ALERT
Click here to register with a few steps and explore all our cool stuff we have to offer!

Cracked.to | Best Cracking Forum Around | Free Premium Accounts



 1359

SNIPR v3.7.6.4 ! My analysis of it and here is how you can patch the Auth system.

by Berlín. - 21 January, 2019 - 08:07 PM
This post is by a banned member (coolblown911) - Unhide
Posts: 11
Threads: 0
Joined: Apr 2019
Reputation: 0
Likes: 0
Vouches: 0
Credits: ₢ 60
offline
coolblown911 Cracked.to Member
Registered
#41
ty gonna test this now
 Reply
This post is by a banned member (CleverUs3rname) - Unhide
Posts: 5
Threads: 0
Joined: Apr 2019
Reputation: 0
Likes: 0
Vouches: 0
Credits: ₢ 70
offline
CleverUs3rname Cracked.to Member
Registered
#42
(21 January, 2019 - 08:07 PM)Berlín. Wrote:
Well first of all Hello.
In the couple last days I asked a friend for his team viewer it was @Devil , he had Fiddler opens as we were trying to update some API function of FAF, and when he launched up SNIPR to crack something, I noticed that he auto authenticated, and in the background I saw some requests going on inside of Fiddler. I stopped him and asked to upload that Fiddler session for me.

So here is how it looks like:

[Image: mreQZlI.png]

So as You can see I edited the screenshot to make the explanation easier. The login sent requests are our target so the first requests gonna be a version check and that's hella importatnt and PRAGMA did just released a new update where he probably patched this yesterday, but good for us I still got the previous version. The second one is the key as it sends a request to the server with a generated HWID + the given email + pass and the third one has the main SNIPR UI, yes SNIPR Form or UI or GUI or panel... (call irt whatever you want) Is saved online in his server. So all you gotta do is take the session file that I'm gonna provide you and start faking some responses using fiddler.  Using the response breakpoints. 

[Image: npND3iL.png]

This will prevent SNIPR from getting the response until you approve it from Fiddler, so the good about this is that we can take the previous session responses that @Devil had and provide them as reponses or and that the best option is to Host these responses in a local File and to disable the cnx betwen SNIPR and PRAGMA's API. How? Easy. SNIPR is using Eazfuscator.NET as an obfuscator and I'm pretty sure that you can easily deofuscat it just by a quick search on Google. So that's basically the whole auth stage, after that you fake the third Http request you can just disable fiddler and let snipper grab the client needed files such as Configs and the others js required stuffs. So as I said above hosting these files locally and by using a little redirect trick SNIPR will work perfectly.

All right so I'm a Reverser so why didn't I did this? To be honest I wanted to do this but everytime I opens my decompiler to check for where are these requests sent from I get kicked off by how many the classes are. Yes I fully decompiled it to a readable code but still gotta clean some junks. I'm sure that there is a second way to do that manually by settlng a XAMP host in the machine and redirecting these requests or by coding a program that does this but I'm kinda lazy to do that so yes Here is everything you need to know about how SNIPR works/auth. And it's still getting sold for 20$ so....
I'm ready to help anyone that is willing to continue on this project but don't expect me to do much as I already quited it.


[Image: FAWrsdv.png]

[Image: WLqsKO6.png]

Files Needed:

[/size][/color][/align]
Good Luck!
[url=https://www.gapotchenko.com/eazfuscator.net][/url]
Holy crap thank you fiesta-parrot
 Reply
This post is by a banned member (wjqandrew) - Unhide
Posts: 56
Threads: 0
Joined: Mar 2019
Reputation: 0
Likes: 0
Vouches: 0
Credits: ₢ 286
offline
wjqandrew Cracked.to Member
Registered
#43
i have been waiting for this my whole life
 Reply
This post is by a banned member (Sweedow) - Unhide
Posts: 2
Threads: 0
Joined: Apr 2019
Reputation: 0
Likes: 0
Vouches: 0
Credits: ₢ 58
offline
Sweedow Newbie
Registered
#44
This my first reply on this forum but thank you so much, i cant say more
 Reply
This post is by a banned member (Anmolfid1) - Unhide
Posts: 3
Threads: 0
Joined: Apr 2019
Reputation: 0
Likes: 0
Vouches: 0
Credits: ₢ 58
offline
Anmolfid1 Newbie
Registered
#45
(21 January, 2019 - 08:07 PM)Berlín. Wrote:
Well first of all Hello.
In the couple last days I asked a friend for his team viewer it was @Devil , he had Fiddler opens as we were trying to update some API function of FAF, and when he launched up SNIPR to crack something, I noticed that he auto authenticated, and in the background I saw some requests going on inside of Fiddler. I stopped him and asked to upload that Fiddler session for me.

