Looking for AutoBuffer "irose Server"

[☠RockAngeL☠]

i am going to open server soon ,
and i hear of some Servers have a AutoBuffer :
Buffs automatic .

if you know anything of this add me "[email protected]"
or reply me here .

ty

 

[myripper]

some server is Arua, Ruff ?

 

[blacksnow]

its not too hard, i had read a guide long time ago and i forgot it, use 3dmax to make your own npc, some other soft, u may find it here :{ I can read between the lines} ICON

 

[MDFK]

why not code a bot? walla sorted

 

[Organic]

I think only Bratok has it at the moment.

 

[HawKerboy]

Nope not only Bratok have BotBuffer
3 server have it
1-Bratokrose
2-CrusadeRose
3- i dont know the third one

 

[☠RockAngeL☠]

Thanks just find one , btw guys am looking for someone who can Do a Website for my IROSE , if you can contact me [email protected]

 

[wildtigerz]

this is bratok's botbuffer he gave me when i was a gm there. u just have to hex the message =P {Removed Apears to be infected unless someone tells me other wise} ICON

 

[Necro]

Make sure to scan it.

File BOTJunonZantAdv.zip received on 09.24.2008 00:51:54 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 9/36 (25%)

Antivirus Version Last Update Result
AhnLab-V3 2008.9.23.1 2008.09.23 -
AntiVir 7.8.1.34 2008.09.23 -
Authentium 5.1.0.4 2008.09.23 -
Avast 4.8.1195.0 2008.09.23 -
AVG 8.0.0.161 2008.09.23 -
BitDefender 7.2 2008.09.23 -
CAT-QuickHeal 9.50 2008.09.23 TrojanSpy.Agent.bcx
ClamAV 0.93.1 2008.09.23 Trojan.Spy-29218
DrWeb 4.44.0.09170 2008.09.23 -
eSafe 7.0.17.0 2008.09.23 Suspicious File
eTrust-Vet 31.6.6101 2008.09.23 -
Ewido 4.0 2008.09.23 -
F-Prot 4.4.4.56 2008.09.23 -
F-Secure 8.0.14332.0 2008.09.23 -
Fortinet 3.113.0.0 2008.09.23 -
GData 19 2008.09.23 -
Ikarus T3.1.1.34.0 2008.09.23 Trojan-Spy.Win32.Agent.bbg
K7AntiVirus 7.10.469 2008.09.23 Trojan-Spy.Win32.Agent.bga
Kaspersky 7.0.0.125 2008.09.24 -
McAfee 5390 2008.09.23 -
Microsoft 1.3903 2008.09.24 -
NOD32v2 3466 2008.09.23 -
Norman 5.80.02 2008.09.23 -
Panda 9.0.0.4 2008.09.23 Suspicious file
PCTools 4.4.2.0 2008.09.23 -
Prevx1 V2 2008.09.24 Information Stealer
Rising 20.63.12.00 2008.09.23 -
Sophos 4.33.0 2008.09.23 -
Sunbelt 3.1.1662.1 2008.09.24 -
Symantec 10 2008.09.24 -
TheHacker 6.3.0.9.091 2008.09.23 Trojan/Spy.Agent.bem
TrendMicro 8.700.0.1004 2008.09.23 -
VBA32 3.12.8.5 2008.09.23 -
ViRobot 2008.9.23.1389 2008.09.23 -
VirusBuster 4.5.11.0 2008.09.23 Worm.AutoIt.EA
Webwasher-Gateway 6.6.2 2008.09.23 -

 

[avdeoks2]

BOTJunonZantAdv.zip put link here

 

[Mike567]

wheres the link i nid it.

 

[lCON]

link was removed until i check if its clean.

 

[Necro]

One thing that can also be done is just make a script run it on a macro key..give it gm skills to buff all, set your bot where you like and your done.

 

[Purpleyouko]

You could get really clever and write an AIP script that can be attached to an NPC.

features include.....

