even import stuff for me

rider better loser

just admit u suck at c++

rider auto import

nick

just admit u suck at c++

im the god

what is a constexpr

sigma rizz

probably shouldve dumped in a better location

Image attachment

1:19

pretty sure ive got the jar

1:19

im gonna check after i eat dinner since this takes like 10 mins to launch

nick

probably shouldve dumped in a better location

uhhh yes...

if the jar isnt here somewhere that would be pretty suprising

Image attachment

1:33

figured out how to dump it sorta

1:33

Image attachment

1:33

its all a object stream

niceeee

also there might be like a puzzle or smth

1:45

Image attachment

1:45

Image attachment

1:45

Image attachment

wtf

luckily the feature devs are nice

1:51

and also read a hashmap

1:51

of all the files i need

good

1:53

we need everything

yeah

1:53

it should have everythiung

1:54

its a bitw eird

1:54

seems they have 2 seperate hashmaps

1:54

im guessing classes and then resources though

account mightve just got nuked

2:04

it did not like map.entryset

you just fucked that account?

nah it still works but im confused

2:14

it detected map.entryset

2:15

but the .getClass() returns a normal HashMap

weird

yeah tried with .forEach

2:30

same thing happened

well

2:48

i dumped the object stream

2:48

it is ALL encrypted

2:49

6.22 MB

9.85 MB

pfff

2:57

I told ya he might encrypt shit

yeah

3:10

ill just write a decrypter

3:11

or call his decrypt method

25.8 KB

3:21

we are here

3:21

Kt.Y is the method calling the ObjectInputStream to get the hashmaps

3:21

then it iterates

3:22

decrypt methods im guessing

Image attachment

all the decryption is handlded natively whic hsi not nice

4:07

cant even trace the params because zkm

deobf resource functyion

Image attachment

nick

all the decryption is handlded natively whic hsi not nice

ye that was expected

not really

5:15

the natives seem to be random

heh

5:15

I will look into this shit tomorrow

im just manual deobfing the class loading stuff

5:15

and then will figure out how to get an instance of the classloader

5:16

and will just dump their hashmaps

5:19

CH.z = class load method

Image attachment

5:20

https://www.mediafire.com/file/5okn2n0ioihm5b1/out.jar/file constant folded jar

CH.E looks like the decrypt method for the byte[][] (this is the format the classes are stored in the hashmap that i dumped)

5:32

its a pretty big native function

5:37

CH.P = class hash map DA.z = resource hash map (custom impl)

future_resources.zip

9.85 MB

6:48

weird file weirdf name

Image attachment

6:54

resources were gzip compressed

6:54

and im tryna do some analysis on teh class files to just reverse the enc myself

for the classes: there is a byte[3], the first byte array is encrypted (with a unknown algorithm rn), the second byte array is a 32 byte encryption key of some form, and the third byte array i have not figured out a usage yet but it could be an extra piece encrypted by the same key

could we not make a new class loader using future as the parent and dump it that way

9:17

avoids all the retarded encryption

nick

Click to see attachment 🖼️

https://github.com/Ropro2002/raion-public/tree/main/src/main/java/me/cookiedragon234/falcon/antidump/antis

raion-public/src/main/java/me/cookiedragon234/falcon/antidump/antis...

Contribute to Ropro2002/raion-public development by creating an account on GitHub.

11:54

xd

insane code

we could crack breeze

12:23

it will be really ez

lmao

nice

13:07

what the fuck

13:07

ive just went to an old version

13:08

of the native

13:08

and it crashes on the same thing

13:08

what the actual fuck

13:08

im so done

13:08

@Qreaj how can this be

13:11

jup it just doesnt work anymore

13:11

what the actual fuck

what

13:11

you fucked up

13:11

server

no

yes

its the encryption

13:11

it just doesnt work

13:11

it crashes as soon as it encrypts

its your skill issue

every time

13:11

i didnt change anything???

ill check it

13:11

but wait

13:12

in what

13:12

it crashes

13:12

injection or

dm

other shit

Image attachment

13:23

zkm really is my fav

lmfao

13:23

did that for me too

Image attachment

14:20

we are cooking

14:23

breeze.rip:5001 is the host

lol

i need to somehow read the input stream of the host

Thnks_CJ

i need to somehow read the input stream of the host

just save input stream to bytearrayoutputstream

14:45

and open input stream with these bytes

yes but doesnt that nuke the stream?

no

14:45

it wont

14:45

why it would

14:45

if you are replicating same data

yea

Thnks_CJ

Click to see attachment 🖼️

zkm moment

Thnks_CJ

https://github.com/Ropro2002/raion-public/tree/main/src/main/java/me/cookiedragon234/falcon/antidump/antis

insane protection its every skidder's nightmare

wait deadlord

15:35

ur the guy that leaked losebypass src

15:35

?

ye

Lmao

and I cracked breeze too

lmfao

15:35

thats hilarious

15:35

i remember u got wallhacks pretty mad (edited)

yeeee

i wanna make a fully working breeze crack

15:36

i think that would be funny

15:36

with configs and all

for configs u would need an account

we should name ourselfs "p diddy cracks"

15:36

XD

Thnks_CJ

i wanna make a fully working breeze crack

mine was fully working too

just like i did with prestige

Prestige

for configs u would need an account

no

15:36

i can just dump it like i did u

yeah but then u still cant make ur own configs

15:37

which is the most annoying part

yeah u can

15:37

if i added the endpoint i could have done that in prestige

oh lmfao

Prestige

i remember u got wallhacks pretty mad (edited)

Image attachment

15:38

Image attachment

lmfaoo

(skidding most of the rendering util from tenacity)

Image attachment

15:40

lol

15:43

ez

3000IQ is such a kike

lmfao

fuck that my ssd died and I didn't had any backup because I thought I don't need most of the stuff on it...

Thnks_CJ

avoids all the retarded encryption

If we go through the encryption we guarante we get every class and we skip all other checks and weird stuff (such as the not so nice native methods)

lol

837.96 KB

17:24

is there any JNI tool for ghidra

17:27

awesome

11.84 KB

yall really cracking breeze lmfso

breeze is bad

17:29

no point in cracking it

lol

nick

awesome

then what r u doing wi this

17:36

or sm

this is future'

Prestige

yall really cracking breeze lmfso

bored lol

nick

this is future'

ohhh

3000iqplay exploit

Image attachment

The Faceless Lord

fuck that my ssd died and I didn't had any backup because I thought I don't need most of the stuff on it...

it was a more complicated tool and I had no idea he will be this much a kike

just a call logger

ye but that shit doesn't only print out calls

18:04

I fucked a lot of time on it to print out most of the values sent through those calls

18:06

sure I can rewrite it again but I thought -30IQ won't be a fucking dick head

The Faceless Lord

I fucked a lot of time on it to print out most of the values sent through those calls

printing args shouldnt be that bad

18:10

Method* -> get const method* -> get param size -> get a copy of the args and arg size, mov rcx, args, mov rdx, args size -> call hook

nick

printing args shouldnt be that bad

parsing random obfuscated shit is not that easy without making the entire shit crashing

did your call logger use i2i entries right

purely jni based

i2i entry is easiest

I mostly work with java so I don't have too much asm/c++ knowledge

18:14

mainly because I can't really crack c++ related shit on linux (mainly because most of the cheat and other shit is made for windows) and I avoid windows as best as I can so ye (edited)

18:20

ngl I made that tool when I started fucking with c++

just look at the

18:23

template interpreter generator for your cpu in the jdk

18:23

and there should be the generate_normal_entry and generate_compiled_entry

18:23

idk about linux but on windows you have stack with the top being return addr, and the values below are the args (first on stack is the last arg), and then rbx would be the Method* we are calling

windows and linux jvm code is basically the same (except some part)

i2i entries are handled cpu based

18:25

i just categorize x86/x64 as windows because thats like what every1 uses

yea

nick

idk about linux but on windows you have stack with the top being return addr, and the values below are the args (first on stack is the last arg), and then rbx would be the Method* we are calling

problem is most of the shit is still windows only

i have a hook lib that can hook any method

18:26

you can try using it

nick

i have a hook lib that can hook any method

you find methods by signature?

i wrapped it using reflection but yes

18:29

if env->GetMethodID can find it then it can be hooked (unless it gets compiled)

18:29

examplehook.java

543 bytes

I though you talk about hooking shit in the jvm (edited)

this uses i2i to hook

18:30

Image attachment

ye mine was a dll which you can inject in any jvm and get native calls from it (edited)

like hooking native methods or hooking jni ?

hooking jni and get jni calls

oh that isnt the most useful tool ngl lol

well for me it was useful

my call logger can get 2gb of method calls

nick

lol

im just stuck on reversing this rn

18:34

like they parse the object from the object[] and then check if its a instanceof byte[][] but then it never gets used again

wouldn't be easier if you like bruteforce through every class name, load them all and just save the classes from parse_stream? (edited)

nick

Click to see attachment 🖼️

insomnia mentioned

The Faceless Lord

wouldn't be easier if you like bruteforce through every class name, load them all and just save the classes from parse_stream? (edited)

might try that

18:37

if i cant break the encryption

18:37

its just rlly weird

18:37

since the key is literally in the array

18:37

but i tried alot of ciphers and none worked

maybe he use some custom shit idk

nah

18:40

i checked the invokedynamic logs

18:40

its a cipher of something

18:40

probably mixed with something else though that hides the key

you can't just get all the shit from cipher?

hooking cipher doesnt get the fully decrypted

18:41

im pretty sure

you can either retransform that class and add your code or just have a custom jdk and edit that class (edited)

yeah i use custom jdk

ye then just idk edit cipher class and print everything out

yeah ive tried that before

and?

just a bunch of random encrypted data

hmmm

(after hooking doFinal)

and if he does some xor shit after?

18:46

or something similar

that is possible to

nick

3000iqplay exploit

Xddd

nick

that is possible to

probably he would do that

how woudl I force load all teh classes

try to inject code somewhere after future loader starts which call classes with Class.forName

what if there is a checksum

Call classloader findclass

Qreaj

Call classloader findclass

i dont have a instance of it

19:17

if i get a instance i can load all classes

Could you just Hook place where you get KlassInstance?

19:18

And check if classloader

19:20

Wait actually

19:20

Does future block jvmti?

it shoudlnt

That is mod right?

fabric 1.20.4

Just get instance to knot classloader

19:21

Get all classes

19:21

Loop trought them and check how many are classloaders

19:21

There should not be much

lolll

Image attachment

wtfff

19:30

???

Xdd

nick

lolll

why everyone is so retarded there

19:31

what the fuck

trillium private is cold

Image attachment

trillium private

did he solve the crackme

no way they have crackme

nick

lolll

they let any schizo in its insane

crazy ego

Image attachment

️

19:36

this shit is crazy

#aura

Image attachment

next static is natived shit ye?

wdym

loader.en.K or whatever is that

nope

19:39

Image attachment

19:39

K0.H

19:39

is odd

19:39

Image attachment

weird

K0 class looks like some custom encryption type stuff

19:41

hmm

19:41

this is base 85 apparently

got nothing from hook cipher

bruh

Image attachment

21:57

gonna hook this

21:57

grab the instance

21:57

and iterate the map

21:57

and dump[ all hopefully

still cracking future?

21:59

or deobf?

we r cracking

21:59

after we get the jar reconstructed

ahh alr

who is this

Image attachment

the best java reverse engineer

???

idk probably 3000iqplay

maybe

23:36

only mutual server is prestige

what is the plan after we have the jar reconstructed

23:46

since im about to get all the classes dumped

nick

what is the plan after we have the jar reconstructed

uhhh... we will figure out that

future has natives right

23:49

how would yall reverse that

in loader and client yeah

Prestige

future has natives right

ye that's the problem

well

23:49

the loader has like

23:49

10x more complex security than the client

cus native is binary right

yeah

can u even properly reverse that

i can

23:49

its just there is to much of it

23:50

it takes me a couple hours to get through 5k+ lines of jnic

ye so the best would be avoiding to fuck with native

damn

maybe I go back fucking with virtualbox vm.... eh.....

we wont need the account anymore after we have the jar reconstructed right

23:52

unless we plan to spoof

nick

we wont need the account anymore after we have the jar reconstructed right

well maybe for auth emulator but idk

emulating it wont be to bad

23:53

its all passed via socketinput and socketoutput stream

depends on how this shit works

in default socket

23:56

they also have this weird thing that gets passed through every so often

23:56

smth with like a google certificate

wtf

yeah idk what it is

23:58

it might like this x509certificate but ive never used that before

neither me

@Prestige do yk what x509certificate is

are you getting issues

23:58

with ssl

23:58

or what

nick

smth with like a google certificate

this

23:59

its weird data with some plaintext that says certificate and google and a bunch of other stuff

dont they use

23:59

ssl socket?

dont think so

0:00

not sure

can you check?

0:00

if nah then we are cooked

how

they could use certificates

0:00

for data signing

ye

0:00

it looked smth like that

but always

0:01

we can remove verifier

0:01

fr

well if were spoofing

0:01

we dont need to worry about it

0:01

since if we send the same data we will receive the same data

nick

@Prestige do yk what x509certificate is

isnt it sslsocket?

idk

ez

Image attachment

0:31

class defining method found

nice

modern problem modern solution

Image attachment

real

the solution was not modern enough to work

wtf

1:08

it just somehow crashed

nick

modern problem modern solution

when i ddid this

well my dumper gets some of the classes

2:12

but their is still broken constants

boom

Image attachment

2:26

all that is left is to make sure every class gets loaded

2:26

and their corresponding lambda

yeah loading every class is really weird

4:44

i have a working dumper i just canty figure out a good way to load every class

4:44

since it gives me error codes and somehow classnotfoundexception

only need to get 800 more classes (already got 2000 it seems idk)

nick

i have a working dumper i just canty figure out a good way to load every class

meh

Image attachment

17:48

this is in every clinit for some reason

17:52

5.44 MB

17:52

good portion of thne classes incase u wanna look

really really weird but its whatever

ye

18:22

i found a way to get the class loader instance

18:22

so should be able to dump the rest easily

goood

traversing locals my favorite

Image attachment

what does protectiondonain do

no clue

huh is future fabric?

19:23

knotclassloader

yes

ahh

xd

Image attachment

19:41

somehow eventually crashjed but idk

and my vm decided to fully break

Image attachment

virtualbox moment

20:20

you can fix it?

ye i somehow fixed it by just removing and adding back the disks

20:21

but i still cant a dump of every class

bruh

since when im calling to class loader to load them all it crashes on the class soemtimes

20:21

maybe because something on the clinit

20:27

Image attachment

20:27

i dont see how it would be calling the <clinit>

you see why its crashing?

nope

bruh

worst case scenairo

20:31

i can reverse the 13k lines of jnic

20:31

and hack the byte array

The Faceless Lord

you see why its crashing?

Image attachment

wtf

pretty sure though

20:39

that is for the like

20:39

errors

20:39

cause whenever an error appears on screen it also copies to clipboard which would make sense

nick

i dont see how it would be calling the <clinit>

clinit gets called when you do forname

20:39

thats why in insomnia we use a weird as fuck work around

ye

Thnks_CJ

clinit gets called when you do forname

i thought it wouldnt for this one

20:40

since that boolean which is false is whether it should intiailize or not

20:40

il;l try with this and see what happens

Image attachment

me and deadlord found the same thing xd

nick

il;l try with this and see what happens

yes

nick

since that boolean which is false is whether it should intiailize or not

i dont think it matters

my methods are just to good

Image attachment

20:42

this is the best way to get the class loader lol

Thnks_CJ

me and deadlord found the same thing xd

me when unsafe

nick

my methods are just to good

imports my beloved

The Faceless Lord

me when unsafe

real

20:43

icl

20:43

Image attachment

Thnks_CJ

imports my beloved

imports suck in vscode

20:44

you have to do them all manually

i dont even remember why i did half the stuff i did in insomnia

Image attachment

20:45

same thing happensd

why is it getting your system clipboard anyway lol

to copy the error

20:51

i think

just look in jadyen

20:52

might of done some shit in there to stop class loading

20:52

irdk

Thnks_CJ

might of done some shit in there to stop class loading

nah

20:55

it works on the first few

20:55

but on the same class it breaks everytime

just skip that class then

got some of the mixins

21:25

but that 1 class still crashes even after i try catch

21:25

(probably because jnic sucks)

21:30

8.59 KB

21:30

167 clases left

21:33

63 left now

0 classes left

Image attachment

22:00

https://www.mediafire.com/file/8eqydmxjlujhyqi/future_client.jar/file

22:00

full future jar

22:00

it should run AFTER we fix all constants

Btw why we wont make some cpp runtime bytecode tool with gui

22:04

That would save a lot of time

with the ability to edit ?

22:04

it is possible to do

22:04

but we wouldnt be able to edit

22:04

without alot alot of work

nick

with the ability to edit ?

Probably

22:04

The best ability would be to place hooks

like a debugger ?

Read data from classes

22:05

Yes

ye that would be cool

Smth like debugger

22:05

But more powerfull

22:05

I always wanted to do smth like this

nick

https://www.mediafire.com/file/8eqydmxjlujhyqi/future_client.jar/file

btw with this jar

22:06

we are at free will to modify any classes

22:06

0 checksums

does that run?

it will after we fix constants

ohhh sewxy

Image attachment

22:08

anything that is

22:08

$$Lambda$1

22:08

and {klass}$0

22:08

will have to be fixed and removed

22:08

we wiull also need to create our own entrypoint

whats up w them

its these ones

Image attachment

there's a completely fucked class

22:52

fn$0

thats the native

its like 10MB

yeah the native

22:54

anything that is

22:54

prefix with fn$

22:54

is jnic

22:54

all of this

Image attachment

did you look into that shit yet?

?

in that native

havent opened it at all

btw where is the real fn$0 class then

Image attachment

Image attachment

I really should start using new recaf...

im gonna try fizxing the constants

The Faceless Lord

I really should start using new recaf...

it dosent matter

23:00

same shit

new recaf is way bvetter

yeah with that assembler

except for the new assembler

like

23:00

gui

23:00

fuck

the assembler is super annoying

23:01

like

23:01

it does the weird highlighting stuff

23:01

and suggests stuff

23:01

on the entire screen

in recaf 2.0 you needed to switch to table mode and to decompile

23:01

to open both

23:01

in recaf 2.0

23:01

its worse

23:01

you get some suggestion

23:01

stuck on the screen

23:01

and that suggestion comes when you hit enter

23:02

to insert new line

colddd

Image attachment

LMAO

wtf

Image attachment

0:01

its almolst like i dont have 10 libs

Image attachment

0:02

and it still cant find it bro

writing constant fixer rn

3:01

after i dump this 3

Image attachment

3:01

since it somehow missed 3 lambdas

https://www.mediafire.com/file/n18fzrin63w3l06/future_fixed_constants.jar/file

looks good to me

yh

5:58

do u have any tool to fix reflection

5:59

Image attachment

Image attachment

5:59

i need something that just unlocks all reflection

nick

do u have any tool to fix reflection

sadly not really

6:01

most of the reflection is like this or only a few?

not sure

6:02

that is right on the entrypoint

try fix it manually and lets see if there's more reflection error

idk how to fix it manually

tomorrow I will setup a virtualbox shit

without adding in an entire class and stuff

the entire shit looks weird

i believe it dopesnt depend on the loader though

6:07

seperate zkm obfuscation instances ?

