Announcement

Collapse
No announcement yet.

Key stealer?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • replied
    One large security issue with Windows will always be the registry. Due to web browsers and other installed apps being able to access COM classes, registry entries, etc. without the user being informed of it creates probably one of the largest security holes, which can be opened by the user without even knowing it.

    Being a programmer and working extensively with COM lately, I now know how to freely manipulate the registry through an app just from doing projects in school, and to be honest, has made me a whole lot more warry of even visiting websites I don't frequent. Hopefully they added in some sort of cd-key encryption, because in all honesty they are not that difficult to code, which will help to protect users from this sort of attack.

    Permafried-

    Leave a comment:


  • replied
    Originally posted by Hellcat2k3
    @Logy:
    Yes, you're absolutely right!
    As I said, my tool doen't give you 100% security - it just increses it as best as possible!
    I just want to say that I think your utility definitely give another layer of security, for those who want it, and that you're doing a good thing for the community.

    And as somebody who's been around for a long time, you'd be considered a trustworthy source (as opposed to a "HEY DOODS I JUST REGISTERED AND HERES A PATCH THAT MADE MY PING 90% BETTER!!" guy).




    Also I wanted to quote somebody saying I was absolutely right.

    Leave a comment:


  • replied
    Sadly there are also some other websites or progs that are not cheats that try to steal your key

    Leave a comment:


  • replied
    A while back, Mark Rein opened up a number of aimbot hacks to find out what made them tick. He discovered that most had code to steal your UT2003 CD key and send it to various hackers.

    If you use hacks, cracks, or bots, you deserve whatever **** happens to your computer or your games.

    Don't come crying when your CD keys have been compromised. You brought it on yourself.

    Leave a comment:


  • replied
    Originally posted by joyrider
    it's indeed not 100% hellcat, there's such things as registry monitor's and it's fairly simple to create that also.
    Yes, I have thought of that too and added a countermeasure against that

    For the other thing:
    Yeah, the problem with this redirecting is, that it is so **** easy to do :-/
    But AFAIK the communication UT<->MasterServer is encrypted (using public/private key encryption?) - so it's safe and redirecting doesn't get you anything.

    Leave a comment:


  • replied
    it's indeed not 100% hellcat, there's such things as registry monitor's and it's fairly simple to create that also. But it's better then letting it sit in the registry unecrypted.

    Nothing is actually safe on a pc, it's just a combination of ones & zero's wich can be altered whenever u want.

    Best thing is still a firewall cause u can block the program in question sending ure cdkey away.

    Let's make u even more paranoid. U can trick windows bu letting it think www.unrealtournament.com is actually another site. lets say u start ure ut and u think oh yes the master server probably needs to check my key so i grant it internet access. IF ure pc has been comprised and 'they' used the trick, they can reroute ure key to somewhere else.

    Again, a firewall is good but u should know how to use it and u should also know what the default cdkey server is that checks ure key.

    And this is real important, whenever ure key did get stolen it's your own fault, this might sound harsh but it's the truth since u let it happen, or u download bogus apps or goto sites ure not supposed to be or don't patch ure windows ETC

    Leave a comment:


  • replied
    Originally posted by ntjones
    Wow! Very cool Hellcat!

    You don't mind if I post that link in my forums do you?
    No, problem!
    TBH, I'd be glad if you do

    Watch out in the MODs&MAPs section of this bord (or the thread I posted) I'll annouce the d/l link as soon as I release it!

    And I'm always open for suggestions!



    Originally posted by Essobie
    And just how do we know that your program isn't going to send our unencrypted one to some email address every time we play?

    Sorry... just playing devil's advocate.
    This is a rightfull question!

    You have four options:

    - Trust me (ok, the worst option of all )
    - Let it be checked by someone you trust (Dr.Sin maybe? AFAIK he keeps an eye on UT related tools that might be a danger)
    - Trace your network traffic to see if it's submitting something (using a firewall like ZoneAlarm would do it)
    - Read the source code (wich will be fully available on request!)



    @Logy:
    Yes, you're absolutely right!
    As I said, my tool doen't give you 100% security - it just increses it as best as possible!

    Of course you have to keep your computer as safe as possible, in wich I have to second joyrider's post:
    Be aware from where you get your stuff (and what it is) and use a firewall to catch traffic you do not want!

    Leave a comment:


  • replied
    It is very very very simple to create a keystealer !

    it's just a matter of looking up info in the registry which can be done in 3 lines of code !

    it's also easy for little coding ******** that want to abuse u to create for example a cache cleaner and add a key stealer in it!

    BUT if u got a firewall and u can see what kind of programs want to make a connection to what kind of place / site.

    A cache manager imo nvr needs to this. Except for linking to the creators webpage, but even then shellexecute can be used to fire up the default browser.

    My suggestion, use a firewall and check from what sites u get ure stuff

    Leave a comment:


  • replied
    Those of you who are saying that Epic should encrypt the CD key when you enter it don't understand how encryption works.

    The only "safe" way to encrypt data on your machine is using a "key" that is not stored on your machine. In otherwords, something like a password that you enter when you install the game to encrypt the CD key, which you must then enter every single time you play to decrypt it.

    Otherwise, anyone who has compromised your computer has access to your CD key (encrypted or not) and also to whatever method was used to encrypt your CD key, which make the encryption more or less worthless.

    In fact, even a password-encrypted CD Key isn't safe if your computer has been compromised, because someone could be using a keystroke logging trojan to get your password.

    The point is, if you want to keep your CD key safe, keep your computer safe. Keep up to date with security patches, and NEVER run anything from unknown sources.

    When UT2003 came out, there were people posting topics like "CHECK OUT THIS PATCH IT INCREASED MY FPS 10X!!!" and linking to some executable that had a trojan in it.

    Anything like that is most likely a scam to get your key.

    Leave a comment:


  • replied
    CDKey stealers are usually found in No CD hacks, game hacks, and aimbots. If you stay away from them, you'll be ok.

    Leave a comment:


  • replied
    Originally posted by Aso
    they usually put these cd key stealers in aimbots though.
    they get what they deserve :up:

    Leave a comment:


  • replied
    Originally posted by Hellcat2k3
    Hi everyone

    A few peeps might know my CD-Key Securer I did for 2k3.

    For those who don't mind to enter a password (or enter a disk holding a "passkey") I've already done CD-Key Securer 2.

    A bit more info can be found here.

    I'll release it to the public as soon as I tested it with 2k4.


    What it basically does it to encrypt your CD-Key with your PW and only decrypting it ti launch UT - encrypting it right away again.

    Yes, it's no 100% security, but more than comes out of the box.
    And just how do we know that your program isn't going to send our unencrypted one to some email address every time we play?

    Sorry... just playing devil's advocate.

    As everyone has already said, don't install anything but UT2K4. I mean, what else do you really want on your machine anyway? Okay, maybe that isn't what everyone's said... but it should be.

    Leave a comment:


  • replied
    this might be a stupid question, but can someone steal your key from you downloading mods on a ut04 server? just curious.

    Leave a comment:


  • replied
    I use IE 6 with all holes patched i also got programs to make sure stuff like hacks and spyware dont get in, i will download hellcats securer to give me even more of a edge over the low and lame

    Leave a comment:


  • replied
    Yes, it sucks... and makes me want to find out where they live so I can drive a Mack truck through their house... fortunately, we have people like Hellcat who actually give a **** about CD key security.

    Leave a comment:

Working...
X