Dribble

I just want to take a minute to warn my readers about Gatherbuddy.

Based on the last build i saw, Gatherbuddy injects a DLL for various reasons. Now, you’re thinking “Oh but Mr Kynox! They have anti-wardens and will tell us when there is an update!”.

Gatherbuddy can be detected without a module update, meaning their “tripwire” (which i question even exists) is completely useless. Warden only needs a tiny bit of information added into the already existing scans (via a packet) and thus setting off no alarms.

Until Gatherbuddy drop the dll, you’re even more detectable than Mimic was, before it even started to protect itself.

So, trollin’ youtube, as you do; i stumbled upon what can only be described as Mimic’s ‘Best hacker’ just having heard he was fired due to the ban wave.

Mimic have pushed out revision .51 of shitbox Mimic. As per their usual attempt to circumvent Warden, they have introduced another flaw. It’s currently undetected, until WardenDev feels like throwin’ another wave into the mix.

When will these guys learn?

So.. the wave is still coming in. I guess it should rather be defined as a tsunami if you actually account for physics.

WardenDev, welcome back. Thought we lost you for a while there!

Get your body boards, a swell’s moving in!

Addition

superGOAT « Wed Jun 17, 2009 2:19 am »   No email here either

BamaTized « Wed Jun 17, 2009 2:19 am »   holy shit im good so far

Botlabour « Wed Jun 17, 2009 2:19 am »   no email

islands1 « Wed Jun 17, 2009 2:19 am »   fucking amazing we all got banned

Zuruss « Wed Jun 17, 2009 2:19 am »   gods look like a banwave it seem like

superGOAT « Wed Jun 17, 2009 2:18 am »   BANNED!

dirtydan « Wed Jun 17, 2009 2:18 am »   but i havent botted in 2 days

islands1 « Wed Jun 17, 2009 2:18 am »   fuck me im banned

dirtydan « Wed Jun 17, 2009 2:18 am »   i just got banned also

Botlabour « Wed Jun 17, 2009 2:18 am »   shut it down imo

sp0rk « Wed Jun 17, 2009 2:18 am »   Glad I didn’t use all my accounts

Zuruss « Wed Jun 17, 2009 2:18 am »   hmm wtf

frostfirex11 « Wed Jun 17, 2009 2:17 am »   lol i got banned

I guess they forgot their body boards.

With the release of Mimic .48 out, its apparent they have figured out why they were being detected so I’ll detail the recent Warden update.

Shortly after 3.1.3 went live, Warden came online and with it came some new scan data for an already existing scan. This scan simply hashes an RVA based off the destination of an inline JMP hook on the requested module and API.

The timing for this however, was excruciatingly terrible. Not only did it barely affect anyone, but it’s only detecting pre .48 versions of mimic as they have removed their hook on GetCursorPos.

In summary, Blizzard, give us back the old Warden developer who isn’t a bimbo.

So this isn’t the CLR hosting post i promised, but it’s coming. I promise!

Anyway, Warden has been updated and activated a dormant scan (yay!) which is detecting Mimic. I’ll do an analysis in a couple of days so Mimic isn’t handed shit on a platter again.

As the saying goes, “Use Mimic, get your account banned for being a fucking dumbass”.