6:07

there would be no way to make calls

Image attachment

20:32

figured out why its not working

20:32

somehow all the mixins r completely bombed

you can dump mixins from memory

20:41

like we did with mio

u still have the tool for that ?

yeah?

ok ill task manager dump it

20:42

and i can send u it or u can semd the tool

I can send u the tool

k

Image attachment

vape-autocrack.7z

45.67 KB

k its dumpoing rn

Thnks_CJ

Click to see attachment 🖼️

wtf

if future works without the loader

20:50

i can probably get it cracked today or tmr maybe

ye could work without the loader

The Faceless Lord

wtf

what??

The Faceless Lord

ye could work without the loader

it should

Thnks_CJ

what??

"vape autocrack"

since it was obfed seperately so they wouldnt be able to make calls to the loader

oh yeah

20:50

it was an auto cracker

20:50

for vape

20:50

when i cracked vape w decencies

ewwww kotlin

yeah ik

decencies....

thanks microsoft

Image attachment

20:53

talk about chat gpt

Image attachment

actually

20:53

i think xdark gave me this

lol

why is thiere so much stuff

20:54

arena lol

Image attachment

20:55

the old one i made used like just some random apache lib

21:00

did i run it wrong or smth

Image attachment

21:00

Image attachment

nick

did i run it wrong or smth

its a but tempermental

21:02

might have to enalble language shit in the jdk ]

still no work

wtf

21:04

try building the project

21:05

runs fine for me

ye it still gives same error

nick

Click to see attachment 🖼️

Image attachment

21:06

try changing the lang level

deosnt work

wtff

21:07

how big is the dump

3.1gb

hmm

21:08

u could

21:08

send it to me

iu dont have anywhere to upload it

mega

Execution failed for task ':compileKotlin'.

Inconsistent JVM-target compatibility detected for tasks 'compileJava' (17) and 'compileKotlin' (19)

21:09

i think i fouind the error

21:09

somehow gradle is operating on java 17 i guess

oh yeah

21:09

u gotat change gradle version

21:10

Image attachment

21:10

make it just be

21:10

project sdk

yep works now

21:10

Image attachment

21:10

this is intentional right

yes and np

21:10

no

21:10

if its dup entry

21:10

yes

21:10

if its not

21:10

no

a bit of this

Image attachment

yeahh

qwhere does it output

that normally means the classes are fucked

nick

qwhere does it output

when its done

21:11

it will output

21:11

to

21:11

breeze.jar

21:11

xd

ok nice it worked

it should output mixins

21:12

as mixins are loaded differently and are cached

21:12

since spongepowered is retarded

yeah looks like it got all the mixins

21:13

and they arent broken at all

fire

21:13

see my shit fix worked

hopefully my favorite client will now work

21:14

and once we crack it maybe troll 0x22

0x22 snitched to

21:15

mrnv

21:15

about me asking about his mio dumper

oh u got a screenshot ?

21:15

also kinda weird why they would be partnered

Thnks_CJ

0x22 snitched to

LOOOOOOOOL

Image attachment

21:16

Image attachment

21:17

mrnv thinks im obsessed

21:17

its sad

21:17

mio isnt that special

ye it is

21:17

its just got good prot

21:17

thats it

Thnks_CJ

its just got good prot

not good prot

21:17

good way of obscuring the classes lol

xdd

prot itself sucks

bad obf

21:17

good obsuring of classess

wtf

Image attachment

21:19

jnic just smoked itself

xdd

self destruct

constants couldve been deobfed wrong maybe

21:20

but i dont think so

21:20

ok maybe

Image attachment

yeahh

21:20

i think

21:20

constants got fucked

no the constants itself r good

21:21

just my transformer a slighty error i guses

xdd

nick

ok maybe

what happened here lol

wtf happened

21:22

to ltc price

21:22

lol

lol @Thnks_CJ future just smoked ur dumper

21:24

Image attachment

wtf

da best dumper

yeah its possible that the constatns are entirely broken

we might have to just break the encryption

21:38

these constants are weird and i thinhk are being generated at runtime

21:38

and it cant even <clinit>

21:42

yeah im gonna break the encryption

21:42

most of these constants are accurate

21:42

but some stuff is just broken

21:47

the lambda functions are dynamically generated btw

21:47

(i checked andf the constants were changed)

nick

lol @Thnks_CJ future just smoked ur dumper

yeah Mio also does this

lol

Image attachment

awesome found the decrypt function almost (this is setting up the object[] for the call)

Image attachment

hmm

Image attachment

i think ive figured out how their constants work

1:30

but the not so fun part is the 20k lines of jnic

jnic innovation

Image attachment

17:59

@The Faceless Lord do u remember at all how your jni thing worked

18:00

im trying to hook every single one of those invoke method that are called from the env->CallStatic<type>Method

18:00

and print the args

send the jar

https://www.mediafire.com/file/cw80603r0q76ikm/client-1.20.3-1.20.1.jar/file

18:00

fn$0

what client yall crackin

i would hook it via bytecode but i dont want to get smoked by a checksum

Prestige

what client yall crackin

this is future

18:01

im trying to decrypt the classes

18:01

since if i cant decrypt them then it would have to be a socket spoofer to crack

uhh ye probably I going to need an account for this

nick

this is future

ahh

The Faceless Lord

uhh ye probably I going to need an account for this

i can probably get it hwid reset again

18:04

but i can also just run the thing u make

that's not a good idea

18:04

to reset it again

i still have it working on my vm

you can just give your vm

how

and I will get the same hwid

nick

how

zip the entire folder and send it

18:05

(ye and have one snapshot in it)

Image attachment

18:06

this part ?

yes

k

18:07

im gonna remove some useless stuff and send it

kk

this thing is going to take a year to compress

18:26

Image attachment

18:26

does the stuff on this determine the hwid at all

yeah this thing is not comrpessing at all

nick

Click to see attachment 🖼️

yes

i think it is easier if i just hwid reset it ?

...

it wont compress at all

wait nigga

Image attachment

18:43

xd

Image attachment

nick

fn$0

if we hook this class though

18:51

we can dump / log every native call

18:51

since its all invokedynamics and they all get proxied through it

it is done compressing

19:38

idk any website to upload it to tho

gofile

19:38

https://gofile.io/

Gofile - Cloud Storage Made Simple

Secure, fast and free cloud storage solution. Upload and share files instantly.

19:38

or bashupload if you want it to be downloaded only one time

in gofile we trust

Image attachment

wtf

26gb

19:39

so i expected that

19:40

bruh

Image attachment

awesome it uploaded and then broke and al;l progress is gone

Imagine that i was downloading smth like 40gb

21:51

And first time it failed

21:51

Second time it failed

21:51

And third time guess what

21:51

There was 95% downloaded

21:51

And windows decided to bluescreen

sounds like you had fun that day

yeah

21:52

i was so fucking mad

21:52

about it

dead gc

21:33

there's isn't something else to crack?

future,mio,moon

21:36

i just dot know how to give u the future vm since no site lets me upload it

nick

future,mio,moon

myau aswell

21:37

breeze

21:37

russian clients

21:37

achilles

nick

i just dot know how to give u the future vm since no site lets me upload it

How many gb

21:37

It is

Qreaj

How many gb

26

nick

achilles

that's all?

there is a lot more but thats allk i can name off the top of my head

cracking future is kinda meh... Too much fucking with that rn anything else we have beef with? (edited)

mio client is only other opp

21:41

they are easy to crack if get past the native

nick

26

That wont upload into gofile?

nope

21:41

it uploaded for like 4 hours

21:41

then just died at the end

nick

they are easy to crack if get past the native

we would need an account aswell tho

Make it uze .7zip lzma and make part files

21:42

Like 10 part files

21:42

And upload each one

Image attachment

21:45

@The Faceless Lord if we could just hook this byte[] methods i think that would be enough to get the mio classes

Image attachment

21:45

the java part of the loader is very very weak

nick

Click to see attachment 🖼️

What

nick

Click to see attachment 🖼️

LOL

Image attachment

21:49

want an inv

Yes xxd

ye

https://discord.gg/zsAB2qQN

nick

@The Faceless Lord if we could just hook this byte[] methods i think that would be enough to get the mio classes

ye probably

btw

21:56

lwes_ does not know how to code

XDDD

besides from pasting

I see that

Fucking object obfuscator (edited)

21:57

XDD

object obfuscator

21:57

nigga

21:57

crazy

Now i think that aroma shield wasnt that bad (it was)

maybe we can crack these guys

hmmm

21:59

ye

they dont even have a client out rn lol

lmao

they got smoked by a msvc bug and discontinued their inject client cause of it

LMFAO

22:01

lol

22:01

Fr

Image attachment

22:01

fun fact: he doesnt know how to crack

They cant change msvc toolchain version

nick

fun fact: he doesnt know how to crack

he never crack anything

3000iq does more cracks than he does

cracking no auth shit is easy

Ill put my funny auth in mod and do some funny auth stuff and 300iq is gonna get mad again

frfr

lol

Image attachment

22:04

cant tell if he is stupid or trolling

Xdd

he is just stupid

22:05

lol

i dont think he is going to try and argue

22:05

without like 5 of his friends with him xd

xd

Im now wiritng some random shit xdd

send me ur images

22:07

ill send them

Embedded image

22:07

Send this first

Embedded image

XDDD

Image attachment

LOL

He got really melted

colllddd

Image attachment

welcome to assembly

I think he even dosent know why sometimes movz is used for jumps tho

where we have 3 16 bit registers..

well now

22:14

$$$

He probably never done something that has assembly outside 4gb range

lol

Image attachment

22:19

y is this guy bringing up money

22:19

when they barely madfe 20 sales

22:19

and he got nothing

he got

22:19

$1 (edited)

22:19

that's

22:19

huge

22:19

moners

22:19

(for him)

@Qreaj

22:24

send me the secreenshot if you have

Embedded image

LOL

Msvc be like

epic msvc failure

this is goign to be funny to read later

22:29

when they spam it in trillium announcements

yea lmao

lol

Image attachment

LOL

that looks like aa random family

yea probably it is

@The Faceless Lord use sarcasm

22:43

Say smth like

22:43

It didnt sell

lol

this iso funny

And i put that in trash

they lost all arguments related to the topic

yea lol

Smth like this

they have to come up with "gyspy" argument which never was true lmao

Image attachment

22:44

i wonder whos main this is

Look at general

22:51

That idiot is getting backlashed fr fr

lol

LMAO

he has failed to realize that nobody cares

yea

if only trillium made a client

22:52

but they dont do anything so that is unfortunate

that would go hard to smoke it

Not at all i think

I mean "would go hard" would be insanely funny

22:55

it would be like 5 fucking minute

wowzers0722

22:55

is a trillium member

22:55

there is no way he isnt

probably

22:57

I never heard about him

22:57

I would know probably if not a fucking nn

its a alt

I would recognize any nigga from it

22:57

but not him

one of ethos / bodys friends

Nah it is not body friend or alt for 100%

22:58

You dont know who is body tho

Qreaj

You dont know who is body tho

i know a bit

Qreaj

You dont know who is body tho

yea

He aint from this community that much

just a random french developer

22:58

he knows stuff

I did obfuscator with him to learn asm ow2

22:59

That's what i started from

lol

22:59

our obf has to be good

Yeah

if it gets smoked in a few weeks they r gonna be talking about it for the next year

What we have lack of Transformers

23:00

Rn?

nick

if it gets smoked in a few weeks they r gonna be talking about it for the next year

we can't let that

What transformers are misisng

Qreaj

What we have lack of Transformers

you can show what yall have?

Qreaj

What transformers are misisng

invokedynamic, parametrs, keys, etc

The Faceless Lord

you can show what yall have?

number flow, bad clinit string transformer, crasher,m

nick

invokedynamic, parametrs, keys, etc

I think you missed still something

23:01

Like keys but that are dynamic

23:01

And hard to simulate

ive been trying to make a number flow that is unbreakable

Using ssvm

nick

number flow, bad clinit string transformer, crasher,m

that doesn't really help in knowing how actually those looks like

In other classes etc

Qreaj

Using ssvm

ssvm is shit anyways

The Faceless Lord

that doesn't really help in knowing how actually those looks like

string transformer is basic switch case and ill send you a sample of the flow

23:02

but im rewriting the flow since 0x150 simulated it all in 5 seconds

okey

@nick make dispatch one on switch statements

Qreaj

@nick make dispatch one on switch statements

yeah the verifier is just really aids with it

Nah it really isnt

23:03

Do you have code of dispatch transformer that i sent you?

The Faceless Lord

okey

alot of stuff is spammeds since this was for him to use his transformers on but this shows hte concept

1.98 MB

With number obf it would be good

Qreaj

Do you have code of dispatch transformer that i sent you?

idk

nick

alot of stuff is spammeds since this was for him to use his transformers on but this shows hte concept

ty

23:04

lets see

the transformer itself is good

23:04

just easy to simulate

23:05

i didnt expect that to be a issue since i thought nobody has a tool to simulate

nick

just easy to simulate

hmmm

its easily changeable

Image attachment

23:05

can just add a new hash

nick

i didnt expect that to be a issue since i thought nobody has a tool to simulate

we can add like javax.crypto shit because that instantly smokes ssvm

how dos ssvm work

23:06

like does it literally let u simulate bytecode for bytecode

@The Faceless Lord are u good at making obf

has like a complete reimplementation of the jvm and not really able to handle everything like crypto as unable to load shit for that

Prestige

@The Faceless Lord are u good at making obf

kind of

23:06

I can help improve

23:06

but I mainly worked on deobfuscators

ya

Lets make 1/4 of stack instructions use native jni calls

idk how obf stuff works that much

That would be funny xdd

The Faceless Lord

but I mainly worked on deobfuscators

thats s good thing

23:07

cus then you know how to circumvent those

yep

@nick oh and we have lack of these pure functions

might not use pure functions

But i think these ones could be generated

not sure

Qreaj

But i think these ones could be generated

yeah

I need to make reverse method in my number class

23:09

Shit aint got a time

23:09

Imagine that im sitting fucking 10 hours at school

23:09

Like today i did

whats a pure function lol

Prestige

whats a pure function lol

a determinable function

23:09

that doesant alter the state

Qreaj

Imagine that im sitting fucking 10 hours at school

ye same

Qreaj

Imagine that im sitting fucking 10 hours at school

why 10 hours in school

Idk

im only in school for like 5 hours

23:10

and next semster for only like 3 and a half

Because you dont have much like lessons from programming etc

23:10

Fuck

23:10

In wasting myself

23:10

In school

23:11

At least i always complain about how c#

23:11

Is fucked

23:11

Language

23:11

Imagine that you have Microsoft Access that is just paid sql

23:11

And you have c# (edited)

Qreaj

At least i always complain about how c#

it is

Connector for c# is free

isnt C# easy

easy

23:11

but its trash

But fucking Java jdbc connector is paid

c# is basically java+

@The Faceless Lord how much $ u want to do whatever we tell you to add to our obf

for certain use cases

nick

c# is basically java+

C# is Java with built in JNA

Qreaj

C# is Java with built in JNA

dllimport the best

Prestige

@The Faceless Lord how much $ u want to do whatever we tell you to add to our obf

I don't have too much knowledge making obfuscation so for a while I don't ask money for it but probably later like $5 mainly because school (edited)

Everything has it use but i dont see that in c#

23:13

Like ASP net core is bad

The Faceless Lord

I don't have too much knowledge making obfuscation so for a while I don't ask money for it but probably later like $5 mainly because school (edited)

our main goal with obfuscation is making transformers that can layer, can only be resolved at runtime, and cannot be statically deobfed or are challenging to simulate

Compared to spring boot

The Faceless Lord

I don't have too much knowledge making obfuscation so for a while I don't ask money for it but probably later like $5 mainly because school (edited)

And I don't really work for money anyway atleast every project revolved around money is failed

The Faceless Lord

And I don't really work for money anyway atleast every project revolved around money is failed

First we are going non commercial

nick

our main goal with obfuscation is making transformers that can layer, can only be resolved at runtime, and cannot be statically deobfed or are challenging to simulate

sounds nice and we can do that

And then we can go make it commercial obfuscator like ZKM

Qreaj

And then we can go make it commercial obfuscator like ZKM

yeah

23:14

we can easily beat zkm in competition

Yeah

zkm is an ancient trash

we could probably get jetbrains to use our obf

LOL

The Faceless Lord

zkm is an ancient trash

That everyone is using because there is no better thing

by strategically cracking their entire tool suite

Qreaj

That everyone is using because there is no better thing

yea

they still use zkm

Without native of course

nick

they still use zkm

they still have boolean auth

oh yeah our transpiler going to be crazy when i get to completing it

nick

they still use zkm

Clion crack with stealer is obfed by zkm

23:16

Fr

The Faceless Lord

they still have boolean auth

no obfuscation saves that

The Faceless Lord

they still have boolean auth

Well we could make some annonation based shit

23:16

That would be slow

for auth doesn't matter

But if put on auth it would be crazy

@Qreaj we need to improve virt

23:17

with a fully custom class file format

23:17

that is impossible to reconstruct the original

Bro no time

23:17

That's my issue

The Faceless Lord

I don't have too much knowledge making obfuscation so for a while I don't ask money for it but probably later like $5 mainly because school (edited)

5$???

Rn

bro im not argon

23:17

i was thinking 100-200

23:17

but if ur not that good then nvm

lol

ig u can help and also learn

Prestige

but if ur not that good then nvm

I mean I can deobf shit so I can make obf but not sure how good would be

we still need to reverse zkm source and steal all the features

23:18

maybe u could do something like that?

