Decompile / Decrypt

englezeanu · Jun 24, 2014

Hi!

How can I view a hex crypted CLEO source code? I think it has a keylogger inbuilt...

I tried to open .cs file with Sanny Builder but I've got this error: 'Unknown opcode 79CA at offset 15.'

Ok, I enabled that option to ignore unknown offsets.

Now I get something like this:

Code:

hex
SOME HEX CODES
end

I tried an online HEX to TEXT but it did nothing.

I tried to delete all the '#' from compiled file, nothing happened.

Any new ideas? Thank you!

springfield · Jun 24, 2014

If you want to check for a keylogger you can use a 3rd party program to see outbound connections.
About decrypting, people encrypt their scripts for a reason, most times because others like to steal/edit and claim the work to be their own. Won't help you there.

englezeanu · Jun 24, 2014

springfield link said:
If you want to check for a keylogger you can use a 3rd party program to see outbound connections.
About decrypting, people encrypt their scripts for a reason, most times because others like to steal/edit and claim the work to be their own. Won't help you there.

I think it is not the case.
I do not want to view entire source code. I want to edit the part where data is sent ( like altering a character of the address where data is being sent - this would make the entire keylogger useless ).

Opcode.eXe · Jun 24, 2014

:yuno: YNO SHOW US THE CLEO FILE

Hidend · Jun 24, 2014

Use wireshark to see if has "keylogger", or send me the file and i'll check

Decompile / Decrypt

englezeanu

Active member

springfield

God

englezeanu

Active member

Opcode.eXe

Expert

Hidend

Expert