Popular Post AsiaGenius Posted November 25, 2016 Popular Post Posted November 25, 2016 (edited) Help us improve our project. Contribute to our project! Test, find problems, create issues in our repository (github)... Let's make a good shield! License: Free Emulator: rAthena, bRathena, Herc, eAmod, rAmod and other Hexed: 2013 until the most recent (2016) Technology: C# / C++ / Pascal Features Security Options Multiple Heuristic Methods Sandboxing Method Signature Method Threat Method Packet Encryption Cyclic Redundancy Administrative Options. Hack Logs Feed and Updates HWID Options Panel Admin and Tools 1 - An extensive database constantly updated. 2 - All bug report and all reporting hack are processed and archived. 3 - We are free. Help us to become better. If you need help, check me out at DiscordApp. [@Secrets] Links removed Thanks and Enjoy. Edited February 15, 2017 by Secrets 15
Jezu Posted November 28, 2016 Posted November 28, 2016 This is really awesome. A shield just like Gepard and it's totally FREE!. Nice one bruh! +1 rep
Haziel Posted November 29, 2016 Posted November 29, 2016 Hello @AsiaGenius. A nice project you have there. I would love to see a test of it against the well known cheating softwares of RO. The best of luck!
GHul Posted November 30, 2016 Posted November 30, 2016 Looking forward for this project and good luck !!
Darknessfmy Posted November 30, 2016 Posted November 30, 2016 Wooow!!!! good proyect!!!! You have very future
Rynbef Posted December 8, 2016 Posted December 8, 2016 "Hexed: 2013 until the most recent (2016)" Rynbef~
shatowolf Posted December 9, 2016 Posted December 9, 2016 NICE, gonna test this, and will update you mate.
shankar00 Posted December 27, 2016 Posted December 27, 2016 (edited) hello can you make any guide video? @AsiaGenius and Thanks for this awesome project. Got it on git thanks... Edited December 27, 2016 by shankar00
Jezu Posted January 3, 2017 Posted January 3, 2017 Any live server using this? I'm applying this to my server but I wanted to make a test with some 3PP. Thanks!
Klutz Posted January 22, 2017 Posted January 22, 2017 I can't seems to add the dll to the client and make it work. I tried to add it from Nemo and also using LordPe. But the client won't start after i add the dll it just crash.
Zigara Posted February 14, 2017 Posted February 14, 2017 I would recommend staying away from this "shield". The only server change is a custom login packet that includes your hardware id + mac + a static key. There is no packet encryption or server-side logging. They are distributing a pirated copy of exe/dll packing software (Molebox) https://github.com/AsiaGenius/ring-0/tree/master/Tools/MoleBox (portable)/INSTALL LICENSE The client dll connects to their web server to verify everything, if their web server is down; you won't be able to use your client. Their website / report server is vulnerable to SQL injection, there is 0 input validation. ... etc If they can't do basic input validation on their web server, I really doubt they're capable of doing advanced cheat detection, or delivering many of the features they claim to support. Here is a snippet from the report server (http://guard.ringsec.net/) after passing a bit of invalid data. You could compromise all of their accounts / data / etc, and based on the register form showing the password in plaintext; I highly doubt they actually hash your account passwords. Quote Error: INSERT INTO logs (hwid, date, cod, descript, ip) VALUES ('wat', 'Monday 13th of February 2017 11:56:25 PM', 'wat', 'wat', '' OR 1=1 --')You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '')' at line 1 Please stay far away from this software until they resolve all of these issues. Do not use it in production. 6
Klutz Posted February 14, 2017 Posted February 14, 2017 We need feedback regarding Zigara post as soon as possible!
Hijirikawa Posted February 14, 2017 Posted February 14, 2017 Took a look at their reset.php from their repo link~ There is no sign of any prepared statements or any input validation. Basically this certain function on their website is a vulnerability. Whatever query you input doesnt get cleaned out, going directly into the server and is very dangerous. I don't have the best PHP knowledge, but I know a vulnerable script when I see one. The solution would have been quite easy and having prepared statements could have made it a lot harder to hack. Unless they give provide a solution to this issue, I highly suggest not to use their services until they secure their files. As Zigara has expressed, he can help in fixing this so I hope they will do something. P.S: I'm not sure if they closed down their Discord channel, because it has disappeared from my joined channels. 2
Zigara Posted February 15, 2017 Posted February 15, 2017 I did a bit more digging around, and I can confirm; ringsec.net stores all passwords in plain text. If you signed up at ringsec.net using a password you've used for other services; change all your passwords NOW! 1
Secrets Posted February 15, 2017 Posted February 15, 2017 Dear rAthena users who may have used this so-called hackshield, It has become known that the site of this hackshield has a major security vulnerability that allows malicious attacker to read and/or change the data on its database. In addition, the creator of this hackshield, who should have been someone with knowledge in field of computer security, should know that passwords should not be stored in plain-text. Yet, your passwords are stored as plain-text in ringsec.net. We don't have any evidence that the data has been leaked, although if you use the same password as the one you used on RingSec somewhere else, change your password now! As a side note, rAthena does not encourage or support any attacking attempt at a third party site. Regards, Secret. 9
Recommended Posts