The Faceless Lord

I mean I can deobf shit so I can make obf but not sure how good would be

that's why I don't ask much

23:18

I usually worked on crashers

ahh

Making obf idea is one thing having knowledge about obf etc is second thing

23:19

That's maybe why @The Faceless Lord dosent want to say that he would make superior obf

23:19

No idea = no obf

xd

ye I need some idea

That's what's all about

23:19

Im going to sleep ill maybe at school tommorow try to make some flow ideas

Prestige

maybe u could do something like that?

I can do that too but I would work on obfuscators too because I need more experience with that

btw for the obfuscator we use our own version of ow2 asm

23:21

ow2 asm tree

23:21

not entire ow2 asm

The Faceless Lord

I can do that too but I would work on obfuscators too because I need more experience with that

alright

The Faceless Lord

I can do that too but I would work on obfuscators too because I need more experience with that

idk if you remember that prestige reversed src is entirely mine

yes

yes and i heard it took you like half a month

ye for renaming shit

23:21

we renamed argon in about 1 houre

Prestige

yes and i heard it took you like half a month

ye and I did this while having school

23:22

and alone

23:22

plus making qProtect transformers

lol

23:22

i made the argon deobf transformer in like 5 mins

qprotect the best

they had a horrible zkm config

LMAO

the obfuscation market is crazy tho

23:23

zelix has over 15k sales

Prestige

yes and i heard it took you like half a month

ye and kotlin didn't helped either

The Faceless Lord

ye and kotlin didn't helped either

kotlin sucks

yea

everything is in java now

23:23

we switched

The Faceless Lord

ye and kotlin didn't helped either

lmfao

kotlin is a good flow obf ngl

LMFAO

23:24

yeah cus all the crazy syntax stuff

23:24

converts to java in such a bad way

while generating junk methods like this

Image attachment

ikr

The Faceless Lord

while generating junk methods like this

(from android api)

23:25

so that 2 week was mainly me unfucking kotlin code

23:25

and figuring out accurate method/field/class names

sounds fun

ye drove me insane

bro

23:27

Image attachment

23:27

were so cookedw

Prestige

yes and i heard it took you like half a month

other notable shit its a fully buildable 1:1 reversed version

23:28

so works as well as the original mod

nick

Click to see attachment 🖼️

LMFAO

The Faceless Lord

other notable shit its a fully buildable 1:1 reversed version

oh ye

@Thnks_CJ can vouch

are u good with c++

kind of

23:29

I mainly worked with java but I know shit about c++ too

23:29

atleast jvm stuff

i2i entry!

ngl I'm kinda lazy so I don't know some of the terms for shit

23:32

but I worked on c++ loader for rise before Alan and his retarded kike team turned against me

23:32

https://streamable.com/9ia7yc

we have c++ loader

$$$

it needs improvemenss tho

23:33

i think

we have native loader

23:33

not fully cpp

basicallyt the same thing

i mean partially native

heres random generator

23:34

EXTERN malloc: PROC

.code

_verify_rdseed PROC
    mov eax, 07h
    xor ecx, ecx
    cpuid
    bt ebx, 18
    jnc short unsupported

    ret

    unsupported:
    ud2
_verify_rdseed ENDP

rand_seed PROC
    test ecx, 7
    jnz short crash

    push rcx
    push rbp
    mov rbp, rsp
    and rsp, -16
    call malloc
    mov rsp, rbp
    pop rbp
    test rax, rax
    pop rcx
    jz short crash
    mov rdi, rax
    
    seed:
        rdrand rbx
        mov qword ptr [rdi], rbx
        add rdi, 8
        sub ecx, 8
        jg short seed
        ret

    crash:
        ud2 
rand_seed ENDP

END

nick

it needs improvemenss tho

hmmm (edited)

23:34

we can add more checks and other funny

like?

23:35

do u have some good c++ checks

ye a few idk how much your loader has

like nothing so far

i dont think we even have checks in the native

were working on stuff

23:36

im first making sure all the requests are functional

the main goal of the native should be to just hide the important stuff

23:36

and ensure nothing is spoofed

which they are now cause i made all config stuff functional

23:36

and now im gonna add checksums that the server sends and the client can verify with

btw

and then we need those other checksums

we should link the native

23:36

so that the client will not work without the native

23:36

so they cannot reconstruct the jar

like how?

idk

23:36

use maethods from the native in it

23:37

and a bunch of other stuff

23:37

and ensure the checks get ran

Prestige

like nothing so far

huh

23:37

I can write some funny checks

okay okay

nick

EXTERN malloc: PROC

.code

_verify_rdseed PROC
    mov eax, 07h
    xor ecx, ecx
    cpuid
    bt ebx, 18
    jnc short unsupported

    ret

    unsupported:
    ud2
_verify_rdseed ENDP

rand_seed PROC
    test ecx, 7
    jnz short crash

    push rcx
    push rbp
    mov rbp, rsp
    and rsp, -16
    call malloc
    mov rsp, rbp
    pop rbp
    test rax, rax
    pop rcx
    jz short crash
    mov rdi, rax
    
    seed:
        rdrand rbx
        mov qword ptr [rdi], rbx
        add rdi, 8
        sub ecx, 8
        jg short seed
        ret

    crash:
        ud2 
rand_seed ENDP

END

use this on the encryption

23:38

it is weird

23:39

c++
#ifndef OTP_H
#define OTP_H

#include "types.h"

struct Key final
{
    private:
        Key(BYTE* _data, UINT _size) : data(_data), size(_size) {}
        Key(const Key&) = delete;
        Key& operator=(const Key&) = delete;
    public:
        BYTE* data;
        UINT size;

        ~Key() { delete[] data; }

        static Key* allocate(BYTE* data, UINT size) { return new Key(data, size); }
};

extern "C"
{
    __forceinline BYTE* __fastcall rand_seed(UINT size);
    __forceinline VOID  __fastcall _verify_rdseed();
}

__forceinline Key* generate_key(UINT size)
{
    _verify_rdseed();
    return Key::allocate(rand_seed(size), size);
}

__forceinline UINT size(BYTE* data)
{
    UINT count = 0;
    while (*data) count++, data++;
    return count;
}

__forceinline VOID encrypt(BYTE* data, const Key* key) noexcept
{
    UINT block_size = size(data);
    if (block_size > key->size) {}
    for (UINT i = 0; i < block_size; ++i)
        data[i] ^= key->data[i];
}

__forceinline VOID decrypt(BYTE* data, const Key* key) noexcept
{
    UINT block_size = size(data);
    if (block_size > key->size) {}
    for (UINT i = 0; i < block_size; ++i)
        data[i] ^= key->data[i];
}

#endif // !OTP_H

hmm

23:40

simple xor might not cut it

just another layer and enough to obscure them away

23:40

+ it generates near perfect entropy randoms

23:41

directly from cpu

yea maybe

i plan to improve the number stuff by flowing it through a switch case

23:42

so it will go through a certain of path of cases and alter hashes

23:42

case 1 -> case 9 -> case 7 -> case 4 -> exit

23:42

with tableswitch to save perf

I want to make a really epic alert system in native loader (because I always planned that)

23:42

so we can catch most of the niggers early

we have one that sorta works

23:43

but it definetly needs improvements

I can help

The Faceless Lord

I want to make a really epic alert system in native loader (because I always planned that)

okay okay

23:46

just make a native project

23:46

add the checks and such

23:46

ands send me it

23:46

and ill implement it in my native

I need to directly add it...

23:48

otherwise I don't think it would work

nah probs cant do that

23:50

i dont trust u well enough tbh

why?

23:51

@Thnks_CJ can vouch I'm not just a random nigga

23:51

23:53

$50 ok? and I cook some good prot (edited)

ye sure

$$$

The Faceless Lord

$50 ok? and I cook some good prot (edited)

but for that I need to work together with others and the current base to make it work

uhh

23:58

for what would you need the base

23:58

i mean they are just checks ig

I need to directly integrate the checks in many shit?

23:58

its matter what check does what and where

there is not many shits

23:59

rlly

I'm not like fucking brownie

lol

0:00

what checks will u add

mainly dump, hook and sanity checks

okay

0:00

i mean all we rlly have is requests

The Faceless Lord

mainly dump, hook and sanity checks

which sends report to the server if flagged

alr

i can add a klass dump breaker

we need both for the funny

Klass* dumping is impossible to just detect

0:02

but you can prevent or break it

how to patch task manager dump

you cant

0:02

lol

0:02

but can obscure it

0:02

to make it useless

oh

0:02

how

task manager dumps rely on the magic class file header (0xcafebabe)

0:02

which is stored in memory in the Klass*

0:02

so if we just remove it

0:03

they wont have a guaranteed way to fully identify and reconstruct the classes

kk

0:03

couldnt we just like

0:03

make the native

0:03

download some libraries in the back

0:04

on a separate thread

0:04

so when they dump

wait

theres a gazillion classes

we could technically break the stack frames from memory

0:04

lol

0:04

so if someone memory dumped it all stack frames would be broken

lol

yea

alright

0:04

how we do this

ddos java

can we make a list for sir faceless lord

we also need like

0:05

anti jvm hook

ye

but that should be easy i think

0:05

we can just retrieve the jni function table and compare pointers

okay so

0:06

Anti Dump
Anti Debug
Anti JVM Hook
...?

anti spoof

0:06

checksums

yea

what can you make without access to our native

like concept checks but that won't be that helpful

0:19

and I need mutual trust I don't want to be fucked over like in rise...

why u need the source for anti dump, debug and hook?

checks worth nothing if you don't hide it well

wut

0:20

i dont see why u would need source bra

whatever you can add checks randomly

Prestige

i dont see why u would need source bra

to implement stuff lol

me and qreaj can do that part

0:22

just need the plain checks

it is tough to work on something when in a fully seperate project

The Faceless Lord

and I need mutual trust I don't want to be fucked over like in rise...

however I won't just go into any deal without having proof I won't get fucked over

nick

it is tough to work on something when in a fully seperate project

that's the other point

nick

it is tough to work on something when in a fully seperate project

yea ofc

The Faceless Lord

however I won't just go into any deal without having proof I won't get fucked over

wym?

I worked on their prot and I got nothing from it because before I finished it they ditched me for brownigger

ohh

0:23

ill pay u bro

0:23

like idk u can ask qreaj and cj

0:23

i havent paid nick cus everytime i ask he just goes on

0:23

i paid qreaj over 1k and cj idek

The Faceless Lord

I worked on their prot and I got nothing from it because before I finished it they ditched me for brownigger

so I want access to src to implement it in my own way and be sure I won't get fucked over

Prestige

i havent paid nick cus everytime i ask he just goes on

yeah cause im the best

$$$

i even hired this guy to redo my backend and like after a week or so i realised i was better off in php cus i can actually edit it and i still paid him like 200

0:25

money isnt a problem for me bro trust

0:25

if you help me, teach me do smth for me im more than glad to pay

I got the same "I will be paid anyway"

i can pay u upfront even

0:27

but then you gotta specify some delivery time

Prestige

but then you gotta specify some delivery time

I don't really work with deadlines because school and other random shit I just want it to be fair

0:27

I literally defended your client

Image attachment

yo

0:28

im making that a gif

0:28

fire

The Faceless Lord

I don't really work with deadlines because school and other random shit I just want it to be fair

oh yeah i understand

The Faceless Lord

I literally defended your client

Lmfao

lol

how long do you think it will approximately take you

0:28

with school and such in mind

some random guy started sending random pictures of u

0:28

trying to prove something

LOL

Prestige

with school and such in mind

probably days depends on many shit

0:29

for like the first checks

0:29

for more complex shit ye I need more time

Image attachment

The Faceless Lord

I literally defended your client

Image attachment

The Faceless Lord

probably days depends on many shit

okay

he never told what a cv is

0:30

xd

cus i want to release my update before christmas

okey

Prestige

cus i want to release my update before christmas

so until january

The Faceless Lord

probably days depends on many shit

okay

nick

so until january

bruh

LOL

until like 20th or sm

0:30

so i can release and host a christmas sale

0:30

i also made gui alot better

0:31

i can show ina sec

$$$

Prestige

bruh

i was enlightened

Image attachment

i added glow on enabled modules, new animations, rounded option and glow on the category icons

0:31

which is really good

nick

i was enlightened

oh shit mb i was wrong

nick

i was enlightened

lmao

we need a installer to

0:32

liek this people complain eveyr 5 mins

true

when they are on java 8

i wnat a nice gui

and we need the mod hider

yea

and string ss bypass

nick

and we need the mod hider

mod hider?

nick

and string ss bypass

we have c++ we can nuke whatever memory we like

0:32

its classloader so it wont show up in mod menu correct?

Prestige

its classloader so it wont show up in mod menu correct?

the loader mod would but other than that no

ohh correct

Prestige

mod hider?

shadow the jar inside other mods if possible

0:33

and nuking memory from c++ we can yes

0:33

or just the argon thing

i have a ss bypass

0:34

and since the mod loader doesnt have any resources

0:34

we can ez do that

0:34

cus the only problem prestige has is it sometimes doesnt load resources

0:34

cus the mod menu bypass

Prestige

okay

ye and I want to add more funny... The detection system will have multiple stage (per violation shit)

ait

0:34

when can u make that

0:35

will u be able to have it done by sunday?

0:35

possibly?

0:35

or even earlier

I can't say when but when its done its done I will try get it done as fast as possible

alr alr

and what funny

0:36

(wait)

wa

0:37

check

https://streamable.com/f905lk

0:37

I made this like 2 years ago (edited)

lmfao what the fuck

"the funny"

0:38

and this is fully in java

fr? damn

ye

The Faceless Lord

https://streamable.com/f905lk

3rd violation (edited)

0:40

(revokes the license too)

The Faceless Lord

(revokes the license too)

oh yes very useful after u bomb their pc

Prestige

oh yes very useful after u bomb their pc

just graphical

bingogamer can delete their windows

oh

nick

bingogamer can delete their windows

fr

0:41

some guy in our discord got trolled by bingogamer23 who said he had an SS bypass in cmd

0:41

which is a delete windows command

0:41

and the guy ran it

LOL

fun

Image attachment

The Faceless Lord

I don't really work with deadlines because school and other random shit I just want it to be fair

But ye as a mutual trust I want direct access (and to implement all the funny because without looking at the code its much harder and will delay it) I'm in this fucking community for like 3-4 years now even if I started cracking shit 2 years ago (edited)

0:46

My rep worth more than randomly fucking over a client

argon reference

argon lmao

The Faceless Lord

But ye as a mutual trust I want direct access (and to implement all the funny because without looking at the code its much harder and will delay it) I'm in this fucking community for like 3-4 years now even if I started cracking shit 2 years ago (edited)

mhm im sorry idk about that

0:47

like i understand and stuff

0:47

but ive been talking to you for like a day or sm

Prestige

mhm im sorry idk about that

well rn it is only requests

0:47

so it doesnt matter that much

true but even that is kindddaa sensitive

yeah but worst case scenairo we just mix around the requests and changfe stuff

and even with the native theres like no point in having the native if u dont have the loader

0:48

and the client

Prestige

but ive been talking to you for like a day or sm

I was working with rise devs while they sucking brownies dick and I tolerated long weeks of abuse just because I promised I will do my shit (edited)

damn

Prestige

and even with the native theres like no point in having the native if u dont have the loader

but ye this

0:49

i would have to give full prestige src, loader src all of it

0:49

idk if i can do that tbh

0:49

probably in the future

0:49

just need to work together more you understand

I only need just the loader part

0:49

not the entire thing

0:49

you can separate as a different repo

yeah

but whats the point in having the native if u cant even run it nothing rlly

we can just use a test jar

Prestige

but whats the point in having the native if u cant even run it nothing rlly

to test

just do it without for now

0:50

and just load it with a test java program bra

Prestige

but whats the point in having the native if u cant even run it nothing rlly

I always have test jars

0:51

so I only need the loader itself

0:51

not the entire thing

but im like not rlly understanding

hm?

why u would need the loader

0:52

cus u can do all of that in just a test program

0:53

to figure out if ur code works

0:53

and then i can implement it

because I want to develop the loader itself and not just random codes for that?

0:53

but sure I can make

0:53

the few basic checks

0:53

without it

okay cool

0:53

get going with that ig and we'll see

0:54

would you like me to pay upfront or when its done or whatever

when its done

kk

Image attachment

0:58

welcome to youtube

dude sometimes theres 2 unskippable ads of 20 secs each

0:58

like wtdf

0:58

i even got 3 ads before

me when

yeah the ads are so bad now

adblocker

it works

0:59

but for like 3 vids or sm

0:59

and then youtube says fuck u

0:59

and blocks u

Prestige

and blocks u

because u use shitty adblocker

1:00

what browser you use?

opera

1:04

normal

1:04

not gx

FUCKING OPERA

1:04

LMFAO

use chrome its better

CHROME

1:04

LOLOL

1:05

don't be fucking retarded

The Faceless Lord

FUCKING OPERA

it looks nice

use brave

why not

yeah ur linux browser probably doesnt even have a gui

????

The Faceless Lord

use brave

brave is ugly

1:05

opera look good

1:05

why should i not use it

opera is a nice spyware

1:05

ching chong ding dong

spyware is useless

1:06

nobody wants to spy on randoms

The Faceless Lord

ching chong ding dong

so is everything at this point

uhh ye whatever

1:06

then no idea

1:06

what adblocker would work

opera just look good

1:06

and i dont see a reason for another browser bra

1:08

i have too much memory so a bad browser but good looking dont matter

Image attachment

1:08

mine memory is always at 80%+

Image attachment

nick

Click to see attachment 🖼️

ye

Image attachment

ez

1:09

ddr5 is sexy

Image attachment

nick

Click to see attachment 🖼️

2100mhz

lol

Prestige

2100mhz

that is good

1:10

i think

bro no

1:10

u have ddr4?

dont know

bruh

how do check

how long ago did u buy ur memory

probably like 1.5-2 years

The steps are easy and just follow the guide. Step 1: Launch Task Manager by right-clicking the toolbar on the bottom of the computer screen and choose Task Manager. Step 2: Go to the Performance tab, click Memory and you can know how many GB of the RAM, the speed (1600MHz), slots, form factor.

1:11

wtf

1:11

Select Memory from the left pane. You should see the amount and type of RAM your PC has in the top right corner of the screen.

Prestige

u have ddr4?

well I have ddr4 too

slow ass

Image attachment

i have ddr5 7000mhz

1:11

storage

Image attachment

1:14

wtf my gpu has more memory than my ram

Image attachment

lol

1:24

U have 36GB vram??!?!?!

