From a link from BnetDocs (From here (http://bnetdocs.valhallalegends.com/content.php?Section=m&Code=122) to here (http://www.valhallalegends.com/kp/bnsp-latest.txt)) to a text file on BotNet's documentation, it says:
Quote(send to client) id 0x06: botnet bot information
Contents:
(DWORD) bot id
(4.1) (DWORD) database access flags
1 = read
2 = write
4 = restricted access
(4.1) (DWORD) administrative capabilities
Specified in Zerobot Traditional Flags Format (ZTFF):
A = superuser, can perform any administrative action
B = broadcast, may use talk-to-all
C = connection, may administer botnet connectivity
D = database, may create and maintain databases
I = ID control, may create and modify hub IDs
S = botnet service
(4.1) (Admin only) (DWORD) IP address of the bot being described
(STRING:20) bot name
(STRING:*) bot channel
(DWORD) bot server
(2) (STRING:16) unique account name
(3) (STRING:*) database
What is ZTFF and how do I decode it?
A = 1
B = 2
C = 4
D = 8
E = 16
...
To test for flags, do a bitwise check, i.e. use the bitwise and operator
Then why does init have Admin = 399663?
Admin = 399663? What are you talking about? Like I said already, use the bitwise and operator and get the user's flags
If my math dosen't fail me.
399663 = 0x06192F = ABCEHKLQR
QuoteA = superuser, can perform any administrative action
B = broadcast, may use talk-to-all
C = connection, may administer botnet connectivity
D = database, may create and maintain databases
I = ID control, may create and modify hub IDs
S = botnet service
So that person would be a.... Superuser, Broadcaster, and a Connection Admin.
Now that dosen't seem right... so my math must be failing.
Anyways.
Here is a basic function:
Public Function GetFlags(Flags as Long) As String
Dim tmp as String
tmp = IIF(Flags And &H1 = &H1, "A", vbNullString)
tmp = tmp & IIF(Flags And &H2 = &H2, "B", vbNullString)
tmp = tmp & IIF(Flags And &H4 = &H4, "C", vbNullString)
tmp = tmp & IIF(Flags And &H8 = &H8, "D", vbNullString)
tmp = tmp & IIF(Flags And &H100 = &H100, "I", vbNullString)
tmp = tmp & IIF(Flags And &H40000 = &H40000, "S", vbNullString)
GetFlags = tmp
End FunctionOr:
Function GetFlags(Flags):
Dim A, x
For x = 1 to 26
If((Flags And (2^x)) = (2^x)) Then
A = A & Chr(64 + x)
End If
Next
GetFlags = A
End FunctionThats jsut off the top of my head (Not sure if I got I&S values correct.)
~-~(HDX)~-~
"Warning - while you were typing a new reply has been posted. You may wish to review your post."
*Kicks my internet for dropping when I tried to post before*
Sorry 'Admin' was the variable assigned to admin capabilities, and the BotNet user that has the username 'init''s admin capabilities are 399663.
06192Fh
0110 0001 1001 0010 1111b
It appears to be flags A, B, C, D, F, I, L, M, R, S.. what's F, L, M, and R?
ABCDFILMRS looks about right. Not sure about those, ask Kp about that one.