• You can make it cast any skill you like including GM skills that do AOE buffs (or debuffs if you are feeling really mean).
• All kinds of logic can be built in. You can check the proximity of players, their levels, all kinds of stuff.
• AIP includes timers with both zone time and server time so you can make your buffs occur at different times. Say for 5 minutes every hour or at exactly 8:37pm (server time) every evening everybody in range will get Uber Buffed.
• You can use all sorts of local and global variables to store information bits to control logic gates and stuff. It can even be used to change the behavior of certain monsters based on the actions of your custom NPC. All monsters have specific AIP files that can be modified to read your custom one.

The downside........
Nobody has a decent publicly available AIP editor yet. You can hex it if you know what you are doing though. I have figured out how to read the data and make sense of it but i haven't actually coded anything that can save the stuff yet.:rofl1:

Second drawback....
Only osprose (my little pre-evo project at osrose) has any of this stuff coded yet.
Osirose has a bit of AIP but not even close to the complexity of osprose.
Well Arcturas probably has but I don't know a lot about that or how to set it up.

 

[Regain]

Make sure to scan it.

File BOTJunonZantAdv.zip received on 09.24.2008 00:51:54 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 9/36 (25%)

Antivirus Version Last Update Result
AhnLab-V3 2008.9.23.1 2008.09.23 -
AntiVir 7.8.1.34 2008.09.23 -
Authentium 5.1.0.4 2008.09.23 -
Avast 4.8.1195.0 2008.09.23 -
AVG 8.0.0.161 2008.09.23 -
BitDefender 7.2 2008.09.23 -
CAT-QuickHeal 9.50 2008.09.23 TrojanSpy.Agent.bcx
ClamAV 0.93.1 2008.09.23 Trojan.Spy-29218
DrWeb 4.44.0.09170 2008.09.23 -
eSafe 7.0.17.0 2008.09.23 Suspicious File
eTrust-Vet 31.6.6101 2008.09.23 -
Ewido 4.0 2008.09.23 -
F-Prot 4.4.4.56 2008.09.23 -
F-Secure 8.0.14332.0 2008.09.23 -
Fortinet 3.113.0.0 2008.09.23 -
GData 19 2008.09.23 -
Ikarus T3.1.1.34.0 2008.09.23 Trojan-Spy.Win32.Agent.bbg
K7AntiVirus 7.10.469 2008.09.23 Trojan-Spy.Win32.Agent.bga
Kaspersky 7.0.0.125 2008.09.24 -
McAfee 5390 2008.09.23 -
Microsoft 1.3903 2008.09.24 -
NOD32v2 3466 2008.09.23 -
Norman 5.80.02 2008.09.23 -
Panda 9.0.0.4 2008.09.23 Suspicious file
PCTools 4.4.2.0 2008.09.23 -
Prevx1 V2 2008.09.24 Information Stealer
Rising 20.63.12.00 2008.09.23 -
Sophos 4.33.0 2008.09.23 -
Sunbelt 3.1.1662.1 2008.09.24 -
Symantec 10 2008.09.24 -
TheHacker 6.3.0.9.091 2008.09.23 Trojan/Spy.Agent.bem
TrendMicro 8.700.0.1004 2008.09.23 -
VBA32 3.12.8.5 2008.09.23 -
ViRobot 2008.9.23.1389 2008.09.23 -
VirusBuster 4.5.11.0 2008.09.23 Worm.AutoIt.EA
Webwasher-Gateway 6.6.2 2008.09.23 -

doesn't look too dangerous, the autobuffer should send off information as panda detected and other avs have (trojan/spy.agents are usually keyloggers-info stealers-etc because they send data remotely if i am correct). Virusbuster detects it as a worm because it "spreads" or thinks it "spreads" and i wouldn't trust virusbuster much anyways- its not that good of an av.
I would check via vmware or anubis to see what the application actually does or look into the asm using ollydbg or hex if they left some strings with procedures such as "info stealer", "virus", etc on it.

link was removed until i check if its clean.

send it me and i'll analyse it...since you seem to be taking your time.

*EDIT: When i said procedures i meant strings.. too much delphi ftl.

 

[Necro]

Yup was just looking out for people better safe then sorry lol anyways still got me on your msn list regain? if need i can send it to you.

"edit"

Sending you the link in pm.

 

[Regain]

errr dunno, forgot your email lol.

Thanks to Necro i got ahold of the executable....

Analysis Results so far..

Isn't binded with anything.

