Page 1 of 1

Attention!!! 3rd party distributions with KeyLoggers

Posted: 25 Apr 2014, 18:15
by kLabMouse
Hello Everyone!
Lately, there is a lot of 3rd party distribution with build-in KeyLogger software that steals you Account.
Please, don't trust 3rd party compilations and packs that are not officially supported.


Also note, that OpenKore does not officially support any 3rd party servers. This also include 3rd party protections.

If someone RLY want to add support for 3rd party protections or servers.
You are welcome to contribute code to our SVN under GPL license.

Re: Attention!!! 3rd party distributions with KeyLoggers

Posted: 26 Dec 2014, 15:20
by dombol
Something weird happened yesterday.
I downloaded openkore following the Brazilian forum tutorial and botted for a day.
Then my account password stopped working!
I freaked out! I went to my e-mail but there was no e-mail saying my password was changed.
I re-changed it and logged in and nothing was stolen.

I don't get what happened. I did change my "level up" password (The brazilian ragnarok has a main account with ragnaroks accounts inside) and I think maybe that messed up my other account.

I believe I would have an e-mail saying my password was changed if someone did it.

Anyways, how can I know if my openkore copy has a keylogger?
Where in the code does openkore handle my password?

Re: Attention!!! 3rd party distributions with KeyLoggers

Posted: 26 Dec 2014, 18:50
by otaku
dombol wrote:Something weird happened yesterday.
I downloaded openkore following the Brazilian forum tutorial and botted for a day.
Then my account password stopped working!
I freaked out! I went to my e-mail but there was no e-mail saying my password was changed.
I re-changed it and logged in and nothing was stolen.

I don't get what happened. I did change my "level up" password (The brazilian ragnarok has a main account with ragnaroks accounts inside) and I think maybe that messed up my other account.

I believe I would have an e-mail saying my password was changed if someone did it.

Anyways, how can I know if my openkore copy has a keylogger?
Where in the code does openkore handle my password?
Level Up Games (bRO's publisher) has many defenses against botting. One of them is auto reset. It is not known how they do it. Must likely because Poseidon is broken for over a year now on bRO. So they're probably filtering accounts that don't send the Gameguard response packet back to the game server. In some cases they block the account for two weeks.

There's a 18 pages discussion thread on the brazilian support forum: http://forums.openkore.com.br/index.php ... -de-senha/

About keylogger inside Openkore, you can't be sure. The most easiest way is to pick a clean copy from the Openkore repository on sourceforge and compare it to your own copy. You can do this with WinMerge. It'll point out all the code differences. (you'd still have to analyze the code, sometimes it isn't a keylogger, just a modification)

A lot of keyloggers use the LWP module to send your information. So you could also grep the term "use LWP" on the files of your Openkore folder.

Re: Attention!!! 3rd party distributions with KeyLoggers

Posted: 27 Dec 2014, 19:28
by dombol
I got a fresh openkore from svn now just in case, and it happened again.

I checked some of the source code and found nothing out of the ordinary.

Thanks otaku, for pointing me that thread. I am checking it now.