CS.RIN.RU - Steam Underground Community
http://cs.rin.ru/forum/

Cafe Certificate Exporter (PoC)
http://cs.rin.ru/forum/viewtopic.php?f=15&t=39905		 Page 2 of 8
Author:  mokanipado [ Thursday, 28 Sep 2006, 17:37 ]
Post subject: 
Rofl, they cant learn.....
Now post new accounts, and working ways to crack certificates.
Hcupa we need a new Bruteforcer, so that Valve can fix there last network security tools.
Ahh, and we need a supforum at steampowered.com
It is easyer for Valve to check this thing on there own Forum....


hcupa wrote:
I have seen people bragging about having 3.000 accounts and how many they could generate per second.
Obviously that was not at all what the previous tools were meant for,
by generating 3.000 accounts (while you only need 1 to play) you are bound to attract unwanted attention of Valve.


Yes sure, valve noticed about the mac Bruteforce because to much people used youre cag.exe. Yes 100%
They dont deleted it because they saw it when they spyed the forum like they do every day...
Author:  ICS_ [ Thursday, 28 Sep 2006, 17:42 ]
Post subject: 
if people still dont get the idea of this... so
this program meant to be used on legit users that use cas\cac
example cybercafe places

so with this you basicly steal the certification other legit user recieved from valve

after you have a valid certification installed on your computer
you can use cac\cas to get cafe accounts

but i still dont understand why you released that app public
valve was lazy to work on changing their existing algorithem
but after they see this they will do it not in the near future but they will after they figure out how and what way is most secure

but again, who cares? :D
Author:  Mindhunter [ Thursday, 28 Sep 2006, 17:42 ]
Post subject: 
Would be great if those information gained from hCUPa's tool could be used to build RIN's own CAS server.
Like an extended SuperSteam.
Would be cool if we'd be independent from Valve in any way there is (means custom client, custom server)! :wink:
Author:  MaddoxX [ Thursday, 28 Sep 2006, 17:46 ]
Post subject: 
useless hcupa, its being bound to ip and location.
each certificate that gets installed will get a different number.
Author:  neutrino [ Thursday, 28 Sep 2006, 17:48 ]
Post subject: 
yeah!! atlast some smart dude made some breakthrough!

fuck valve & fuck steam!

looking forward to further progress in this , g-luk guys.
Author:  ICS_ [ Thursday, 28 Sep 2006, 17:48 ]
Post subject: 
MaddoxX wrote:
useless hcupa, its being bound to ip and location.
each certificate that gets installed will get a different number.


that can be tricked
Author:  MaddoxX [ Thursday, 28 Sep 2006, 17:50 ]
Post subject: 
ICS_ wrote:
MaddoxX wrote:
useless hcupa, its being bound to ip and location.
each certificate that gets installed will get a different number.


that can be tricked

still if you do you will get: invalid certificate or error 0

I already tried copying.. it won't work. It must and has to be installed trough the website...


forgot to tell u something hCUPa ... it doesn't work this CCE tool. doesn't put anything in the .bin :]
Author:  hCUPa [ Thursday, 28 Sep 2006, 17:56 ]
Post subject: 
mokanipado wrote:
Rofl, they cant learn.....
[skipped]
They dont deleted it because they saw it when they spyed the forum like they do every day...

I have something for you to read:http://en.wikipedia.org/wiki/Paranoia and after you visit this link please re-read first post in this thread.

MaddoxX wrote:
useless hcupa, its being bound to ip and location.
each certificate that gets installed will get a different number.

I really doubt there's IP binding, because there are many cafes with dynamic IP.
What is binding to location?

ICS_, I released that because I can't go to Cafe and extract certificate myself.
And extracted 'output.bin' is not useable by anyone, so there's no problem with this going public.