1:24

oh no nvm

1:24

thats not v ram

suprisingly they didnt put the argument they lost in trillium announcements

lol

what can i still add to the native

lol

Image attachment

19:23

he fixed the msvc bug the day after we mentioned it convientnly

HAHAHA

lil turtle

Image attachment

lmfao what

soime random guy is wax is failing horribly to paste and use chatgpt

nick

he fixed the msvc bug the day after we mentioned it convientnly

LOLOLOL

Image attachment

LMFAOOO

21:00

real worlds

btw

21:00

if you want to fix that jnienv thread issue

21:00

you would have to use the previously obtained jni env

21:01

or get a jvmtienv* and iterate loaded classes to get the jclass

Prestige

real worlds

nice code

Image attachment

21:52

very readable

21:52

very useful

Thx

its like magic isnt it

Image attachment

didnt make that bra

Prestige

didnt make that bra

looks like something you would make

21:55

lol

Is there smth like lombok for c++

21:56

?

21:56

Or nah

nick

its like magic isnt it

#pragma once

dont think so

nick

lol

nah didnt make it

Qreaj

#pragma once

header guard better

Nah same shit

btw

But takes 3 lines instead of one

getter and setter in c++ Is useless

21:58

why do getHwid() when you can just do obj.hwid, obj.hwid = "1234"

nick

getter and setter in c++ Is useless

No they are idiot proof fr fr

21:58

Compiler would inline that anyway

yes

21:59

so might aswell inline it yourself make stuff more readable

But like fuck

22:01

You dont want anyone setting hwid right?

22:01

Getters and setters are just

22:01

Like it gives a way how u should use data and how not

22:02

@nick just leave that as it was

iim just rewrtiting stuff and making it all more readable

22:03

so everything is manageable tow ork with

22:03

like the entire visual studio project was just broken

It was not

nick

iim just rewrtiting stuff and making it all more readable

ty

Qreaj

It was not

it was

22:03

there was like

22:04

10000 included headers in the header files

22:04

and no filters or anything

22:04

and half the files werent even inth e project

22:04

no libs were setup

what

22:04

Show all files

22:04

And use release

22:04

Configuration

Image attachment

22:04

i already fixed a good bunch of it

22:04

but i still exclude alot of files from build

22:04

due to lib issues

WHAT ARE YOU DOING

22:04

fuckkk

22:05

Dont use filters

why

Because they are shit

22:05

Use folders

22:05

Of course everyone likes to have everything in one directory?

22:05

I dont think so

i would but i dont know how to create a folder

22:05

the only option visual studio gives is filter

NO

22:05

give me screenshot of your visual studio

Image attachment

I will mark what you need to click

22:06

To use folders

Image attachment

https://stackoverflow.com/questions/77508548/visual-studio-not-showing-all-source-files-in-solution-explorer

Visual Studio not showing all source files in Solution Explorer

*I couldn't find any info online about the exact same issue I'm having I'm using Visual Studio 2022. Last time, I was working on a C# library, and closed the IDE. I saved all source files, but I di...

k i did it

22:07

Image attachment

22:07

is there a way to remove those folders

22:07

the x64 & dependencies

Idk

22:09

But leave it clicking view in explorer (edited)

22:09

Is always faster than finding it

perfect

Image attachment

22:10

that is good

lol what is happening here

nick

perfect

what's this?

java/jni sdk

hmm

im trying to fix it rn

22:12

it works just needs more caching for perf

why do we even need an sdk??

Prestige

why do we even need an sdk??

cause

22:13

im to lazy to

22:13

env->GetMethodID

22:13

env->FindClass

22:13

and this solves my problem

we dont even use minecraft classes in this?

Image attachment

22:14

its not just minecraft

22:14

entire jdk

for what is it then

22:14

we wont need any of this

Image attachment

22:15

way way way easier than doing this

we wont need the fucking entirety of java and minecraft and libraries to handle 5 getMethodIDs

22:16

what the fuck

wtf

Prestige

we wont need the fucking entirety of java and minecraft and libraries to handle 5 getMethodIDs

u realize we need way more than 5 method ids

okay maybe 10 im sorry

probably more

22:16

yk cause like

22:16

entire loader

we dont need an entire sdk

22:17

name the things we need to use get method id for

jvm args

22:17

reflection

22:17

annotations

22:17

reading classes

22:17

parsing zip files

we do not need an entire sdk

lol

22:22

btw why is it like this

Image attachment

22:22

since there is only 1 java instance it could just be static

@Prestige what should i impl

checks

22:55

whatever u think is best

22:55

but not sdk

yeah but like waht type of checks

22:55

like anti dump, anti debug or what

yes

23:12

both

23:12

and anti hook

what type of anti hook

23:12

like jvm sided, java method hooking, hooking methods in our dll ?

Prestige

and anti hook

working on anti jni hook

ill make smth that just destroys task manager dumps

23:13

and ill look into breaking klass* dumping

alr

23:13

cool\

23:13

anti vm too

23:13

what can i do?

vmaware

23:14

you can do anti vm

23:14

with vmaware easily

23:14

https://github.com/kernelwernel/VMAware

GitHub - kernelwernel/VMAware: VM detection library and tool

VM detection library and tool. Contribute to kernelwernel/VMAware development by creating an account on GitHub.

i think we have this already

23:14

in injector

yeah well might aswell add it

23:14

since this is seperate from injector

23:17

Image attachment

23:17

nothing compiles still

build mode release

awesome stuff finally works

also make a flag system

23:19

like what we should do on flags

23:19

crash

wdym

stop

23:19

wtv

23:19

is best

all silent

23:19

unless it is a really bad flag

23:20

like if its a debugger -> instantly crash and disable account

yes

i can set up flag system n stuff

alright do that

yeah ilkl do it in a hour or 2

kk ty

23:22

what can i do

setup vmaware and stuff

23:22

fix badcode

23:23

set up more requests and make stuff more advanced

okay

23:23

what more requests?

23:23

what more advanced

just look for things that could easily be spoofed or modified

23:24

and obscure classes more

@nick

0:06

can u check this security

0:06

are u on

0:07

its a client called Shoreline

xd

its like some kinda upcoming 1.20 anarchy client

0:07

yk it?

0:07

my friend has the loader

sure send ill look at it in a bit

can u like give a quick run through

yes

alr alr

0:08

hes sending

0:08

shoreline-loader.jar

55.79 KB

0:09

they got native

0:09

this is like what we should have

0:09

1 class

their loader seems bad

lol how

0:10

its like full native

so

0:10

either they download the loader from a server

0:11

or their native is not protected at all

lol what

get me the native

how do i do that

AppData\Local\Temp most likely

i dont got an acc

yeah ask u friend to run it

0:11

with his acc

0:11

and get the loader

0:11

native

do yk the name of the file

0:11

he just got off

k ill just get it myself in a bit

0:12

they have horrible obf tho

isnt it just

Image attachment

thaqt is not the native

0:12

the jar is only 55 kb

oh what is that

0:12

oh true

0:12

then how they download

xddd

Image attachment

Prestige

then how they download

a url

oh lmfao

0:12

thats what we should do aswell right?

0:12

url download

nick

xddd

@Thnks_CJ isnt this branchlock

0:13

Image attachment

what compiler

wdym

decompiler

cfr

u use in recaf

0:13

mhm

0:13

cuis mine just gives shit

0:13

faled to decompile

0:14

well if is not zkm its most likely shit

Prestige

faled to decompile

open it in the disassembler

0:14

and remove the exception ranges

oh

0:14

lmfao

Image attachment

0:14

new obf meta

okay hes back on

0:15

how can he get the native?

0:15

do u have some path or sm

tell him after he runs it to check temp folder

nick

AppData\Local\Temp most likely

.

alr

and look if there is a large random file

0:16

or .dll

hes doiung rn

0:20

https://cdn.discordapp.com/attachments/1316516254374432821/1316545152575082597/2112285200501659056.dll?ex=675b6fb8&is=675a1e38&hm=4af8250a2b1656f28e55fcbc2f459749cbe11ca6c77b32b85631bed991c65a4b&

0:20

could it be this

0:20

2.16mb (edited)

yeah

0:20

probably is

0:20

is there any others

0:21

since they will clear afte rgame is closed

Image attachment

0:22

thats the moment he ran the client

0:22

00:19

yeah

0:22

this is the native

epic

0:22

is it virtualized or protected

its packed

shizzle

so u can try n dump it if u want

0:23

https://github.com/glmcdona/Process-Dump

GitHub - glmcdona/Process-Dump: Windows tool for dumping malware PE...

Windows tool for dumping malware PE files from memory back to disk for analysis. - glmcdona/Process-Dump

should i tell him to

0:23

task manager dump

nick

https://github.com/glmcdona/Process-Dump

this is better

anti dump?

it shouldnt detect that

0:23

there is very very small chance it does

should i tell him first to do a task manager dump? (edited)

sure

alr

does it have alot of customers

uhhhh

0:28

my friend said 10 people bought the 250$ beta version

0:28

but idk if i believe that

0:28

ima join their cord

its invalid

and theres also a normal version for 19.99

nick

its invalid

?

https://discord.com/invite/shoreline

https://discord.com/invite/SWhEuyQnWr

0:29

we can ask to test their security for free

0:29

and then if u find a flaw u publish lel

and then drop the src!

ez

bhaigaming 324 yt shines again

ezz

0:29

i mean its worth asking

0:29

we have nothing to lose

0:30

i think my guy got off

0:30

he had work tmrw

0:30

so he cant dum

0:30

p

0:31

he said he'll do tmrw

ok

0:31

ive got a good idea

whats ur idea

ping owner

0:31

ask if we can have src

0:31

says no -> we get src

lol

0:31

okay

says yes -> we get remapped src

ez!

0:32

lets say were plutosolutions

no

and ask if we can test their security for free

lol

0:32

OpBhaiSolutions

lol

IndiaSolutions

we should do

SigmaSolutions

ill pay 50$ if we cant crack

0:32

but we need a free acc

0:32

they stole Mud client shaders bruh :(((

Image attachment

0:33

https://www.youtube.com/watch?v=eDCBig9v4JE

Ruining CrystalPvP.CC 1.19.3 with Anchors

reason for crack: stole my shaders i made in 2021

my client but this one is like more spaced out lines

nick

reason for crack: stole my shaders i made in 2021

frr

0:33

i added vmware btw

Image attachment

0:35

i think this is the auth guy

EZ

nick

i think this is the auth guy

ye

0:36

my friend said he was yes

0:37

YPLOO

0:37

IM SO SMART

xdddd

do u have a vm

0:37

or something

bruh

or are u willing to risk or sm

0:37

or a harddrive

Image attachment

bruh

0:38

best website

Image attachment

0:38

very good features

0:38

1 2 3 4 5

0:39

purchase button doesnt even work

Image attachment

yes

0:39

that kid

Image attachment

is retarded as shit

productive

he was by far one of the most retarded anarchy players in like 2022

0:39

he was a newfag back then

0:39

i doubt he can do anything in terms of coding

0:43

what should i say

Image attachment

Prestige

what should i say

"microsaft"

no im not trying to troll

0:43

im trying to get us a trail

whats that one ting for windows

0:43

that like emulates it

0:43

wine

what?

0:44

should i say that?

not sure

0:44

https://en.wikipedia.org/wiki/Wine_(software)

Wine (software)

Wine is a free and open-source compatibility layer to allow application software and computer games developed for Microsoft Windows to run on Unix-like operating systems. Developers can compile Windows applications against WineLib to help port them to Unix-like systems. Wine is predominantly written using black-box testing reverse-engineering, t...

0:44

this is what it is

0:44

wtf

Image attachment

0:44

there is now way this guy is just here stalking

lol

0:45

ohh thats the wax guy

0:45

Image attachment

0:47

ez

0:47

Image attachment

0:47

were homies

0:51

is there any other important ones to check for?

bool DebugProcessVerifier::verifyDebugProcesses() {
    return getPID("HTTPDebuggerUI.exe") !=  0 || getPID("x64dbg.exe") != 0 || getPID("HTTP Toolkit.exe") != 0;
}

search around

0:51

for other anti debugs

0:51

there is huge lists

https://github.com/BaumFX/cpp-anti-debug/tree/master

GitHub - BaumFX/cpp-anti-debug: anti debugging library in c++.

anti debugging library in c++. Contribute to BaumFX/cpp-anti-debug development by creating an account on GitHub.

0:52

5 years old tho

https://github.com/x64dbg/ScyllaHide

GitHub - x64dbg/ScyllaHide: Advanced usermode anti-anti-debugger. F...

Advanced usermode anti-anti-debugger. Forked from https://bitbucket.org/NtQuery/scyllahide - x64dbg/ScyllaHide

0:53

anti anit debug

alr

im looking for that one that had alot

alright lmk

0:53

ill implement

0:53

ill also just have this one

https://anti-debug.checkpoint.com/

Anti-Debug Tricks

Anti-Debug Tricks

which just checks PIDs and if they exist then it will kaboom

0:53

and then second layer is another one

nick

https://anti-debug.checkpoint.com/

this has the good stuff

ye i see

it also lists the mitigations

0:54

so what we would have to prevent

https://anti-debug.checkpoint.com/techniques/debug-flags.html

Anti-Debug: Debug Flags

Anti-Debug Tricks

0:54

so i should just go through this

0:54

and implement?

ig

0:55

https://github.com/x64dbg/x64dbg/blob/development/src/dbg/ntdll/ntdll.h

x64dbg/src/dbg/ntdll/ntdll.h at development · x64dbg/x64dbg

An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis. - x64dbg/x64dbg

0:55

youll need this stuff

whats this?

0:57

is it like a pragma comment

0:57

lib

ntdll headers formatted and stuff

0:58

it has the .libs there aswell

0:58

also

0:58

I would recommend getting used to using nt functions

0:58

as they are unhookable from user mode

mhm okay

well

0:58

they can be hooked but tough

wait so i need to take this .h

but syscalls arent hookable

and put it in the dependencies?

nick

but syscalls arent hookable

alr

i guess yeawh

0:59

and the .lib

okay

1:01

just those?

well those structures are used alot in anti debug

okay cool

1:01

so i need the .h and .lib

yeah

and then i assume linker on the lib

well you dont NEED the .lib

1:01

but it makes usage 10x easier

huh

1:01

wym?

without lib you would have to do GetProcAddress

1:01

with typedefs and stuff

oh

but yeah just use the .lib

1:02

it makes it better

does the lib make it bigger or sm

1:02

whats the downside

no

1:02

the lib would make it smaller

1:02

+ easier to use

oh okay

also

1:03

if youa rei mplementing all these checks

1:03

make a system for it or smth

attempt shoreline failed

nick

if youa rei mplementing all these checks

ye

so it is all like good code

alr

1:04

LMFAOOOO

1:06

this good ye

Image attachment

1:06

not that im completely doing it wrong

no

1:07

do it like it will have

1:07

a super class

1:07

and override a check method

wut

a Check class

1:07

virtual void check();

1:07

override

1:07

for each check

each check as in for like Vm, Anti Debug, Checksum etc?

yeah

ahhh

so it ius all organized

yea i will

Prestige

this good ye

but this good

1:08

?

sure

kk

but

1:11

with the sdk tho

1:11

we should definetly include iot in the injectable

1:11

once it fully works

possibly

1:11

but not in the native

i might include it in the native

1:11

a small amount of it tho

1:11

just for simple util calls

yes but not fucking 3 gazillion classes

1:12

unused

yeah well unused no affect xd

wut

if its unused it doesnt it in any way

oh

1:13

not in dll?

shouldbt be

1:13

the compiler isnt that dumb

ohhh

u stupid lol

ur mum

but for the mod release

1:15

we transpile half of it

1:15

layer with this native that is beautiful

1:16

+ rizzfuscator & zkm & virt if it dopesnt nuke jar size

yesss

i need to make our obf way better

1:16

but i still habvent made the Override annotation stuff

1:16

or super classes

kk

1:18

ye make the obf ultra

1:18

atleast better than qprotect

i mean

1:23

if we can literally just hide constants

1:23

they cant do anything

1:23

thats y i have been focusing on getting a good way to hide them

alrrr

1:27

how does j2cc hide constants

1:27

like what does the java method look like

they just use const dynamic

1:28

to a native method

1:28

with an array of constants

1:28

and an offset

ooh so like

1:36

idk

1:37

int a = 1; int b = 6; String c = "opbhai on top"; will be like int a = native(0); int b = native(1); String c = native(2);

similar yeah

1:54

its size based indexing

huh

int a = native(0); int b = native(4);

1:54

since an int is 4 byters

ohh

1:55

okay

1:55

but thats just reversible with any vm?

if it is implem,ented correctly it can be a pain

ohhh

like if the index itself is obfed

1:55

alot

what was bad in j2cc then?

constant dynamic

wut

so all the args were constant, stored in the same instruction

1:56

so I just had to do dynamic.bsm.bsmArgs

1:56

to get the params

Ohhh

1:56

lmfao

1:56

how does this not nuke performance though?

1:57

or is it only done on specific methods?

cause constant dynamic

1:57

is like invokedynamic

1:57

wheres it is only executed once

Ohhhhhh

then it keeps that val

i see okay

1:57

will we have something similar

idk

1:57

i have to get good java obf first

1:57

then wec an worry about the native

kk

wtf

Image attachment

2:13

d1 opp

lol what

2:13

tomorrow we'll have a dump lol

2:14

wtf my beloved

Image attachment

lol

how do i do this one

Image attachment

2:17

i dont got ntdll::

that is why I gave you ntdll.h

2:17

and ntdll lib

i have both

just dont use ntdll:

2:17

like remove the prefix

gives this error

Image attachment

2:17

i would chatgpt this but now i need u

2:17

lol

remove the P at the front

2:18

and make it a ptr

2:18

DEBUG_BUFFER*

same red thingy wingy

look at the ret value

2:18

of createquerydebugbuffer

2:18

bright individual

ye but then this break

Image attachment

https://github.com/CheckPointSW/showstopper

GitHub - CheckPointSW/showstopper: ShowStopper is a tool for helpin...

ShowStopper is a tool for helping malware researchers explore and test anti-debug techniques or verify debugger plugins or other solutions that clash with standard anti-debug methods. - CheckPointS...

ty ig

2:22

this an opp

Image attachment

2:22

does the same shit >:(

bro

2:22

that is the source code oif it

2:22

of all their implementations

hackers

2:22

should i just download this and copy pasta

no

o

Image attachment

2:31

Xdddddd

2:31

there might still be a chance

lol should i try in dm?

yes

can u run it or should i not even try and wait for my friend tmrw

2:32

we can just use a vm and if they have anti vm well then we cant buy their beta

yeah

u can run it?

probablyt

alr

2:32

ill dm m

2:34

okay i dmed m

2:34

should these debug things be ran in thread loop?

