| Author | Message | Time |
|---|---|---|
| ZergMasterI | From a link from BnetDocs (From here to here) to a text file on BotNet's documentation, it says: [quote](send to client) id 0x06: botnet bot information Contents: (DWORD) bot id (4.1) (DWORD) database access flags 1 = read 2 = write 4 = restricted access (4.1) (DWORD) administrative capabilities Specified in Zerobot Traditional Flags Format (ZTFF): A = superuser, can perform any administrative action B = broadcast, may use talk-to-all C = connection, may administer botnet connectivity D = database, may create and maintain databases I = ID control, may create and modify hub IDs S = botnet service (4.1) (Admin only) (DWORD) IP address of the bot being described (STRING:20) bot name (STRING:*) bot channel (DWORD) bot server (2) (STRING:16) unique account name (3) (STRING:*) database[/quote] What is ZTFF and how do I decode it? | October 9, 2006, 5:36 PM |
| UserLoser | A = 1 B = 2 C = 4 D = 8 E = 16 ... To test for flags, do a bitwise check, i.e. use the bitwise and operator | October 9, 2006, 6:07 PM |
| ZergMasterI | Then why does init have Admin = 399663? | October 9, 2006, 6:25 PM |
| UserLoser | Admin = 399663? What are you talking about? Like I said already, use the bitwise and operator and get the user's flags | October 9, 2006, 11:01 PM |
| HdxBmx27 | If my math dosen't fail me. 399663 = 0x06192F = ABCEHKLQR [quote] A = superuser, can perform any administrative action B = broadcast, may use talk-to-all C = connection, may administer botnet connectivity D = database, may create and maintain databases I = ID control, may create and modify hub IDs S = botnet service[/quote] So that person would be a.... Superuser, Broadcaster, and a Connection Admin. Now that dosen't seem right... so my math must be failing. Anyways. Here is a basic function: [code]Public Function GetFlags(Flags as Long) As String Dim tmp as String tmp = IIF(Flags And &H1 = &H1, "A", vbNullString) tmp = tmp & IIF(Flags And &H2 = &H2, "B", vbNullString) tmp = tmp & IIF(Flags And &H4 = &H4, "C", vbNullString) tmp = tmp & IIF(Flags And &H8 = &H8, "D", vbNullString) tmp = tmp & IIF(Flags And &H100 = &H100, "I", vbNullString) tmp = tmp & IIF(Flags And &H40000 = &H40000, "S", vbNullString) GetFlags = tmp End Function[/code] Or: [code]Function GetFlags(Flags): Dim A, x For x = 1 to 26 If((Flags And (2^x)) = (2^x)) Then A = A & Chr(64 + x) End If Next GetFlags = A End Function[/code] Thats jsut off the top of my head (Not sure if I got I&S values correct.) ~-~(HDX)~-~ | October 10, 2006, 11:19 PM |
| ZergMasterI | "Warning - while you were typing a new reply has been posted. You may wish to review your post." *Kicks my internet for dropping when I tried to post before* Sorry 'Admin' was the variable assigned to admin capabilities, and the BotNet user that has the username 'init''s admin capabilities are 399663. 06192Fh 0110 0001 1001 0010 1111b It appears to be flags A, B, C, D, F, I, L, M, R, S.. what's F, L, M, and R? | October 10, 2006, 11:42 PM |
| UserLoser | ABCDFILMRS looks about right. Not sure about those, ask Kp about that one. | October 10, 2006, 11:45 PM |