Edit: MaddoxX, it works on dummy certificate that is accepted by cacdll.dll (later on its ofcourse rejected by server). Again, if you have Valve cert installed and its not dumped, care to post its location/issuer/subject.
Author:  ICS_ [ Thursday, 28 Sep 2006, 18:03 ]
Post subject: 
hmm.. ok
certification system is not binded to ip it uses dynamic by default 127.0.0.1\routing etc..

also you need a valid mac address the certification installed on, no?
like if you place it on other machine it will deny your mac
but this also can be tricked so just to know
Author:  fatepower [ Thursday, 28 Sep 2006, 18:20 ]
Post subject: 
if i run the CCE.exe what happens does it exract the certificats and copy into the .bin?
But maddox wrote that it didn't work =(
MaddoxX wrote:

I already tried copying.. it won't work. It must and has to be installed trough the website...

forgot to tell u something hCUPa ... it doesn't work this CCE tool. doesn't put anything in the .bin :]

and btw the idea of this sounds good but if it work its an other quesiton :P i will give it a try then run the cas when i have gotted the certificats, and see if the luck to connect to a account will approve. But i wish you good luck guys about this one =)
Author:  mokanipado [ Thursday, 28 Sep 2006, 18:32 ]
Post subject: 
[quote="hCUPa"]
I have something for you to read:http://en.wikipedia.org/wiki/Paranoia and after you visit this link please re-read first post in this thread.

I have something to read for you too:
http://en.wikipedia.org/wiki/Megalomania

And after that read my posts again. ;-)
Author:  MaddoxX [ Thursday, 28 Sep 2006, 18:33 ]
Post subject: 
hCUPa wrote:
mokanipado wrote:
Rofl, they cant learn.....
[skipped]
They dont deleted it because they saw it when they spyed the forum like they do every day...

I have something for you to read:http://en.wikipedia.org/wiki/Paranoia and after you visit this link please re-read first post in this thread.

MaddoxX wrote:
useless hcupa, its being bound to ip and location.
each certificate that gets installed will get a different number.

I really doubt there's IP binding, because there are many cafes with dynamic IP.
What is binding to location?

ICS_, I released that because I can't go to Cafe and extract certificate myself.
And extracted 'output.bin' is not useable by anyone, so there's no problem with this going public.

Edit: MaddoxX, it works on dummy certificate that is accepted by cacdll.dll (later on its ofcourse rejected by server). Again, if you have Valve cert installed and its not dumped, care to post its location/issuer/subject.

possible, but valve doesnt want cafe's with dynamic ip's. if cafe says they have dynamic ip valve will call their isp etc if this can be changed.. etc. (and yeh believe it or not they do it)

msg me on irc or something (not the upcoming 2 hrs from this post .. im playing WoW atm) about some certificate infos.
Author:  hCUPa [ Thursday, 28 Sep 2006, 18:43 ]
Post subject: 
mokanipado wrote:
I have something to read for you too:
http://en.wikipedia.org/wiki/Megalomania
And after that read my posts again. ;-)

0/10 for being very original :)
Seriously, if you want to continue whining, can you please do it elsewhere? If you want something to be kept private, go ahead, code it and keep private. In either way, I would be very glad if you stop trolling here. Thanks.

MaddoxX wrote:
possible, but valve doesnt want cafe's with dynamic ip's. if cafe says they have dynamic ip valve will call their isp etc if this can be changed.. etc. (and yeh believe it or not they do it)

msg me on irc or something (not the upcoming 2 hrs from this post .. im playing WoW atm) about some certificate infos.

Alright. Talk to you later.
Author:  Kamela * noir [ Thursday, 28 Sep 2006, 18:54 ]
Post subject: 
@ Maddoxx , you can change the VTT Auth mode of for example the Caserver so maybe we get it to work.
Image
I know there are many errors on the pic , but i only want to show that you can change the VTT mode !

Valves Page got some Exploits when you want to know which ones , pm me
Author:  ICS_ [ Thursday, 28 Sep 2006, 19:09 ]
Post subject: 
Kamela * noir wrote:
@ Maddoxx , you can change the VTT Auth mode of for example the Caserver so maybe we get it to work.
Image
I know there are many errors on the pic , but i only want to show that you can change the VTT mode !

Valves Page got some Exploits when you want to know which ones , pm me


interesting... but its an old information :>
btw valve page?
webpage?
that is interesting :>
Page 2 of 8 All times are UTC + 3 hours
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/