Denial has a bot called fluffy bot. It can see whispers in a channel. Any idea how this is done?

EID_WHISPER will notify you of any received whispers.

I think that Denial is bullshitting you.

Such information is not widely shared, so try to keep this between us, OK? In the header of your join channel packet, remember to set the evil bit. Hope this helps.

[quote author=Grok link=board=17;threadid=2618;start=0#msg20577 date=1062995442]Such information is not widely shared, so try to keep this between us, OK? In the header of your join channel packet, remember to set the evil bit. Hope this helps.[/quote]

Grok, you forgot a couple of steps: First, you have to spoof your ping to get it to be exactly 666. Then, you send continually battle.net 0x25 packets until you get a message about the gem being activated.

FeanOr it is true, denial can receive and then send those "whispers" that other people get.

Denial gave me a demo, i did /F L and his bots responded with the last person on my list.

i have done it too, except my way was unethical, it was simply sending the ALT+0137 code followed by a few letters, and it picked up the whispers but when i tried to add to a txt file or on the chat screen of the bot it didnt work... >:(

There is a buffer overflow problem, and I've seen a couple screenshots of it, but it's pretty much impossible to spy on people with it. I'm not sure exactly how it works, but I think EvilCheese was looking into it at one point. Or was it Arta? I get all those damn English mixed up :)

Buffer overflow in server code? Client code?

I honestly don't know.. let me see if I can find those old screenshots..

[img]http://iago.valhallalegends.com/pub/Pictures/ss/nat01.jpg[/img]

I think we determined that a person has the ability to seem to whisper somebody else the last thing they said. The most likely cause is that the recieve buffer isn't cleared and the other person somehow sends either a blank whisper (although that's not allowed) or some special whisper that doesn't add a '\0' to the end for whatever reason.

I started disassembling this awhile back, and if somebody wants to continue, we figure it's around here somewhere:
[code] .text:190180EC lea ecx, [esp+494h+var_464]
.text:190180F0 push ecx
.text:190180F1 push esi
.text:190180F2 push offset aFromSS ; "<From: %s> %s"
.text:190180F7 jmp short loc_19018104 [/code]

So we have to figure out where esi comes from before this jmp is made (19018104 is just a wsprintfA and a jump).

I believe it was right about there that I got sidetracked and never came back to it, but clearly you have to cause the wsprintfA to not get anything useful :-)

[edit] I guess it's not a buffer overflow at all that causes this.. only a buffer underflow. And I don't really know whether it's server or client, but it seems like client..

Ah, so they don't actually have knowledge of the whisper contents, they just pretend to?

It sounds a little like the word wrapping bug where if it replaces the \0 with a word wrapping \n or \t, some random data will be displayed on the next line.

To see this happen, produce a line that just barely reaches the end of the box, so that it decides to wrap, but doesn't actually have anything to put on the next line.

Denial's bot can likely see the whispers being sent to webbot hosts, but then again, so can just about everyone else. ;)

Yes, I was working on this a while ago after a good friend of mine sent me that screenshot you just saw and a couple of others.

The person responsible for the whispers threatened by friend that they would listen into his conversations (being able to see whispers) and to prove it, performed this trick at least 5 times on different occasions.

When I looked at the screens, I noted that the whispers were always the last thing said... I told my friend to ask this "hacker" to repeat the last 4 things I whispered to him.... he was unable to.

I looked into it a little bit ( I think Iago and myself spent 45 minutes or so browsing the disassembly the day after ) and we decided it was most likely a buffering problem, but I havent touched it since either.

Would be interesting to know how it's done, though I'm too busy to look into it myself in any depth.

It would be nice to see somebody replicate it so I can packetsniff and find out if it's serverside or clientside. If it's serverside, it would also work on bots.

I don't understand that screenshot, Ntrx typed /time, and Natilie_Portman whispered Ntrx the last message that he recieved?

Based on that post you DO understand the screenshot. :P

Unless you got someone else to write it for you. ;)

That's what I thought, but i wasn't sure.

Grok: In the header of your join channel packet, remember to set the evil bit.

it works! =p

Thanks for all the feedback that I don't understand (hopefully I will soon). This has actually happened to me on STAR. I was browsing around in channels, and I was getting all these whispers from peeps I didn't know. I figured I'd take a screenshot, but people could just pass it off as people messaging me. Btw, this info on "Fluffy Bot" comes from one of denials friends.

