Sign in to follow this  
ForlaxPy

SNIPR v3.7.6.4 ! My analysis of it and here is how you can patch the Auth system.

Recommended Posts

Well first of all Hello.

In the couple last days I asked a friend for his team viewer it was @Devil , he had Fiddler opens as we were trying to update some API function of FAF, and when he launched up SNIPR to crack something, I noticed that he auto authenticated, and in the background I saw some requests going on inside of Fiddler. I stopped him and asked to upload that Fiddler session for me.

 

So here is how it looks like:

 

mreQZlI.png

 

So as You can see I edited the screenshot to make the explanation easier. The login sent requests are our target so the first requests gonna be a version check and that's hella importatnt and PRAGMA did just released a new update where he probably patched this yesterday, but good for us I still got the previous version. The second one is the key as it sends a request to the server with a generated HWID + the given email + pass and the third one has the main SNIPR UI, yes SNIPR Form or UI or GUI or panel... (call irt whatever you want) Is saved online in his server. So all you gotta do is take the session file that I'm gonna provide you and start faking some responses using fiddler.  Using the response breakpoints. 

 

npND3iL.png

 

This will prevent SNIPR from getting the response until you approve it from Fiddler, so the good about this is that we can take the previous session responses that @Devil had and provide them as reponses or and that the best option is to Host these responses in a local File and to disable the cnx betwen SNIPR and PRAGMA's API. How? Easy. SNIPR is using Eazfuscator.NET as an obfuscator and I'm pretty sure that you can easily deofuscat it just by a quick search on Google. So that's basically the whole auth stage, after that you fake the third Http request you can just disable fiddler and let snipper grab the client needed files such as Configs and the others js required stuffs. So as I said above hosting these files locally and by using a little redirect trick SNIPR will work perfectly.

 

All right so I'm a Reverser so why didn't I did this? To be honest I wanted to do this but everytime I opens my decompiler to check for where are these requests sent from I get kicked off by how many the classes are. Yes I fully decompiled it to a readable code but still gotta clean some junks. I'm sure that there is a second way to do that manually by settlng a XAMP host in the machine and redirecting these requests or by coding a program that does this but I'm kinda lazy to do that so yes Here is everything you need to know about how SNIPR works/auth. And it's still getting sold for 20$ so....

I'm ready to help anyone that is willing to continue on this project but don't expect me to do much as I already quited it.

 

 

FAWrsdv.png

 

WLqsKO6.png

 

Files Needed:

 

[hide]

The SNIPR Files used: https://anonfile.com/2al2oar5b1/SNIPR_rar

The Fiddler Session: https://anonfile.com/wbs3ocreb3/SNIPR_session_rar

[/hide]

Good Luck!

[align=left]

[/align]

Share this post


Link to post
Share on other sites

i have been waiting for this my whole life :kek:

thanks @forlax or should i say best cracker on the forum ? :thinking:

Share this post


Link to post
Share on other sites

love it, nice analysis @Forlax

  • Like 1

Share this post


Link to post
Share on other sites

XD my man            

lol im glad to help

Share this post


Link to post
Share on other sites

HQ post ,snipr is my fav checker

Share this post


Link to post
Share on other sites

nice try youyr amazing

Share this post


Link to post
Share on other sites

Well Done Broski 

Share this post


Link to post
Share on other sites

Interesting, many thanks for the guide <3

 

Seems like it's not working anymore? or the site might be down ;_;

Share this post


Link to post
Share on other sites

good shit keep it up man ;)

Share this post


Link to post
Share on other sites

I'm currently trying this out, doesn't seem to work after modifying the traffic to the UI login page. Can anyone verify this is working for them ?

Share this post


Link to post
Share on other sites

thanks for posting this analysis

Share this post


Link to post
Share on other sites

Thanks for this great analysis

Share this post


Link to post
Share on other sites

Well first of all Hello.

In the couple last days I asked a friend for his team viewer it was @Devil , he had Fiddler opens as we were trying to update some API function of FAF, and when he launched up SNIPR to crack something, I noticed that he auto authenticated, and in the background I saw some requests going on inside of Fiddler. I stopped him and asked to upload that Fiddler session for me.

 

So here is how it looks like:

 

mreQZlI.png

 

So as You can see I edited the screenshot to make the explanation easier. The login sent requests are our target so the first requests gonna be a version check and that's hella importatnt and PRAGMA did just released a new update where he probably patched this yesterday, but good for us I still got the previous version. The second one is the key as it sends a request to the server with a generated HWID + the given email + pass and the third one has the main SNIPR UI, yes SNIPR Form or UI or GUI or panel... (call irt whatever you want) Is saved online in his server. So all you gotta do is take the session file that I'm gonna provide you and start faking some responses using fiddler.  Using the response breakpoints. 

 

npND3iL.png

 

This will prevent SNIPR from getting the response until you approve it from Fiddler, so the good about this is that we can take the previous session responses that @Devil had and provide them as reponses or and that the best option is to Host these responses in a local File and to disable the cnx betwen SNIPR and PRAGMA's API. How? Easy. SNIPR is using Eazfuscator.NET as an obfuscator and I'm pretty sure that you can easily deofuscat it just by a quick search on Google. So that's basically the whole auth stage, after that you fake the third Http request you can just disable fiddler and let snipper grab the client needed files such as Configs and the others js required stuffs. So as I said above hosting these files locally and by using a little redirect trick SNIPR will work perfectly.

 

All right so I'm a Reverser so why didn't I did this? To be honest I wanted to do this but everytime I opens my decompiler to check for where are these requests sent from I get kicked off by how many the classes are. Yes I fully decompiled it to a readable code but still gotta clean some junks. I'm sure that there is a second way to do that manually by settlng a XAMP host in the machine and redirecting these requests or by coding a program that does this but I'm kinda lazy to do that so yes Here is everything you need to know about how SNIPR works/auth. And it's still getting sold for 20$ so....

I'm ready to help anyone that is willing to continue on this project but don't expect me to do much as I already quited it.

 

 

FAWrsdv.png

 

WLqsKO6.png

 

Files Needed:

 

[/size][/color][/align]

Good Luck!

[align=left]

[/align]

 

 

let me try it....

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this