MD5 Hash: 63FC1950935B76EB60A127937CF309C7
File size: 199 KB
The exe is packed using UPX - UPX makes the executable smaller therefore faster so dw.
my guess would be a vb6 app? nvm autoit.

Uses/Loads:
"KERNEL32.DLL
ADVAPI32.dll
COMCTL32.dll
comdlg32.dll
GDI32.dll
ole32.dll
OLEAUT32.dll
SHELL32.dll
USER32.dll
VERSION.dll
WINMM.dll
WSOCK32.dll
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
RegCloseKey
GetOpenFileNameA
BitBlt
CoInitialize
DragFinish
GetDC
VerQueryValueA
mixerOpen"

Doesnt do anything suspicious in anubis...
but checks the regitry for this information:
HKLM\​SOFTWARE\​Microsoft\​CTF\​SystemShared\​ CUAS 0 1
HKLM\​Software\​Microsoft\​CTF\​SystemShared CUAS 0 1
HKLM\​Software\​Microsoft\​Windows NT\​CurrentVersion\​IMM Ime File msctfime.ime 1

Using vmware to test the application...
tried all commands and nothing suspicious happens~
looks clean to me. seems genuine.
will test via ollydbg later.

tested via real comp and nothing suspicious YET.
since a trojan/virus may be set to delay for so long or delay until reboot.

currently unpacking the file.
i deem this file SAFE until further notice.
( i don't know how this app does auto-buffing tho o.o - seems like a bot that does nothing.)

 

[Necro]

( i don't know how this app does auto-buffing tho o.o - seems like a bot that does nothing.)

From the looks of how it buffs is like.

; <COMPILER: v1.0.47.5>











#NoEnv
SendMode Input
SetWorkingDir %A_ScriptDir%

#Persistent
menu, tray, add
menu, tray, add, Buff Repeater (CTRL +2), BuffLoop
menu, tray, add, Buff Round (CTRL + 3), BuffRound
return


^q::ExitApp
^p::Pause
^r::Reload
^h::about()

^1::buff()
^2::buff_loop()
^3::buff_round()
IfWinNotActive, ROSE online, , WinActivate, ROSE online,

BuffLoop:
 buff_loop()
 return
BuffRound:
 buff_round()
 return

about()
{
TrayTip, Conjurer script,`n CTRL + q = quit `n CTRL + R = restart `n
}

buff()
{
		Send, {F1}
		Sleep, 3000
		Send, {F2}
		Sleep, 3000
		Send, {F3}
		Sleep, 3000
		Send, {F4}
		Sleep, 3000
		Send, {F5}
		Sleep, 3000
		Send, {F6}
		Sleep, 5000
}

buff_loop()
{
TrayTip, Activated buff repeat, Buff stay buffing ( to deactivate use CTRL+R)
counter = 0
	Loop
	{
		Sleep, 10000
		buff()
		Sleep, 60000
		counter++
		if(counter = 200)
		{
			Send, {F8}
			counter = 0
		}

	}
}

sequence()
{
		Sleep, 10000
		Send, {!}I will buff in 30 seconds {!} Get near please {!} {ENTER}
		Sleep, 30000
		buff()

}

buff_round()
{
TrayTip, Activated buff round, will cicle maps buffing  ( to deactivate use CTRL+R)
counter = 0
Loop
{
	IfWinActive, ROSE online
	{
		Send, /na Welcome to Bratok R.O.S.E, We wish you all the best fun playing in our server! {ENTER}
		Sleep, 5000
		Send, /na This is a automated BOT, does not respond to players or buffing requests. Buff Junon, Zant and Adventure! {ENTER}
		Sleep, 1000
		Send, /mm 22 565 522 {ENTER}
		sequence()
		Send, /mm 1 525 525 {ENTER}
		sequence()
		Send, /mm 2 566 521 {ENTER}
		sequence()

		counter++
		if(counter = 50)
		{
			Send, {F8}
			counter = 0
		}

	}
}
}

 

[lCON]

send it me and i'll analyse it...since you seem to be taking your time.

*EDIT: When i said procedures i meant strings.. too much delphi ftl.

If its clean go ahead and re post it but in the release section. And not taking my time just have some stuff on my server been working on as well.

 

[Necro]

Done added to release section.