Poker-AI.org http://poker-ai.org/phpbb/ |
|
MAC, SYSVOL, GUID stealthiness - PS.log.0 http://poker-ai.org/phpbb/viewtopic.php?f=26&t=2716 |
Page 1 of 1 |
Author: | bpdummy666 [ Fri Mar 07, 2014 9:26 am ] |
Post subject: | MAC, SYSVOL, GUID stealthiness - PS.log.0 |
I want to talk about PS.log.0 and how to use stealth with it. In the P****S****.log.0 I saw some parameters that should be changed, to avoid detection. I was researching and the mac address can be changed using a 3d party app or changing the windows registry. But does the same happen with SYSVOL and GUID? What is GUID? Is it generated by PS? or is it generated by Windows? Is it in the registry too? http://www.webopedia.com/TERM/G/GUID.html I think SYSVOL can be changed from the registry too: http://itcontractors.org/content/view/245/37/ An example: Fix Permissions Script ========= Mac OS X 10.8.2 (Intel MacPro5,1 - 2147Mhz - 8192MB) Client PokerStars - 6597 ( Dec 24 2012 ) setting locale to 0... loaded 182740 localized messages TransportThread::run() - Starting _createTransport: Started Local thread #0 - type 'replay' Sending CREATESERVER msg to local thread #0 LocalThread[ 0 ]: Creating Server 'replayInstance' _CommRWAcceptThreadUnix: listen( 25 ) HandReplayServer v1.0.0.0, protocol v0.1.32 CommRoutingTable: server object 'replayInstance' registered LocalThread[ 0 ]: ServerObject 'replayInstance' created in slot 0 LocalThread[ 0 ]: ServerObject( 0 ) registered CommServerConnectionPool: _COMM_MSGTYPE_PHYSICAL_CONNECT GUID 71000671007600747003700170077106 SYSVOL 5A952C8988E9 MAC 002500ef0880 layout on all monitors layout management disabled Animation mode: 2 Zoom animation mode: 0 Auto-rebuy 0 (0,0 - 0,0) Auto-rebuy 1 (0,0 - 0,0) soundOn CashInBonusParam::clear called LobbyHelperConnection::connect LobbyServerConnection::connect CommIdMap: 1/2 capacity limit exceeded - rehashing CommIdMap: rehash completed CommIdMap: 1/2 capacity limit exceeded - rehashing CommIdMap: rehash completed [2012/12/30 17:09:23] This data is not mine, I found it on the internet: http://pastie.org/pastes/5599558 |
Author: | bpdummy666 [ Wed Jun 04, 2014 10:21 am ] |
Post subject: | Re: MAC, SYSVOL, GUID stealthiness - PS.log.0 |
So the normal way to do something similar is using Virtual Machines, right? I'd like to avoid using VMs in order to look less suspicious for PS. Because I imagine that they can know that the client is being executed from a VM. Am I right? |
Author: | spears [ Wed Jun 04, 2014 10:37 am ] |
Post subject: | Re: MAC, SYSVOL, GUID stealthiness - PS.log.0 |
bpdummy666 wrote: I'd like to avoid using VMs in order to look less suspicious for PS. Because I imagine that they can know that the client is being executed from a VM. Am I right? yes |
Author: | bpdummy666 [ Wed Jun 04, 2014 1:08 pm ] |
Post subject: | Re: MAC, SYSVOL, GUID stealthiness - PS.log.0 |
And how can you hide the fact that the client room is being executed in a VM? or it isn't necessary, is it? I think no poker room is going to ban you because you are executing the client in a VM, they can just suspect. Although they can ban you whenever they want without a big justification. Is there any thread in the archived forum that talks about it? |
Author: | spears [ Wed Jun 04, 2014 3:42 pm ] |
Post subject: | Re: MAC, SYSVOL, GUID stealthiness - PS.log.0 |
Quote: And how can you hide the fact that the client room is being executed in a VM? You'd have to modify the client or the system functions it calls: ie hooks, trampolines, rootkits, code injection etc Quote: I think no poker room is going to ban you because you are executing the client in a VM, they can just suspect. Yes, just one of many flags that will arouse suspicion.Quote: Is there any thread in the archived forum that talks about it? There are lots. Google site:poker-ai.org vm |
Page 1 of 1 | All times are UTC |
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |