Jump to content
AsiaGenius

RingSec Shield

Recommended Posts

This is really awesome. A shield just like Gepard and it's totally FREE!. Nice one bruh! /no1 +1 rep

Share this post


Link to post
Share on other sites

Oh, I will try this one. Thanks! +1

Share this post


Link to post
Share on other sites

Hello @AsiaGenius.
A nice project you have there.

I would love to see a test of it against the well known cheating softwares of RO.
The best of luck!

Share this post


Link to post
Share on other sites

Looking forward for this project and good luck !!

Share this post


Link to post
Share on other sites

Wooow!!!! good proyect!!!!

You have very future

Share this post


Link to post
Share on other sites

Thanks I will try Awesome anti cheat B)

Share this post


Link to post
Share on other sites

Thank you so much for this <3

Share this post


Link to post
Share on other sites

support all client ?

Share this post


Link to post
Share on other sites

"Hexed: 2013 until the most recent (2016)"

 

Rynbef~

Share this post


Link to post
Share on other sites

NICE, gonna test this, and will update you mate. :D

Share this post


Link to post
Share on other sites

hello can you make any guide video? 

@AsiaGenius and Thanks for this awesome project.

Got it on git thanks...

Edited by shankar00

Share this post


Link to post
Share on other sites

Any live server using this? I'm applying this to my server but I wanted to make a test with some 3PP. Thanks!

Share this post


Link to post
Share on other sites

Any news about this project?

Share this post


Link to post
Share on other sites

I can't seems to add the dll to the client and make it work.

I tried to add it from Nemo and also using LordPe.

But the client won't start after i add the dll it just crash.

 

Share this post


Link to post
Share on other sites

I would recommend staying away from this "shield".

  • The only server change is a custom login packet that includes your hardware id + mac + a static key. There is no packet encryption or server-side logging.
  • They are distributing a pirated copy of exe/dll packing software (Molebox) https://github.com/AsiaGenius/ring-0/tree/master/Tools/MoleBox (portable)/INSTALL LICENSE
  • The client dll connects to their web server to verify everything, if their web server is down; you won't be able to use your client.
  • Their website / report server is vulnerable to SQL injection, there is 0 input validation.
  • ... etc

If they can't do basic input validation on their web server, I really doubt they're capable of doing advanced cheat detection, or delivering many of the features they claim to support.

 

Here is a snippet from the report server (http://guard.ringsec.net/) after passing a bit of invalid data. You could compromise all of their accounts / data / etc, and based on the register form showing the password in plaintext; I highly doubt they actually hash your account passwords.

Quote

Error: INSERT INTO logs (hwid, date, cod, descript, ip) VALUES ('wat', 'Monday 13th of February 2017 11:56:25 PM', 'wat', 'wat', '' OR 1=1 --')
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '')' at line 1

 

Please stay far away from this software until they resolve all of these issues. Do not use it in production.

  • Upvote 6

Share this post


Link to post
Share on other sites

We need feedback regarding Zigara post as soon as possible!

Share this post


Link to post
Share on other sites

Took a look at their reset.php from their repo link~

There is no sign of any prepared statements or any input validation. Basically this certain function on their website is a vulnerability.

Whatever query you input doesnt get cleaned out, going directly into the server and is very dangerous.

I don't have the best PHP knowledge, but I know a vulnerable script when I see one.

The solution would have been quite easy and having prepared statements could have made it a lot harder to hack.

Unless they give provide a solution to this issue, I highly suggest not to use their services until they secure their files. As Zigara has expressed, he can help in fixing this so I hope they will do something.

P.S: I'm not sure if they closed down their Discord channel, because it has disappeared from my joined channels.

  • Upvote 2

Share this post


Link to post
Share on other sites

I did a bit more digging around, and I can confirm; ringsec.net stores all passwords in plain text.

If you signed up at ringsec.net using a password you've used for other services; change all your passwords NOW!

  • Upvote 1

Share this post


Link to post
Share on other sites

Dear rAthena users who may have used this so-called hackshield,

It has become known that the site of this hackshield has a major security vulnerability that allows malicious attacker to read and/or change
the data on its database. In addition, the creator of this hackshield, who should have been someone with knowledge in field of computer security,
should know that passwords should not be stored in plain-text. Yet, your passwords are stored as plain-text in ringsec.net.

We don't have any evidence that the data has been leaked, although if you use the same password as the one you used on RingSec somewhere else, change your password now!

As a side note, rAthena does not encourage or support any attacking attempt at a third party site.

Regards,

Secret.

  • Upvote 9

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use and Privacy Policy.