So here is how it looks like:

[Image: mreQZlI.png]

So as You can see I edited the screenshot to make the explanation easier. The login sent requests are our target so the first requests gonna be a version check and that's hella importatnt and PRAGMA did just released a new update where he probably patched this yesterday, but good for us I still got the previous version. The second one is the key as it sends a request to the server with a generated HWID + the given email + pass and the third one has the main SNIPR UI, yes SNIPR Form or UI or GUI or panel... (call irt whatever you want) Is saved online in his server. So all you gotta do is take the session file that I'm gonna provide you and start faking some responses using fiddler.  Using the response breakpoints. 

[Image: npND3iL.png]

This will prevent SNIPR from getting the response until you approve it from Fiddler, so the good about this is that we can take the previous session responses that @Devil had and provide them as reponses or and that the best option is to Host these responses in a local File and to disable the cnx betwen SNIPR and PRAGMA's API. How? Easy. SNIPR is using Eazfuscator.NET as an obfuscator and I'm pretty sure that you can easily deofuscat it just by a quick search on Google. So that's basically the whole auth stage, after that you fake the third Http request you can just disable fiddler and let snipper grab the client needed files such as Configs and the others js required stuffs. So as I said above hosting these files locally and by using a little redirect trick SNIPR will work perfectly.

All right so I'm a Reverser so why didn't I did this? To be honest I wanted to do this but everytime I opens my decompiler to check for where are these requests sent from I get kicked off by how many the classes are. Yes I fully decompiled it to a readable code but still gotta clean some junks. I'm sure that there is a second way to do that manually by settlng a XAMP host in the machine and redirecting these requests or by coding a program that does this but I'm kinda lazy to do that so yes Here is everything you need to know about how SNIPR works/auth. And it's still getting sold for 20$ so....
I'm ready to help anyone that is willing to continue on this project but don't expect me to do much as I already quited it.


[Image: FAWrsdv.png]

[Image: WLqsKO6.png]

Files Needed:

[/size][/color][/align]
Good Luck!
[url=https://www.gapotchenko.com/eazfuscator.net][/url]
thanks bro for your time and efforts
appreciate a lot
love u !!!
[Image: wink.png]
 Reply
This post is by a banned member (Fr3shN3rd) - Unhide
Posts: 160
Threads: 15
Joined: Nov 2018
Reputation: 0
Likes: 75
Vouches: 0
Credits: ₢ 3.662
Premium
offline
Fr3shN3rd Cracked.to Member
Registered
#46
Thank  you so much
 Reply
This post is by a banned member (spotme3) - Unhide
Posts: 16
Threads: 0
Joined: Apr 2019
Reputation: 0
Likes: 1
Vouches: 0
Credits: ₢ 114
offline
spotme3 Cracked.to Member
Registered
#47
(21 January, 2019 - 08:07 PM)Berlín. Wrote:
Well first of all Hello.
In the couple last days I asked a friend for his team viewer it was @Devil , he had Fiddler opens as we were trying to update some API function of FAF, and when he launched up SNIPR to crack something, I noticed that he auto authenticated, and in the background I saw some requests going on inside of Fiddler. I stopped him and asked to upload that Fiddler session for me.

So here is how it looks like:

[Image: mreQZlI.png]

So as You can see I edited the screenshot to make the explanation easier. The login sent requests are our target so the first requests gonna be a version check and that's hella importatnt and PRAGMA did just released a new update where he probably patched this yesterday, but good for us I still got the previous version. The second one is the key as it sends a request to the server with a generated HWID + the given email + pass and the third one has the main SNIPR UI, yes SNIPR Form or UI or GUI or panel... (call irt whatever you want) Is saved online in his server. So all you gotta do is take the session file that I'm gonna provide you and start faking some responses using fiddler.  Using the response breakpoints. 

[Image: npND3iL.png]

This will prevent SNIPR from getting the response until you approve it from Fiddler, so the good about this is that we can take the previous session responses that @Devil had and provide them as reponses or and that the best option is to Host these responses in a local File and to disable the cnx betwen SNIPR and PRAGMA's API. How? Easy. SNIPR is using Eazfuscator.NET as an obfuscator and I'm pretty sure that you can easily deofuscat it just by a quick search on Google. So that's basically the whole auth stage, after that you fake the third Http request you can just disable fiddler and let snipper grab the client needed files such as Configs and the others js required stuffs. So as I said above hosting these files locally and by using a little redirect trick SNIPR will work perfectly.

All right so I'm a Reverser so why didn't I did this? To be honest I wanted to do this but everytime I opens my decompiler to check for where are these requests sent from I get kicked off by how many the classes are. Yes I fully decompiled it to a readable code but still gotta clean some junks. I'm sure that there is a second way to do that manually by settlng a XAMP host in the machine and redirecting these requests or by coding a program that does this but I'm kinda lazy to do that so yes Here is everything you need to know about how SNIPR works/auth. And it's still getting sold for 20$ so....
I'm ready to help anyone that is willing to continue on this project but don't expect me to do much as I already quited it.


