Release: PW 1.5.5 v156 with mole disabled

Page 1 of 2 12 LastLast
Results 1 to 15 of 17
  1. #1
    Account Upgraded | Title Enabled! Milos is offline
    MemberRank
    Nov 2015 Join Date
    127.0.0.1Location
    281Posts

    Release: PW 1.5.5 v156 with mole disabled

    A huge thank you to @Fyyre for editing these bins to disable the wanmei mole for me, and for granting me permission to release them. The attached 7z contains a patched gdeliveryd and gamedbd with the mole disabled. Enjoy

    edit: it was brought to my attention that the link no longer works so i have removed it from the post, this weekend when i have more time i'll connect my external drive and find the files and upload them again and update this post with a new link.

    edit2: thanks to wrechid finding a copy of it, i now have a new link for all of you
    and a thank you to discord for having such an easy to use cdn to host this for me

    https://cdn.discordapp.com/attachmen...moleremoved.7z
    and a google drive link thanks to @Mistigri
    https://drive.google.com/file/d/1UGl...usp=share_link
    Last edited by Milos; 3 Weeks Ago at 03:43 AM.


  2. #2
    Member kisswdev is offline
    MemberRank
    May 2017 Join Date
    RomaniaLocation
    64Posts

    Re: Release: PW 1.5.5 v156 with mole disabled

    Working in ubuntu 18.04 ? Or under 14.04 and debian 8

  3. #3
    Account Upgraded | Title Enabled! Milos is offline
    MemberRank
    Nov 2015 Join Date
    127.0.0.1Location
    281Posts

    Re: Release: PW 1.5.5 v156 with mole disabled

    Quote Originally Posted by kisswdev View Post
    Working in ubuntu 18.04 ? Or under 14.04 and debian 8
    it's running flawlessly for me on ubuntu server 20.04.2

  4. #4
    Omega 343 is offline
    MemberRank
    Oct 2009 Join Date
    Ancient DGN CTYLocation
    5,514Posts

    Re: Release: PW 1.5.5 v156 with mole disabled

    Thank you to all involved on this, it has been added for *all* versions in my release

  5. #5
    Apprentice beta11n is offline
    MemberRank
    Dec 2019 Join Date
    17Posts

    Re: Release: PW 1.5.5 v156 with mole disabled

    What's the mole about?

  6. #6
    Account Upgraded | Title Enabled! Milos is offline
    MemberRank
    Nov 2015 Join Date
    127.0.0.1Location
    281Posts

    Re: Release: PW 1.5.5 v156 with mole disabled

    Quote Originally Posted by beta11n View Post
    What's the mole about?
    it's a backdoor that allows wanmei to connect to your sever and get a root shell where they can do anything they want.

  7. #7
    Omega 343 is offline
    MemberRank
    Oct 2009 Join Date
    Ancient DGN CTYLocation
    5,514Posts

    Re: Release: PW 1.5.5 v156 with mole disabled

    Quote Originally Posted by beta11n View Post
    What's the mole about?
    Quote Originally Posted by Milos View Post
    it's a backdoor that allows wanmei to connect to your sever and get a root shell where they can do anything they want.
    This and or malicious "releasers" who have "inserted" their own KEY..!

  8. #8
    Apprentice beta11n is offline
    MemberRank
    Dec 2019 Join Date
    17Posts

    Re: Release: PW 1.5.5 v156 with mole disabled

    if wanmei can, so can anyone. What pw versions are affected?

  9. #9
    Omega 343 is offline
    MemberRank
    Oct 2009 Join Date
    Ancient DGN CTYLocation
    5,514Posts

    Re: Release: PW 1.5.5 v156 with mole disabled

    Quote Originally Posted by beta11n View Post
    What's the mole about?
    Quote Originally Posted by Milos View Post
    it's a backdoor that allows wanmei to connect to your sever and get a root shell where they can do anything they want.
    Quote Originally Posted by beta11n View Post
    if wanmei can, so can anyone. What pw versions are affected?
    All...