2:34

or how

yes

alr

ntcreateremotethreadex

ye

2:39

what should i impl from here

2:39

https://anti-debug.checkpoint.com/techniques/debug-flags.html

Anti-Debug: Debug Flags

Anti-Debug Tricks

2:39

i have all till 1.6

2:39

so far

2:39

Image attachment

2:43

i pushed, could u check?

2:45

WE IN

Image attachment

2:45

2:46

@nick

Image attachment

@nick check all the stuff i added

Prestige

@nick check all the stuff i added

k

4:12

btw

4:12

to avoid suspicioun

4:12

after we test / dump what we need

4:12

we can just photoshop a screenshot of like 230$ or smth in paypal

4:12

and say youll have the money in a day

nick

k

is it good?

nick

we can just photoshop a screenshot of like 230$ or smth in paypal

lol ye

@The Faceless Lord want 2 drop the src of this guys client

Image attachment

21:28

he thinks they have good security

ye sure

Image attachment

21:33

xd

and for check I will reinstall my vm later and start really working on it

Image attachment

LOL

wanna get added to the gc or nah

sure

shoreline-loader.jar

55.79 KB

21:34

trash loader

21:34

trash native that im going to unpack in a bit

2112285200501659056.dll

2.16 MB

LMFAO

the obf they have is just non existent

just like reference obf

yeah and some werid exception crasher

ye

https://discord.gg/natwGSTq

xddd

21:45

packer = faster

Image attachment

21:53

yes java class file uses vtable

Who tf is in that gc btw

22:08

I dont know that ppl

idk

22:08

like 5 random ppl were added

i wonder when this guy will giv e an account

22:21

instead of asking 5000000 questions

nick

i wonder when this guy will giv e an account

never

22:21

because he knows he will be fucking cracked

22:25

how did you found the most autistic skidders in anarchy com?

idk

22:25

was trolling in their discord

I rarely see retarded skids like these

yeah

22:42

this is worse than trillium

fr

that bon guy

22:42

was their security dev guy

22:42

and he folded so easily

is really fucking autistic

nick

and he folded so easily

auto fold on epic task manager dump method

22:44

all of them are just nns

@The Faceless Lord can u cook up a reaalllyy good anti dump

22:44

thats like the most important thing rn

22:44

and anti hook

Prestige

@The Faceless Lord can u cook up a reaalllyy good anti dump

yea tomorrow I will setup a new vm and cook

cus i added anti vm and anti debug

okey

ye?

tomorrow atleast I will have time to do stuff

https://www.mediafire.com/download_status.php?quickkey=zge7jh3rguxgjwd&origin=download

23:08

shoreline dump

Download ready in 3 hours, 39 min, 26 sec

LMAO

23:09

10kB internet speed

bro

23:09

the time is increasing

23:09

Image attachment

hahaha

23:27

hoyl fucking sht

Image attachment

23:27

nigga

i told him to go to the nearest mcdonalds to upload

23:27

wtfff

23:28

faceless whats the best way we can prevent dumping\

23:28

and also prevent task manager dump

Prestige

and also prevent task manager dump

nuke classes

how

define(name, nullptr, nullptr)

23:32

it will break the class loader though

oh

23:32

but then the cheat wont work?

yeah so it cant be dumped

nick

it will break the class loader though

we can modify the classloader to make it work

nick

yeah so it cant be dumped

but then the cheat dont work?

yeah if it doesant work it cant be dumped

23:33

xd

yeah no shit

23:33

but then the cheat is unusable

also undetectable

23:33

prestige innovations

so useful

23:33

but nah actually

23:33

how can we prevent it

mnagic number

23:36

all classes

23:36

0xcafebabe

23:36

removed = no scannign

probably what Mio does

Prestige

faceless whats the best way we can prevent dumping\

I will figure out smth

its technically impossible to dump if we memory mapped it

manual map u mean?

you can map classes into memory

23:39

and methods

23:39

and fields

23:39

but it has to be done like perfectly

23:39

and with alot of effort

do u have some example?

wdym

23:40

claqssloaderdatagraph

23:40

holds all teh Klass*

like just a github example or sm

so you can add onto

Prestige

like just a github example or sm

nope

23:40

nobody has ever made one before

23:40

its tough

23:40

but possible

23:41

it would allow us to do some very cool things however

23:41

+ we wouldnt have to worry about verifier at all

23:41

or anything else

we don't need to make any crazy shit just something which enough against ws and other skids

The Faceless Lord

we don't need to make any crazy shit just something which enough against ws and other skids

yeah but if its crazy it will just permanently stop them

they have 0 c++ knowledge

true

23:42

so all we really need is an anti dump

on it

ait

23:43

so youll work on it tmrw?

i will look into class memory mapping tho

23:43

if i can actually do it then it would be pretty good

okay

23:44

is that compatible with themida and stuff

23:44

ye

23:44

or wait im dumb

23:44

nvm

Prestige

so youll work on it tmrw?

ye

kk

23:45

what should i make today

23:45

just client features

23:45

do you have anything we could like make the client dependent on. Like right now i have cloud configs and we load module names/desc/category from the server

Mixin

23:45

were native so we can do some crazy mixin stuff

wdym?

no way this kid is real

Image attachment

0:20

hes in the gui

0:20

trying to click on the player

0:20

oooo shit

Image attachment

new windows vm

0:49

(I already killed defender in it)

Image attachment

ez

easy debloat in 1 hour

1:01

Image attachment

ez

defender doesn't feel good

Image attachment

1:04

completely dead

lol

1:10

it doesnt say how long the download is anymore

mediafire is giving up

Image attachment

fr

time left went out of the 32 bit limit

3:00

gg

when shoreline releases were dropping the src

3:00

since 250$ is liek the biggest scam ever

lol

nick

when shoreline releases were dropping the src

it is release wa

Prestige

it is release wa

like when it becomes 20$

3:26

btw

3:26

im got a genius idea with the sdk

3:26

i could technically make it work with minecraft mappings

3:26

but keep the unmapped names

wut

like the sdk

3:34

would have the classes mapped inlined

3:34

so no mapper would be neded

ohh

3:36

but then u need 10 sdks in ur project

no ?

how would it work

idk

3:36

it would just use different method ids

bruh

instead of unampped ones

3:37

and it is easy to update

3:37

n use

what

3:52

u mean u just straight up use class_321 or sm in the method

yeah

3:53

but it would have the yarn names

but then nothing would work if a class changed

wdym

for every update u would have to change the class_321 or method_441

3:53

or whatever

yeah simple fix

3:54

#ifdef 1_20_1 ... #endif

bro

3:54

then u would get

3:56

#ifdef_fabric_1_20
#endif
#ifdef_lunar_1_20
#endif
#ifdef_fabric_1_20_1
#endif
#ifdef_lunar_1_20_1
#endif
#ifdef_fabric_1_20_2
#endif
#ifdef_lunar_1_20_2
#endif
#ifdef_fabric_1_20_3
#endif
#ifdef_lunar_1_20_3
#endif
#ifdef_fabric_1_20_4
#endif
#ifdef_lunar_1_20_4
#endif
#ifdef_fabric_1_20_5
#endif
#ifdef_lunar_1_20_5
#endif
#ifdef_fabric_1_20_6
#endif
#ifdef_lunar_1_20_6
#endif
#ifdef_fabric_1_21
#endif
#ifdef_lunar_1_21
#endif
#ifdef_fabric_1_21.1
#endif
#ifdef_lunar_1_21.1
#endif
#ifdef_fabric_1_21.2
#endif
#ifdef_lunar_1_21.2
#endif
etc..

instead of Mappings::get("net/minecraft/class_310")

nah

?

prefixes

3:56

like how jvm does it

3:56

like yk how jvm supports different cpus

3:57

the do something like

3:57

#include CPU_HEADER("frame.hpp")

3:57

so x86 would be

3:57

#include x86/frame.hpp

3:57

we could do basically the same thing except with versions

what

3:57

whats bad about mappings

3:58

mappings is also good because it makes the client dependent on the server

yes

Image attachment

nice

it doesnt work sadly

4:49

so that is a work in progress

ohh

but the concept good

4:52

procyon had a bad day

Image attachment

partially works which is weird

Image attachment

nice

Image attachment

?

new check

Boolean check

I can split it to 100 small check for u

Boolean auth

its a fucking jvmti hook check nigga

17:48

what do u expect

xddd

Thnks_CJ

xddd

but if you want I can bsod anyone who fails shit

cj do you have any good ideas for anti cracking stuff

The Faceless Lord

but if you want I can bsod anyone who fails shit

bsod?

Prestige

cj do you have any good ideas for anti cracking stuff

memory checks I guess

if anyone triggers like some extremely obvious check like which 10000% means they are cracking it we delete their acc

check if someone is reading process memory

how u do that

Prestige

bsod?

blue screen of death

Thnks_CJ

check if someone is reading process memory

I have that check too

The Faceless Lord

blue screen of death

Ohhh

17:56

nah we shouldnt do any crash or bluescreen or whtv

17:56

we should silent flag

17:56

not make the client work

17:56

so they cant figure out what triggered it

17:56

and as at last if were fully 1000% sure we can terminate the account

okay

Prestige

Ohhh

btw add me as friend

sure

@nick @Thnks_CJ @Qreaj are these checks good

18:27

made by deadlord

18:27

uintptr_t followJmp(uintptr_t address) {
    if (*(unsigned char*)address != 0xE9 && !(*(unsigned char*)address != 0xFF && *(unsigned char*)(address + 1) != 0x25)) {
        return address;
    }

    while (true) {
        const auto byte = *(unsigned char*)address;
        if (byte == 0xE9) {
            int disp = *(int*)(address + 1);
            address = (uintptr_t)(address + disp + 5);
        } else if (byte == 0xFF && *(unsigned char*)(address + 1) == 0x25) {
            address = *(uintptr_t*)(address + 6);
        } else {
            break;
        }
    }

    return address;
}

bool hooked(jvmtiEnv* jvmti) {
    int functioncount = sizeof(jvmtiInterface_1_) / sizeof(uintptr_t);
    for (int i = 0; i < functioncount; i++) {
        uintptr_t function = (uintptr_t)(((uintptr_t*)jvmti->functions)[i]);
        if (function && followJmp(function) != function) {
            return true;
        }
    }
    return false;
}

18:27

bool IsMemoryTraversed() {
    auto m = VirtualAlloc(NULL, 4096, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
    PSAPI_WORKING_SET_EX_INFORMATION _set;
    _set.VirtualAddress = m;
    while (true) {
        if (QueryWorkingSetEx(GetCurrentProcess(), &_set, sizeof(_set)) && (_set.VirtualAttributes.Valid & 0x1)) {
            printf("[check] stop fucking in the memory\n");
            FatalExit(-28347918);
        }
    }
}

Prestige

uintptr_t followJmp(uintptr_t address) {
    if (*(unsigned char*)address != 0xE9 && !(*(unsigned char*)address != 0xFF && *(unsigned char*)(address + 1) != 0x25)) {
        return address;
    }

    while (true) {
        const auto byte = *(unsigned char*)address;
        if (byte == 0xE9) {
            int disp = *(int*)(address + 1);
            address = (uintptr_t)(address + disp + 5);
        } else if (byte == 0xFF && *(unsigned char*)(address + 1) == 0x25) {
            address = *(uintptr_t*)(address + 6);
        } else {
            break;
        }
    }

    return address;
}

bool hooked(jvmtiEnv* jvmti) {
    int functioncount = sizeof(jvmtiInterface_1_) / sizeof(uintptr_t);
    for (int i = 0; i < functioncount; i++) {
        uintptr_t function = (uintptr_t)(((uintptr_t*)jvmti->functions)[i]);
        if (function && followJmp(function) != function) {
            return true;
        }
    }
    return false;
}

jvmti hook check

Prestige

bool IsMemoryTraversed() {
    auto m = VirtualAlloc(NULL, 4096, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
    PSAPI_WORKING_SET_EX_INFORMATION _set;
    _set.VirtualAddress = m;
    while (true) {
        if (QueryWorkingSetEx(GetCurrentProcess(), &_set, sizeof(_set)) && (_set.VirtualAttributes.Valid & 0x1)) {
            printf("[check] stop fucking in the memory\n");
            FatalExit(-28347918);
        }
    }
}

basic memory read check

just like a titanhide and scallerhide checker and yeah

Thnks_CJ

just like a titanhide and scallerhide checker and yeah

is it good ?

yeah they good

alright nice

now I go a bit

ait no worries

Prestige

uintptr_t followJmp(uintptr_t address) {
    if (*(unsigned char*)address != 0xE9 && !(*(unsigned char*)address != 0xFF && *(unsigned char*)(address + 1) != 0x25)) {
        return address;
    }

    while (true) {
        const auto byte = *(unsigned char*)address;
        if (byte == 0xE9) {
            int disp = *(int*)(address + 1);
            address = (uintptr_t)(address + disp + 5);
        } else if (byte == 0xFF && *(unsigned char*)(address + 1) == 0x25) {
            address = *(uintptr_t*)(address + 6);
        } else {
            break;
        }
    }

    return address;
}

bool hooked(jvmtiEnv* jvmti) {
    int functioncount = sizeof(jvmtiInterface_1_) / sizeof(uintptr_t);
    for (int i = 0; i < functioncount; i++) {
        uintptr_t function = (uintptr_t)(((uintptr_t*)jvmti->functions)[i]);
        if (function && followJmp(function) != function) {
            return true;
        }
    }
    return false;
}

if they work yes

alr

20:45

can u test mayb?

idk

20:45

im tryna fix jvm sided hooking

alrighty cool

lol

Image attachment

20:50

this hash that doesnt change the state of anything is breaking the transformer

lol wtf

boom

Image attachment

peak

Image attachment

peak

nick

peak

getnext getnext getnext

13:06

@nick make some instruction matcher in ir

there already is no?

13:07

literally the patterns (edited)

Thnks_CJ

there already is no?

there is?

13:07

i didnt notice it (edited)

wells it's in jadyen

13:07

so I would guess it's in the obf

Qreaj

@nick make some instruction matcher in ir

we have

16:54

that was just some random bad code i was looking at

Kk

@The Faceless Lord do yk if the jvm requires vm structs

17:50

or if they can just be nuked

depends what you mean by nuked

Thnks_CJ

depends what you mean by nuked

just delete them all

18:13

so stuff such as toolbox cannot use them to dump

nick

@The Faceless Lord do yk if the jvm requires vm structs

probably can be nuked

im making smth that just deep copioes them all

Image attachment

18:17

and then just destroys them all

Why delete sturcts

toolbox

Rewrite with random shit

dumps using structs

Qreaj

Rewrite with random shit

More effective way

Qreaj

Rewrite with random shit

accomplishes the same purpose

So they wont notice

@Qreaj is this the correct way to access offsets

Image attachment

0:39

because for some reason it is giving a nullptr everytime

nvm fixed it

Image attachment

yall pushed everything to native?

“Yooo sounds pretty cool This Friday is going to be another vid on trouser streak then the Mio client the week after But I could maybe take a look it at after that :o”

11:47

kilab

11:47

yall should deobf or crack mio and release on the video

LOL

Prestige

“Yooo sounds pretty cool This Friday is going to be another vid on trouser streak then the Mio client the week after But I could maybe take a look it at after that :o”

Embedded image

21:17

(he is talking about me)

xd

21:18

is that what happened after you deobfed his obfuscator

not deobfed it just cracked

21:19

because he can't trust in his own shit

21:20

so he added radionigger on his entire obfuscator

smart

21:20

yk any way to intercept a class being initialized ?

hooking parse_stream

21:21

(if you want to like have the class itself)

nah i just want to know like

21:21

when the class itself is initialized in the jvm

21:21

like the <clinit>, etc, gets called

nick

is that what happened after you deobfed his obfuscator

Embedded image

nick

like the <clinit>, etc, gets called

ahhh ye sadly idk

ive got a crazy transformer that thjey wont be able to get close to deobfing

21:22

if i can just detect when its intiialized

hmmm

nick

smart

you can't even imagine how slow it is

im making a transpiler that is faster than the java interpreter soon

21:25

i can already access klass, method, symbol, class loaders, fields, arrays, etc

21:25

without the usage of jni or java code

sounds good

yes the transformer is also funny

21:34

even if you dump it using jvmti or any methods

21:34

the class just wont work at all

lol show

ill shoiw u once its impl

$$$

technically i could also dynamically generate my own resolved invokedynamics

21:36

lol

string

Image attachment

string

detour

Image attachment

lol

yes very powerful detour

23:08

only like 1 thing would make it crash the jvm but the odds of it happening are near impossible

future client updated

14:11

Image attachment

detour

Image attachment

Pull

23:27

Virt update

23:30

Image attachment

LMAO

nick

detour

oh nah

3000iqplay moment

Image attachment

@The Faceless Lord do you have any eskid transformers

no

what happened to Mio ones

those ones dont work i think

also eskid transformers are "public"

The Faceless Lord

no

rate the jnic

Image attachment

18:09

(achilles renamed radioegor into jnic)

looks like it

meta

Image attachment

nick

rate the jnic

jnic/10

we r tryna crack it but they used vm protect on the natives

hmmmm

they are really stupid

18:13

they obfed the libs

18:13

including imgui

yea lol

18:13

like why

they recently upgrade their marketing

18:14

just a bit similar

Image attachment

Image attachment

18:16

heres jar incase you wanna look at it: https://www.mediafire.com/file/xih9w5u8sw93iyk/1.21.1.jar/file

I don't think I can help in this one

18:20

I work on mod injector for Prestige

lol

18:21

jni injection ?

