(IMPORTANT) Informations regarding CLEO Keyloggers

TheZeRots

Well-Known Member
Joined
Dec 21, 2013
Messages
1,247
Likes
0
Points
86
#21
Opcode.eXe link said:
[quote author=Mr.Ze link=topic=9132.msg53296#msg53296 date=1407577678]
There are smart ones.
Those that write a temporary file somewhere on your PC and when your session ends it deletes it and sends it to a FTP -> of course, those are hard to protect against.
[/quote]

What? Send me an example.... i wanna see that..
[/quote]
If I manage to find one... I have found one like a month ago... also, you broke the damn quote!!
 

blackHat

Well-Known Member
Joined
Jul 28, 2013
Messages
931
Likes
0
Points
66
#22
Opcode.eXe link said:
You can also feel the stealer stealin your data!

Example:

You just wrote something into a dialog and pressed ENTER.
- In that moment you pressed ENTER you should 'see' the game stopping/lagging for like 1 Second. That is because the stealer is sending data to the logger page. CLEO pauses the game until it gets a response from the function to send the data. MEH.

:sweet_jesus:
Nigga how you will detect 1 second lag...
 

blackHat

Well-Known Member
Joined
Jul 28, 2013
Messages
931
Likes
0
Points
66
#23
Mr.Ze link said:
There are smart ones.
Those that write a temporary file somewhere on your PC and when your session ends it deletes it and sends it to a FTP -> of course, those are hard to protect against.


What? Send me an example.... i wanna see that..

If I manage to find one... I have found one like a month ago... also, you broke the damn quote!!
I already give a notify for this kind of keylogger it is store it on temporary file it is in smalltalk section i think
 

T3KTONIT

Well-Known Member
Joined
Sep 2, 2013
Messages
309
Likes
2
Points
68
#24
[member=2]0x688[/member]

Hmm we can create an anti-keylogger and release it here if someone wants to be protected against them :D, c'mon don't you think it is really fucking easy to make one?
all we have to do is like, hook ws2_32.inet_addr or ws2_32.send or something since probably those keyloggers most likely they use TCP we will not have problems with the game since it is UDP xD easy, job done..

i might make one like, tomorrow or something..  :dont_care:
 

m1zg4rd_PL

Well-Known Member
Joined
Jul 19, 2013
Messages
222
Likes
0
Points
66
#26
Opcode.eXe link said:
You can feel the dialog being stuck for 1 sec, also if you look at trees, entrace markers, maybe also if the camera is moving you will see it freezing etc. bla meh  :yuno:
And what if someone will add wait 5000 before sending log? We have to detect malcious functions by their calls, lots of people have lags in game, before spawn menu too.
 

Opcode.eXe

Well-Known Member
Joined
Feb 18, 2013
Messages
1,471
Likes
190
Points
113
Location
( ͡° ͜ʖ ͡°)
Website
www.youtube.com
#27
m1zg4rd link said:
And what if someone will add wait 5000 before sending log? We have to detect malcious functions by their calls, lots of people have lags in game, before spawn menu too.
  :dont_care: Just use steallogger.asi , also maybe 0x688 is going to make a logger which detects all calls...
 
OP
OP
0x688

0x688

Wtf I'm not new....
Staff member
Administrator
Joined
Feb 18, 2013
Messages
1,073
Likes
53
Points
98
#28
damn, in theory it is easy since GTA:SA or SA:MP does not make any of these noob calls.
But it will lock down Updater's too (as example SAMPFUNC's).
 

m1zg4rd_PL

Well-Known Member
Joined
Jul 19, 2013
Messages
222
Likes
0
Points
66
#29
0x688 link said:
damn, in theory it is easy since GTA:SA or SA:MP does not make any of these noob calls.
But it will lock down Updater's too (as example SAMPFUNC's).
Then plugin should ignore whitelisted files by SHA-1 checksums...
 

T3KTONIT

Well-Known Member
Joined
Sep 2, 2013
Messages
309
Likes
2
Points
68
#30
0x688 link said:
damn, in theory it is easy since GTA:SA or SA:MP does not make any of these noob calls.
But it will lock down Updater's too (as example SAMPFUNC's).
we can create filters for those.
 

Opcode.eXe

Well-Known Member
Joined
Feb 18, 2013
Messages
1,471
Likes
190
Points
113
Location
( ͡° ͜ʖ ͡°)
Website
www.youtube.com
#31
0x688 link said:
damn, in theory it is easy since GTA:SA or SA:MP does not make any of these noob calls.
But it will lock down Updater's too (as example SAMPFUNC's).
Just make an LOGGER which shows logs like:
Some mod tried to acces: "www.gaystealer.com/steel.php?=password"
Some mod tried to acces: "www.gaystealer.com/steel.php?=username"
So when we see lines like that we just remove the .cs and done  :forever_hurra:
 

inZ

Well-Known Member
Joined
Apr 6, 2013
Messages
276
Likes
2
Points
66
#32
Opcode.eXe link said:
Just make an LOGGER which shows logs like:
Some mod tried to acces: "www.gaystealer.com/steel.php?=password"
Some mod tried to acces: "www.gaystealer.com/steel.php?=username"
So when we see lines like that we just remove the .cs and done  :forever_hurra:
:dont_care: :face_palm: JK
Opcode's right something like a textdraw :p
 

Pinii

Well-Known Member
Joined
Sep 18, 2013
Messages
128
Likes
0
Points
66
Website
petardas.es
#33
Mr.Ze link said:
I may have a way to detect a keylogger by running it.

If someone has a keylogger for test, I'd like to try out my method, but I am pretty sure it works.

I won't say anything about it unless I can be 100% sure.

P.S. I think those are the only sites, I couldn't find any other.

P.P.S. Information*
:celeral_spitting: 1k posts

give us the information, security is first. If nothing is in risk, upload it  :fuck_yea:
 
Top