SK8R reversing log

1. Sk8r -=- Reversing Log
2.  
3. 00:00 - Downloading Sk8r_setup.exe
4. 00:01 - Installed Sk8r
5. 00:05 - Opening Sk8r in DnSpy
6. 00:05 - I'm seeing some obfuscation
7. 00:06 - Deobfuscator detects .NET reactor - Deobfuscation completed
8. 00:07 - Looks like obfuscation was to set you on a false way to reverse
9. 00:08 - A lot of classes for a roblox exploit ( https://gyazo.com/346c5bc6682f3349575e867941bd6170 )
10. 00:09 - Axon injection method | Clubdarks.dll can be possible axon
11. 00:10 - `this.client = new DiscordRpcClient("561177175253057536");` Found Rich presence 'secret pin'
12. 00:13 - ` this.method_1("https://raw.githubusercontent.com/Superskater911/Great/master/auto.txt");` auto update file found
13. 00:14 - Trying to find luapipename cuz yeah axon skidded injection
14. 00:17 - After some more finding of axon based it's just 100% axon in c# Dll is probaly also axon with some updated addy's and bypass
15. 00:20 - Recoded a bit to get exact luapipename
16. 00:21 - Tried to start but `base..ctor();` Ruin to let it run removing it from the code
17. 00:22 - Moved to DnSpy 32-bit to debug the code to see the real problem
18. 00:23 - Stupid Boy forget to move the deobfuscated file to the scripts and monaco files in 1 folder lol
19. 00:28 - Hmm their a secret process running to prevent me from recoding this .exe
20. 00:30 - Got it working again
21. 00:31 - Got Luapipename `MessageBox.Show(Class3.luapipename);` ( https://gyazo.com/a293c4cd1d9e244938019d2425526c97 )
22. 00:32 - Sk8r.exe is enough reversed let's see their other files
23. 00:33 - Nothing too much about other files only some files that others also have
24. 00:35 - Getting Ida freeware and a break
25. 00:38 - Got some cookies let's go
26. 00:39 - Downloaded IDA (IDK why i didn't got it already)
27. 00:41 - Hmm Someone called Ethan maked this ( https://gyazo.com/79b602dcd3d59fa4b18bb15ded95408c ) and project name was called gayer lol i agree
28. 00:43 - I see things with mem so memcheck is comfirmed
29. 00:45 - Hold axon.dll besides it to see some diffrence but not really diffrence from now
30. 00:46 - Axon use retcheck but cuz that's is patched not a execlusion that not axon
31. 00:47 - I hope it's not logging roblox Security Cookie `call @__security_check_cookie@4 ; __security_check_cookie(x)`
32. 00:49 - Hmm in hex code of that particual code i see imports of stream I'm not c++ pro so let me check this up
33. 00:52 - After looking up it can be or accesing local file or really getting from internet i also see now import of streambuffer so IDK if it's logging roblox security cookie
34. 00:54 - Going to look into if it's really axon
35. 00:56 - I see simuar functions i don't know much about roblox c++ exploit so let me get some other dll to see if the have same (COUGH leaed dll sourced idk where else to get)
36. 01:04 - Still trying to see if it's axon but it's c++ so it's hard
37. 01:08 - Did see all important files.
38. 01:09 - Running program to make .sln of sk8 deobfuscated
39.  
40. =-=-= Conclusion =-=-=
41. Dll is skidded from axon i can see a lot of refrence to axon (i checked with other ORGINAL sources)
42. Sk8r is also something with security cookie what we know from rblx (if you got that you can login into roblo acount of someone)
43.  
44.  
45. Comments:
46. Sk8r don't have any uniq thing only has clubdarks.dll injection
47. Sk8r Is axon based
48. SuperSkater runs auto updater file for them
49.  
50. Created by: Gusted#6898