18:22

i think you just have to delegate the knot loadfer and add the custom url stream to the path

nick

jni injection ?

yea

nick

i think you just have to delegate the knot loadfer and add the custom url stream to the path

yea that would be nice and everything if its just that

whats the main issue with it

well if you inject mod runtime then you get into jvm limitations

18:26

and mixin problems

you can reset mixins

18:26

Image attachment

as you can't redefine class runtime if you: add/remove method/field change flags of fields/methods

nick

Click to see attachment 🖼️

this only works if you don't inject it after shit is running

The Faceless Lord

as you can't redefine class runtime if you: add/remove method/field change flags of fields/methods

jvmti ?

yea

which part are u currrently stuckl on trying to impl

18:29

mixins ?

nick

mixins ?

yea

18:31

as accessor and other similar shit won't work

just stuff with access flags

18:32

or evedrything like @Overrwite, @inject, etc

@inject is working

18:32

I made it work already

you can change the access flags of methods

18:33

with vm structs

what

same with fields i believe

The Faceless Lord

what

you could just make everything accessible

how

18:34

without like

with jvmti you can get every classd, filter by name, get every method of that class

18:34

then with the jmethodID you can get the Method*

18:34

and offset to the access flags

18:34

and modify the access

lol

Image attachment

18:36

Image attachment

hmmm

Method* m = *(Method**)jmethodid

and this makes shit accessible globally

idk

18:37

this seems like a reasonable solution

this may work

18:38

I kinda forget I could maybe reach in the jvm and change shit this way

yeah its easy to do

18:38

heres structs

6.21 KB

18:38

method stuff

Image attachment

ty

this to initialize

Image attachment

18:39

(if you set the param to true and you reinject the structs would be cleared)

nick

heres structs

I guess this is what yall use for c++ version

nope

18:40

this is all stuff i made in past few days for detour obf

18:40

Image attachment

ye then for obf

18:40

hmm

i plan to use it in the future for a fast transpiler

18:41

since i found a big performance flaw in jni

what you found

basically everytime you call a method in jni (nonstatic methods) it has to do a lookup through the entire class and its superclass / transitive interface hierarchy to resolve the method

18:42

whereas the jvm just caches that with a vtable index

18:42

so if we just resolved the vtable index statically on the first invoke we wouldnt have to reoslve it everytime (Which is really slow when done millions of times)

hmmm

method hook pretty fire

Image attachment

18:52

we have a good interface and stuff to hook methods

Image attachment

18:52

except for hooking JVM intrinsic methods

trillium is onto something

Image attachment

threadtear's code makes me want to die its actually unreadable at least the VM stuff

its perfect code

4:20

rivaled only by mapleir

mapleir?

https://github.com/LLVM-but-worse/maple-ir

GitHub - LLVM-but-worse/maple-ir: Industrial IR-based static analys...

Industrial IR-based static analysis framework for Java bytecode - LLVM-but-worse/maple-ir

code style is... really interesting....

4:22

what the fuck

Image attachment

dude that is meta

4:23

they something we dont

4:23

his name is a cpu register so he must be really smart..

Image attachment

4:26

this is beautiful

Image attachment

@The Faceless Lord do u know if zkm has something that prevents additional obfuscation layered onto it

5:23

my hash transformer (which only affects constants) is making the ZKM invokedynamic initializer get called millions of times (when its only called once in a <clinit> and there is no loops)

nick

@The Faceless Lord do u know if zkm has something that prevents additional obfuscation layered onto it

no

5:29

it shouldn't have that

5:29

however its still doesn't really like other obfuscators

5:29

So its not really designed that way to really work with other shit (edited)

yeah it has the <clinit> of this mixin here:

Image attachment

5:30

(i debugged all values n stuff are always correct)

5:30

you can see that it calls aq.a()

ye

this initializes the invokedynamics

Image attachment

5:30

no loops, recursion or anything

ye

only reference is that clinit

Image attachment

5:30

but

5:30

Image attachment

5:31

it infinitely calls itself

LOL

5:31

weird

im thinking it could be a jvm error

5:31

but that is incredibly unlikely

you can't uhhh... add your hash transformer before zkm?

well i can but the main purpose of it is to obscure all the ZKM keys and constants

5:32

it makes stuff more "friendly"

Image attachment

Yea uhhhh... Good luck

cant wait to see trillium crack this

Image attachment

5:33

since now etho is gone completely (apparently 3000iq blocked him and everythinbg)

he is figuring out the java

Image attachment

lmao

nick

he is figuring out the java

what

12:18

he thinks

12:19

that msys2 is vm?

12:19

XD

btw on what discord server he sent that? (edited)

achilles

nick can u try fix ur obf or something

18:06

virt is working now

18:06

just performance stuff

how did fix virt

added libs xd

probably same thing with obf

nah i added libs to obf

18:07

just all dont work

well it porbably printed a error in console

virt is fully working without much performance loss

19:04

so thats really good

virt?

java virtualizer

i love jnic

22:33

found some guy with the 3.7 jar

22:33

but its a minecraft ratter

lol

22:34

i made my little brother run prestige with zkm and virt

22:34

to test performance

22:34

cus he has a worse pc than me

22:34

and its pretty alright

no noitceable lag ?

yeah there is quite noticable lag but thats cus zkm first time running yk then the gui lags

wtf

Image attachment

22:37

masm dosent like me

only the gui is slightly impacted

22:37

but the rest not

Qreaj

wtf

.CODE

22:37

.CODE

myFunction PROC

ENDP

END

yeah

Image attachment

22:37

i do it

22:37

oh nvm

22:37

i did

22:38

end code

22:38

instead of end start

why r u using some horrible editor

22:38

you can use masm in visual studio

@nick btw what would you recommend me to do to learn assembly

if u wanna understand it just reverse random themida executables or like jnic

22:39

if u wanna learn to write it then try making string functions

22:39

like a fast string compare or strlen

idk why but in visual studio it just dosent assemble

Image attachment

Qreaj

idk why but in visual studio it just dosent assemble

send code

include \masm32\include\masm32rt.inc

.data
   some_string db "some shit",0
   
.code
start:
   push offset some_string
   call StdOut

   push 0
   call ExitProcess
   
end start

22:40

yeah ik that i could use invoke istead of call

.inc is for noobs

22:40

andd

22:40

dont do

22:40

push 0

what

i think that is the error

22:41

mov register, 0 push register

22:41

should remove one of the errors

22:41

and the other is probably in the .data section

didnt help

you should be able to do also

22:42

invoke ExitProcess, 0

Qreaj

yeah ik that i could use invoke istead of call

.

invoke StdOut, addr some_string

Qreaj

didnt help

idk then

22:42

i dont use any of the actual masm stuff

ill just use that masm32 editor

i just use pure assembly

in what i can do pure assembly?

.data
    ALIGN 16
    null_mask byte 16 dup (0)

    ALIGN 16
    vnull_mask byte 32 dup (0)

.code

ALIGN 16
__strlen PROC
    mov al, byte ptr [rcx]
    test al, al
    jz short _error

    test rcx, 0Fh
    jnz short _error

    mov rax, rcx

    _loop:
        movdqa xmm0, xmmword ptr [rax]
        pcmpeqb xmm0, null_mask
        pmovmskb edx, xmm0
        test edx, edx
        jnz short _end

        add rax, 16
        jmp short _loop

    _error:
        xor rax, rax
        ret

    _end:
        bsf edx, edx
        lea rax, [rax + rdx]
        sub rax, rcx
        ret
__strlen ENDP

ALIGN 16
__wstrlen PROC
    mov ax, word ptr [rcx]
    test ax, ax
    jz short _error

    test rcx, 0Fh
    jnz short _error

    mov rax, rcx

    movdqa xmm0, xmmword ptr [rax]
    pcmpeqw xmm0, xmmword ptr [null_mask]
    pmovmskb edx, xmm0
    test edx, edx
    jnz short _end
    add rax, 16

    _loop:
        vmovdqa ymm0, ymmword ptr [rax]
        vpcmpeqw ymm0, ymm0, ymmword ptr [vnull_mask]
        vpmovmskb rdx, ymm0
        test rdx, rdx
        jnz short _end

        add rax, 32
        jmp short _loop

    _error:
        xor rax, rax
        ret

    _end:
        bsf rdx, rdx
        lea rax, [rax + rdx]
        sub rax, rcx
        shr rax, 1
        ret
__wstrlen ENDP

ALIGN 16
__strcmp PROC
    mov al, byte ptr [rcx]
    test al, al
    jz short _error
    
    test rcx, 0Fh
    jnz short _error
    
    _error:
        xor rax, rax
        ret
__strcmp ENDP

ALIGN 16
__wstrcmp PROC
    mov ax, word ptr [rcx]
    test ax, ax
    jz short _error

    test rcx, 0Fh
    jnz short _error

    _error:
        xor rax, rax
        ret
__wstrcmp ENDP

END

wow

Image attachment

hes asking trillium to crack his client

i love it when a rat uses more than 5 different urls

Image attachment

LMFAO

im gonna nuke the new rat thing

21:09

like evac or smth

21:10

they do a bad job of hiding the webhooks

Image attachment

21:10

Image attachment

21:10

its just a map from char to char

21:10

u -> h k -> t g -> p

21:12

im just going to exploit their system instead of reversing the bytecode

which shit is this?

Image attachment

nigga

21:26

I already smoked that

21:26

lol

ok

21:26

im almost done making my decrypter

Furware-out.jar

309.88 KB

21:26

here

you dont need a deobf to reverse it lol

ye I know

lol

Image attachment

21:35

2.08 KB

21:35

pretty simple

perfect zkm config

Image attachment

nick

perfect zkm config

oh no

@The Faceless Lord can u try running the zkm transformers u have on this

6f19507b-d129-4fc5-8a0b-0ee97a1a27d3.jar

56.98 KB

18:03

theres no long enc

yea later

k

19:42

boze has a double loader so thats what i dumped since im trying to recover the full jar

educational purposes

19:45

monster coder

Image attachment

this is a genius system

Image attachment

yeah

19:37

you can pay them to have your server promoted

19:38

it just always puts whatever server at the top of the server list

xd

Image attachment

19:38

they force u to use certain jvm args

Image attachment

19:40

this entire loader is just a bunch of other auths or generic checks pasted together

yeah ik

Lmfaooo

19:41

nahh

19:42

cj u home?

yeah

u wanna vc after i done eat

suree

aittt

19:42

i need to make native settings

19:42

so im going to need moral support

decent deobf

Image attachment

19:52

53.5 KB

19:53

all invokedynamics (except for ones that call to libs or fabric since not in my class path) and majority of strings deobfed

19:53

im to poor to afford a zkm flow transformer

lol

ok flow removed

53.24 KB

lol

19:58

if they use the same obf

19:58

in the client

19:58

would be ez

its a bit different

19:59

they use different string obf and long enc

19:59

but thats not a crazy difference

19:59

i used zkm transformers from a while ago

ye

zkm flow destroyer

Image attachment

20:00

in 5 lines

lol

20 minute for basically a full deobf

20:00

pretty good ig

lol

20:01

fr

theres no way

20:12

this auth is amazing

lol

Image attachment

LMFAO

old prestige auth might have competition

fr

Image attachment

17:53

what the fuck is this

send link

Thnks_CJ

send link

https://exile.club/product/jnt?store=exile&quantity=1

JNT is a powerful piece of software that trans-piles JVM bytecode to C using the Java Native Interface, it is your solution to modern software protection.

worse version of jnic im guessing

17:54

it is priced decently atleast

it will probably just be j2cc rewritten

nick

worse version of jnic im guessing

ye probably

17:54

lamo

what server was that announced in

17:55

cause that exile.club also has clients like achilles and wax

"Fled."

nick

cause that exile.club also has clients like achilles and wax

achilles lol

17:56

wax... I never seen that shit normally that client even exist?

i dont think wax has gotten more than 10 sales

the most nn client I seen yet

nick

i dont think wax has gotten more than 10 sales

10? I would be surprised if this would hit 5 sale

giving away half their sales

Image attachment

18:01

5 winner

18:01

32 participants

18:02

peak client

Image attachment

The Faceless Lord

5 winner

hahahhaha

nick

peak client

what sthat

boze dump

bozo client

oh fr

boze has the worst zkm config

no way

Image attachment

18:05

this is the entire obf

hahaha

ermmm

18:05

what the sigma

just long encryption, exceptions, flow, and strings

18:05

no params

my deobfuscator eats shit like this for breakfast (edited)

wanna test it

lmfao

4.99 MB

18:05

thats beta verfsion from a week ago

ye sure problem its a bit broken rn

how do u break a deobfuscator

vm moment

18:06

(and I don't use ssvm)

ssvm is trash

ye

Image attachment

naaaaaah

its like zkm just decided to not use reference obf on most of this

18:08

you already cracked this shit?

nope

why

to much effort

???

its easier to deobf and remap than to crack this thing to

18:09

since they use http for everything (which is easy to spoof its just excessive)

if this doesn't have natived shit

18:10

I can just

18:10

remove the entire thing (edited)

18:10

lmfao

full java from what ive seen

"to much effort"

18:10

yes

18:10

spoofing http is boring

18:10

https://maven.boze.dev/#/releases/dev/boze/boze-loader-beta heres loader btw

Boze Maven Repository

Public Boze Maven Repository

18:10

(they dont know how to make a actual loader)

the fuck

dumper

ExampleModClient.java

2.51 KB

breeze lore

breeze lore?

I dumped that in similar way

just in another mod

this obfuscation is juist magical

Image attachment

18:31

no matter what my transformer does it just wont go away

method.instructions.clear()

lol

Image attachment

18:48

3000iqplay and etho are now friends after the 5th breakup

there is now jnt2 and jnt3

wdym

lool on the site xd

18:53

there is one for 40$ and one for 70$

im gonna buy jnt3 and be so coool with my uncrackable client

LMFAO

his transpiler probably doesnt even have virtual optimizations

as I said it's most likely j2cc rewritten

i dont think 0x150 would give him j2cc

I recon he would

19:02

0x150 tried to sell j2cc for like 200 per licence

19:02

so they rewrite it and rebrand sell for less

19:02

it would make sense

19:03

cuz nobody cares about any other transpiler other than jnic

they dont know eachother outside of argon client im pretty sure

jnic still is the best one even though it'd shit

nick

they dont know eachother outside of argon client im pretty sure

there friends no?

19:03

he was apart of Walmart solutions I think

0x150 never was

19:04

hes just in trillium discord and was payed to do security for argon

19:04

but i think his transpiler is from scratch since he talked about it alot for months

40$ will be a fun spend

19:11

then chargeback

u are buying it ?

I can do

what if it doesnt let you charge back

it will

Ye lets just grab that shit and crack it $$$ (edited)

Boolean Auth my beloved

19:16

hopefully it is unless it's like j2cc Auth which was gay

hwhat was j2cc auth

what j2cc auth was?

custom license file

19:16

and the license file had the expire date in it

19:17

but it was native and just retarded to reverse

19:17

even though the obf wasn't bad I just couldn't be fucked

u got jar ?

19:33

of jnt

who?

https://discord.com/channels/@me/1311789016986947655/1335311620313972828

ye

future client does all this for 1 encryption key lol

202.64 KB

lmao

i have everything spoofed except for 1 byte array by just modfifying the bytecode

19:41

Image attachment

soo apparently they put it on the website when its not even done

Image attachment

a real thinker

Image attachment

️

what server is this

achilles

lol

https://discord.gg/zhuNvQRK

loll

Image attachment

21:19

completely missed the point

21:19

xdddd

I still dont get it

21:28

How tf they are beliving

21:28

That aroma shield was actually

21:28

Base64 packer

lwes doesnt know anything

no idea

Like wtf

he just repeats what others say

Fucking rise patcher

21:28

Used

21:28

Base64

21:28

For resources

21:29

To not make ppl

21:29

Fuck with them

xd

Image attachment

Xdddd

LMFAO

nigga thinks that its uint

ushort

21:30

uint is 32

But like wait no

21:30

You have like

u1 = unsigned char / byte u2 = unsigned short u4 = unsigned int u8 = unsigned long

stdint.h

21:30

yk

nick

xd

insta fold

what im talking about

21:31

uintXX_t

uint16_t = u2 = unsigned short

he makes transplier

22:21

and dosent uses

22:21

callstaticvoidmethod

22:21

fr fr

22:21

XD

22:21

offsets too hard for him

ain't gonna insta fold to my native call logger

they are gonna dealloc your console what are we gonna do now!!!?!?!

22:22

XD

NOOOO NOT MY CONSOLE

(edited)

omg he won the giveaway

Image attachment

0:35

owner luck!

LMFAO

0:36

not rigged

0:36

100%

half the ppl who won

0:37

already owned

0:37

Image attachment

0:37

but we up

ezzzzzzzzzzz

Image attachment

ahh its you lmao how many alt do u have lmao

like 3

0:47

theres bhaigaming329_yt and opbhaigaming and the other one i never chat with

lol

i love this website exile.club

Image attachment

LMAO

welcome to my ticket

Image attachment

LMFAO

and they all fell for the bait

Image attachment

bro is trolling them hard

0:56

i might be d1 indian

1:03

wtf they muted me for no reason

lol

tghey banned my other account

1:09

Image attachment

LMAO

indianking37op

1:10

is a fire new accouint name ngl

$$$

1:10

fr fire

lol

Image attachment

1:11

literally everyone bullying jnt3

lmao

might have to complete my transpiler and make it better

1:12

just to say that i have a bet ter one lol

lol

these guys are braindead, more commits on the bot than in the client

Image attachment

LMFAO

"our discrd bot is the #1 priority here at wax.rest!"

frfr

https://critical.wtf/fn-private

CriticalCheats: Private Fortnite External

16:08

actually crazy these still exist

crazy work

Image attachment

etho moment

Image attachment

LMFAO

17:11

cold

Image attachment

flex product -> lose argument -> fail to bait for 2 hours -> ban -> say ez win

$$$

The Faceless Lord

$$$

thjis is u right

Image attachment

????

sm1 said that u were the achilles dev person

LMFAO

20:09

who

they said not to leak

False info

20:10

lmao

20:10

why would I work for achilles

idk it seems pretty reasonable

20:10

since u obfed the most recent update

20:10

then that person appears

nick

since u obfed the most recent update

I don't have shit to obf it idk what are you talking about

20:12

Its aubrey's random friend

20:13

I have nothing to do with achilles

(edited)

xd

20:14

i remember seeing somewhere aubrey said something about they werent going to obf it originally and that u added obf

Ye some random kike

20:14

not me

20:14

Who the fuck lies about me?!

they probably just fans

Why u don't tell me who was that?

nick

they said not to leak

.

That's kinda weird that you keeping it from me...

20:21

What are u hiding?

?

We are one team why u can't just tell me?

Image attachment

I don't tolerate any random mf lie about me

ok if i tell u

20:23

dont leak

20:24

k

20:24

Image attachment

I won't

have u seen the new crack team

20:27

https://github.com/JohnXina-spec

JohnXina-spec - Overview

JohnXina-spec has one repository available. Follow their code on GitHub.

ye

20:27

they have their own dc server

do yk who it is

20:28

cause the guy who owns it looks like alt

sadly no idea

3000iqplay said they are struggling to crack augustus

the other members are extremely retarded random

20:30

about the owner... No idea

they are very desperate to crack augustus that they were asking 3000iq for help to deobf it

20:30

and that was like a month ago to xd

nick

they are very desperate to crack augustus that they were asking 3000iq for help to deobf it

nick

Click to see attachment 🖼️

but ye he is wrong

20:32

any random can crack rise level shit

20:32

nick

they are very desperate to crack augustus that they were asking 3000iq for help to deobf it

augustus deobfuscatoire

The Faceless Lord

any random can crack rise level shit

true

20:32

we should crack moon when it releases

moon?

20:32

Its still a thing?

20:33

or its a different moon

20:33

not the 1.8 shit

Image attachment

20:33

Image attachment

lennox's shit?

20:34

then I gonna fuck it myself

they are rewriting fully to 1.21

20:34

that guy was flexing alot about the prot

I'm sure this won't have ultra good prot

did 4.0 have good prot

20:34

from what i saw it was just spammed packed natives

I had that problem with moon that I had no idea how that shit connect to the server

with a really badly made jdk

The Faceless Lord

I had that problem with moon that I had no idea how that shit connect to the server

It has some weird modified jdk

yeah

20:35

i figured out how the jdk worked a bit

and use 2 external dll

20:35

same except connection

20:35

I was able to decrypt shit

20:35

but not solve native obf autism

the jdk was just making calls and loading "MoonProtect.dll" in the class loading part

Yea

20:35

And in some part in jdk handles connection and the client somehow gets that in jdk

20:35

idk its really weird

the jdk only did class loading right ?

Doing this on windows vm is extremely painful...

nick

the jdk only did class loading right ?

nah

20:36

Had dll references to other different shit which is not in any jvm

20:37

I kinda forget how that exactly looked like this was 1y ago

20:37

Basically jvm called a dll and did some weird shit

20:37

Which was probably connection related shit

if they didnt transpile like everything it would be super easy to get past the jdk

So I'm sure they did something else with jvm than just class loading

nick

if they didnt transpile like everything it would be super easy to get past the jdk

Big chunk of code is transpiled

150mb dll of transpiled stuff

like the entire main/login menu and auth code

20:38

+client init stuff

i think its a custom transpiler

20:38

didnt look like radioegor or jnic

nick

150mb dll of transpiled stuff

ye but count that in that lennox used

20:38

3 different packer on it

20:39

vmp, themida and some other shit

so basically their entire security is dependent on layering every obf they have

ye

20:40

And I think he even virtualize shit not just run it through vmp as has interface for that in their obfuscator (edited)

lol

20:41

auth must suck if they need that much

probably

20:42

I didn't check auth that much

20:43

but I think the 2 dll is not really packed

on the one i have they were all packed

20:43

i never unpacked or analyzed further

hmmm

20:44

this reminds me to fucking ClientLauncher

20:44

which has EVERY SINGLE FUCKING CLASS ENCRYPTED

20:44

EVERY SINGLE

20:44

even jvm shit

xd

and the client classes

class encryption is useless now

have a second encryption

toolbox bypasses all forms of encryption

toolbox?

https://github.com/JVMInspect/toolbox

GitHub - JVMInspect/toolbox

Contribute to JVMInspect/toolbox development by creating an account on GitHub.

20:45

dump classes externally via memory using vm structs

hmmmm

(the vm structs do vary per jvm version)

sounds interesting

20:45

but I think to make this work fully you have to force load every class

yeah

20:46

i have my own vm structs stuff in c++ just with alot less features

ye this is a better class dumper

apparently the guy who made it (jumanji) is helping the future people with loader security

the way how ClientLauncher load shit

20:48

is the client classloader ask for ONE class through socket and the launcher itself stores the entire shit decrypted and when a class need to be sent then decrypts just that one class and send it

20:48

and when that class need a parent class then the whole process repeats

efficient performance

fr

20:49

if you deobf branclock then you can see the entire decryption shit

20:49

and top on that has its own native auth autism (edited)

branchlock is so ez to deobf lol

lol

theres this skyblock mod called like tauhani or something

Has somone even cracked clients on clientlauncher? I wanted to crack everything on it but i just forgot that it exists xD

and the dev of it says "we dont use zkm because its so popular everyone has deobfuscators for it" "branchlock is way more secure"

Qreaj

Has somone even cracked clients on clientlauncher? I wanted to crack everything on it but i just forgot that it exists xD

no

20:51

as far as I know not really

nick

and the dev of it says "we dont use zkm because its so popular everyone has deobfuscators for it" "branchlock is way more secure"

did u ever fix your deobf

The Faceless Lord

as far as I know not really

Ill do it maybe 4fun

nick

did u ever fix your deobf

no

20:59

I might rewrite it completely

if you rewrite it

21:00

could consider moving it into obf repo

nick

could consider moving it into obf repo

obf repo?

we have our own obfuscator (mainly bytecode stuff overall)

21:00

with custom asm tree and everything

21:00

control flow analysis

21:00

loop analysis

21:00

etc

21:00

it would probably be easier to work with instead of default asm

I mean ye sure if you add me

@Qreaj u dont care if i add him to the one with virt in it right

Yes

alr

21:04

send git hub link

https://github.com/Pajeet-Industries

Pajeet-Industries - Overview

. GitHub is where Pajeet-Industries builds software.

and ill add u

21:04

fire name

fr

21:05

based on one of my fav meme

21:05

Image attachment

https://github.com/jadyen-dev/java-obfuscator

$$$

u can just look at like stringtable transformer or something to see how it works

21:06

most of it is pretty simple

ye I will it through

21:07

Btw I think for deobfing shit we should have a separate shit

Image attachment

ahhh

Folder class also shows a bit of stuff

21:08

like pattern usage

21:08

there is also processors

Image attachment

fire

they run after it was read, and before its exported so ye

21:08

basically just optimizations for jar size

I will try to not write ultra shit code (I mean it worked but ye)

21:09

And the broken transformer is... More like its for a specific zkm string transformer

if u write bad code ill just rewrite it

Ye writing good looking objectweb asm code is not that shrimple

ye

21:10

AbstractInsnNode my favorite

21:11

objectweb asm is kinda shit but usable

21:11

ancient trash

yeah it was never really designed for practical usage

yea

soon we wont be dependent on asm at all

21:12

if the c++ bytecode lib works fully

c++ bytecode lib meh...

21:14

ehh

21:14

I'm not sure why its a good idea to make c++ shit for java obf/deobf

well it can always be using in java code with jni bindings

yea but like why c++

idk its just easier to do in c++ than it is in java

21:16

also faster

21:17

might write a decompil;er using it

for me java would be easier but idk (I don't fuck c++ that much probably that's why) (edited)

c++ is basically java JIT but faster (if done right)

and ye c++ ofc is faster than an entire fucking vm

xd

The Faceless Lord

yea but like why c++

Because you can do more with that

kinda ye

21:18

but that still won't help you with jvm related limitations

Like i mean we could make some debugger using it

21:19

That could analyze what happenes in runtime

21:19

For example

at that point I would modify the jvm heavily and use it as vm for deobfuscator

c++ supremacy

Java is too boring

21:22

At some point

ye kinda

Qreaj

Like i mean we could make some debugger using it

ye this would be cool

21:24

x64dbg for java

The Faceless Lord

at that point I would modify the jvm heavily and use it as vm for deobfuscator

that would rape every obf

yeah

21:24

its actually possible to do x64dbg for java

21:24

lots of work but it can be done

ye

But inject like version would be better

21:24

Because no fucking with multi version

21:24

Maybe some

my old native call logger is injection version and worked for even mio lol

But array of byte patterns (edited)

21:25

Should do it

Qreaj

But array of byte patterns (edited)

?

If logic is not changed dramaticly

why pattern

21:25

vm structs

nick

?

Like for hooking things we need

what would need to be hooked

Idk

only thing i can think of hooking is

21:26

JIT compiler

21:26

since that can mess up hooking java methods via interpreted and compiled entries

nick

what would need to be hooked

Oh like when you would want breakpoints

21:26

For example

breakpoints are instruction

21:26

someone made a poc about it a while ago

Nvm i forgot

https://systemfailu.re/2024/03/12/java-breakpoint-breakout/

Java Breakpoint Breakout

ye I seen this

21:27

but never seen this being used

well the way he implemented it is not the best

21:27

the concept is good

21:28

he uses hardcoded offsets and patterns

bruh

Image attachment

ye that's ultra shit

i have basic stuff

21:30

for Method* etc

21:30

Image attachment

Interesting... Who made this?

Image attachment

me

looks nice

kinda

21:38

i have to rewrite it all eventually

21:39

its used for computing dominators which is one of the most important parts of control flow analysis

hmmm

it can be used in obf to

21:41

a basic block A dominates basic block B if all paths to B must pass through A

21:41

so its guaranteed to be in the path to reach B

probably it would be better than whatever shit ZKM have

yeah

21:45

i have a better version that i just havent pushed yet

Image attachment

21:45

since rn it handles exceptions really bad

21:45

it just adds successor to anything in range instead of handling type hierarchy

hmmm I wonder how funny shit we can make this

if you look there should be a transformer named

21:47

"CFGTest"

21:48

where it can print the cfg

21:48

https://dreampuf.github.io/GraphvizOnline

21:48

and render it using that

https://www.cs.utexas.edu/~misra/Lengauer+Tarjan.pdf

21:49

never heard about this before wtf

https://www.cs.princeton.edu/courses/archive/fall03/cs528/handouts/a%20fast%20algorithm%20for%20finding.pdf

21:49

thats the original paper

21:49

that took me hours to translate the pseudo code

how the fuck you know about things like these

like where i found it ?

ye

just googled around about control flow analysis

21:50

and also saw it used on mapleir

hmmm

21:53

I wonder how many shit like these is out there public

for java only 2 exist (mapleir and soot)

21:55

for deobfuscation

21:55

it would be incredibly powerful to translate into SSA form

21:55

since it would be able to pretty much constant fold anything

SSA form?

ye

21:56

for example

21:57

Normal: int y = 1 y = 2 int x = y SSA: int y1 = 1 int y2 = 2 int x1 = y2

21:57

SSA = Static Single Assignment

21:57

each variable assigned once

yea

21:57

I'm not sure if its really needed if we vm most of the shit

for something like this

Image attachment

21:58

ssa would instantly smoke it

21:59

procyon kinda has SSA but not really

Image attachment

its like really shit

?

how procyon does it

ye

21:59

they shouldve added constant folding into it

21:59

they kinda do but they dont like inline and fold further

yep

22:00

own shit will solve it

233.32 KB

looks interesting if you would add shit like what zkm have of making one long in main and pass it through to every method it would be more painful to reverse

ye

nick

https://www.cs.princeton.edu/courses/archive/fall03/cs528/handouts/a%20fast%20algorithm%20for%20finding.pdf

bruh I'm not that good in complex math...

what math

Its an algorithm... What algorithms is made from

ig

22:13

the important stuff is at the bottom

22:13

all the impl

Its still random variables like "semi"

semi is just a way of tracking the depth

22:17

the rest makes sense

ye

btw what transformers does your deobf have

22:21

just zkm and generic or like alot more

Its a newer shit so just zkm

does it fold parametrs for zkm or nah

and some other random shit

22:23

fold parameters? (stupid question but I'm so fucking tired I barely slept anything...) (edited)

like the long params that they pass method to method

yea

22:24

handles that

nice

however still whatever reason broke with javax.crypto.Cipher

22:24

after a few class

22:24

and idk why

22:24

that's why I want to rewrite it

incorrect value = incorrect cipher key = incorrect badding = error

22:24

if you send me some of the transformers i can port them

22:24

and then you can rewrite after they are ported

The more interesting shit is its breaks shit in static which normally shouldn't drop padding error

how does your long encryption transformer work

22:25

like does it handle super classes / class intiialization hierarchy

tries to find main and then goes through everything (built in reference transformer)

find main for long encryption ?

however might goes through other shit before that like finds other methods which doesn't require long

i mean like the

22:27

static long field

22:27

from like

22:27

classname.methodname(key1, key2, uselessclass).a(key3)

Usually shit looks like

private static long a = 487329732L

public static main(String[] args) {
    long l = 39762786328567L ^ a;
    long l2 = l ^ 476853476483726L;
    callshit(l2);
}

private static callshit(long l) {
    long l = l ^ a;
    <other shit>
}

(edited)

this thing

Image attachment

yea that's different shit

22:30

well doesn't handle this specifically yet

22:30

because most zkm obfed shit I worked with had trash config

in the repo somewhere there should be the

22:31

jars folder

22:31

with a zkm crack

22:31

you can terst stuff on

I had some working zkm version then but I didn't bother support everything until I don't see it in a shit I want to deobf

i had transformers along time ago from one of my first projects that got through a good zkm config

First I have to figure out how to make it that way which support every single random fucking string transformer setting

but they heavily relied on bruteforce

well this kinda rely on bruteforce too as this shit doesn't always get the correct long value

22:36

(another reason why I want to rewrite it)

if u send the generic transformers like coonstant folding and stuff

22:37

i can port it rn

22:37

and then zkm transformers can just start from scratch

I was lazy with this and I did it quickly as I can so doesn't have constant folder

lol

22:38

just send any transformers u want to port

22:38

and ill try to port them

I won't port anything I rather rewrite it from zero because neither of these transformers are that good

alr

22:39

i recommend start with constant folding

but first I have to fix up da vm

or basic optimizations

can you make one? As I have to fuck with the vm a lot...

22:40

idk if you seen the original insomnia vm we made with Thnks_CJ

22:40

well its not bad but has a lot of problems

22:40

A LOT

what does the vm need to do

22:41

i can write a basic one

As example for reference transformer I just grab the values and run the method and grab the result from it

22:43

This has to initialize <clinit> normally don't get fucked up in <init> and other shit

reflection and class loader could be usedf

Yes built on that

22:44

And you will find problems like... jnic, has problems with java.util.Logger and lwjgl shit

22:45

or if you get an exception for running shit in <init>

yeah but theres no need for the entire virtual machine

22:45

just basic reflection would handle it all

22:45

even better if reflectio nisnt needed

what I do is for string transformer I grab long and int values and run the method which decrypts it and done I get that string

22:47

However this needs class be initialized without any exception

22:47

Its similar to how ssvm works

yeah it would be best though if we could just do it fully static

22:47

ZKM has decent randomizations but overall its easy to beat

but its as unstable as ssvm in some way...

22:48

that's why I'm thinking about modifying jvm for this and use that

to much effort when you can just match byte patterns

22:49

only thing you really need to dynamic deobf is long enc

ye but you can fuck your byte patters if a shit has multiple obf on it

kinda but stuff would be messed up either way

22:51

all you need to do to deobf zkm is just identify the keys

nick

to much effort when you can just match byte patterns

it is is really too much effort but that would allow us to ignore whatever obf a shit has and just run it and get the result back

nick

all you need to do to deobf zkm is just identify the keys

yea but the point is that the vm support any random obf and not just specific ones

22:52

so it wouldn't be zkm only

alr

22:52

im gonna start make a bit of optimizations

The Faceless Lord

yea but the point is that the vm support any random obf and not just specific ones

so instead having 100 different transformer for each shit you would have much fewer

22:54

main point of a vm to allow you to reverse any really fucked up obf without too much problem

ye

22:54

luckily zkm hasnt figured out they can obf their string methods

ye

22:54

(or how to obf enums bruh)

they do obf enums

22:55

prestige found a few days ago

22:55

there is a default exclusions file

22:55

for lambda and enum

lol

22:55

where?

idk i just remember he mentioned smth about default exclusions

zkm moment

The Faceless Lord

main point of a vm to allow you to reverse any really fucked up obf without too much problem

so that's why I want a really good vm so with minimal effort we can fuck most obf

22:57

(however making a really good vm is uhhh...)

would be pretty funny to have every best bytecode tool

22:59

debugger, transpiler, virtualizer, deobf, obf, decompiler

22:59

lol

ye lol

the argument for wax.rest ownership

Image attachment

LOL

i wish i had a fully working stack analysis

23:34

i coudl so easily fold some dup patterns

private static final Replacer X1_DUP = new Replacer(Pattern.of(DUP, DUP_X1), (range -> range.replace(new Instruction(DUP2))));

peak java constant folder

lol

is there any important intrinsics that should be optimized

23:54

like Integer.parseInt or something

no idea

a few optimizations

Image attachment

nice

somehow folder made it larger

0:35

lol

how

ohh prob because certain instructions

0:35

get expanded to more

0:37

constant folder basically done

0:37

just need to impl some basic form of local inlining

the puzzle of future expands

Image attachment

5:33

even after hooking the zkm invokedynamics

5:33

some invokes are still unfindable

i pushed constant folder

nice

19:02

I'm really busy nowadays so I'm not sure when I can start work on it

k

owning wax.rest inc

Image attachment

I just got access

5:05

btw

how

read back

5:05

shit

so u got 1 week key ?

5:06

but its not released..

nick

so u got 1 week key ?

ye

5:07

but I have to make a new vm which not detected by vmp... (edited)

why

VM check

5:07

duh

oh u have the dll version

yea

i dont think its virtualized only packed

ye probably

5:08

but usually if you unpack it its fucked

yes

5:08

i onlky unpack just to look at stuff

the dll downloads stuff so...

doesnt vmp use vmaware

5:09

so its really stupid to bypass

nick

doesnt vmp use vmaware

idk

i wouldnt waste time cracking it

5:11

its just pasted directly from https://github.com/Lefraudeur/Mujina-Public

GitHub - Lefraudeur/Mujina-Public: A cross-platform injectable chea...