[Image: FAWrsdv.png]

[Image: WLqsKO6.png]

Files Needed:

[/size][/color][/align]
Good Luck!
[url=https://www.gapotchenko.com/eazfuscator.net][/url]

This is most definitely useful and rare. Thanks
 Reply
This post is by a banned member (401) - Unhide
Posts: 233
Threads: 30
Joined: Aug 2018
Reputation: 38
Likes: 110
Vouches: 0
Credits: ₢ 436
AddictedForum LoverPremiumGoldSnowflakePumpkinBat
offline
401 Cracked.to Member
Registered
#48
thanks the old forlax and the new berlin ;)
Only HQ and Cheap cracked By Me
[Image: F9wWAD.png]
 Reply
This post is by a banned member (xDRIP) - Unhide
Posts: 12
Threads: 6
Joined: Nov 2018
Reputation: 0
Likes: 1
Vouches: 0
Credits: ₢ 2.126
offline
xDRIP Cracked.to Member
Registered
#49
(21 January, 2019 - 08:07 PM)Berlín. Wrote:
Well first of all Hello.
In the couple last days I asked a friend for his team viewer it was @Devil , he had Fiddler opens as we were trying to update some API function of FAF, and when he launched up SNIPR to crack something, I noticed that he auto authenticated, and in the background I saw some requests going on inside of Fiddler. I stopped him and asked to upload that Fiddler session for me.

So here is how it looks like:

[Image: mreQZlI.png]

So as You can see I edited the screenshot to make the explanation easier. The login sent requests are our target so the first requests gonna be a version check and that's hella importatnt and PRAGMA did just released a new update where he probably patched this yesterday, but good for us I still got the previous version. The second one is the key as it sends a request to the server with a generated HWID + the given email + pass and the third one has the main SNIPR UI, yes SNIPR Form or UI or GUI or panel... (call irt whatever you want) Is saved online in his server. So all you gotta do is take the session file that I'm gonna provide you and start faking some responses using fiddler.  Using the response breakpoints. 

[Image: npND3iL.png]

This will prevent SNIPR from getting the response until you approve it from Fiddler, so the good about this is that we can take the previous session responses that @Devil had and provide them as reponses or and that the best option is to Host these responses in a local File and to disable the cnx betwen SNIPR and PRAGMA's API. How? Easy. SNIPR is using Eazfuscator.NET as an obfuscator and I'm pretty sure that you can easily deofuscat it just by a quick search on Google. So that's basically the whole auth stage, after that you fake the third Http request you can just disable fiddler and let snipper grab the client needed files such as Configs and the others js required stuffs. So as I said above hosting these files locally and by using a little redirect trick SNIPR will work perfectly.

All right so I'm a Reverser so why didn't I did this? To be honest I wanted to do this but everytime I opens my decompiler to check for where are these requests sent from I get kicked off by how many the classes are. Yes I fully decompiled it to a readable code but still gotta clean some junks. I'm sure that there is a second way to do that manually by settlng a XAMP host in the machine and redirecting these requests or by coding a program that does this but I'm kinda lazy to do that so yes Here is everything you need to know about how SNIPR works/auth. And it's still getting sold for 20$ so....
I'm ready to help anyone that is willing to continue on this project but don't expect me to do much as I already quited it.


[Image: FAWrsdv.png]

[Image: WLqsKO6.png]

Files Needed:

[/size][/color][/align]
Good Luck!
[url=https://www.gapotchenko.com/eazfuscator.net][/url]

Cant wait to use this!
DISCORD: xGhostedDD#4603
 Reply
This post is by a banned member (Beebey) - Unhide
Posts: 1
Threads: 0
Joined: May 2019
Reputation: 0
Likes: 0
Vouches: 0
Credits: ₢ 54
offline
Beebey Newbie
Registered
#50
Thanks you very much for this crack !
 Reply

Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
or
Sign in
Already have an account? Sign in here.

Possibly Related Threads...
  Release Autotyper with Anti-Ban, Humanlike Typing and a Saving System
Bxtmap - 10 March, 2019, 10:59 PM
3
Replies
159
Views
10 hours ago
Last Post: fahadfg
  Leak [NSFW] PORN LIKE YOU HAVE NEVER SEEN BEFORE ULTRA You Won't Regret Trying This
TimeChangeEverything - 04 April, 2019, 03:48 AM
139
Replies
1.661
Views
19 May, 2019 - 09:38 PM
Last Post: juoja123
  Supreme ✴️ ->>> Apex Legends // BUNNYHOP SCRIPT - Works with S1 Battlepass patch!
enD- - 22 April, 2019, 03:31 AM
2
Replies
100
Views
23 April, 2019 - 12:30 PM
Last Post: animagical
  Wifi Spammer / WITH THIS SCRIPT YOU CAN SPAM WIFI APS/HOTSPOTS
Eminem - 20 April, 2019, 01:22 PM
4
Replies
110
Views
20 April, 2019 - 08:47 PM
Last Post: SNR4
  Release BDFProxy Patch Binaries via MiTM – BackdoorFactory + mitmproxy
Eminem - 19 March, 2019, 08:12 PM
0
Replies
93
Views
19 March, 2019 - 08:12 PM
Last Post: Eminem

Forum Jump:


Users browsing this thread: 1 Guest(s)