Git Hacks Forum

We value knowledge

You are not logged in.

#1 2020-02-11 03:51:59

israeli
Member
Registered: 2020-02-10
Posts: 4

[SPOOFER] King

https://git.hacks.ltd/cracked-spoofers/king/tree/master

So this is a very very wierd spoofer, they don't spoof the disk so idk why the fuck people are buying
They also took the download links for the exe (AMIDEWINx64) and converted them to bytes, then convert the byte to strings.

They spoof everything from usermode now, this is their v1.2 "recode"

Last edited by israeli (2020-02-12 02:11:56)

Offline

#2 2020-02-11 15:50:58

xBreaders
Moderator
Registered: 2020-01-25
Posts: 9

Re: [SPOOFER] King

Thanks for sharing, i will take a look at this soon.

Offline

#3 2020-02-12 01:39:51

xerox
Administrator
Registered: 2019-12-03
Posts: 56

Re: [SPOOFER] King

> Most of the source is actually unpacked but still trying to get their driver

Hook NtLoadDriver, you can use my library shithook of you can use ApiMonitor which is a great tool to use smile

Also... Packaging the driver inside of the binary reduces the amount of files needed for transporting. I personally do this myself. If the driver
is manually mapped (which i think it is) then there will be 2 drivers, the first driver to be loaded will be signed and used for mapping the next driver which never touches disk. anyways both can be dumped with a little knowledge of kernel pool tags.

@xBreaders or i can easily get the driver if you want.

anyways good job!!! glad to see others are learning smile

add me on discord? _xeroxz#7212


./xerox

Offline

#4 2020-02-12 02:09:47

israeli
Member
Registered: 2020-02-10
Posts: 4

Re: [SPOOFER] King

So they "recoded" there spoofer and now spoof everything through usermode.
Here is the unpacked exe, took care of the obf
https://git.hacks.ltd/cracked-spoofers/king
IDK if I blind but I don't see where they spoof diskdrive

Offline

Board footer

Powered by FluxBB