Probably just a glitch in the servers.
One time right before one of the servers dropped, I got banned, sent to the void and then could not only see a realtime channel list of The Void, but I could also see every ban from every channel on the USEast realm.

[quote author=LoRd link=board=17;threadid=2618;start=15#msg20783 date=1063178126]
Probably just a glitch in the servers.
One time right before one of the servers dropped, I got banned, sent to the void and then could not only see a realtime channel list of The Void, but I could also see every ban from every channel on the USEast realm.
[/quote]

And you neglected to document this with a screenshot?
[me=Hazard]gasps[/me]

[quote author=LoRd link=board=17;threadid=2618;start=15#msg20783 date=1063178126]
Probably just a glitch in the servers.
[/quote]

I'm quite sure this is client-sided for SC/BW clients.

[quote author=LoRd link=board=17;threadid=2618;start=15#msg20783 date=1063178126]
One time right before one of the servers dropped, I got banned, sent to the void and then could not only see a realtime channel list of The Void, but I could also see every ban from every channel on the USEast realm.
[/quote]

That seems likely, strange things have been known to happen in The Void.

[quote author=Spht link=board=17;threadid=2618;start=15#msg20799 date=1063210772]
That seems likely, strange things have been known to happen in The Void.
[/quote]

The Void is the equivalent of the Delta quadrant.

[quote author=Avenge link=board=17;threadid=2618;start=15#msg20679 date=1063076079]
Grok: In the header of your join channel packet, remember to set the evil bit.

it works! =p
[/quote]

Join channel packet?....The initial joinning of the home channel?

[quote author=Hazard link=board=17;threadid=2618;start=15#msg20802 date=1063212127]
[quote author=Spht link=board=17;threadid=2618;start=15#msg20799 date=1063210772]
That seems likely, strange things have been known to happen in The Void.
[/quote]

The Void is the equivalent of the Delta quadrant.
[/quote]

I'd equate it more with fluidic space.

I'd say more like Borg Hyperspace, as described by William Shatner in his books. >3 spacial dimensions, and a reasonably good description of what it's like to be there, and to walk through a curved gravity field, etc.

[edit] The book is Odessy, and it's ~1300 pages.. a pretty good story, though, in my opinion :)

[quote author=LoRd link=board=17;threadid=2618;start=15#msg20783 date=1063178126]
Probably just a glitch in the servers.
One time right before one of the servers dropped, I got banned, sent to the void and then could not only see a realtime channel list of The Void, but I could also see every ban from every channel on the USEast realm.
[/quote]
Yes, there's a memory corruption bug in the BNCS software which seems to result in that (and probably also results in the server crash which typically follows a few seconds afterwards).

[quote author=iago link=board=17;threadid=2618;start=15#msg20855 date=1063240607]
I'd say more like Borg Hyperspace, as described by William Shatner in his books. >3 spacial dimensions, and a reasonably good description of what it's like to be there, and to walk through a curved gravity field, etc.

[edit] The book is Odessy, and it's ~1300 pages.. a pretty good story, though, in my opinion :)
[/quote]

That you're reading a book by William Shatner is wrong on so many levels.

[quote author=Grok link=board=17;threadid=2618;start=15#msg20914 date=1063298859]
[quote author=iago link=board=17;threadid=2618;start=15#msg20855 date=1063240607]
I'd say more like Borg Hyperspace, as described by William Shatner in his books. >3 spacial dimensions, and a reasonably good description of what it's like to be there, and to walk through a curved gravity field, etc.

[edit] The book is Odessy, and it's ~1300 pages.. a pretty good story, though, in my opinion :)
[/quote]

That you're reading a book by William Shatner is wrong on so many levels.
[/quote]

Actually, I READ the book, long ago.. a few years ago, at least. And I got it as a gift, and used to have lots of free time before I started working. :)

[img]http://www.blizzside.com/cripped/trick/fluffy.gif[/img]
That is another example of this ...

hmm, in that one it wasn't whispered..

Yeah they can pick up Bnet Info as well...
I can show u an example if u like... i have got it working...

Or perhaps the program that's being passed around contains a trojan. Notice how he wasn't able to see your friends list the first time through? ... perhaps he just couldn't type fast enough or wasn't paying attentsion to what was visible on your screen.

No, it's not a program going around with a trojan for too many reasons to list.

hmm i wonder who UserLoser.@Lordaeron is in that screenshot - i think i've seen them before...