Posted: Thu Jun 20, 2013 5:41 pm Post subject: RE:Gravity cube
I didn't decompile it. There are no decompilers for Turing (hell there's only two compilers).
Just know that strings in your code will appear as plain text in machine code.
I snipped it out the string table though for you though.
Sponsor Sponsor
irobots
Posted: Thu Jun 20, 2013 5:46 pm Post subject: Re: Gravity cube
ok, but the point is, is that this is my ISU which i put on here since it was an exe, hopping to share it with people, not give away the code. I was not considering that someone might get information out of it and post it on here, jeprodising my mark.
Dan
Posted: Thu Jun 20, 2013 5:52 pm Post subject: Re: Gravity cube
As far as I can tell by just looking at the exe (i am far to lazy to set up a sandbox to test it or use a debugger on it) it seems harmless.
It looks like it makes a VB script source file and runs it through a sys.exe call. The file (open.vbs) likely looks something like the following:
VisualBASIC:
Set objCdDrive = CreateObject("WMPlayer.OCX.7") Set colCDROM = objCdDrive.cdromCollection
colCDROM.Item(i).Eject
There is also one with the same name for text to speech called spk.vbs:
VisualBASIC:
Set objVoice = CreateObject("SAPI.SpVoice")
objVoice.Speak("You got hacked. You got hacked. You got hacked")
I don't see any strings with commands that might do anything close to "hacking" your computer, however it is still silly to run a random exe file you get online from some forum. I recommend no one runs it and wait for the source code.
Also, badadvice, it looks like you are a sockpuppet account for irobots (at the very least your are posting from the same home IP). Having more then one account is against the ToS of the site and may lead to a ban on both your accounts. There is no need to make posts on an alternative account to promote your work.
Edit: Looks like Zren got to it first. But I am not planing on editing out my code, if you want to claim you hacked someones computer, you can't complain when some one looks in to that claim.
Computer Science CanadaHelp with programming in C, C++, Java, PHP, Ruby, Turing, VB and more!
irobots
Posted: Thu Jun 20, 2013 6:08 pm Post subject: Re: Gravity cube
close, but not exactly. My friend made the account shortly after i made mine and evidently, it turns out the school network creates one ip or computer in the same room have one ip. He always follows everything i do trying to get the source and when i dont tell him he tries getting everyone else to figure it out. Thats why i did not want anyone posting the source, along with it being my isu.
Also hacker dan, i speciffically said that i was not hacking into anybody's computer and it was not a virus, it was just something new and unique i added to my program for fun
Dan
Posted: Thu Jun 20, 2013 6:15 pm Post subject: Re: Gravity cube
irobots @ 20th June 2013, 6:08 pm wrote:
close, but not exactly. My friend made the account shortly after i made mine and evidently, it turns out the school network creates one ip or computer in the same room have one ip. He always follows everything i do trying to get the source and when i dont tell him he tries getting everyone else to figure it out. Thats why i did not want anyone posting the source, along with it being my isu.
1. It's an IP for a home ISP.
2. It's the IP from your last post (not when you registered)
3. It's 7:12PM right now, are you still at school?
Either you are the same person, or he is posting from inside your house....RUN!
Computer Science CanadaHelp with programming in C, C++, Java, PHP, Ruby, Turing, VB and more!
Zren
Posted: Thu Jun 20, 2013 6:19 pm Post subject: RE:Gravity cube
Your source code (besides that embedded into strings) is safely in the mysterious zone. Machine code isn't legible in the least.
I could have (and did) noticed the seperate process running in the TaskManager or more specifically in my case, Process Explorer which shows child processes.
I could have used Process Monitor to see what your executable had rights to do (in real time). Thus noticing the creating of the two files.
Edit:
Ways this technique is used in the real world:
Encrypting the code in Base64, then having the string called with sys_exec(decode_base64("BASE64 STRING HERE")) somewhere in the program. Look out for this in source code you use (always read the source). Also look out for it if your server has been compromised. Sometimes a server running a PHP website will have one (or several) line(s) of code changed somewhere you aren't bound to look (like the libary file includes that you don't ever look at.
Not all uses are malicious though. You can use this for incredibly complex code obfuscation. http://compsci.ca/v3/viewtopic.php?t=7349 I'm not sure if that's the one, but there's some code out there that takes that string, compiles it in one language, then executes that compiled code in another language, like >3 different times.