Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Sk8r -=- Reversing Log
- 00:00 - Downloading Sk8r_setup.exe
- 00:01 - Installed Sk8r
- 00:05 - Opening Sk8r in DnSpy
- 00:05 - I'm seeing some obfuscation
- 00:06 - Deobfuscator detects .NET reactor - Deobfuscation completed
- 00:07 - Looks like obfuscation was to set you on a false way to reverse
- 00:08 - A lot of classes for a roblox exploit ( https://gyazo.com/346c5bc6682f3349575e867941bd6170 )
- 00:09 - Axon injection method | Clubdarks.dll can be possible axon
- 00:10 - `this.client = new DiscordRpcClient("561177175253057536");` Found Rich presence 'secret pin'
- 00:13 - ` this.method_1("https://raw.githubusercontent.com/Superskater911/Great/master/auto.txt");` auto update file found
- 00:14 - Trying to find luapipename cuz yeah axon skidded injection
- 00:17 - After some more finding of axon based it's just 100% axon in c# Dll is probaly also axon with some updated addy's and bypass
- 00:20 - Recoded a bit to get exact luapipename
- 00:21 - Tried to start but `base..ctor();` Ruin to let it run removing it from the code
- 00:22 - Moved to DnSpy 32-bit to debug the code to see the real problem
- 00:23 - Stupid Boy forget to move the deobfuscated file to the scripts and monaco files in 1 folder lol
- 00:28 - Hmm their a secret process running to prevent me from recoding this .exe
- 00:30 - Got it working again
- 00:31 - Got Luapipename `MessageBox.Show(Class3.luapipename);` ( https://gyazo.com/a293c4cd1d9e244938019d2425526c97 )
- 00:32 - Sk8r.exe is enough reversed let's see their other files
- 00:33 - Nothing too much about other files only some files that others also have
- 00:35 - Getting Ida freeware and a break
- 00:38 - Got some cookies let's go
- 00:39 - Downloaded IDA (IDK why i didn't got it already)
- 00:41 - Hmm Someone called Ethan maked this ( https://gyazo.com/79b602dcd3d59fa4b18bb15ded95408c ) and project name was called gayer lol i agree
- 00:43 - I see things with mem so memcheck is comfirmed
- 00:45 - Hold axon.dll besides it to see some diffrence but not really diffrence from now
- 00:46 - Axon use retcheck but cuz that's is patched not a execlusion that not axon
- 00:47 - I hope it's not logging roblox Security Cookie `call @__security_check_cookie@4 ; __security_check_cookie(x)`
- 00:49 - Hmm in hex code of that particual code i see imports of stream I'm not c++ pro so let me check this up
- 00:52 - After looking up it can be or accesing local file or really getting from internet i also see now import of streambuffer so IDK if it's logging roblox security cookie
- 00:54 - Going to look into if it's really axon
- 00:56 - I see simuar functions i don't know much about roblox c++ exploit so let me get some other dll to see if the have same (COUGH leaed dll sourced idk where else to get)
- 01:04 - Still trying to see if it's axon but it's c++ so it's hard
- 01:08 - Did see all important files.
- 01:09 - Running program to make .sln of sk8 deobfuscated
- =-=-= Conclusion =-=-=
- Dll is skidded from axon i can see a lot of refrence to axon (i checked with other ORGINAL sources)
- Sk8r is also something with security cookie what we know from rblx (if you got that you can login into roblo acount of someone)
- Comments:
- Sk8r don't have any uniq thing only has clubdarks.dll injection
- Sk8r Is axon based
- SuperSkater runs auto updater file for them
- Created by: Gusted#6898
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement