Jump to content


[Guide] Checking Neopets Programs

  • Please log in to reply
33 replies to this topic

#26 lonewolf

  • 243 posts

Posted 12 August 2011 - 12:43 PM

Very nice guide :) good effort put into it! thanks for the info

#27 Kyle

  • Legit.

  • 2,081 posts

Users Awards

Posted 21 May 2012 - 11:38 AM

Just updated this so all of the images work again

#28 xxxccc

  • 10 posts

Posted 18 July 2012 - 02:25 AM

thank you for this it helped quite alot, i found a trainer off google once and it stole my account

#29 xintervine

  • 76 posts

Posted 25 March 2013 - 03:18 AM

We wouldn't need to do these on Codex programs right? :p

#30 Lucario

  • 21 posts

Users Awards

Posted 06 August 2015 - 10:33 PM

Thanks, this will help a lot of people.

#31 w35l3y

  • 42 posts

Posted 27 May 2016 - 05:46 PM

What if the developer stores the url inverted (ptth) or as a sequence of char codes (104, 116, 116, 112) instead of a simple string?

#32 WarezHaxor

  • 668 posts

Users Awards

Posted 27 May 2016 - 06:26 PM

Kinda a big time necro from someone I've seen had their post count reset for spamming a couple times now.

If you legitimately want to know the answer to your question, you either need to recognize the obfuscation when you're looking through pe Explorer, or watch the outbound connections with something like wireshark.

#33 w35l3y

  • 42 posts

Posted 27 May 2016 - 07:46 PM

It was just simple examples of what we may find.

The truth is we are not safe. :/

#34 WarezHaxor

  • 668 posts

Users Awards

Posted 28 May 2016 - 12:43 AM

Yes, but the fact is, those simple examples are least likely to be seen. If they're gonna do it to try to steal accounts, they're going to encrypt their program to give heuristics a tougher time detecting it, and unless you know what to look for in a packed file, you'll never see it anyway. This guide is geared toward a user who has a knowledge of debugging and the like, if you had no clue what you were doing, pe Explorer and checking files disassembled data is not going to be something they can do simply. And a guide as old as this, with a reply over a year ago before yours, it probably would have been better suited to start a new updated thread with more current information. The malware scene is constantly changing and simple tricks like inverting a url and the like aren't used much these days anyway. Not when they can come up with much more complicated ways to obfuscate the data.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users