  10. #10
    Apprentice beta11n is offline
    MemberRank
    Dec 2019 Join Date
    17Posts

    Re: Release: PW 1.5.5 v156 with mole disabled

    I diffed this binary with the original - and yeah, there seems to be an alternative mean of authorization and then executing any string in shell

    but 1.3.6 doesn't seem to have any of this code - there's no trace of DomainDaemon or DomainCmd in gdeliveryd. Not even a single popen() referenced.

    I'm still going to check the gs

    - - - Updated - - -

    I meant gamedbd, not gs. I can't find a 1.3.6 binary with debug symbols and there's quite a few system() calls inside, but a quick look at the sources suggests all of those calls are legit.

    imho 1.3.6 is safe

  11. #11
    Psy Sins Psytrac is online now
    MemberRank
    Jul 2011 Join Date
    Hammond, INLocation
    2,012Posts

    Re: Release: PW 1.5.5 v156 with mole disabled

    Quote Originally Posted by beta11n View Post
    if wanmei can, so can anyone. What pw versions are affected?
    without going into too much detail.. binaries released to this point all have the same wanmei key in them, which no one but wanmie has. ALL versions of PW, FW and JD are effected, the 1.3.8 world2 release is not. (due to it not being meant to get out of china, it does NOT have this backdoor)

    - - - Updated - - -

    Quote Originally Posted by beta11n View Post
    I diffed this binary with the original - and yeah, there seems to be an alternative mean of authorization and then executing any string in shell

    but 1.3.6 doesn't seem to have any of this code - there's no trace of DomainDaemon or DomainCmd in gdeliveryd. Not even a single popen() referenced.

    I'm still going to check the gs

    - - - Updated - - -

    I meant gamedbd, not gs. I can't find a 1.3.6 binary with debug symbols and there's quite a few system() calls inside, but a quick look at the sources suggests all of those calls are legit.

    imho 1.3.6 is safe
    The GS has nothing to do with it. it's gdelivery and gamedbd

  12. #12
    Account Upgraded | Title Enabled! Milos is offline
    MemberRank
    Nov 2015 Join Date
    127.0.0.1Location
    281Posts

    Re: Release: PW 1.5.5 v156 with mole disabled

    Quote Originally Posted by Psytrac View Post
    without going into too much detail.. binaries released to this point all have the same wanmei key in them, which no one but wanmie has. ALL versions of PW, FW and JD are effected, the 1.3.8 world2 release is not. (due to it not being meant to get out of china, it does NOT have this backdoor)

    - - - Updated - - -



    The GS has nothing to do with it. it's gdelivery and gamedbd
    both of you are correct, 343 looked into the sourcecode for 1.3.6 and it looks like 1.3.6 and older do not have the DomainCommand (mole) code in them

  13. #13
    Psy Sins Psytrac is online now
    MemberRank
    Jul 2011 Join Date
    Hammond, INLocation
    2,012Posts

    Re: Release: PW 1.5.5 v156 with mole disabled

    Quote Originally Posted by Milos View Post
    both of you are correct, 343 looked into the sourcecode for 1.3.6 and it looks like 1.3.6 and older do not have the DomainCommand (mole) code in them
    it's not 1.3.6, but let's not get not that argument. it's actually as old, if not older than 1.3.1

    we also do not have source, we only have source from v62/v66 and higher

  14. #14
    Omega 343 is offline
    MemberRank
    Oct 2009 Join Date
    Ancient DGN CTYLocation
    5,514Posts

    Re: Release: PW 1.5.5 v156 with mole disabled

    To elaborate a little, correct; (what we call) v136 - well, we don't have an unstripped gamedbd - so not much can be done there (I sure in the hell ain't pokin around looking for it without all the debug symbols)! Though I can say, since the gdeliveryd does have debug info, it does appear that there is NO references to "DomainDaemon" - in what we call 136!

  15. #15
    Apprentice beta11n is offline
    MemberRank
    Dec 2019 Join Date
    17Posts

    Re: Release: PW 1.5.5 v156 with mole disabled

    @343 if you search the newer gamedbd for all popen(), exec*(), or system() calls, you will find some exec() used exactly and only by the DomainDaemon - those are used to execute any custom string the shell. If you search 1.3.6 gamedbd there is no exec*() whatsoever.



Page 1 of 2 12 LastLast

Advertisement