A cross-platform injectable cheat base for minecraft made in java, loaded with c++ - Lefraudeur/Mujina-Public

LOL

well actuaklly

5:12

you can get the src of it probably

5:12

since it is a class loader

I want to reverse it to src so

5:12

getting all the class would be nice

5:12

I will figure it out how

5:12

is the most optimal

5:12

to get it

qreaj can probably dump it

5:13

he sets up some external drive thing

5:13

and it seems to work pretty good

if vmp shit on this then I might just get how this shit downloads it

5:14

and get it that way

https://cyber.wtf/2023/02/09/defeating-vmprotects-latest-tricks/

The Faceless Lord

if vmp shit on this then I might just get how this shit downloads it

send dll i can unpack

nah I want to do everything myself this is kinda... personal

what did they do to u lol

ZKM moment

Image attachment

5:30

they have apparently upgraded their exception flow

5:31

occasionaly it seems that it will generate a class (from what ive seen extending nullpointer exception) and throw it transfer flow

zkm flow crazy (i manual deobfed it all first try)

Image attachment

future clients hwid system is so advanced that without modifying my vm it just felt like breaking

Advanced hwid system

fr

3:35

i mightve gotten the last of the loader spoofed if it didnt deciode to break there

new obf method maybe

Image attachment

Image attachment

this is my favorite client

Image attachment

18:34

its almost like i didnt reset the hwid yesterday!

bruh

im so close to fully sp[oofing the loadfer and then this decides to randomly happen

18:42

and i have no clue why

18:42

5th times the carhm

Image attachment

did u ever crack wax

no I didn't bother with that as school takes up most of my time

u in college ?

no but still takes a long fucking time and after that I don't really have motivation to do anything

true

22:57

my school does like literally nothing

what do you mean?

havent had any homework for years

nigga you're so lucky

i just show up and sit in a chair all day

The Faceless Lord

nigga you're so lucky

do u have the teachers that give u a entire assignment to do at home daily

nick

do u have the teachers that give u a entire assignment to do at home daily

Image attachment

23:01

its SO FUCKING ANNOYING

doesnt look that bad unless they r like entire projects

nick

doesnt look that bad unless they r like entire projects

some are...

xd

23:03

same type of teachers to complain about grading so much

yea...

do u have 7 classes or is school system different

future

Image attachment

22:22

they banned both my accounts

lol

i only got a week to crack it before update lol

what is the current progress?

im 1 byte array away from cracking the loader

22:29

and i have 1 week to get passed just that array

22:29

if i dont then all the progress is back to 0

22:29

and difficulty increases signifigantly most likely

what byte array?

one of the requests has a byte[170]

22:30

that involves a few keys

22:30

and crytography

22:30

and all those keys come from 1 root key that must be spoofed

bruh

spoof that byte array of 170 and 1 long value (the long is super ez) and the loader is cracked i believe

but that's only just the loader no?

22:31

What with the client itself

well if the loader is cracked then we have infinite time for the client and the update isnt an issue

I think fucking with loader is kinda useless and waste of time

i think through the loader is the only way to crack it

22:33

im not sure though

do you know what is natived in the client?

just a lot of stuff

and how much shit is natived

nick

just a lot of stuff

yea... that's bad...

i have a dumped jar

22:34

none of the constants work but the methods and stuff aree visible

22:34

and like random classes have transpiled stuff (modules to)

nick

i have a dumped jar

around 100 classes seem to call to the jnic loader

wtf that's not really right except if the game runs on 5 fps

probably just auth and other things idk

@The Faceless Lord if you want to help crack the new loader when it releases for fun i can try to get you an account

23:39

im gonna try to tho just to say his security sucks

nick

@The Faceless Lord if you want to help crack the new loader when it releases for fun i can try to get you an account

I don't think just myself I will crack the new shit

ye im also gonna reverse it to

so close

Image attachment

nicee

19:21

Image attachment

nick

so close

24 bytes remaining

Image attachment

https://github.com/bcgit/bc-java/blob/0ea89a4388de4f18a2cd3a1801d5bdb2a954644d/core/src/main/java/org/bouncycastle/crypto/macs/Poly1305.java#L28 i love matching fields

Image attachment

bc-java/core/src/main/java/org/bouncycastle/crypto/macs/Poly1305.ja...

Bouncy Castle Java Distribution (Mirror). Contribute to bcgit/bc-java development by creating an account on GitHub.

lol

idk how im even going to make the socket go to a local host one

19:51

after i spoof this thing (atleast where the keys etc come from)

Image attachment

19:51

then there will only be 6 bytes left

6 bytes remaining

0 bytes

Image attachment

23:50

+ future initlaizes correctly

23:50

ez

Image attachment

does it work normally?

it seems to work good but i cant get minecraft to open

23:53

since myt entire vm sucks and wont let me install drivers

I can test it

i gotta write the spoofer and stuff

23:53

+ it uses hwid and properties etc

nick

since myt entire vm sucks and wont let me install drivers

https://github.com/pal1000/mesa-dist-win/releases/tag/24.3.4

Release 24.3.4 · pal1000/mesa-dist-win

Updated Mesa3D to 24.3.4. ARM64 binaries are provided by mmozeiko here. Support for x86 32-bit build in MinGW has been restored but without LLVM support to workaround #156 so no openclon12, llvmpip...

does it require to restart pc ?

23:56

im only able to boot it in safe mode so anything that applies on reboot just gets destroyed

23:56

it gets to here though so im assuming it works good

Image attachment

nick

does it require to restart pc ?

yea I think

nick

im only able to boot it in safe mode so anything that applies on reboot just gets destroyed

how

idk it just breaks whenever i restart

23:58

and only fixes when boot in safe mode

how the fuck

i have the randomness spoofed out

0:00

idk how to make the actual spoofer now tho

nick

idk how to make the actual spoofer now tho

Wdym

i have to change all the like

0:01

socket reads

0:01

without custom jdk

Cant you just try to catch that input stream of socket that they use somehow?

0:02

And replace it with your own one

prob

0:02

i think im gonna try to like

0:02

replace the socket class

0:03

siunce theyu do checks for isconnected to

That can be spoofed easily asf

0:03

Just try to get their socket object

0:04

And replace it with your own that is like object of class that extends socket

Image attachment

0:05

im gonna just replace the LEA on the java/net/socket to my own string somehow

What they dont use some sort of packer?

nope

0:05

packer wouldnt provide them any security benefit

I mean packer + virt

ye

0:06

they arent weird like achilles

0:06

pretty crazy though

0:06

like less than 10 method calls replaced and boom its all spoofed

0:07

and a bit of patching the native

0:07

xd

Image attachment

0:08

now it is just stuck on this screen forever and nothing will happen

Image attachment

0:10

what it worked for hte first time

it didnt work

?

something in the client got an exception

0:21

Image attachment

0:22

i dont think it is an issue with the spoofing however

i figured out which class i changed that is causing that

2:42

still dont know which method though

i finally fixed the crash

6:27

full spoofed + no crash

wel;l

Image attachment

oh

back to 0

8:10

lets gooo

sob

lol

Image attachment

15:55

Image attachment

nice

Image attachment

@The Faceless Lord do yk any simple ways to defeat unsafe randomization

21:09

the new update uses unsafe.allocateMemory etc to generate some random values and these cant be spoofed or it will eventually jsut exception

hmmm

nick

@The Faceless Lord do yk any simple ways to defeat unsafe randomization

so uses unsafe to randomize shit?

yeah

21:15

i already beat all the other randomization yesterday

21:15

it should just be this

21:17

imtrying to make my own virtual memory but it just crashes itself everytime

you know ye that you can use jni to retransform unsafe class to give you what you want?

21:18

but probably there are more solutions too

The Faceless Lord

you know ye that you can use jni to retransform unsafe class to give you what you want?

well it still need to be on the heap

21:18

and always allocated at the same address

21:18

cause they also use it to store and move stuff around along withj being a key

21:25

im tryna just work around it because if i dont then the only other option is to manually patch every usage of it

ok yea i cant get it to work

21:54

im gonna just manual spoof them hopefully

this future inlining sucks it inlined like so much important stuff that i couldve hooked

this stuff is so weird

Image attachment

1:20

the address wont even be valid but its literally just getting free randomness

Image attachment

1:20

so if i try to just to putLong it instantly smokes itself

back to where i was when he updated

Image attachment

23:37

awesome spoofer

23:38

changed 4 bytes in the binary and all randomness disappeared..

lol

i wasnt able to figure out where the valuew was that i actually needed to spoof

23:38

so i just set the entire key to 0 lol

23:39

modern problem modern solution

23:43

Works perfectly

Image attachment

did you do it?

i have the latest loader full spoofed

23:47

going to now start hooking the socket

nick

i have the latest loader full spoofed

by spoof i mean that the client writes the same data everytime

23:47

so the server will always reply with the same data

socket has been successfully hooked

What else you have to finish?

im just working on getting the last request spoofed

18:28

i have the spoofer ready for it, its just 1 byte is random, so whenever i change m,y patcher it for some reason breaks

theres no way this guy isnt just watching me everytime get close and updating

18:38

bro

Image attachment

LOOOL

literally had the loader cracked and working just last night

nick

bro

bro is trolled hard

xd

2:57

6 bytes left until spoof

no way

3:05

this guy just ban my accoutn again

3rd account? (edited)

yea

3:08

i spoofed it all im pretty sure

how

patched a couple things in the binary

3:09

i just accidentally set off a single flag

3:09

because i spoofed to much

3:09

negotiating an un ban

Image attachment

nick

negotiating an un ban

How many time you was able to unban it?

none of them have been unbanned

3:12

always got a new acc

real bad looks

Image attachment

wtf

3:15

I don't think... He will unban you

he might

"I mean you flagged before" I don't think so...

its a heuristic apparently

3:20

ok i paid him for unban

3:20

with the patches i made

3:20

ez

what patches?

just the classes i modify

3:22

to spoof stuff

3:23

he dont got the jnic patches tho

So you just sent him half of the shit?

i sent him the easy stuff

3:23

the only complex stuff is in the binary

lmao

theres no way

3:36

this guy must be updating

3:36

and hes gonna unban me after

3:43

ezzzzz

Image attachment

nick

this guy must be updating

what?

he unbanned it and didnt update

3:47

very nice

I think only just 0x22 can update

nick

he unbanned it and didnt update

ask him

8:15

if you can try crack

8:16

and then you let him know the vulnerabilities or sk

8:16

sm

hes been watching me crack for a long time apparently

17:58

he knows alot of crazy stuff

17:58

apparently he cracked mio without an account, just from dumps

17:58

in onyl a few hours somehow

that's cap

18:01

what

Image attachment

proof?

this is all that he sent related to it

Image attachment

18:03

btw

18:03

I have the future loader like cracked/fullspoofed

18:03

just one thing is like check summing itself somehow so it errors

nick

this is all that he sent related to it

wtf

pretty believable he cracked mio doing that

18:05

hes done java reverse engineering for 4+ years

18:06

and native even longer

dayum

it is complete

5:28

loader cracked, spoofed, client loads, but client auth fails

5:29

Image attachment

nick

loader cracked, spoofed, client loads, but client auth fails

what do u mean? So doesn't work?

the loader is fully cracked

6:18

the client is not

Then what was the point...

wdym

Do you plan to fuck client auth as well?

yes

6:19

he cant prevent

6:20

just dfepends how long it will take

nick

Click to see attachment 🖼️

cat? or someone else

his alt

6:20

he doesnt want it leaked

Well its still was easy to figure it out...

nick

his alt

it was 3000iqplay all along

lmao

pretty crazy how the loader entirely cracked from just changing 125 bytes in the native and just hooking stuff in the invokedynamic handler

this guy made so protection on the future instance

2:57

there is no references to any <init> opr anything

2:57

fully turned into getdeclaredconstructors combined with constant hiding

control flow flatener to

Image attachment

nick

control flow flatener to

thisa flow sucks to reverse

21:43

the key for it comes from a million places

21:43

and from the sevrer

nick

control flow flatener to

what is this

thats what im tryna figure out

22:05

it is using the request somehow to initalize the client instance

black magic.

Image attachment

lol no way this guy forgot to make a cache for jnt

Image attachment

imagine forgetting cache

21:37

do you want to compete with him with like making a better transpiler?

we could

21:37

he doesnt really know what he is doing

real

he said himself he just followed jni spec

lmao

nick

he said himself he just followed jni spec

how you would do it?

the only way to make the "best" transpiler

21:40

is minimize jni usage

21:40

but compatability issues can certaintly arise from that

hmm

like

21:40

lest say we

21:41

getstatic System.out
ldc "hello world"
invokevirtual println

yea

if u transpile that

21:41

u have to everytime

21:41

env->CallVirualVoid()

21:41

and everything you call a virtual method JNI has to go through every method on that object

21:41

until it finds the right one

yea

21:41

exactly

but in the jvm they cache it

21:41

using the vtable

21:42

if you have to vtable index its a simpe offset on the klass*

21:42

and the klass* can be obtained by offset on the jobject

yea that could work

the only bad part of transpiilers is u have to support linux/mac

21:43

if it was windows only

21:43

so much more could be done

for mac users... just c'mon buy a real pc lmao

true

21:44

everyone that uses mac is really dumb

linux support is semi important

they just buy every apple product because they think its good

The Faceless Lord

linux support is semi important

yea

21:44

also have to consider the

21:44

different architectures

21:44

but i dont think anyone uses anything besides x64

expect some retards who want to run shit on phone....

if we did make a transpiler

21:45

the only stuff needing support would be x64 and linux/windows

exactly

21:46

not sure how much it would worth making one

yea

21:46

wouldnt really gain to much

21:46

not many people use transpilers

21:46

only mc cheats

ye

already know this wont get any sales

Image attachment

fr

writing reversin tools is more valuabe than obfuscation

21:48

because

21:48

if you have the best analysis and tools

21:49

you can make the best obfuscation

21:49

cause imagine the obf that could be made

21:50

if you had no worry in the world about the verifier

21:50

you can just insert jumps anywhere and it handles itself

we kinda have the best tools rn

how

I mean in making

21:51

The VM is still in progress

21:51

and other shit

i was rewriting the control flow analysis stuff

21:53

ill prob complete it in a bit

21:53

i got side track to future crack

21:57

btw

21:57

etho has someone else working with him

who

Image attachment

21:58

likely an alt

21:59

well im not 100% if he works with him

21:59

but he seems to talk with etho alot

21:59

and this

Image attachment

sus

yk that

22:00

client battlefield discord

22:00

the john xina guy

I seen him before but I don't know too much about him

Image attachment

22:00

jbytemod user

22:00

and linux.

That doesn't say too much for me

22:01

jbytemod is meh...

lol

22:01

hes really stupid

22:01

etho knows way more than him

probably they still didn't crack augustus

nope

22:02

not even close

22:02

they havent made a announcement about it since

L

this guy MIGHT be a dev really tough to tell

Image attachment

sigma

recaf try to bomb itself everytime i type 1 letter challenge

Image attachment

smartest prestige user

Image attachment

lol

get smoked by anticheat update -> complain for the next hour

bruh this future client so stupid

23:01

i can run it fully without wifi

23:01

but no gui no modules no command work

xd

Image attachment

6:07

vanity just to have no members

nick

xd

lmfao

10:32

@nick

10:32

do you know how to make mixin thing work on 1.21

10:32

cause like the "run" normally is green cus its valid and like shows me options n stuff

Image attachment

10:33

but for 1.21 it no work

Prestige

cause like the "run" normally is green cus its valid and like shows me options n stuff

If you would let me work on the client normally I could fix a lot of stuff.

13:39

(and port it to new version)

yeah ik

13:59

if u have the solution for this

13:59

would be very very very nice

Prestige

if u have the solution for this

from here I can't really figure it out myself

just take example mod 1.21

14:00

and make minecraftdevelopment plugin work

Prestige

just take example mod 1.21

bro...

what

Why you can't just let me work on it normally? I'm tired from this bullshit you act like I would leak the client. (edited)

cus i dont rlly need u to

need me to what?

work on prestige

Either let me work on normally or I won't do shit

14:04

okay thats fine

Embedded image

Image attachment

14:42

my gui is better than yours

stole from the google

nick

but no gui no modules no command work

how

Prestige

stole from the google

how (edited)

im joking cj i love you

i wish this shit was on google

15:26

id be so happy

new google color picker (edited)

its always either some shitass library

15:27

or some fuck job windows native one

windows react native gui

@nick I will push new shit soon can you push changes you made so far?

The Faceless Lord

how

entire event sysetm nuked itself and wont register any handlers

The Faceless Lord

@nick I will push new shit soon can you push changes you made so far?

done

18:32

lol

Image attachment

@The Faceless Lord any important things that would be needed for deobfuscation that should be included into the analysis ?

Image attachment

18:54

msvc be like

msvc is so good

18:54

but so bad at the same time

so i just make string that dosent appear in memory

Image attachment

18:56

and fucking compiler dies here lol

whats macro doing

macro is only like xor string encrypt

18:56

and it makes instance of hidden string class

its probably killing the compiler

18:56

since those use certain macros/stuff exposed by compiler

18:56

like time

18:56

etc

FUCKKK

18:59

nah wtf

18:59

i dont understand why it just died

18:59

on operator overloading

19:04

Its probably because of that fucking references

wtf i restarted vs and no clue why

19:25

it works

skill issue

boom

Image attachment

im implementing type analysis an other stuff

4:04

and imrpvoing jar reading in obf

4:04

so that there is no more class loading etc

4:04

after that will do stack analysis

nick

boom

u crack the future?

yes

holy

6:39

sick

they use a lot of tricks that would be funny to impl in prestige

lmfao

6:39

but we need to release

6:40

i cant waste more time on security really

6:40

and making 1.21 sucks

1.21 seems ez

6:41

except for the fact that i cant run thye client

minecraftdevelopment dont work

6:41

plugin

work s for me on my custom client

How

6:41

it dont for me

6:41

6:42

is it cus i use paid intellij

did u try n reinstall it

many times

works good

Image attachment

huhhhhh

thats on 1.21.1

what the fuck is wrong witb my shit then

6:43

are u on intellij ultimate

6:43

or comm??

community

ill try that later

why u even need it

6:43

theres barely any mixin changes i thought

many mixin changes

6:44

fixed most of them but random shit keeps popping up

6:44

like glowrenderer shader is jot initialized and boom crashes

6:44

when gui

idk

6:46

mojang loves to break stuff that has been working for a while

ik

6:46

i might just like

6:46

port to 1.20.5

6:46

port to 1.20.6

6:46

and then 1.21

6:46

yk

thats just doing 3x more work

6:46

for the same output

its just step by step

6:47

and idk whats breaking glow renderer

prob these errors

Image attachment

6:48

more liely tho its just this null

Image attachment

radius is null

6:48

setparameters crashes

wdym radius

this.radius.set(…) in setParameters throws nullptr

idk if missing smth but

7:02

Image attachment

7:03

none of those exist

Image attachment

what

7:03

how

idk

wat de flip

i printed from every shader

7:03

every loaded uniform

ih

7:04

oh

7:04

so it isnt init properly

looks like the entire rendering just got a overhaul

yeaah

shaders, tesselator, buffers

jup

couldjust remove the glow thing

7:05

add it back later

ugly but yea

7:05

and used quite a bit

bro what

10:22

@nick

10:22

what java version

10:22

or sm

10:22

cus for me it dont even work on example mod

https://github.com/XG2025-Akaishin/Future-Auth

GitHub - XG2025-Akaishin/Future-Auth

Contribute to XG2025-Akaishin/Future-Auth development by creating an account on GitHub.

13:53

@The Faceless Lord yk any way to load my mod before future loads

0:48

i need to somehow define my patched classes before future ever loads them

0:49

but they use pre launch entrypoint and mixin entrypoint

nick

@The Faceless Lord yk any way to load my mod before future loads

modid: 0000mod

Exported 4 675 message(s)

Timezone: UTC+1