Closed SolsticeSpectrum closed 1 year ago
lolinekos
commented
1 year ago You do realized it's compiled to stop others from claiming my works, as well as to stop users who have not paid from getting access to paid content. If you were also competent at reverse engineering would have see the request it sends to the server. The request being a key, port, banner, and "trust string" used to validate the licensing server.
SolsticeSpectrum
commented
1 year ago You do realized it's compiled to stop others from claiming my works, as well as to stop users who have not paid from getting access to paid content. If you were also competent at reverse engineering would have see the request it sends to the server. The request being a key, port, banner, and "trust string" used to validate the licensing server.
"competent at reverse engineering", it's not exactly easy to reverse engineer stuff. Go compiles to machine code and doesn't leave much info to get good sense of what the code does. Plus you randomized all function names and strings so it's even harder to make sense of it all. Plus you use ton of libraries or rather the libraries use other libraries and at the end there are 4000 functions to navigate through and since you obfuscated it, there isn't easy way of finding the main function either. Have you ever tried reverse engineering obfuscated go program? The fact I found anything at all is good enough for me.
Anyway you still shouldn't put binaries into repositories, it's just a rule of thumb. You can put it in releases if you need to.
Also hosting paid software on github in general is kinda idiotic.
Also UPX is utterly useless as obfuscation tool. It's more of a minifier or something like that at this point since you know upx -d
And please don't tell people in your tutorials to chmod 777. Any software can be done in a way so it doesn't need full permissions. It's dumb design if it needs it. Although it wouldn't change anything when it comes to my friends because they are complete morons and run everything as root. They are idiots.
PS: I stumbled on this through two friends of mine. They are idiots and skidders and they claim your software as their anyway so ovfuscation didn't really help, did it. They asked ChatGPT to make a wrapper around your software using telnet so their customers will never have a chance of finding out it's your software behind it. I told them I would make cnc for them but they refuse to pay a single penny.
lolinekos
commented
1 year ago I do not care about your friends. Why are you saying I am using upx for obfuscation when you said yourself "Now you can use upx to decompress the file". Also you seem to have gone from trying to call my code malware to trying to correct anything you can in an attempt to not look like the idiot you are.
SolsticeSpectrum
commented
1 year ago I do not care about your friends. Why are you saying I am using upx for obfuscation when you said yourself "Now you can use upx to decompress the file". Also you seem to have gone from trying to call my code malware to trying to correct anything you can in an attempt to not look like the idiot you are.
Whatever dude, you had your fair chance to defend your software. And I'm not correcting anything but putting compiled executables to repositories isn't exactly trustworthy behavior. Most malware on GotHub is just like that, they are repos with infected executable with some Readme but no source code. I stumbled on many of those. Why did you use upx in first place? It's not like it reduced filesize of your binary by much. And don't call me idiot. I at least don't chmod 777. You made a go cnc with shit load of libraries and now you think you're king of the world? And don't even get me started on the fact that you run everything on your VPS as root.
9xN
commented
1 year ago lmao yes everyone with half a brain cell knows this is probable malware but literally every single thing youve said especially the backtracking in the second comment makes you look like an even bigger moron
SolsticeSpectrum
commented
1 year ago Whatever I'm gonna close the issue, I don't have enough evidence to tell if this is 100% malware and until learn reverse engineering properly, it's gonna stay that way.
First red flag is that there is no source code to
mainwhich should scare away most people here. It's obfuscated with UPX to prevent detection. Now you can use upx to decompress the file usingupx -d mainAfter that you are left with go compiled binary which seems to be heavily obfuscated too. The code has been obfuscated by randomizing all strings and function names making it very difficult to reverse engineer. After successful remapping of libraries and determining what's the actual code, it's still pretty hard to read. However I am pretty sure it does something funky, first of all it sends some stuff tosuccubus.neko.ltdThere are also references tohttps://succubus.neko.ltd/auth/succubus, I couldn't figure out what it requires. But anyway it's very suspicious and I wouldn't trust compiled binaries blatantly put into repositories anyway.