Account Stealer Checker
This is a short and simple script I made to check for the instance of procedures that may be used to steal passwords.
That does not necessarily mean that the procedures are being used to do that however. They can be used to check versions, download updates, etc.
Current Version: 0.01
Planned Updates:
1. Check what page they are accessing (easy)
2. Form (Highly improbable)
3. Check if a variable is being set to a player's password. Ex: z := Players[?].Pass;
Directions:
1. Copy and paste the below script into a SCAR window.
2. Click play.
3. Select the path of the script you want to check.
4. Click Open.
5. Read the debug box.
SCAR Code:
Program New;
var
Counts : array [0..4] of integer;
Params : array of string;
ScriptPath, s : string;
FileNum : integer;
procedure Browse;
var
OpenDialog1 : TOpenDialog;
begin
OpenDialog1 := TOpenDialog.Create(nil);
OpenDialog1.InitialDir := AppPath + 'Scripts/';
OpenDialog1.Filter := 'SCAR Files | *.scar';
if OpenDialog1.Execute then
ScriptPath := OpenDialog1.FileName;
OpenDialog1.Free;
end;
function Count(s1, s2 : string) : integer;
var
tmp : string;
begin
tmp := lowercase(s2);
if pos(lowercase(s1), tmp) >= 1 then
begin
repeat
if pos(lowercase(s1), tmp) >= 1 then
begin
inc(result);
delete(tmp, pos(lowercase(s1), tmp), length(s1));
end;
until(pos(lowercase(s1), tmp) <= 0);
end;
end;
begin
ClearDebug;
Browse;
if ScriptPath = '' then
begin
Writeln('You did not select a file. Please restart and select a file.');
TerminateScript;
end;
FileNum := OpenFile(ScriptPath, false);
ReadFileString(FileNum, s, FileSize(FileNum));
CloseFile(FileNum);
Counts[0] := Count('getpage(', s);
Counts[1] := Count('openwebpage(', s);
Counts[2] := Count('posthttppage(', s);
Counts[3] := Count('posthttppageex(', s);
Counts[4] := Count('gethttppage(', s);
Writeln('Scan complete.');
Writeln('');
Writeln('Found ' + IntToStr(Counts[0]) + ' instances of GetPage.');
Writeln('Found ' + IntToStr(Counts[1]) + ' instances of OpenWebPage.');
Writeln('Found ' + IntToStr(Counts[2]) + ' instances of PostHTTPPage.');
Writeln('Found ' + IntToStr(Counts[3]) + ' instances of PostHTTPPageEx.');
Writeln('Found ' + IntToStr(Counts[4]) + ' instances of GetHTTPPage.');
Writeln('--');
Writeln('Please note that if a script includes these procedures it does');
Writeln('not always mean that it is used to steal account info.');
Writeln('');
Writeln('Thank you for using my script.');
end.